|
|
|
|
|
|
Greetings Crackers,
Welcome to the
official opening of the 'Cracker's Challenge' a new forum where I will
select a Shareware program for you to crack. The whole idea behind this
challenge is that you
all must work together in order to successfully
crack our target programs.
If you need help or find yourself stuck
while cracking the target program then DON'T ask me, instead post your
problem here on THIS forum and someone will help you. I will follow
your progress and offer help where I think
it will help the most.
The way this 'Cracking Challenge' works is like this.. I will ask you four questions at a time about the target program, you then will have to answer them as best you can.. Once the questions have been answered, I will then ask a further four questions and so on and so on until everyone is able to crack this program..
For newbies, it's not how fast you can crack the target program that counts, it's how well you can understand the way the program's protection system operates.
The Rules..
1. These 'Cracking Challenges' are open only to newbies, so I don't want to see any +crackers solving the crack, however, your help will be very much appreciated by all..:)
2. Any postings NOT related to this cracking challenge will be DELETED. Use my main forum for such postings. [ http://www.InsideTheWeb.com/mbs.cgi/mb126105 ]
3. In order to keep things fair, I have made checks for any possible tuts and found none for the target programs I set, however, should you do find one then please don't use it, try and do the crack yourself, you will learn much more this way..:)
4. Don't worry
if you can't answer all the questions I set you, someone somewhere will
probably be able to answer it. Don't forget, this is a combined effort
so help each other.
Good Luck Everyone.
The Sandman
|
|
Greetings Crackers,
Here is your target program.
Program Name:
System NoteBook V1
URL: [http://hotfiles.zdnet.com/cgi-bin/texis/swlib/hotfiles/info.html?fcode=000THU]
Program Size:
Under 500K
Type: System
Utility
Questions
1 to 4
---------------------
Question
1. What type of protection system(s) do you think this program
uses?.
Serial/Password/Trial/Demo/Key
File/Nag Screen etc.
Question
2. Where does this program store it's settings?. Is it in the
System Registry File, or
in a hidden file/.CFG/.DAT
file etc.
Question 3. Is there a 'hidden' Registration Screen within this program?.
Question
4. When is the Nag Screen shown?. Start of program, end of program
or both?.
Are there any
'random' or pre-determined times when this nag screen gets shown?.
Good Luck..
The Sandman
S.A.Drake - Okay, I'm paranoid... - Mon Oct 26 04:08:54 1998
After the AI Picture Explorer's "now-I'm-registered-now-I'm-not" trick, I cannot believe this program can be registered as easily as it seems. :)
My modus operandi is generally the following:
1) Install program
2) Run program
a few times, see how it behaves
3) Use RegMon
with program
4) Use FileMon
with program
5) View relevant
registry contents and any .ini/.cfg files
6) Use SoftIce
and/or Wdasm, depending which feels "right"
7) Edit registry,
program, .ini/.cfg (After making a backup!!)
Hint: On this particular program, I didn't need to get past stage number 3, but plan to continue examining it for my own peace of mind... :)
Ciao!
JohnnyFrank - Here's
my answers... Sun Oct 25 23:10:39 1998
Hi,
I'll do my best to answer your questions.
1) I think the type of protection would be a kind of patch that the authors of the shareware would send us after registering to remove the nag screen and the evaluation period check. I say that because I didn't find any registration box anywhere and it is said in the help that they will send us everything we need to register the program.
2) The settings seems to be stored in several places. First there's this hidden .gid files which contains a lot of information like paths and key words used for... who knows! Then there's another file (.cnt) that looks like a .ini file. And finally, there's about 5-6 info's in the registry but it does look quite interesting for us.
3) Like I said in 1), I didn't find any hidden registration screen.
4) Looks like there's a nag screen only when you start the program.
Finally, after the tryout period as expired, there's a message telling you that you must register to continue using the program and it shuts down. You can't us it no more...
That's about it!
JonnhyFrank
D0gBytes - Flow
Charting.. this one Jeff - Sun Oct 25 20:27:19 1998
Hello Fellow newbies.
I thought it might be easier to sometimes
look at the flow of the program in a very simple flow chart to visualize
where you are at when looking at the dead listing. Something like the below
diagram can be drawn out and referred to as you try to trace out the jumps.
You can then add in
the exact wording from the "String Ref"
in Wdasm at each level.
Regards,
D0gBytes
.
.
.
.........................Start
...........................|
...........................|
...........................|
.....................Shareware
Mode
...........................|
...........................|
...........................|
......................Registered?
.....................|..............|
.....................|..............|
.....................|..............|
....................Yes.............No
.....................|..............|
.....................|..............|
................Good
Cracker.....Days Left?
...............................|...........|
...............................|...........|
...............................|...........|
..............................Yes..........No
...........................Continue.......Begger
Off
...........................in
Shareware...Bad Cracker
...........................Mode
and
...........................Display
...........................Shareware
...........................Screen
jas - Questions
1 - 4 - Sun Oct 25 17:49:34 1998
Hiya Sandman!
