30-Day-Time-Limit (Cruehead)
Many programs only work for a sertain number of days (mostly 30 = 1 month), but the
apart from this limit, the program is fully functional. What you must do in this case, is
to find where the "number of days used" get compared to "30", and
modify the code. Here is what the code may look like:
mov ecx,1E ; mov 1E hex (30 dec) into ecx
mov eax,[esp+10] ; mov number of days used into eax
cmp eax,ecx ; compare eax (number of days used) with ecx (30)
jl ... ; if eax is less then 30 we can still evaluate the program.
A simple way to crack this would be to change "mov eax,[esp+10]", into
"mov eax,1" or something like that. Then the program will always think that we
are on our first evaluation day. Another way to crack this would be changing the
conditional jump, into a unconditional jump.
|
Expired (CbD)
If the program you're trying to crack has expired, you should look in the Registry under
CURRENT_USER and LOCAL_MACHINE and check if there are any entries for the prorgram you're
using and delete them to reinstall (Make sure you delete all files that were installed the
first time... also use a registry logger such as cleansweep to monitor the files that your
program puts on the drive ...
|
Lazy Programmer's Trial Check (CrackZ)
Your program allows you e. g. 30 days trial so lets just think about how a lazy programmer
might check this or how it might look in assembly, perhaps something like this:
CMP DWORD PTR register, 1E <-- 1E of course is 30 days
JLE/JGE address <-- Most likely these conditional jumps
So lets think in terms of opcodes, we have 83 for CMP, only several likely register options
(when you've seen lots of time-trials you'll begin to feel which registers are used more
commonly), then 1E for the 30 days and either 7E (JLE) or 7D (JGE) for the conditional
jump. So lets grab our HEX editor and perform a little searching. You may find this on one
or more locations. Immediately this location feels as if it must be a time-trial check. I
didn't even feel the need to verify this, lets make the JLE (7E 33) that we've found into
an unconditional jump (EB 33), I'm sure this program will never expire (in fact I would
check it - just in case).
|
Time Limit Cracking using W32DASM (TORN@DO)
Set your system time ahead, so that the program has expired or better said: the trial
period is over. Start the program. If a Message-Box is displayed, which says, that your
Trial Time has expired, note down this and run W32DASM. If not, try to use a menu command
in the program. Then the Message-Box will be displayed. Next thing to do is to search the
string reference for the text, you wrote down, when the Message-Box expired. Then double
click on it to go to that section. Then it's normally easy: analyze the code and well,
crack it.
|
|
00. INDEX
06. Tips & Tricks for Cracking
9 Time Limits