|
HexDecOctBin Converter 1.0....get it here.... http://home1.pacific.net.sg/~robinch I got this program and found it very useful. The author gives this description: HexDecOctBin Converter! is a very simple and useful number system conversion program for Windows 95/NT. It lets you convert values among the four number systems: hexadecimal, decimal, octal and binary. Simply type in a value into any one of the edit box and immediately see the results in the rest of the edit boxes. Very easy. It also has an option to minimize in the system tray. What I didnt find useful was the nag when you start AND stop the program. The author tells us that "on registering, you will get a registration key that will uncripple this copy and run it as a registered and fully functional copy", but I could find nowhere to register (maybe a keyfile). It also has a time limit and expires after 21 days. The fact that there doesn't seem to be anywhere to register was a problem to me, but I noticed that the only reference to registered or shareware copy, was on the nag before and after. When you got past the nag and into the program there was nothing to indicate if you had registered or not. My thought was, that if I disable the nag, the program should be registered, so I decided to try out a method tKC has mentioned in some of his tutorials...using Hiew (or another hex editor). The first thing to do is check out some of the words that appear on the nag screen...theres a few...and remember them. I took note of the word "shareware", because when we get to search for words in Hiew, we'll notice that we can only put in limited letters. MAKE A BACKUP of robhdob.exe and load it in Hiew (go to hex mode...F4/up arrow to Hex Mode/enter). Now we are going to search for some text that appears in the program...on the nag actually...so push F7 (search) and a box will appear. You notice that the top line allows entry of ASCII characters and should be flashing, while the bottom line is labelled hex. Now we'll type in the word we noted earlier...'shareware'. The thing is, we can't just enter all the letters in a row (we have to space our letters with nulls 00h) in the hex box. This is how we do it.
You get the idea? Keep entering letters and zeros till we have spelt s h a r e w a r e in the ASCII box (in the hex box you'll have 73 00 68 00 61 00 72 00 65 00 77 00 61 00 72 00 65) then push enter, and we'll be taken to a place in the program where the word shareware is. You see two columns...larger one on the left with numbers and letters (hex), smaller one on the right with bits of text. You'll see the cursor square in the left column on a number, and a corresponding cursor square in the right column on the s of shareware. OK, what we are looking for is FF FF FF FF 82 in the left column, according to tKc this often is used for calling a nag. Sometimes we also see FF FF 82 used for the same thing, and, this is what we see in this case...to the left of our cursor square in the left column. So what we do is change the 82 to 7E. Use your left arrow key to move the cursor square over the 82, and push F3 (edit). The square turns into a line and starts flashing. Now type 7E and push F9 to make the changes permanent. Now click Esc to exit Hiew, and we are ready to see what happens. Hey! no nag. Better try it a few times to make sure, it seems to be OK. Well the nag seems to be gone, but before we get too excited, we haven't got rid of the time limit. We put our computer clock forward a month. The program expired. Well we must deal with that now!. We'll use W32dasm and check out the string references. You know what we are looking for, we were greeted with a message saying Sorry, this copy of the program has expired. So we must look for this message in W32dasm. Load up Robhdob.exe in W32dasm, and go to string references. We look for Sorry, this copy of the program has expired because we dont want to see this message when we start the program. When you have found it in string references, double click and you get taken to the place in the code where it is. Now I'm not going to drivel out lots of code :- * Possible Reference to
String resource ID=04100: Sorry, this copy of the program has
expired." Now obviously, if our program executes this piece of code, we will get the program expired message. We need to look for a place that we can change the code so we avoid this bit of code. Again thanks to tKc, what sometimes works is to scroll upwards and see if there is a conditional jump that either makes us hit or miss this code. Normally its a JNE (jump if not equal), or a JE (jump if equal). Often, just above the code where you at, youll see: * Referenced by a (U)nconditional or (C)onditional Jump at Address Unfortunately, in our particular case, there is nothing like that close by, so we've got to look a little further. Use your up arrow key to move upwards and look. You've got to scroll up quite a bit and see lots of JMP (jump) on the way, but these jumps are unconditional jumps (means we will jump anyway) so they are not what we are looking for. Eventually we find one at address: : 004028FD 0F8453FFFFF JNE 00402856 I figure that maybe if I change the JE to JNE, I might miss the expired message. Lets try it. Take a note of the address...thats 004028FD, or the offset. I just note down the address. If you followed previous tutorials you know that you should have made a copy before loading program in W32dasm. Then you got one for W32dasm and one for Hiew. This is good because if you got program loaded in W32dasm, you'll have to exit it, before you can make changes in Hiew. Whatever, load the program into Hiew AFTER putting your computer date back to the correct time (I explain why soon) :-
Well are we ready to see what happens. Hmmmm seems to work OK, but we must test it. Put your clock forward again...a month or so...and try program now. Yep still works. I think we might have done it! So put the lock back, and lets see. I mean its useful and we may as well use it. Whats this? Program expired!. I have to confess, I messed around with this program a lot and I know there are lots of better, cleaner ways to crack it, but this is how I ended this particular one. Since then I found better ways but thats for other tutorials. To finish this one fire up regedit. Go to HKEY_CURRENT_USER\Software\Robin Choo\ROBHDOB\1.00 and change the date of first launch to a month earlier, F5 to update registry, and check out what happens. Works OK...put clock forward...still works...back to correct time...still works. Cool. I think we might have done it. I don't know if we can say that we Kro_baR'd it to death, but I think we gave it a good Kro_baRing anyway. We'll try another way for the same program another time, until then. A small Addition from ReKleSS I've gone through Kro_Bar's tutorial on cracking HDOB, and have discovered an easy way to break the time trial. In W32Dasm, the call RegOpenKeyExA is followed by a jne (75) to some address. Just change it to a ke (74) and it generates a new key every time - it thinks it's being run for the first time. You might want to add that in somewhere. |