Questions 1 to
4
---------------------
Question 1. What type of protection system(s) do you think this program uses?. Serial/Password/Trial/Demo/Key File/Nag Screen etc.
1a) serial
1b)Nag/s
1c)30 day Trial
Question 2. Where does this program store it's settings?. Is it in the System Registry File, or in a hidden file/.CFG/.DAT file etc.
I found next to nothing in the Registry; but Running RegMon while opening prog revealed many things I know nothing of...
2a) I did see while running Regmon (how do you use and make filters for this)
Reg Version
User name
User Org
Registration number
Since there seems to be no input box for typing in this info. (so far as I have seen) I would say that there is a "hidden files/s" somewhere...(?) What type I do not know...
Question 3. Is there a 'hidden' Registration
Screen within this program?.
3a)There is definitely something either hidden/ or you would have to "paste" info in when the Author returns "everything you need to run the registered version..." by email...
Question 4. When is the Nag Screen shown?. Start of program, end of program or both?. Are there any 'random' or pre-determined times when this nag screen gets shown?.
4a) so far I have
only the opening nag; i have set clock forward two months and can not seem
to discover what is happening differently; The main 30 day trial screen
no longer
Pops...but thats good...(?) Hhummmmm;
this would not make sense...
Jeff
Smasher - Answers & other thoughts... - Sun Oct 25 13:04:42 1998
Hi everyone!
I'm also one
newbie & my answers is:
1) Nag screen.
2) In registry
file program search UserName, UserOrganization, Registration Number &
RegisteredVersion<--this
is "memory register" (If 1 then OK)
3) May be.
From Help-file:-
"When your registration is received, you will be e-mailed immediately with EVERYTHING you NEED to run the registered version of System Notebook."
I'm thinking this mean that we will register
"SyNo" by enabling hidden registration screen. I also had thought that
we can register by small registration program, which will be
sent to us by authors, but...I had saw
in DASM listing;
advapi32
RegSetValue
RegQueryValueExA
.....
This mean, I'm thinking, that somewhere
is hidden reg.screen is situated.
4) Start of programm
I'm hoping that I'm not far from truth....
I'm want to say some my thoughts to other newbies:
I'm thinking that main purpose of this
forum - not 'dumb crack' by finding somewhere, f.e TEST AX,AX & following
'blind' changed 'Z'-flag in SOFT-ICE & looking what's will happen.
I'm thinking that we must to learn how right think. I'm had knowing that
my english is weak & it's difficult to understand me. I try explain
on example:
When I tryed to answer Sandman's questions
I received such results as all of you. But I didn't posted: "I break this...by
15 minutes" or "...this protection is very weak". I try answer on following
questions:
1) Where in code
checks RegisteredVerion & others RegKeys
2) How RegKeys
sets ? - By us in Hidden Reg.Screen (HRS). Where HRS is situated ? - Or
in help-files, or in disabled "Explain this item" Help menu's partition.
3) Why "Explain..."
is disabled ? etc
p.s. to look what is "Explain...." in Help menu we can use "The Customizer". This I'm knowing, but I doesn't know URL for this prog. :(
Also we can use "EnableWindow" API (or Syst.Refs) CALL, but I doesn't know where to break code execution. But...I haven't enough skills...yet! All of this is my own thoughts. I really not want offend somebody. I'm just wanted to say as I see purpose of this forum.
Bye. And have
a nice day!
Smasher.
Jeff
- Re: Answers & other thoughts... - Sun Oct 25
13:40:21 1998
Yes Smasher!
First let me thank you for answering The
Sandmans Questions: We need to each try remain Focused on where the
Sandman is trying to lead us; and to try to respond in a focused
format.
Smasher, you have cracked the purpose
of this forum; bugger off the Crack; the crack is nothing; the thought
process is everything; The co-hesiveness of this group working together
is everything; The diversity of the individual input is everything;
Have you noticed (of course you have)
all the different approaches to this programs (easy or hard; does not matter)
crack?
Why?
What were your thoughts?
Why did you approach it this way?
What gave you a thought that you could
crack it without opening softice?
What tool were you using when u concluded
this; Why?
The crack is nothing!
The thought process is everything!
The FOCUSED efforts in one direction.
Can you imagine how many emails arrive... Why did you do this...why did you do that...How did you KNOW to do this... How DID YOU KNOW to do that...
The missing link in tutorials...the thought process to arrive at concessionary direction...(with or without result) The tutes teach us to USE the various TOOLS (softice & dasm ect.) this interactive method should teach us to think...and then head for a certain area to explore...
So; please to everyone; DO NOT POST the Crack; Leave little trails of bread crumbs for those of us not so learned to follow to your conclusion/s...
Thanks everyone!
Jeff
salgaris - System
Notebook : my solution - Sun Oct 25 09:54:30 1998
Hi Sandman,
First of all many thanks for your wonderful
job. I'm a newbie and this is my solution : using the dead listing
approach , under String References one can see "RegisteredVersion", "RegisteredNumber"
. Since it's not possible to register inside the target program one possible
clue could be in the registry. Using regmon one can realize that you need
the following strings "RegisteredVersion", "RegisteredNumber", "Username"
and "UserOrganization". But this way you get an "invalid type for RegisteredVersion"
error.
