Descriptions / Comments : This is a simple program developed by some sixteen year old which can simplify your task of starting certain programs without using the Start Menu. Quite easy to fish its registration code, took me less than 15 minutes!.

This tutorial is copyright © 1999 ManKind.

Starting words:
Hello, welcome to my tutorial. I am ManKind, a newbie in cracking who wants to share my cracking experiences with other newbies. Contact me at mankind001@bigfoot.com

Part 1:Easy way of locating correct registration code

The process:

When you start this target, there is a splash screen and later a window. Press the 'Register' button on that window. Another smaller window will pop out and you should notice that the 'Register' button is disabled, fill in your name and code like for example, I fill in the following :-

Name:Sample Copy
Registration Code : 2319998

Next, after some filling of information, the 'Register' button will be enabled so now go into SoftICE and put a breakpoint on hmemcpy. For real newbies, this command will look as so :-

bpx hmemcpy

Go back to the registration window and press the 'Register' button. SoftICE will pop up, so press F5 once and later press F12 7 times. After that, the center of the screen (where there is a green line across the screen) should change to LAUNCHP!CODE+xxxxxxxx, if not continue pressing F12. Clear the breakpoint of hmemcpy because we don't need it anymore by typing bc * or bd * and press enter. Next, trace through all the code by pressing F10 until the white line of indicator is on top of the following code :-

0177:004302CE  CALL 004034CE

Now, press F8 to step into this call, and continue to step through until you reached here :-

0177:004034B3  CMP EAX,EDX

Type d eax, press enter and you should see your false registration code in the data window (upper right hand side). Type d edx, press enter and you should see your correct or real registration code in the data window but you have to be smart to sort out the code out of the other useless data like for example after sorting out, my code for the name 'Sample Copy' is 'i92wbtjnwu'. Now, you have reversed Open Sesame 3.1.

Additional/Extra Part or Stuff(s):

If you want to unregister, you can go to the Windows directory folder such as C:\Windows\, open the file sesame.INI and edit the [Register] section of it like this :-

[Register]
????=pickle
Name=Sample Copy

Change to:

[Register]
????=
Name=

Although this first way of easy locating of correct registration code is useful, it can be messy in the data window after you do this way a few times with different names and fake registration codes, so as an alternative of locating the code at the CMP instruction at address 004034B3, you can locate it at address 004034B 1(one line above the CMP instruction) with this command ->d edx because I think it will not be so messy in the data window. Note that the segment address given above may be different on your computer, you just have to follow my way and don't worry, the instruction will still be the same.

Part 2:Understanding the keygeneration routines
The process:

Well, you will ask that since we have already reversed Open Sesame, why should we ever need to understand the key generation routines of it? The answers are simple, firstly, this may serve as a keygen tutorial, secondly, we do this because we want to reverse Open Sesame totally. What I mean by totally? Totally means we know how the correct registration code is generated based on the name we enter.

This part is also easy owing to the simple key generation routine. Now, I'll will just give you a brief idea on said routine. By debugging the first part, one letter at a time, I discovered this (or you can also go into Open Sesame when SoftICE break on hmemcpy, disable hmemcpy breakpoint, set a breakpoint on address 004034B1 (refer to above) or 004034B3 (refer to above), press F5 to let SoftICE run and finally you will arrive at the place where you can just type 'd edx' to view your correct registration code) :-

A=9, B=x, C=j, D=4, E=t, F=5, G=p, H=y, I=c, J=3, K=v, L=b, M=2, N=e,
O=n, P=w, Q=o, R=m, S=i, T=1, U=r, V=l, W=7, X=k, Y=u, Z=8, 
any other character including space = null.

S a m p l e C o p y
i 9 2 w b t j n w u

With this information, it will not be too hard for you to code a keygen.

Ending:

Thanks to : +ORC, Sandman, HarvestR, tKC, ytc_, Kwai_Lo, TORN@DO, CrackZ and other crackers and individuals who provide me with their tutorials and tools.

Greets to : HarvestR, tKC, ytc_, Kwai_Lo, TORN@Do, CiA, Phrozen Crew, other cracking groups and all crackers.