Cracking Calli-Graphic 1.0.5's 30 days time-limit trial

About this tutorial:
Tutorial:Cracking Calli-Graphic 1.0.5's 30 days time-limit trial
Target:Calli-Graphic 1.0.5(http://www.vaxxine.com/mikwit/Calli-Graphic/calligraphic.htm)
Author:ManKind
Tools:W32Dasm 8.9x, HIEW 6.xx(these are good softwares, worth buying)
Date:26th of November 1999
Descriptions&Comments:Calli-Graphic is a program designed specifically for Calligraphers of All levels of experience. It can be used to avoid the time consuming task of ruling lines for practice sheets, as well as producing lines that can be used directly in finished pieces or as guide lines when using a lightbox. Teachers can use Calli-Graphic to produce guidelines for their students, to reduce wasted classroom time.
Copyright information:This tutorial is copyright © 1999 ManKind

Starting words:
Hello,welcome to my tutorial. I am ManKind, a newbie in cracking who want to share my cracking skills with other newbies. Contact me at mankind001@bigfoot.com

The process:
This program is coded in Visual Basic. To follow this tutorial, you will need to get SDR Enabler for VB Apps from Duelist of DREAD Crew(you can get it from either http://dread99.cjb.net or LaZaRuS's site) and use it to patch your copy of W32Dasm so that your copy of W32Dasm can show the String Data References of VB applications after disassembly. As a note, I would like to tell you that this is actually my first time-limit crack though I have read much about it(well, I am a newbie and lamer). Now you may download Calli-Graphic and install it. Then change the date of your PC into any date that is 30 days after the current date. Start the program. Press the Continue Unregistered button and a messagebox will tell you that your trial period has expired(this prevents you from getting into the main program). Disassemble it. Open the String Data References screen and look for the following string:

"Your Evaluation Period has Expired"

Double click on it. You will be brought to the following code:

* Possible StringData Ref from Code Obj ->"Your Evaluation Period has Expired"
|
:00418D44 C74580D4D04000 mov [ebp-80], 0040D0D4

Scroll down until you see the following code:

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00418CCA(C)
|

Now open the Goto Code Location screen(Shift+F12), type in the address of the above conditional jump(the (C) at the right of the address indicates that the jump is a conditional one) which is 00418CCA. Press OK and you will see the code below:

:00418CC7 663BF3 cmp si, bx
:00418CCA 0F84C4000000 je 00418D94

The codes above and below the above lines are useless(at least for my purpose). Note down the offset of the above address by looking at the status bar of W32Dasm(the hexadecimal number after the @Offset is the offset and the 'h' at the end of the offset is of no use other than indicating that the offset is hexadecimal numbers). We need the offset so that we can patch the target program using hex-editors(I use Hacker's View(HIEW)). Let me explain the above code:

:00418CC7 663BF3 cmp si, bx
This basically checks whether we are still in the evaluation period(or something like that, I am not so sure)

:00418CCA 0F84C4000000 je 00418D94
If the above check indicates we are still in evaluation period, it will jump to 00418D94 and start the main program otherwise if we are not in evaluation period anymore, it won't jump and the codes after this line will execute the nag which will prevent us from getting into the main program(you remember what I said in the beginning of this tut?).

So, in order to crack the 30 days time-limit trial, we will have to patch Calli-Graphic so that no matter what value the check at 00418CC7 returns(either equal or not equal) the codes at address 00418CCA will jump to 00418D94. To make it simple, we will have to change the je(jump if equal) to jmp(jump) so that it will always jump and start the main program after we press the Continue Unregistered button no matter we are in or out of the evaluation period. Patching isn't hard now that we have found the right place to patch. Open up HIEW(or any other hex-editors), load the file to patch(Calli-Graphic.exe), press Enter until you are in the Hex mode, press F5 to tell HIEW where you want to go, enter the offset(180CA) without the 'h' and finally you will be brought to the correct location to patch. Press F3 to edit the bytes and change the bytes like below:

From:
0F84C4000000

Change to:
E9C500000090

Press F9 to update the changes and F10 to exit HIEW. Well, job done for the 30 days time-limit trial, try it yourself if you don't believe it. Simple aren't it? The first starting nag screen is still there, however this tut is on cracking the 30 days time-limit, maybe the nag screen and registration process need other tutorial(who know? I might do another on this but certainly not now). There goes my first time-limit check, I am quite satisfied, aren't you? Hehe! As usual, contact me if I make any mistake, give me your feedback, comments, suggestions and opinions about this tutorial and my way of presenting it.

Additional/Extra Part or Stuff(s):
Nothing special here, just to critize the programmer of Calli-Graphic for his/her lame way of executing the time check. I don't want to write much here cause I myself can't code a time check better than this(I am a lame coder) but I am convince that there are certainly better ones. Try to improve and challenge us(crackers, reverse engineers) again!

Ending:
Thanks to:+ORC, Sandman, HarvestR, tKC, ytc_, Punisher, Kwai_Lo, TORN@DO, Crackz, eKH(for the crackme) and other crackers and individuals who provide me with their tutorials and tools.
Greetz to:HarvestR, tKC, ytc_, Kwai_Lo, Punisher, TORN@Do, CiA, Phrozen Crew, eKH, other cracking groups and all crackers.

Service for ManKind
ManKind
mankind001@bigfoot.com
http://surf.to/mrep