Simply create a DWORD with a 1 value for RegisteredVersion and you are registered, no nag screen, no time limit. And surprisingly no control on the strings values. A poorly protected program
Bye
LenraV - About SN....ver. 1.0.0.4 - Sun Oct 25 09:41:57 1998
Hi Sandman,
I'm a newbie too so here's my answer with the questions about SN.
Hope this is correct....
Oh ya, thanks a lot for your great tutorials
and forum.Those really are for newbies, i really learned a lot and still
learning. Teach us more....
Questions 1 to
4
----------------
Question 1. What type of protection system(s) do you think this program uses?. Serial/Password/Trial/Demo/Key File/Nag Screen etc.
Answer: this one is using a registration flag to know if it is registered or not.
Question 2. Where does this program store it's settings?. Is it in the System Registry File, or in a hidden file/.CFG/.DAT file etc.
Answer: its in the system registry. use
regmon, ur name, organization, serial number if you register the program.
I think the author will send you a program that will alter the system
registry.
Question 3. Is there a 'hidden' Registration Screen within this program?.
Answer:i think there is no hidden registration screen.
Question 4. When is the Nag Screen shown?. Start of program, end of program or both?. Are there any 'random' or pre-determined times when this nag screen gets shown?.
Answer: start of program and after 30 days and won't even start.
Kind regards,
LenraV
The Sandman - Questions [1 to 4] Sun Oct 25 10:47:56 1998
Greetings LenraV and welcome,
You have the distinction of being the first person to correctly attempt the four questions I set everyone, well done. I will wait a little while longer for some of the others to also answer these questions before proceeding onto the next set of questions.
Your answer to question 1 will need further explanation later on in this 'crack'.. I know what you mean but I'm sure most don't. How did you find out about the 'registration flag' and where can people find and test it out for themselves?. Please explain all this a little later on.
Kind regards
The Sandman
LenraV - Re: Questions [1 to 4] - Sun Oct 25 15:58:09 1998
Hi Sandman,
Thanks ... I'll try to explain what i did later on.
Kind Regards,
LenraV.
DSP - Something Not Right !!! - Sun Oct 25 07:03:45 1998
Hello Crackers ...
Well about this useless program, I found Something interesting !!! There IS A HIDDEN Registration Dialog, I'm not sure how to activate it, But use the regmon utility I'm sure you know what I mean. I'll examine more deeper to this victim if I have time, So Agree to Jeff, The cracks isn't finished.
PS : You could still use like I do, Patch
the program, I already test it a couple times, it's run fine.
LenraV - Cracked..... Sun Oct 25 06:05:48 1998
Just downloaded this programs and i wan
suprised.I cracked it without patching. It would not even take you a couple
of minutes.I was supposed to use softice but i did not.
Smasher - Hmmm...What is this ? - Sun Oct 25 03:46:55 1998
Hi, Sandman! Hi Jeff!
About your programm :)
Hmmm... As I see... We can 'crack!' this programm without 'cracking!' :)))))))))) Yes ? :))))))))
Smasher
Jas - Please! DO NOT POST "the Crack" When You Find IT! - Sat Oct 24 1998
Just testing this systems new forum; Will be delving into this and trying to answer the questions today!
Back in a while! BTW BTW; When you succeed...Please
jump up and Horray and let us know...but please...do not post the EXACT
way you did it!!! Lead us on some; give us some
hints to follow...this will make it much
more challenging and a better learning experience! Okay? Okay!
Yes! Yes! yes!
Jeff
the snake -
Re: Please! DO NOT POST "the Crack" When You Find IT! - Sun Oct 25 1998
Hello to all, first time in this new forum,
Sun 7:30 am (local time here) and the first one is done ????? i'll
download the target and try to attack it !!
see you guys later !!!
the snake
Jeff - No Snake! The Crack is NOT done! Sun Oct 25 01:05:14 1998
Snake;
Fear not; some will very quickly get this & others will not; AS I HAVE TRIED to explain; PLEASE don't give to much info. to quickly; WE need to learn to think it thru...
Those that have not worked on this... there
is plenty of time to work on it and post and ask your own questions...so
long as no one gives the crack away to soon...
But Please refer to The Sandmans original
list of questions and answer them as he requests. some order is necessary
or we will all be scrambling mindlessly again without FOCUS!
Crack it Snake!
Jeff
DSP - Okey, Jeff :) - Sat Oct 24 20:56:44 1998
Hello Sandman and Jeff,
This software is quite easy, I crack it in about 15 minutes or less. The protection is a simple nag screen in the startup, and of course, the 30 day time limit. First, I try to crack the time limit, Getlocaltime works. It's cracked.
Ok, now the nag, Well this is a Delphi/Visual C program, I know that, because I use the WinShow . Hmm, maybe I should fire the BRW ? I try the dead list first, And Yes Hardly to believe, this nag screen is generated from 1 simple conditional jump !!! test al,al ....
