WinRAR 9.0 Demo Version & Game Wizard 1.43

By +Jonathan

2002-08-13

 

 Today we are going to crack two softwares: one is WinRAR (much batter than WinZip; another one is Game Wizard 1.43—a powerful Game Editor.)

 

Protection:  Demo Message Box (After 30 days) & Evaluation Mark

 

The reason why it bring up a message box instead of ending the program (stop user use it) is that WinRAR want it more popular and more people use it. Therefore the crack will be EXTREME easy. This is what happens after 30 days:

 

 Now the crack is really simple: simply find the dialog box in Resource Hacker and delete it!!

 

<< Inside Resource Hack>>

(1)            Press open to load WinRAR 9.0

(2)            Press Ctrl + F to search (search “Please register” which is the title)

(3)            Then delete the reminder and change all other Demo Mark to whatever you want ^_^

(4)            Save change.

 

 

 

Just delete it ^_^

 

Game wizard 1.43 protection:

 

Demo mark & Demo reminder (at start up)

 

Let’s see what happen when you start up Game Wizard 1.43: (wait about 3 second)

(picture 1)

Notice that every time the program will tell you a different number button to click.

Here is the demo mark ( UNREGISTERED )

(picture 2)

Again take out the Resource Hacker to kill the first picture of pressing button. I guess I DO NOT need to teach you how right. Just teach you via the example of WinRAR 9.0 right?

 

You know what, this time you even CAN NOT use Resource Hacker since it is packed UPX, how nice ^_^

Let us UNPACK it. We can of course manually dump it, but when I use the Lord PE (same as procdump) to analysis, I find out it is packed with a early version of UPX (2 section UPX0, UPX1). UPX have a special function that it not only can pack a software but also can unpack this and previous version of it self. OK Know it is 100% unpacked ^_^ (a little bit easy right?)

 

Now kill the remainder. The Game Wizard CAN NOT run since the program will check if you kill the resource, (Although you can kill the resource in Previous Version.), but you still HAVE TO kill the resource. This time you not only kill the resource, but also fix it. Load it into W32Dasm, and find the word on picture (2) which is “UNREGISTERED SHAREWARE VERSION” and you will be right here:

 

* Possible Reference to String Resource ID=00302: " UNREGISTERED SHAREWARE VERSION

                                                                                         PLEASE REGISTER!"

                                  

:0040A89C 682E010000               push 0000012E

:0040A8A1 51                                 push ecx

:0040A8A2 FFD5                           call ebp

:0040A8A4 57                                 push edi

:0040A8A5 8D8EC0050000         lea ecx, dword ptr [esi+000005C0]

:0040A8AB E841240100              call 0041CCF1

:0040A8B0 8B565C                       mov edx, dword ptr [esi+5C]

 

Now do a ctrl + L to load debugger, and then F-6 which, I believe, is the only function better than SOFT-ICE in debugger. Approximately 1 minutes, you will be stopped here :

 

:004046B5 399C2448050000          cmp dword ptr [esp+00000548], ebx

:004046BC 7514                                jne 004046D2                                      *change this to jmp 004046D2*

:004046BE 399C2458070000          cmp dword ptr [esp+00000758], ebx

:004046C5 740B                                je 004046D2

:004046C7 8B5500                            mov edx, dword ptr [ebp+00]

:004046CA 8BCD                              mov ecx, ebp

:004046CC FF92BC000000             call dword ptr [edx+000000BC]          *You sort here*

 

                             Search: 39 9C 24 48 05 00 00 75 14

                             Modify: =============== EB =

 

Now the last thing to do “THE UNREGISTERED MARK” right? Let’s g. Just simply use Resource Hacker to resize it looks like:

 

If you need any tool please E-Mail +Jonathan: aikawa-nanase7511@juno.com