If you wish, you can go here and read up on all the postings made by everyone and how they eventually found the ideal way this program can be cracked.

The first program to come under the microscope of the newbie crackers was System Notebook, which, on the face of it, looks like an easy program to crack and so it is. However, take the time to look under it's glossy appearance and a whole new world slowly unfolds in front of your very eyes. It's time to take the blindfolds off and feel the ZEN..

OK, lets crack on with this essay...

This essay will try and show you just one possible way we can crack this program, which just so happens is the *best* method to use and one which requires no patching of the program's code. So if the program performs any form of self-checking for signs of tampering we won't have to worry about disabling this feature. Of course their are many other ways we can crack this program, some of which have already mean discussed on the forum.  See here for a complete list of postings regarding this program and how it can be cracked.

Once this program is first run you will see a large, ugly looking Nag Screen reminding you to register this program and that you have 30 days to crack, I mean evaluate this program before it 'expires'..

Hmmm, so we have a Nag Screen & a time check to figure out if we are to crack this babe.. Lets continue into the program and see what else we can find out...

Selecting all the available tabs/options and you'll see that nothing is 'disabled' but there is no where for the User to register this program!.  So how can we 'register' a program that has no registration screen?.. A quick look in the program's help file under 'Registering System Notebook' shows us this paragraph..

"When your registration is received, you will be e-mailed immediately with everything you need to run the registered version of System Notebook."

Look!. The authors will send out everything we NEED to register this program. This could be a 'registered' .EXE file of System Notebook but that is expensive and impractical, so what can this be?.

Perhaps it's a .REG file that once the User double-clicks on will automatically insert the necessary registration details required for this program to run in 'Registered' mode. Until we examine this program we won't be sure so lets crack on..
 
Before creating your Dead listing with W32Dasm fire up Regmon and then run System Notebook. Regmon is a small utility that is able to trap all attempts by any program to read or write to the System Registry. Almost ALL win'95 programs will access your System Registry so it's worth checking to see what System Notebook does with your System registry.

You'll quickly see a huge amount of entries being made by any number of programs running on your computer system, so it's always a good idea to use a 'Filter' on them, so that we can filter out everything but for those made by System Notebook.  We do this by first noting what Process name System Notebook uses. In this case it's Process name is snwin.  OK, close System Notebook and go back into Regmon.  Now click on the menu option Events then select the sub-option Filter. For the Process name type: snwin then click Apply to confirm. Now when you re-run System Notebook ONLY those system registry accesses will be recorded by Regmon.

If you now run System Notebook up until you see the Nag Screen Regmon will capture and record 53 accesses to your System registry file.  Here are some of those 53 entries..

 
08 Snwin OpenKey HKCU\Software\System Notebook\1.0.0.4 SUCCESS
 
25 Snwin QueryValueEx HKCU\SOFTWARE\System Notebook\1.0.0.4\RegisteredVersion   NOTFOUND
26 Snwin QueryValueEx HKCU\SOFTWARE\System Notebook\1.0.0.4\UserName                 NOTFOUND
27 Snwin QueryValueEx HKCU\SOFTWARE\System Notebook\1.0.0.4\UserOrganization      NOTFOUND
28 Snwin QueryValueEx HKCU\SOFTWARE\System Notebook\1.0.0.4\RegistrationNumber NOTFOUND

34 Snwin QueryValueEx HKCU\Config\0000\System\IXOYE\ConfigFlags SUCCESS "36130"

Out of the 53 entries we see 4 entries that tell us much about this program.

Entry No 08 tells us where we can find where this program keeps it's program settings.
Entries 25,26,27,28 shows us that System Notebook is checking for certain entries that it hopes to find but which,  Regmon shows that in this case they were NOT FOUND.

RegisteredVersion       NOTFOUND
UserName                     NOTFOUND
UserOrganization         NOTFOUND
RegistrationNumber    NOTFOUND

Entry No 34 shows us an odd looking entry within our System Registry that on the face of it, bares no relation to System Notebook, yet, System Notebook has 'read' the value '36130' from this location.

We now know where our User details will be stored, entries 25,26,27,28 shows us where AND what the key names are.  Their is no sign of any 'Days left' entries however, entry 34 does warrant further examination simply because System NoteBook has accessed this entry and as we all know, the Software Author will try and hide this location from prying eyes.

Here's where we must confirm to our satisfaction, that the value "36130" contains our 30 days evaluation period in an encypted/XOR form...

Fire up REGEDIT, this little utility is supplied as part of your Win'95/98 default programs.

Go into this branch: HKEY_CURRENT_USER\Config\0000\System\IXOYE

You will see one one keyname: ConfigFlags

Doesn't sound like it has anything to do with the number of days left to evaluate System Notebook but there again, IT DOESN'T HAVE TO!.

OK, edit ConfigFlags and change this whole number so that it now says: 999999

Make sure you make a note of the original number BEFORE you change this number, just in case it has nothing to do with the program's use of the Days left to evaluate....