The crack is done ! And responding to Jeff, I'm not give you the FULL Cracks, just a few Hints ... Hehehehehe :)
Is this enough Jeff ?
jas - Oh MY! - Sat Oct 24 21:33:09 1998
Dsp;
Okay; that was great!!; ( Grrrrrrrrrr) are you sure you are so new of a newby?
The information was not to much for me;
But maybe plenty to much for others; now give many a chance to work on
it; okay? Please, study some of their replies and or problems and see if
you
can "gently" direct them in a proper direction
without revealing to much!
Gggggggggggeeeeeeeeeessssssssss! 15 minutes; you're a monster...*grin*
I'm feeding my daughter and have not even opened the program again; nor informed a few off line visitors...Hi tnwo!
After many have had a chance to view, and
write, and work, please post in addition; What you mean by brw; Is this
Borlands Resource WorkShop? I have searched and never found it yet on the
web...
How does localtime work; and why did you
know to head there so quickly; Your thought process and why you type a
certain bpx,bpr,bpio,task,hwnd ect. are... at this site far more important
than the crack itself!!! (not to take away your fine achievement!)
These type of building up to the cracks
are what will really teach us newBs... what;where;when;how;& why; a
certain thought process can or will be used. Okay? I appreciate all
your efforts and help in advance! I think The Sandman has this site set
up to imform you by email when you receive a reply here; I don't
know if this works ONLY if you have left an email address or not; i would
assume that its not intrusive to those who do not leave an address
to be informed. Hey; great going DSP;
We will build to harder progs soon I am sure; (To soon for me!) Sandman;
for some reason when I use a slash key it makes it a square box when posted;
have had to go in to Edit twice now.
Good crackin'
Jeff
DSP - Hello
Jeff ! Sun Oct 25 00:00:36 1998
GreetZ Jeff,
Yep, I think I'm just another newbie, since I couldn't make a loader yet ... but of course I'm heavily study on it ...
Yes, BRW is Borland Resource Workshop,
of course you could try the Symantec ... You could download it on Aesculapius
(Am I type correctly ?) Page ..., That's the best Tools Page I've ever
seen. Well, in order to crack the nag of a delphi program, IF AND ONLY
IF, the BRW can handle the resource format, since BRW is quite Old (I'm
using 4.5 But I heard from someone, that the 5 is already come out), you
could just rename the resources, But in C if the programmer doesn't put
anything to check the value returned the program run find. In Delphi,
if you do this, you'll got a messagebox, told, resource XXX not found,
Of course you know how to "destroy" this messageboxa ? Please don't blam
me if this doesn't work on certain software, it's because the
Delphi programmer do the same thing again
(Check the value returned).
But, Actually I can eliminate that nag without any tool, on Hex editor, First Fire WinShow to know the name of the nag. Once you got the name, search in Hexeditor, and rename the nag, Now the messageboxa come out. Yep crack it ! :)
Well, the BPX Localtime work, because it's
a common API use by programmer to catch the time, I found its 90 person
breaks on every Time Trial Software I've cracked, The main problem is sometimes
the routine after GetLocaltime is quite "good", like they encrypt the time
left, or
something like that. To make sure the
programmer doesn't use its own function, just use the standard quick view
from Windows 95/98 to view all the function.
But in this software, they only use it to get back "days left" Easy Right ? Just, trace it on FIRST Break on BPX GetLocal time, and a few F12, You know what I mean, just watch the EAX ...
Well, Yes I know the forum will inform me ONLY if I insert my email ... But I like this kind of forum, you can just click the response on the bottom of the message, unlike the insidetheweb forum ...
Keep up the good work for you two
Best Regard,
DSP
PS : If you don't understand my English,
Please excuse it, I , myself is really ashamed with my bad bad English,
C-yaa !
|
|
Greetings everyone,
A number of you have already said that you can crack this babe but I don't see much prove of this as yet!.
How about helping the others to get the first four answers wrapped up so that we can progress onto the next set of questions?.
When I looked at this program I knew it could be cracked easily by most of you, however, thats only the icing on the cake, the real stuff is deep within the program's code waiting for you to reveal it's inner secrets..
Lets see some sharing of that knowledge you all have.:)
Kind Regards
The Sandman
Smasher - it's inner secrets - Sun Oct 25 08:17:47 1998
Hi Sandman!
Is the one of this program's (SN) inner secrets we can obtain using EnableWindow API Call ? :))) Or I'm wrong ?
Smasher
The Sandman - Inner Secrets... - Sun Oct 25 09:26:52 1998
Greetings Smasher,
In answer to your question.. I don't know, perhaps you should explain to me and everyone what you've found and how you found it *grin*.
But first, have a bash at answering my questions [1-4] in some detail so that everyone else can learn from YOU!.
Kind regards
The Sandman
|
|
Yes Smasher!
First let me thank you for answering The Sandmans Questions:
We need to each try remain Focused on where the Sandman is trying to lead us; and to try to respond in a focused format. Please try to answer his questions first; and search by his questions first; He is leading us to a final conclusion in thought process.
