One more stupid protection
(Explaining a very stupid quiver protection)
stupid
9 January 1999
by int24h
Courtesy of Fravia's page of reverse engineering
slightly edited
by fravia+
fra_00xx
98xxxx
handle
1100
NA
PC
Once more: never, never, never trust what the notes accompanying your software claim: you always better check everything yourself... if you'r a reverser, taht is :-)
"Beware! If the user forgets his password, it will be impossible for him to access his account"... yeah? should really one of the poor 'clients' of this stupid target believe what the Author told him, he would be well advised to read the following... and don't be so naïv to believe that this does not happen often enough elsewhere as well... current favourite sport by infowarfarer lusers on the web is to pick supposedly 'protected' and 'secure' zip and excel files from (stupid but countless) industrial sites... unfortunately (for them) all software is open like a sea...

On waters far
Where map-man never made survey,
Gliding along in easy plight
The strong reverser brake the lull of night

You do remember your Herman, I hope...
There is a crack, a crack in everything That's how the light gets in
Rating
(X)Beginner ( )Intermediate ( )Advanced ( )Expert

ONE MORE STUPID PROTECTION
Project 7
Written by int24h


Tools required

- REGMON (or anyother registry tool)
- Your favorite editor

Target's URL/FTP

Pointage Express v1.0 : http://www.triagon e.com/sharew/p-express.zip

Program History

Pointage Express v1.0 is a french account manager. It's one of the four programs of TRIAGONE, a french society specialised in custom made programs. Their proggies are written in WINDEV. (Beware it's in french).

Essay 

- Limitation
  The program can be used 30 times. On the 31th time it's locked!

- Type of protection
  name / serial number

  On the beginning, a nagscreen appears with a countdown of your
  remaining uses. You must click on the "Je suis d'accord" button (ie
  :I  Agree) to continue. On the background of the main window there
  is a text showing your unregistered status.

- Registration
  To register, clic on "?" then on the logo (a triangle).Enter your
  name and serial number.

  A bogus answer results in an error
  message.

1- How to defeat the protection

After a first run, i searched the Registry for new entries, in
HKCU\Software and HKLM\SOFTWARE but there was nothing about Pointage
Express!

- Load Regmon then "Pointage express.exe" .
- Two interesting lines appeared:
  
  HKCR\Log_tri.Config.Parameters\CPT    SUCCESS  "29"
  HKCR\Log_tri.Config.Parameters\LIC	NOTFOUND
  
  CPT stands for COMPTEUR (ie COUNTER)in decimal value.
  LIC stands for LICENCE  (ie LICENSE)

  On every load, CPT is decremented until you reach "0". What's funny
  is that you can change the value to whatever you want, say...10000
  :) But the nagscreen screen is still there :(

  Adding the string "LIC" with no value won't register you. After a
  few "searches" it appears that the registered format is:

  LIC="nnnnnnnnnncccccccc"

  n=characters, 10 are needed to fill up the serial number line.
  c=characters up to 32.

  For example a valid line could be:
  LIC="1F3-4H6-7Tint24h" or LIC="0123456789int24h"


2- How to retrieve the password of an account.

What the author says in the help file about protecting an account:

(translation)
" The fact to protect an account gives the owner of this account a
great confidentiality on his budget position."

"Beware! If the user forgets his password, it will be impossible for
him to access his account."

Well, that's not true!
In fact the name and the password (when existing) of an account
appears in CLEAR in two files, COMPTE.NDX and COMPTE.FIC.

- COMPTE.NDX

This file stores the name and the password (if existing) of any
account you created. The names are numerically/alphabetically
ordered, beginning at offset 0x80B. Two names are
spaced by 0x2D bytes. The passwords are stored the same way,
beginning at offset 0x140B and they are seprated by 0x19
bytes.

Changing a name or a password in this file will created an error on
the access of the modified account.

- COMPTE.FIC

Here, the names and the passwords are stored in the same order you
created them.
1st acc. created 2nd acc. created 3rd acc. created
Account's name
0xA2
0x13F
0x1DC
Account's pwd
0xDF
0x17C
0x219
Account's #
0xF4
0x191
0x22E
 
And so on...

If you modify the name or/and the password of an account, be sure to
use CAPITAL letters. And do the same changes in COMPTE.NDX .

Final Notes 

Bah, we're not supposed to edit COMPTE.xxx files, but we like to know
what's on our system ...and how things work !

There are three other softwares on their site and the protection is
(you'll easily be able to find it out, but believe me, it is not worth it) ...the same!

Ob Duh
I wont even bother explaining you that you should BUY this target program if you intend to use it for a longer period than the allowed one. Should you want to STEAL this software instead, you don't need to crack its protection scheme at all: you'll find it on most Warez sites, complete and already regged, farewell, don't come back.
You are deep inside fravia's page of reverse engineering, choose your way out:


redhomepage redlinks redsearch_forms red+ORC redhow to protect redacademy database
redreality cracking redhow to search redjavascript wars
redtools redanonymity academy redcocktails redantismut CGI-scripts redmail_fravia+
redIs reverse engineering legal?
Message - Download
  - Prev | Next Back to Inbox


Terms of Service
Copyright © 1997-98 Yahoo! Inc. All rights reserved.