<pre>
---------------------------------------------------
These informations are for educative purpose only!|
---------------------------------------------------

Cracking Tutorial #4 By SiONiDE 

Hi fellow Crackers. I write these tutorials in short amounts of time. Therefore I apologise
for any grammatical errors in this essay. Enjoy the Tut!

Contents:
1: Patching Disk Pal 1.3 to enter any Name/Serial.
2: Writing a Patch for Disk Pal.

Difficulty Level: 	Easy [ ] Medium [X] Hard [ ] Expert [ ]

Toolz Required:
Disk Pal v1.3.........Search for dipal13.exe in a FTP search.
W32Dasm...............A good Cracking Web Site.
HIEW..................A good Cracking Web Site.
BYTE HUNTER V2.0......A good Cracking Web Site.
Brain.................Ummm....Head maybe??
Computer..............You're on one now!

1: Patching Andy 1.3 to enter any Name/Serial.

Step 1:

One you have downloaded DiskPal 1.3, we will need to see what type of protection it has. Enter
the program and click on "register", we notice that it asks you for a name, followed by a
serial number. This shows us that it has a Name/Serial protection scheme. In the name box
enter "SiONiDE [DCD]" and serial "123456". What happens??? We get an error message. Make 
sure you write this down, we will need it later. The message says something like Invalid 
Serial. Load up W32Dasm, and Dissasemble Dpal.exe. After about 4 minutes it is finished.
What do we see??? A load of ASM code, abot 72 pages of it. Hmmm....that doesn't help!! But
W32Dasm has a funtion called "String Data References" or "SDR", click on it in the toolbar.
A list will appear, now it's time to use the earlier error message. Scroll down, about 43 
lines until you find your message. Double-Click on it, twice and close the SDR window.

You should see this:

* Possible Reference to String Resource ID=25224: "Invalid Serial Number"

:00411057 6888620000    push 00006288
:0041105C E885BC0100     call 0042CD06

Scroll up until u see this:

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0041104F(C)

Now F12 (Go to Code Location) and tpye in the address above (0041104), and you should
then see this:

:00411D95 41           inc ecx
:00411D96 E8B1CFF7FF         call 00402D4C
:********     0F8532010000                      jne 0041104

Now....What does this tell us??? It says that if the serial and name do not match, it
will jump (jne) to the error message we just cam from.

Step 2:

Well, if you get the serial wrong, it will jump, if you get it right it will jump to
the write location "Serial Accepted". Lets see what will happen if we reverse that
process. We want it to jump to the error message only when the Name and Serial match,
therefore if they don't, it will jump to the write location. To do this, we must replace
"jne" will "je" (Jump if Equal), easy isn't it?? :)
To do this we must change the bytes using a HEX editor (hIEW). First write down the Offset
address at the bottom of W32Dasm, it should say 0000D96h, write this down. Note, you
don't need the "h", this just means it is HEX.

Step 3:

Load up DPAL.exe with hIEW and press "ENTER" twice to enter decode mode. Press "F5" and
enter the offset (0000D96). Press "F3" to change the bytes and replace 0F84 with 0F85.
Press "F9" to update, then exit the program. Load up Disk Pal, click "Register" enter
SiONiDE [DCD], then a random serial, E.G 6942576, What happens??? Serial Accepted, Walla
you've just cracked Disk Pal v1.3!!!


2: Writing a Patch for Disk Pal 1.3

Step 1:

Just use this template and edit the required parts.

<=====================================Start of Patch===========================================>
Uses Crt;

 Const A: Array[1..1] of Record <<============Number of Bytes to be Patched.>>
                          A : Longint;
                          B : Byte;

                         End =
((A:$0F84;B:$84)); The Part that will be patched (0F84), then the exact byte to be 
                   Patched which is "84".

Var Ch:Char;
    I:Byte;
    F:File;
    FN:file of byte;
    Size:longint;           <<Patch Name and Author.>>
					/\
				       /__\
Begin					||
 Writeln('Name/Serial Patch for Disk Pal 1.3');writeln('Cracked + Coded by: SiONiDE [ DCD ]');
 Assign(F,'dpal.exe'); <<=========Exact file name, must be default name.>>
 {$I-} Reset(F,1); {$I+}
 If IOResult <> 0 then
    begin
    writeln('dpal.exe not located!'); <<=====Error message.>>
    halt(1);
    end;
 For I:=1 to 1 do <<==============Number of bytes to be patched, in this case, 1.>>

 Begin
  Seek(F,A[I].A);
  Ch:=Char(A[I].B);
  Blockwrite(F,Ch,1);
 End;
 Writeln('Patch was successful, Enjoy!');
End.

<======================================End of Patch============================================>


This patch is for use with Turbo Pascal 7, just copy this source code and edit out any thing
which is between <<IN HERE>>. Enjoy the patch.