About this tutorial:
Tutorial:Cracking Color Set 1.7
Target:Color Set 1.7(http://colorset.cjb.net)
Tools:SoftIce(this is a good software, worth buying)
Date:11th of December 1999
Descriptions&Comments:This is a quite good software related to color. Hehe, haven't look much into it.
Copyright information:This tutorial is copyright © 1999 ManKind

Starting words:
Hello,welcome to my tutorial. I am ManKind, a newbie in cracking who want to share my cracking skills with other newbies. Contact me at mankind001@bigfoot.com

The process:
I am going to teach you how to fish a valid registration code out of this little proggie. Load up SoftIce and Color Set. Once you start Color Set, there will be a nag, press the Register button and another smaller window will pop up. Fill in your name and registration code. Like for example, I put:

User Name:ManKind
Registration Code:23199981

Go into SoftIce and put a breakpoint on hmemcpy. The command will look like below:

bpx hmemcpy

Press the Register button, SoftIce will pop up, press F5 once to let SoftIce read our Registration Code(SoftIce only read the User Name the first time), press F11 once and then continue to press F12(more than 10 times) until the white line of indicator of SoftIce land on the below code of Color Set(you can know by looking at the bottom of the code window).

:0046BDA6 MOV EDX,[EBP-14]

Press F10 until the indicator land on the below code:

:0046BDAA CALL 00403D20

Press F8 to step into the call. You will then see some PUSH commands but those are not interesting to us. Press F10 to step over until the indicator land on the below code:

:00403D27 CMP EAX,EDX

That's the famous CMP command. EAX now contains the correct Registration Code and EDX contains the false one. So, to view the correct Registration Code, type:

d eax

And before your eyes, the correct Registration Code for your name will be shown in the data window. For me, I saw the following:


That's it, our job is almost finished. Anyway, as an extra note, the PUSH commands that you see after you enter the call are actually very interesting to us. Those commands will load or prepare both the correct and false Registration Code to be compared. You can also fish out your correct Registration Code from there too though I choose to show you the CMP code. Hehe! As usual, contact me if I make any mistake, give me your feedback, comments, suggestions and opinions about this tutorial and my way of presenting it.

Thanks to:+ORC, Sandman, HarvestR, tKC, ytc_, Punisher, Kwai_Lo, TORN@DO, Crackz, cLUSTER, LaZaRuS, mrfanatic, Shadow and other crackers and individuals who provide me with their tutorials and tools.
Greetz to:HarvestR, tKC, ytc_, Kwai_Lo, Punisher, TORN@Do, cLUSTER, LaZaRuS, mrfanatic, Shadow, DSi, other cracking groups and all crackers.

Service for ManKind

p, 00000008 this case, though interesting: