|
Diary Link 97
(Menu disable and active by Register Number)
|
Most Stupid Protection
|
27
April 1998
|
by Kabhoet
|
|
|
Courtesy of Fravia's page of reverse engineering
|
slightly
edited
by Fravia+
|
fra_00xx
98xxxx
handle
1100
NA
PC |
I love it: "I can't register, may be my program is error or what else
???? Forget it just try another way"... right so, +cracker! Look here, even in a simple
"beginner" essay there is always
something to learn (even for old hands)... provided that somebody has the "stuff" to teach.
Unfortunately, many self-calling (self-styling?) "crackers" don't seem to understand this simple truth :-(
|
|
|
There
is a crack, a crack in everything That's how the light gets in |
|
Rating
|
(x)Beginner
( )Intermediate ( )Advanced ( )Expert
|
|
Assume that
everyone who read this know very basic w32dasm and assembly language.
Dynamic
Procedure Call,
And crack
by the stupid way.....
Written
by Kabhoet
After publish my first essay, some guys have emailed me and asked me to
crack this program. This is one of the messages I got:
"Hi, I read your essay at Fravia, very interesting. Thanks for
the help you give us newbies. I'm trying to work with a file called
DiaryLink97. This file could be d/l from www.jamesralph.com and its about
2m in size. I have tried everything I know and still can't crack the protection.
Maybe you could help me? Its crippled and only lets you download
one record from your PC to a Casio Diary at a time. You don't need the
Casio to run or crack the program. Any help would be appreciated.
Three other gurus have tried but told me that it could'nt be done". The
last words seem to be a story created on the fly, of course. But never mind, I did have
a look at the program and I think it uses a pretty stupid protection scheme. So let's
have a look... stupid protection schemes are interesting for newbyes...
- W32Dasm
- HIEW(Hacker View) make a patch.
DiaryLink97,
Please buy it and don't use this crack if you really need this program, else crack it to
death... but only if you are just fiddling around for the sake of reversing.
This target lets you
download records from your PC to your "Casio Diary" (some funny useless gadget,
I presume). Of course I don't even have this Casio
Diary... wouldn't touch such a thing with a badget pole...
and therefore this target is completely useless for me.
You should install the program first and then run the program. You
will find that in the menu Communication -> Send -> there is only
1 menu can work and the other menu display a message box said "This Evaluation
Copy can only send single record". And I try to register at Help Menu but
it said "Error and bla-bla-bla". I can't register, may be my program is
error or what else ???? Forget it just try another way. Ok, now launch
the w32dasm and open the program (filename: dlink.exe). After that find
text "This Evaluation Copy" and .....
:004B5C78 33C0 xor eax, eax
:004B5C7A 8AC3 mov al, bl
:004B5C7C 66C784460C0700000000 mov word ptr [esi+2*eax+0000070C], 0000
:004B5C86 43 inc ebx
:004B5C87 80FB0A cmp bl, 0A
:004B5C8A 75EC jne 004B5C78
:004B5C8C 6A00 push 00000000
:004B5C8E 668B0DD4614B00 mov cx, word ptr [004B61D4]
:004B5C95 B202 mov dl, 02
* Possible StringData Ref from Code Obj ->"This Evaluation Copy can only "
->"send single records!
."
|
:004B5C97 B8E0614B00 mov eax, 004B61E0
:004B5C9C E83311F8FF call 00436DD4
:004B5CA1 E900050000 jmp 004B61A6 ; Goto To End
; If Registered
:004B5CA6 A1D4294D00 mov eax, dword ptr [004D29D4]
:004B5CAB 8D98AC020000 lea ebx, dword ptr [eax+000002AC]
:004B5CB1 8D45FC lea eax, dword ptr [ebp-04]
* Possible StringData Ref from Code Obj ->"Send record using communication "
->"parameters:"
|
:004B5CB4 BA1C624B00 mov edx, 004B621C
:004B5CB9 E856D9F4FF call 00403614
:004B5CBE FF75FC push [ebp-04]
* Possible StringData Ref from Code Obj ->"Port: "
|
:004B5CC1 6854624B00 push 004B6254
:004B5CC6 FF7304 push [ebx+04]
:004B5CC9 6864624B00 push 004B6264
:004B5CCE 8D45FC lea eax, dword ptr [ebp-04]
Don't try to look up and see who call it because you would never find it.
This program seem to be created by Borland Delphi or other else... But
Look at :004B5CA1, it said JMP to another place and not execute anything.
Strange....How come after JMP there is a real McCoy at there. Is that very
stupid, the compiler or the programmer.
So simply using Hiew to change :004B5C8C from Push 000000 to JMP :004B5CA6.
It means to jump to the real place if not registered. Easy.......And
you have activated one of three menu.
All the last step is Seek again and you will find another 2 address
(004B63CB and 004B6A52).
And patch it yourself......
And .... Finish. Nothing to say. "Rush with hurry and you will get
it ".
I wont even bother explaining you that you should BUY this target
program if you intend to use it for a longer period than the allowed one.
Should you want to STEAL this software instead, you don't need to crack
its protection scheme at all: you'll find it on most Warez sites, complete
and already regged, farewell.
You are deep inside Fravia's page of reverse engineering, choose
your way out:
homepage links search_forms +ORC students'
essays academy
database
reality
cracking how
to search javascript
wars
tools anonymity
academy cocktails antismut
CGI-scripts mail_Fravia
Is
reverse engineering legal?