Smasher: You have cracked the purpose of this forum; bugger
off the Crack; the crack is nothing; the thought process is everything;
The co-hesiveness of this group working together is everything;
The diversity of the individual input is everything;
Have you noticed (of course you have) all the different approaches to
this programs (easy or hard; does not matter) crack? Why?
What were your thoughts? Why did you approach it this way?
What gave you a thought that you could crack it without opening softice?
What tool were you using when u concluded this; Why?
The crack is nothing!
The thought process is everything!
The FOCUSED efforts in one direction.
Can you imagine how many emails arrive... Why did you do
this...why did you do that...How did you KNOW to do this... How DID YOU
KNOW to do that...
The missing link in tutorials...the thought process to arrive at concessionary
direction...(with or without result) The tutes teach us to USE the various
TOOLS (softice & dasm ect.) this interactive method should teach us
to think...and then head for a certain area to explore...
So; please to everyone; DO NOT POST the Crack; Leave little trails of bread crumbs for those of us not so learned to follow to your conclusion/s... sorry for the Re-paste; I thought it to be important.
Thanks everyone!
Jeff
|
|
Greetings Everyone,
Having looked at all of your postings I can
see that many of you seemed to have
found this program relatively *easy* to crack,
however, since this is not a race, I'm
more concerned with seeing what you have found
out from this program rather than
see it cracked at this time.
For those that did attempt the questions I
can see my little 'Red Herring' didn't
trouble you too much..:)
I asked...
Question 1. What type of protection system(s)
do you think this program uses?.
Serial/Password/Trial/Demo/Key File/Nag Screen
etc.
My 'personal' definition of a protection system is:
"Anything that hinders or prevents your copy
of the program from behaving or
looking exactly like it's registered counterpart".
Therefore, Nag Screens IS a form of protection
system. This program IS also a
Time limited software, it expires 30 days
from being installed.
Question 2. Where does this program store it's
settings?. Is it in the System
Registry File, or in a hidden file/.CFG/.DAT
file etc.
Anyone using REGMON will see that this program
seems to read from all parts of
your System Registry file and pretty quickly
you'll see 100's of lines of data scrolling
up your screen and if you didn't use a filter
then you'll also see that windows and
any other running programs will also add to
this confusion.
However the actual location is:
HKEY_CURRENT_USERSoftwareSystem Notebook1.0.0.4
BackUpPath = C:PROGRAM FILESSNWIN
DoBackUps = 0
ExitOption =1
RestartWithWindows = 0
StartupLogobackupPath = C:PROGRAM FILESSNWIN
ViewStyle =0
Did anyone do any experiments with any of these values?.
ViewStyle =0 ;Controls the way the icon's are
displayed and handled within the
program. Valid Values are: 0 to 3
Question 3. Is there a 'hidden' Registration Screen within this program?.
This was a 'Red Herring' *grin*. When I looked
at this program I found nothing to
suggest that their is a 'hidden' registration
screen. In the help file that comes with
this program it says:
"When your registration is received, you will
be e-mailed immediately with
everything you need to run the registered
version of System Notebook."
If we examine carefully, the wording used here
I picked up on the word "NEED". Now
if YOU need something then it suggests something
'solid' like a small .REG file
perhaps, that's attached to your email that
then will allow you to register your
program. However, if it was a serial number
that was going to be sent to you then
the wording would be changed to reflect this.
Example:-
"When your registration is received, you will
be e-mailed immediately with
everything you need to *KNOW* in order to
run the registered version of System
Notebook."
Now doesn't that suggest that the authors would
send you an email with the
serial/password in it!.
Before I finish with question 3, hands up all
those that tested this program
WITHOUT having Softice running in windows
at the same time?. In other words, did
anyone run this program when softice wasn't
loaded at bootup time?.
I ask this question because what if the program
had hidden the registration screen
and that this screen could ONLY be accessed
if the User presses the CTRL + D
keys together?. What would happen?. Yep, you
would get Softice pop up instead of
the 'hidden' Registration Screen that you
were looking for!. No, this program does
not do this but unless you made sure Softice
wasn't loaded into windows before
running this program then how would you find
this out!. Will leave you to think on
this further..:)
Question 4. When is the Nag Screen shown?.
Start of program, end of program or
both?. Are there any 'random' or pre-determined
times when this nag screen gets
shown?.
The Nag Screen is shown each time the program is run and that's it.
Well done to everyone that has figured out all this so far..:
My next set of four questions will be posted
shortly..)
Kind regards
The Sandman
|
|
Hi there,
Q1) Program uses a Nag at installation + after the 30 days trial is over.Briefly popping up before ending the program.
Q2) PRG stores configFlag settings in registry (IXOYE) presumably based on system date of installation Manipulating them gives u zillions of days without however getting rid of the nag :( (Didn't find the algorithm if there's any.)
