|
December 1998 |
"System Notebook v1.0.0.4" (An Interesting but weak protection scheme) |
Win '95/'98 PROGRAM Win Code Reversing
|
|
|
by Punisher |
|
|
|
Cracking 4 Newbies |
|
|
Program Details Program Name: systmntb.zip Program Type: System Utility Program Location: http://www.kcnet.com/~jkelly/vacnat Program Size: 474 KB |
||
|
Tools Used: Win-eXpose-Registry -- Registry Logger |
||
|
Rating |
Easy ( X ) Medium ( ) Hard ( ) Pro ( ) |
There is a crack, a crack in everything. That's how the light gets in. |
System Notebook v1.0.0.4 (Build 8.02)
( An Interesting but weeak protection scheme)
Written by Punisher
|
Introduction |
"System Notebook allows for the configuration and maintenance of many options otherwise inaccessible in Windows 95. You can optimize your Dial-Up Networking configuration, edit context menus for the various file types on your system, check your Registry for consistency, Back up your Registry, view and edit OEM information, change the icons for various objects on your desktop, edit your Run history, Document History, boot settings, startup and shutdown logos, and much more."
|
About this protection system |
The protection scheme is a nag screen at startup. There is also a time limit of 30 days. Registering the protection will remove the startup nag screenand disable the time limit.
|
The Essay |
Install System NoteBook and run the program. You will be presented with a nag screen telling you how many days you have left. Click the ok button and you will be in the main program window. Look around the program. There does not seem to be any way of registering. Maybe the registration dialogbox is hidden. Nah! We will have to take a closer look at this baby.
Close System Notebook. Run Win-eXpose-Registry (WXR from now). Click View Filters menu item and you will be presented with the filters window. We are going to set a few filters so we don't have too much unwanted information in WXR. Clear all filters then select Query Key Information, QueryKeyValue and QueryKeyValueExA. Make sure you check both success and fail check boxes for each of the three.
Check the Report only ONE checkbox. and in the edit box below enter SNWIN, this is the name of System Notebook executable file. Now click the ok button. We are now back in the main WXR window.
Run System Notebook again and WXR will log all registry access this program makes telling you which ones fail and which ones succeed.
Now look in WXR (Win-eXpose-Registry). You will see all registry accesses made by system notebook (SNWIN). Thase that are blue are those that succeeded and those that are red a those that failed. You can click on an item in the top panel and get its info in the bottom panel.
If an access failed you will see Not Found and if it succeeds you will see No Error.
Scroll down the list and you will see four entries that failed. They are:-
CURRENT\SOFTWARE\System Notebook\1.0.0.4\RegisteredVersion
CURRENT\SOFTWARE\System Notebook\1.0.0.4\UserName
CURRENT\SOFTWARE\System Notebook\1.0.0.4\UserOrganization
CURRENT\SOFTWARE\System Notebook\1.0.0.4\RegistrationNumber
The one we are interested in here is the fisrt one.
CURRENT\SOFTWARE\System Notebook\1.0.0.4\RegisteredVersion. Click on it. You will see that it is not found. This key in the registry is a registration flag. When we register the program the author will send us a .REG file that when run will create this key and the program will be registered. So our job here is to open the registry and put in this key.
Close System Notebook. go into the windows directory in windows explorer and double click on the file regedit.exe, this is the windows system registry.
You will be presented with the main program window. Remember the key we are interested in is :-
CURRENT\SOFTWARE\System Notebook\1.0.0.4\RegisteredVersion
Click on the plus sign infront HKEY_CURRENT_USER you will get a number of entries similar to windows explorer folders. Click on the plus sign infront of Software and will get even more entries. Look for System Notebook and click it's plus sign to expand that branch. You will then see 1.0.0.4 click on that. You will see in the right panel entries such as BackupPath, ExitOptions etc.
Click inside of the right panel wher all the entries are then select Edit New DWORD Value from the menu. A new entry will be added. Now Type in RegisteredVersion and press enter. You will notice that the value for RegisteredVersion is 0x00000000(0). If you leave it as that when you run System Notebook the program will still be unregistered. This is because the Registration flag is set to zero (not registered). We must set it 1 which is registered.
With the blue cursor on RegisteredVersion Select Edit Modify from the menu. A dialogbox will pop up so you can modify the valuse of that key type in 1 and click the ok button. Notice that the value of RegisteredVersion has been changed to 0x00000001(1). Close the register and WXR and run system notebook and you will not get the nag screen any more and you can use that program as long as you want and it will be registered.
You should buy this program if you intend to use
it longer than the evaluation period.