+HCU 1998
Strainer solutions
(Updated 15 september 1997)
Here are the solutions to the +HCU 1998 strainer, and the names of the
new +HCUkers...
If you check +ORC's lesson 4.2.,
You'll be able to see that the required solution to the strainer should
have consisted
of four parts:
- Part 1: Finding MsMoney 3 demo (finding an old program)
This has been considerably facilitated by us, as I published on my
page the old
french version of MsMoney I found myself and +gthorne inserted it inside
his orcpaks... an +HCU "bonus", therefore,
to those few that have
found the ENGLISH version of it (for instance on Fidonet, which many of you
probably don't even know that exists)
- Part 2: The reason for the crack +ORC used for MS Project
- Part 3: Cracking MS Money 3 demo
- Part 4: Cracking MS Money 97 demo
All future +HCUkers may use the
following badges wherever they want (on their essays, on their pages,
wherever)...
The "+" inside their handles, below, are only indicative,
promoted students are free to position them wherever they want
inside their handles.
Here follows what +ORC has decided:
Contributors that get in (and their GOOD solutions!)
(The text snippets are intended only as "aperitive" to these
very interesting texts :=)
1)
+ReZiDeNt's solution
"...by the way, you were right about MS Money 3 demo - it was *very* hard to
find. I eventually found it after a lot of intensive and careful searching
via FIDONet, rather ironic considering it's decline due to the incredible
success of the Internet"
2)
+Yoshi's solution
"...jnb 00470E07 ; this makes sure that you havent set your clock
before the installation code, change to jump just for the hell of it"
3)
+Alt-F4's solution
"...The Call to 81:10AE calculates a number based on the date. The formula is
number=(year-1948)*512 + (month-1) * 32 + (day-1)"
4)
+Toxine's solution
"...for those unfamiliar with Hiew (who?), press F3 to edit, position your
cursor then press TAB to switch into ASM coding. Now, can you feel its
POWER!"
5)
SiuL+Hacky's solution
"...it
is important to know how the program gets the installation date. There are
two possibilities:
1) Get it once and store it (even with copies in memory).
2) Get it whenever you need it (even checking it with some copies).
The second one is safer, but less common. Try the first one, which i am
going to explain thoroughtly"
6)
+Zer0's solution
"... I have actually done the cracking on MSMONEY 1.0
and just simply
checked if the later versions 3 and 5 have the same protection routines.
(Of course they have the same protections! Amazing!)"
7)
iNCuBuS++' solution
"...All we have to do is to bypass the call to nagscreen opening routine. We
can't just noop it because it is referenced by the relocation table and
the system will try to correct the segment address of the call when it
loads the program thus corrupting any instruction we put there and the
program will not run. So, we will put a JMP immediately after the call to
ShowWindow... ...+ORC's SOLUTION ALSO DOESN'T WORK IN ALL CASES !!! It works if the
current date is greater than expiration date or if it is outside the range
1984 to 2049 ! If the current date is lower than the installation date
(but it doesn't go below 1984) protection will react - the nagscreen will
pop up and the program will terminate."
8)
+heres' solution
"...But near the second address, no conditional jumps are present and breakpointing the first
you get a Protection Fault... We have a chance, make a backtrace buffer. So breakpoint the
only CS+C8:360F and re-enter your date. You have to establish the buffer range, so type:
bpr cs:0000 cs:360F T and re-enter the date. With the SHOW command of SoftICE, you can see:"
9)
+Aitor's solution
"...Ripping the encryption code we can write a little program to do the job
(it may help in future Micro$oft cracking sessions :)) ... here you got
the TP/BASM code (with a few little modifications you can get the C
translation)"
A)
+swann's solution
"...Nuff said about this truly ZEN crack of an intrinsically useless
program. Don't ask me why I've done this. I don't know... ...+orc suggested we nop this jump at 8.17e8 out. I don't know whom he is
kidding, but certainly noone who's studied his tutorials. Obviously,
we _do_ want to take that jump, and therefore patch "EB46" for "7246"
at 8.17e8."
B)
+Malattia's solution
"...Ah, I usually run
Wdasm just ONE time to disasm the progs, then I save the file and
read it
with LIST.COM... it's very fast! ...If you have Borland Resource Workshop, give a look to dialog 0494hex,
that is 1172. It is the "Avertissement de limite de validé" we do not
want to have to deal with!"
Contributors that can get in if they complete their solution before the end of November
+SNiKkEL, he has sent a solution which is partly correct, yet incomplete and not "explaining" much
A+heist, he has sent a solution which is partly correct, yet incomplete
Lera+h, she has sent a solution which is partly correct, yet incomplete.
Contributors that wont get in this year
All other contributors, that do not get in, should understand why I decided this way just
looking at the
above (good) solutions. Better luck next year. If you believe this is injust, and if you
are sure that you should get
in, because you think that your solution is as good as the solutions above (or
even better in your opinion), feel free to send a (motivated) protest to Fravia+ or
+gthorne. It
will be read and examined by +gthorne, Fravia+ and +Sync, and I will accept their
opinion as binding.
+ORC
The new +HCUkers will be divided in "units".
+ORC's letter to the new +HCUkers ("A real university") will be published
asap.
+HCU 1998 lessons will begin on 01/01/1998 with a message by +ORC ("New year, new tasks")
Any new
+HCUker may ask any information to +ORC (or ask any tool to me, +gthorne or
+Sync)
Back to +ORC's page
homepage
links
anonymity
students' essays
academy database
tools
antismut
counter measures
cocktails
search_forms
mail_Fravia
Is reverse engineering legal?