Q3) Couldn't find a 'hidden' reg-screen (My hands are UP :) )
Q4) Every start
DawnRun
Could you move kinda slower? ie The Sandman
and Jeff? I'm a bit on the slow side myself <:)
|
|
Hi!
I now have a list of questions that will help me and probably a few others...
My questions are from a NewBs perspective...
1)What is a register Flag? I saw the IXOY statement both in Wdasm and in Regmon; but did not know what they signified... Where is it stored; inside the code; or in a file somewhere?
2) Taking Dsps notes and having seen in Regmon the value RegisteredVersion
I typed this value into the Registry and assigned it the value of
"1". Doing so eliminated the pop up 30 day nag screen; Changing it
to a Zero value brought BACK the 30 day nag screen; however now there was
NO time left and when you click on OKay the program shuts down; Changing
it back to the "1" value; once again eliminates the Nag screen.
But when you click on ABOUT you are still not registered per sey...
My question is this:
Have you eliminated the 30 day time limit just because the Nag is gone? Or must you now find where the Date is being stored and change it? When I input the value of "1" and change my clock forward I do not receive any Nags nor shut downs...
3) If the software authors can email you a patch (or REG-file) can you take the info. gained from RegMon:...
RegisteredVersion
UserName
UserOrganization
RegistrationNumber
...and write your own REG patch in notepad; if so: would it be stored
in Registry; or in this hidden IXoY location...or
I tried typing these all in and assigning values to them; the only one
I found working was RegisteredVersion... Not recognizing my Reg# because
there is a flag still set not
seeing my assigned value as TRUE?
4)Several people have stated this can be debugged without Ice nor dasm;
This leads me to believe something (some hidden...(date-file?)was seen
in Regmon or by manipulating the Registry values... I can continue searching
through these two above and manipulating
values; but since many busted this within 3-15 minutes i assume the
input is not that tough...
Is there something or somewhere else I should be looking for this "easy" crack? (Direction is everything for me...hints only please)
5) 30 day trials are "my biggest nightmare"; I like searching for serials;
Dsp has stated that you use bpx GetlocalTime to search for a 30 day trial...Would
I be searching for a value somewhere with the statement of "1e"? He also
states that you F-12 several times;
6) Is there a standard process for HOW you KNOW when to f-11 or to
f-12; and HOW do you know when to stop...and begin looking at the code?
Thats all for now; Hope you all can help us not so learned as yet...
Jeff
the snake - find the days with f12 - Tue Oct 27 00:42:02 1998
hello jeff,
>>Dsp has stated that you use bpx GetlocalTime to search >>for a 30
day trial...
>>Would I be searching for a value somewhere with the >>statement of
"1e"?
I was doing as Dsp said, after a few f12's i saw in eax the value of
"1e", then i changed the date of the 'puter 1 day forward, and this "1e"
changed to "1d" that gave me in the nag 29 days left.
take care
the snake
Smasher - Days... - Tue Oct 27 04:26:29
1998
Hi!
If you look at code with attention, you will see interest calculating how many days left, including accounting 30 or 31 days in current month, coz :) & leap-year!
Have a nice day!
Smasher
Jeff - Snake BRAVO! - Tue Oct 27 00:47:55
1998
Snake;
That was also well written; I know that I screamed bloody murder about
being cryptic when we first started out with this project; and so there
were many things i still could not follow; such as DSPs cryptic,... watch
the eax...HUH?
You just filled me in. Thanks!
Jeff
The Sandman - Unanswered Questions.. -
Mon Oct 26 15:27:06 1998
Greetings Crackers,
At last someone asks questions!!
Forgive me for repeating some of what's already been written on this
forum but the actual 'crack' is unimportant to most newbies on this forum,
it's just the icing on cake. However, what is of importance is the *thinking*
and *understanding* that tells us 'How to crack' that newbies are
trying to get a handle on.
For those of you who were able to 'crack' this program in 15 mins or less must realize, that it's that knowledge and experience you posses that people want to learn about.
Before I post the next four questions relating to this cracking project, I would like to see some of you answer some, or all of Jeff's questions yourself. Those of you who have already 'cracked' this program might want to jump in now and have a go yourself.
As a tut writer, I can honestly say that I have been able to remember
more about cracking in general simply because I've had to make sure that
what I write, is correct and as
accurate as possible!.
Your postings not only help Jeff, but everyone who is following this project, even those who haven't *yet* made any postings to this forum.
I already know who among you, have great potential as crackers, but if you don't show everyone else with your postings then how are they to also see!.
Kind regards
The Sandman
jas - Another Question - Tue Oct 27 01:45:54
1998
Hi
another question:
Having seen the listing in regmon: "IXOYE" and having seen it
listed in one of the project posts:
I searched for it in the registry: found @ Hkey_UsersDefaultConfig
When opened it has the statement:
ConfigFlags "36121"
This number "36121" I also saw in RegMon:
Question:
What is it; what does it represent to this crack if anything?
Thanks
Jeff
|
|
Regmon is an awesome program!! Just ONE of the many places to get it is http://www.fravia.org/tools.htm (near the bottom).
