Little Cracking Exercises for newbyes: Simply 3D

I recently found a 30-day trial version of Simply 3D v2 on a magazine
cover CD. I thought I’d have a look at it, and low and behold it appears
to be one of the worst protection schemes devised. This is supposed to
be a professional commercial package but the programmers (in their
ultimate laziness) haven’t spent much time on the protection. I cracked
it in a little over a minute (since WinDasm8 took some time to
disassemble the file).

I thought I’d get a feel for the program in advance, so installed it and
set the date past the 30 day limit. This revealed the text "The trial
period has…". I then tested the age old failing of protection schemes:
I set the date back. I wasn’t surprised to find that this didn’t fixe
the problem. So then I thought I’d have a quick peek at the code and get
a feel for the level of protection on this package. Pulling out my
trusty copy of WinDasm32 I set it to disassembling the code. To my
surprise, when I used the string reference feature to locate the
lock-out text, windasm dropped me straight into this code:

:0040C4FF E87CF00600              call 0047B580
:0040C504 83C404                  add esp, 00000004
:0040C507 85C0                    test eax, eax
:0040C509 7527                    jne 0040C532
:0040C50B 6A00                    push 00000000

* StringData Ref from Data Obj ->"SIMPLY 3D 2 TRIAL PERIOD TERMINATION"
                                  |
:0040C50D 6814FA4800              push 0048FA14

* StringData Ref from Data Obj ->"The trial period has expired."
                               ->" Please contact your local vendor "
                               ->"or Micrografx to purchase a complete "
                               ->"version of Simply 3D 2."
                                  |
:0040C512 6894F94800              push 0048F994
:0040C517 6A00                    push 00000000

* Reference To: USER32.MessageBoxA, Ord:0195h
                                  |
:0040C519 FF1530234A00            Call dword ptr [004A2330]

Looking up from the text message, a conditional jump could be seen
which, I guessed correctly, skipped the lock-out message and started the
code. A simple patch to make the jump unconditional resulted in a
complete crack. No checksums, no clever code misdirection using lookup
tables etc., not even an embedded second check.

Kaynak: www.woodmann.com/fravia
belgesi-1023

Belgeci , 2422 belge yazmış

Cevap Gönderin