********************************************************************************
How to crack the WINDOWS 98 "year 2001" problem ???
***************************************************** -=[THOG]=- 1/1999 ******
(1) Who should read this ???
------------------------
Everybody who has installed the WINDOWS 98 - Update (release 4.10.1721.3) on
system. You don't know ??? If this text appears before your system is booting:
-> ACHTUNG: Die Lizenz fⁿr diese Vorabversion ist ungⁿltig.
Aktualisieren Sie umgehend die Software.
Diese Vorabversion von Windows 98 ist gⁿltig bis zum 1. April 2001
Weiter mit beliebiger Taste...
be sure - you have this version !!!
This short essay will show you how to solve this problem forever ....
(2) What we need this time ???
--------------------------
-> No SOFTICE [because a debugger is useless this time - remember your SYSTEM
is not running when this "NAG"-Screen :) appears]
-> No IDA
-> "AfDpRO" or another DOS-debugger
-> YOUR BRAIN [always important ... maybe a little bit knowledge about INT 21]
-> DISK-EDitor [NORTON ...]
-> HEX-EDiTor [WINHEX; HIEW ... ]
(3) Let us begin !!!
---------------
First I started up my computer and saw the dirty NAG-Screen. Since 4 month this
text was shown on my screen and I was forced to press a key. "Computer should
never say what people have to do ...": I thaught - "I will press a key to boot
up last time!". It was time to do something !!!
Its clear - the problem must be settled on the bootsector. So I opened all
SYSTEM-files and searching the string "Vorabversion". The "IO.SYS"
includes the string. YEAHHHH .... Then I used IDA and pitch the file through
the disassembler. I┤m waiting .... and waiting (my computer is not so fast!)
I had a closer look and found nothing. Mhhhmmm.... The string and the checking
routines were not dissassebled. "Good Microsoft "encryption" or packed ?":
I asked my self.
I remebered that the IO.SYS is concepted like a CONFUSING COM-file. But where is
the check-routine for the right "date"? The boot-system works with simple DOS:
MOV AH, 2Ah
INT 21h
ask your system clock for the date. This little code is HEX: B4/2A/CD/21.
I turned on my HEX-Editor and load the IO.SYS. B4/2A/CD/21 was found at
position 7159h. Then I marked 100 bytes started at 7159h and saved it to a
seperate file. This little file was loaded to AfdPro [its a very old but good
debugger ... but you can use every program like TR, TRW, IDA, Tracer which can
disassemble a file].
MOV AH, 2Ah
INT 21 <= get the systemdate;
CX=year
XCHG AX,CX <= year into AX
SUB AX, 7BCh
:
:
OR AX,DX <= check the year - important(!)
:
JNZ .... <= check the month and day
JMP ....
:
:
JNZ .....
JMP .....
I saw all this different jumps - help !!!!! By the way - important is only the
OR AX,DX !!! Keep this in your mind ...
OK, to crack this code is easy but what should i modify ??? Every jump ????
I decide to patch
SUB AX, 7BCh ===> MOV AX, const value (this date is always
correct :) !!!!).
PATCH 3 bytes at position 715D - 715f B8/11/00 and save the "IO.SYS" to disk.
Start your system again and have fun ....
(4) Any problems - any questions ???
--------------------------------
Mail me : THOG1995@Hotmail.com .