In order to crack this program, I first read the Four Questions by the Sandman. After getting the prog and running it some, i could answer all but the 3rd question "Where is the hidden reg screen?" I clicked around for about 5 minutes, everywhere...hehe Nothing. So I decided to read his answer to the Four Questions and I discovered that all was as I had expected and there was no reg box with Name: Serial:. I also found the hint about regmon useful.
How I Cracked the Program:
First, I opened Regmon and then System Notebook directly afterward.
This is really all you need to understand the program's calls to the registry.
To stop Regmon from recording more calls after System Notebook starts,
turn the Capture Events and Autoscroll options OFF (under Events
menu in regmon). You have all the information you need; now you must examine
it.
The most useful information Regmon supplies is the "path" and "result"
fields. After only a quick glance at the queries, the word Registration
*POPPED* out. (Hint: You must make Regmon full-screen and drag the right
end of the path column far to the right in order to see the full Path
name, at least on my monitor) On closer examination, one might notice
the key
"HKCUSOFTWARESystemNotebook1.0.0.4RegisteredVersion".
Looking immediately to the right in the "Result" column, the message
"NOTFOUND" appears. Well, maybe it must say SUCCESS in order to register.
When the author emails you a
registry file is sent that will create this key so that your program
will be registered. Well, why don't you create the key yourself?
Creating the key using regedit:
Start up regedit and go to the key shown in regmon
"HKCU SOFTWARE System Notebook1.0.0.4RegisteredVersion"
(The CU is for Current User) You might notice that the key doesn't
exist! That is what we have to create.
Click on "1.0.0.4" and then go to menu.edit.new.string to create a new
key. Name the string RegisteredVersion and give it a value of "Yes". Now
run System Notebook. Error message: "Invalid data type for 'RegisteredVersion'.
It didn't quite work, so click on 'Ok'. Hey,
NO NAG SCREEN!! Now we know we're on the right track...
What I did at this point was to delete my created key and try creating a "binary value" key. It didn't work, so I created a "DWORD" key. However, the value for this key can't be "Yes" (try it and you'll see what i'm talking about =P), so you have to put in a '1' for the value. There it is, all done, no nags.
Notes:
If you put a '0' in at the end, the program displays the nag screen.
The other NOTFOUND results in Regmon (UserName, UserOrganization, and
RegristrationNumber) are of no consequence. This is most likely to trick
people into thinking the
program needs more than just a "RegistredVersion = 1" key to work,
although even that is not a
pragmatic reason. Actually, I can't find a place (other than the registry)
where your name is displayed as the Registered Owner. Weird.
Well, I hope this was useful and that I brought you some insight on
Regmon and the registry in general. Post any questions you may have about
this method. Also, if you know of a
kewl trick to crack using W32DSM I would love to hear it. This is an
awesome board, keep it up Sandman!
-Dugue
the snake - regmon info - Tue Oct 27 00:36:58 1998
hello Dugue,
this info about regmon was very helpful to me
thanks
the snake
Jeff - But is it? - Tue Oct 27 00:18:22 1998
Hello!
Well thought out and written; very smooth to follow; Thanks!
I have a question though; I too have entered the "1" value and yes
the nag screen goes away;
even when clock is set forward... But when you click on the HelpAbout
box...
Should you not see the version registered to you...instead of the "prompt
to register" still enabled?
Just a thought...
Jeff
DawnRun - SNWIN-reg-manipulation - Tue Oct 27 12:58:45 1998
Hi,
i agree,that's about the "only" problem remaining for me. any suggestions?
Maybe a new approach?
DawnRun
Dugue - Really registered? - Tue
Oct 27 08:37:24 1998
I'm glad that my info was of some help. Well, I'm sure it is really registered for several reasons.
1) Opera will let you put in a new Name: Serial: even after you are registered. So will MusicBox, to name another program. Many programs will leave traces of the registration process even after you register them.
2) Regmon checks the key RevisteredVersion and returns SUCCESS upon
further running of the program. On the same key, a value of 0 means unregistered.
A value of 1 is
registered.
3) This is a poorly written protection because the author gives you
(for some reason) a Name, UserOrganization, and a Serial. These are of
no consequence, I assume you can put any
value in them but I have not tried. You don't even need these keys.
If you happened to copy this program (not the zip but the .exe) to a disk
and give it to your friend, it would be unregistered and he would have
the information to obtain a registered copy (from the author).
4) I turned my clock forward a year, and the program still works. There are no more nag screens and it never expires. Sounds like a crack to me!
-Dugue
Jeff - Hhhuuummm;Wasted CODE writting? - Tue Oct 27 11:28:14 1998
Howdy;
Please keep in mind I am not Arguing with you; I am seeking deeper answers only.
Yes; entering, by your own hand, into the registry the name RegisteredVersion and assigning it the value of "1" does indeed eliminate the NagScreen and yes setting your clock forward also does continue to allow the program to run unencumbered.
And yes; I agree that you have disabled and enabled your crack. What I do not agree on...sorry...what I question...is whether this crack has been brought to its entire
conclusion...
