Target : Techfacts XP
v2.03
Target URL : http://www.winutils.com
Tools : PEiD v0.8 or PE-Scan
v3.13, W32Dasm v8.93+, Hex
Workshop v3.1
Tools URL : http://protools.cjb.net
INTRODUCTION
Welcome to my sixth tutor for the Phrozen Crew. In this tutor I show you
how to kill a trial nag screen, as well as the expiration date restriction.
IDENTIFICATION
Like with all other target programs, it is an advantage to know whether
or not an application is packed with a encryption/protection scheme and
if so, with which one. For this reason I recommend the PEiD (PE iDentifier
v0.8) coded by snaker & Qwerton or PE-Scan v3.13 by Snyper.
I also recommend that if you use PEiD that you turn on the HARDCORE scanning option number 2 ON. The reason for this is that a lot of the more advanced packers/encryptors will try and fake identifiers by using other packers/cryptors' identification strings as well as virtually no identification markings at all. This will limit those chances to allmost none!
After you had scanned TechFacts XP for any known packers, you'll
find it is NOT packed, so it makes your task as a cracker a little easier
since you do NOT have to unpack and rebuild any part of the executable
file.
CRACKING TECHFACTS XP
Make a backup copy of the executable, ie. "Copy of tfxp.Exe".
Load W32Dasm and load the backup copy of the main executable and wait
for it to finish disassembling it.
In this tutor, I'm NOT gonna use the registration via ANY name and ANY
serial method. Instead I'll show you how to remove the nag and trial day
limitation. I'll deal with the "<Unregistered Version> message
at the end of the tutor for those of you who want your name/nickname in
the ABOUT box ;)
For now, everytime you start TechFacts XP, you'll first be greeted with
an annoying "Unregistered Trial Version" NAG screen with the
recommended creditcard purchase logos on it... To remove it click on the
String reference speed button in the W32Dasm toolbar and scroll down untill
you see the "TechFact XP <unregistered -" string reference
and double-click on it. Then scroll up untill you see the following offset:
Since there are too, you can first try the last one but sometimes the
first try can be the right one like in this case. Go to this offset in
the Hex Workshop hex editor and change it from 75 to 74 and save your
changes.
Restart the patched executable and see what happens. W00t! that stupid
NAG screen is gone and so is TechFacts' title saying "<unregistered...".
So is this it, are we done? Well remember that you have a 30 day trial
limiation when you installed TechFacts. Lets put our PC clock 1 year forward
and run the patched executable again.
Crap! No NAG screen but it says it had expired! Well, click CANCEL and
go back to W32Dasm and using the String Reference toolbar speed button,
scroll down untill you get the "TechFacts Registration Expired"
string reference and doubl-click on it. Now scroll up until you get this
conditional jump:
Now, using the Hex Workshop (I like this one specifically 'cause you
can add it to the right-click function function of your mouse!) go to
this offet and change the 85 to 84 and save your changes. Run the original
TechFacts executable with the PC clock still set 1 year forward to make
sure you get that "Expired" message box... You do.. good!. Now
click cancel and run the patched executable. B00m! No NAG screen and NO
expiration message box. Just to make sure it is working perfectly, because
sometimes just reversing a byte can make it say "Expired" when
you set the clock back to its original date..., set your clock back to
your current date, run the original executable. It will give you the NAG
screen and say something like "30 days remaining". Now exit
the original executable and run the patched executable. It still works
fine with NO nag screen etc.
Now for those who want their name/nickname in the about box... Yet again
using the Hex Workshop, press Ctrl+F to get the FIND box. Type in "<Unregistered
Version>" (without the "' markings of course) and click on
SEARCH. When it finds it, simply change the ASCII text to, ie. "Valek
/ Phrozen Crew" and save your changes... exit Hex Workshop and W32Dasm
and delete the original TechFacts executable and rename the patched executable
to "tfxp.exe".
Congratulations - You have successfully removed the NAG screen, killed
the trial limiation and replaced the unregistered version message in the
about box with your own info!
You have successfully cracked TechFacts XP
Enjoy!
Valek / Phrozen Crew
PS: Click on the Phrozen Crew logo to visit our website or on my logo
to contact me via email