Once you've changed this number fire up System Notebook and watch the nag screen. If all goes well, we should see a change in the days left counter...

Hehehe, Bingo!.  In may case I see that I now have 963,893 days to evaluate this program!. Can you see a 'bug' in the expire date calculation?. While we have given ourselves an unrealistic number of days to evaluate this program with, the program displays the last two digits for the year, so if it expires anywhere in the year 2000 it will not correctly display this. MILLENNIUM BUG STRIKES AGAIN *grin*.

OK, I think we can safely assume that we've located the 'days counter' used by System Notebook but that's only half the story, we still have some further entries as shown by Regmon that need our attention..
 
RegisteredVersion       NOTFOUND
UserName                     NOTFOUND
UserOrganization         NOTFOUND
RegistrationNumber    NOTFOUND

Before you ask, I'm concentrating my efforts primarily on the System Registry because that's how the Software Authors will allow this program to be registered. They send the User an attachment to the email that will then register this program.  Experience tells me that it's most likely a .REG file, where the User double-clicks on this file and it will automatically insert the required entries into the Users System Registry file. All we have to do is figure out what entries these might be.

Back to the output of Regmon.. It shows us that there are a number of entries that are checked for by the program, thankfully, the software authors have used some very descripted names for this entries.. They don't have to use these descripted names but people like using them..:)

Regmon tells us that the above FOUR entries are being checked within our System registry file at: HKCU\SOFTWARE\System Notebook\1.0.0.4\ so lets us once again fire up REGEDIT and go directly into this branch...

Right, we see that there are already a few entries here but nothing to suggest that the User's details could be stored here.. Hmmm, well not yet...

Now I want you to create Four New, String Value's.
 
String 1.
RegisteredVersion  =  1234

String 2.
UserName                  =  Put Your name here.

String 3.
UserOrganization      = Put your organization here.

String 4.
RegistrationNumber = 1234567

If you do not know how to do this then read the Help file that comes with REGEDIT.

Once you have done this fire up System Notebook and see what happens..

Error Message.. "Failed to get data for RegisteredVersion"

OK, the program had a problem with one of our entries, but look, it didn't show the Nag Screen..

Did you notice that the program didn't mind our *fake* serial number?.  That's odd..

Close down System Notebook and open up REGEDIT once again.

Go to the location where we've been editing.. HKCU\SOFTWARE\System Notebook\1.0.0.4\

We know that the name 'RegisteredVersion" is correct but for some reason the value of "1234" was wrong.  Now we could simply keep putting various numbers in here and each time the program will throw up this error message..  What else can we do?.  Well, we could try a hunch and change this entry from being a String Value to a DWord value.

An entry that is a String Value means it will accept Alpha-numeric values, which means it will accept BOTH letters and numbers at the same time.  However, a DWord Value means that it will accept ONLY numbers, Very LARGE numbers in fact..

Right, we've now changed 'RegisteredVersion' from a String Value to a DWord Value, what next..

Good question.. It would be both impractical and impossible for us to try 1 number at a time then running System NoteBook until it accepts the value we have placed into this entry.

Look, this program gives us many clues to how this program *might*  use a DWord number and here's a few of those clues..

The program's version is at version 1, so it's still a very young program, therefore this suggests that the Software Author(s) may also be still new to programming, so they might want to keep things simple.  Within programs, it's common practice to use a value of '0' to indicate that a program is still unregistered and a value of '1' to show that it has been registered. Dead easy to remember and just as easy to program..

OK, so lets give this a go.. For the 'RegisteredVersion' value give it a value of 1.

RegisteredVersion = 1

Now re-run System Notebook...

Bingo!. No Nag Screen and the program runs as normal.  If you check the About Screen you'll see that your user details are NOT shown and in fact, nothing has been changed.  This is suppose to happen..  The Shareware Author has not bothered to do any work in this area, in fact, the only difference between a Registered & Unregistered version of System Notebook is that in a Registered version their is no time limit and no nag screen..

Job Done.
 

The Crack

     
None is required nor needed. 
 

Final Notes

    
This is an interesting program to work on, especially for newbies looking for their first 'Crack'. This tut shows only one of many possible cracks we can use on this program, how you crack this program depends on how much time your willing to spend on it. If your not worried about a quick & dirty crack then a patch to the program's code will also do the job. 

In this example, neither the User's details or serial number are used by this program, only the value from the 'RegisteredVersion' keyname is read and acted on.  Perhaps in later versions the authors will get round to updating the About Screen..
 
My thanks and gratitude goes to:-
 
Fravia+ for providing possibly the greatest source of Reverse Engineering
knowledge on the Web.
 
+ORC for showing me the light at the end of the tunnel.
 

Ob Duh

 
Do I really have to remind you all that by buying and NOT stealing the software you use will ensure that these software houses will be encouraged to producing even *better* software for us to use and enjoy.

Ripping off software through serials and cracks is for lamers..
 
If your looking for cracks or serial numbers from these pages then your wasting your time, try searching elsewhere on the Web under Warze, Cracks etc.