Would the Author waste his time putting in wasted code of UserName;
UserOrg;RegistrationNumber; to fool the general public who would have ZERO
idea that it even resided inside this program?
Would the Author waste his time writing code as a Red herring to fool
crackers who busted in... in under 3-15 minutes, by writing the above code?
If the NagScreen code had been Referenced or linked to only be enabled if or when the above info had been filled in, or patched, would we then be still looking around to have this program "registered" in our own names; instead of satisfied that the crack is done...?
I am CERTAIN of nothing; I am simply asking questions.
I "think" now that this code does indeed have to be there ready to EXCEPT
a .REG file that will be mailed to you; and that the ABOUT box will then
DISPLAY your User information on
it.
If this is TRUE; I do not know.
It is TRUE at this point in your assessment that the program is enabled
and running... And I believe it is working out wonderfully how many have
cracked this program in what seems
from the cryptic inputs that many have found different ways to do so...
How many tutorials would it take to produce this amount of information
garnered from one program project? Keeping in mind that there will be many
various ways to arrive at a fully functional program,
I think, again,... I wonder,... is the crack done?
Thanks for being here!!
Jeff
D0gBytes - Re: Hhhuuummm;Wasted CODE writting? - Tue Oct 27 13:02:17 1998
Well, some good points Jeff.
I think that the crack done by Dugue was a method that taught us all something. If you are going to use just one tool as Dugue did, then you might consider the crack complete from that point of view. I don't think that he intended it to be the definitive crack for this program, but, rather an alternative method if you are stumped.
Clearly the author would not send you instructions to make changes in
the registry as his method of registering the program for you and so, that
means that there is probably a key
file that he sends you. It could also mean that there is a hidden reg
screen although I have seen no indication of it. I believe that there are
several more ways to crack this program including the "Shareware Flag"
method that the Sandman taught us in the AI project or maybe a regged key
or dat file.
<<"Would the Author waste his time putting in wasted code of UserName;
UserOrg; RegistrationNumber; to fool the general public who would have
ZERO idea that it even resided
inside this program?
Would the Author waste his time writting code as a Red herring to fool
crackers who busted in... in under 3-15 minutes, by writting the above
code?">>
I doubt that author was interested in fooling anyone by using fake entries
to try to foil crackers. I think what we have is an inexperienced writer
who has borrowed on ideas or used some of the many "public Domain" code
snippets that are plentiful if you frequent code writing forums. He
may have found that he could not use the entire protection scheme but
just one part of it. We have to remember that the coders have to learn
also. He might be just beginning to sharpen his writing skills. May we
all sharpen our skills along with him.
Thanks for keeping us all thinking Jeff. And thanks to Dugue for showing us this alternative crack.
Regards,
Bytes
The Sandman - Re: Wasted CODE writting?
-Tue Oct 27 14:42:35 1998
Greetings D0gBytes,
Your points were spot-on and reflect those of my own. yes, the protection system is very young and uncomplicated. It almost shows that perhaps, the programmer(s) 'expect' their program to be 'cracked' and decided to offer only a 'token' fight in order to satisfy their sponsers/backers etc.
IMHO...
Looking at System Notebook I see that it's still at version one, with several re-builds to it's history, therefore it's still being evaluated by the authors to see if it's a worth while program to continue pouring further resources into it.
Protection systems are an added cost and resource, therefore unless this program is a sure fire 'hit', it's protection system will do the job it's suppose to do, stop non-crackers from pirating it, yet it will offer little protection against newbie crackers.
Overall, the protection system employed is a trade off between loss of revenue and their potential income from a relatively unknown commodity..
The Sandman
Jeff - WOW! This Project Is AWESOME! -
Tue Oct 27 14:40:13 1998
Hi DOgbytes;Hi Dugue!
Once again i apologize for my lack of conveying my inner thoughts. I
absolutely see and appreciate Dugue's approach and do understand that we
each have an end result...with
various approaches... resulting in the same objective...bust
the babe...and learn from the various results.
I was basically inputting my additional thoughts as a result of his findings (and a few others who found the same; including myself after reading and experimenting with the values) ...and wondering out loud... I DO NOT have the experience to question any-ones results! And I find it hard to explain myself without having making it sound so...
I apologize, Dugue, if I took away anything from your fine results and efforts. I did not mean it that way!
Dogbytes; I learned something here too; I am not; do not know a lick
about program writting; So the Author could be using PREformed snippets
of code that "have already been
written that he simply INSERTS into the program to save him time writting
it? AHha! This would certainly ALTER my conceptions drawn by that input
of code into the system of there HAVING to have; and or not having the
need to have, those values implemented!?
COOL!
I love this Forum!
Jeff
D0gBytes - Re: WOW! This Project Is AWESOME! - Tue Oct 27 21:32:57 1998
Jeff,
I don't think anyone took your comments the wrong way. We are getting to know you and how the questions come pouring out of your head onto the keyboard. I find it an asset to the forum and I think that most others who frequent here, feel the same.
Regards,
Bytes
| Next Page | Return | Previous Page |