| Target Program: |
OmniHTTPd Professional 2.02 |
| Description: |
OmniHTTPd is a HTTP/1.0 and HTTP/1.1 Webserver with
advanced virtual server support. It also features multiple configuration/profile support
and extendible architecture support, detailed user and directoy rights security, IP site
restrictions, GUI Setup, serves up to 512 simultaenous connections, configureable server
thread priority. |
| Location: |
http://www.omnicron.ab.ca |
| Protection: |
Time Limit |
| Tools needed: |
- SoftICE 3.24 |
| |
- Hacker's View |
| Ob duh: |
Do I really have to remind you
all that by BUYING and NOT stealing the software you use will ensure that these software
houses will continue to produce even *better* software for us to use and more importantly,
to continue offering even more challenges to breaking their often weak protection systems.
BTW, It's illegal to use cracked Software!
If you're looking for
cracks or serial numbers from these pages then your wasting your time, try to search
elsewhere on the Web under Warez, Cracks, etc. |
| Info: |
Brand and product names are trademarks or registered
trademarks of their respective holders. |
| Level: |
(X)Beginner ( )Intermediate ( )Advanced ( )Expert |
|
As you may know I'm creating
a Public Tutorial Search Engine - and for offline testing I've downloaded the latest version of OmniHTTPd Professional.
We know that OmniHTTPd is time limited. So set a BPX to GetLocalTime and
GetSystemTime. As you can check in SoftICE, the first three breaks (one for GetSystemTime
and two for GetLocalTime) are not interesting for us, since every program must be
initialized. At the fourth break (GetSystemTime) SoftICE displays the following code
snippet:
:100211D8 FF1538950910 CALL [KERNEL32!GetSystemTime]
:100211DE 668B442400 MOV AX,[ESP+00]
:100211E3 663DD007 CMP AX,07D0
:100211E7 773F JA 10021228
:100211E9 668B4C2402 MOV CX,[ESP+02]
:100211EE 7506 JNZ 100211F6
:100211F0 6683F903 CMP CX,03
:100211F4 7332 JAE 10021228
:100211F6 663DD007 CMP AX,07D0
:100211FA 7506 JNZ 10021202
:100211FC 6683F902 CMP CX,02
:10021200 7313 JAE 10021215
:10021202 C70530F8081008F90810 MOV DWORD PTR [1008F830],1008F908
:1002120C B801000000 MOV EAX,00000001
:10021211 83C410 ADD ESP,10
:10021214 C3 RET
:10021215 C70530F80810ACF80810 MOV DWORD PTR [1008F830],1008F8AC
:1002121F B801000000 MOV EAX,00000001
:10021224 83C410 ADD ESP,10
:10021227 C3 RET
:10021228 C70530F8081050F80810 MOV DWORD PTR [1008F830],1008F850
:10021232 33C0 XOR EAX,EAX
:10021234 83C410 ADD ESP,10
:10021237 C3 RET |
As you can see at the bottom
of the code window, this code is located in OHTTPD20.DLL. Now even people with a very
limited knowledge of ASM *know* what's going on. We could change the instructions at
100211E3, 100211EE, 100211F4, 10021FA and then everything should work. However this is not
a good patching. We should change as less instructions as possible. So look at the code
again!
Well if everything is OK, the program will jump to 10021202. So why don't change
that JA 10021228 (100211E7) to JMP 10021202?
Now we know everything which is needed to patch the OHTTPD20.DLL - we have to look for
663D0007773F
and replace it by
663D0007EB19
and OmniHTTPd will not expire on 01th March
2000. This protection scheme is called a hard-coded time limit, since the time limit is
*coded* into the program and you don't have 30 days or whatever after installation.
Hard-coded time limits are nearly always very easy to crack as you can find out on your
own after having reverse engineered some of these.
Another target has been Reverse Engineerd. Any questions (no crack requests)?
|