Results 1 to 5 of 5

Thread: How to bypass old floppy protection?

  1. #1
    Carn
    Guest

    How to bypass old floppy protection?

    I've got a program that is distributed in 1.44 floppy. The floppy act as a master key disk which holds 3 license and able to transfer it into a hardrive and take it back into the floppy.
    Is there a way to duplicate the floppy?
    I have tried to clone(ghost) the hardrive to another, the license is not valid ( possible hardisk serial checking)?

    Any other method?
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    pm
    Guest
    Try to duplicate the diskette with FDA 6.1 (floppy disk analyser). It was the only program that managed to duplicate all my everlock protected diskettes. The only problem is that FDA run in pure DOS and not in all computers (I tried several PCs and only an 386 and a 486 did the work correctly)

    Hope it helps

    pm
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  3. #3
    Bratsch
    Guest
    Carn (01-24-2001 22:18):
    I've got a program that is distributed in 1.44 floppy. The floppy act as a master key disk which holds 3 license and able to transfer it into a hardrive and take it back into the floppy.
    Is there a way to duplicate the floppy?
    I have tried to clone(ghost) the hardrive to another, the license is not valid ( possible hardisk serial checking)?

    Any other method?
    Most old DOS floppy protection schemes were based on disk sectors of unconventional sizes, which could not be copied with fidelity by the usual file copying services of DOS and windows. If you try to do a surface scandisk on the key floppy, it will detect anomalies in the way the disk is formatted. There used to be utilities that copied floppies with their original format. DISKIMAGE comes to mind from prehistoric times(BI), before the internet.
    An alternative approach, or lateral thinking solution, is to try to catch the routine(s) that validate the disk type and the BIOS utilities reading the floppy, then emulate the results your program wants. BIOS interrupt 7 and DOS interrupt 21 come to mind from the foggy past. This is extremely LOW level programming, so get braced.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    Carn
    Guest
    I have used FDA (Floppy Disk Analyzer) as suggested by pm. The duplicated disk works flawlessly.
    I've tried to check for any anomality on the disks and found out that both diskettes on last sector is purposely marked as bad. I copy the content of the original disk to a fresh disk using normal file copying and mark the exact bad sector. The program refuse to accept the copied floppy.
    I guess there're other protections that i may have overlooked.
    Any help on deciphering the FDA copy utility compared to normal copying?

    Onto bypassing the checkup routine, the program is executed using Asymetrix runtime and I could not catch the dialog box stating the license is not valid? bpxGetDialogTextItem(sp?) doesn't work here?

    Any idea?
    Thanks...
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #5
    Bratsch
    Guest
    Several suggestions:

    Search in the Fravia mirror for +ORC tutorials on floppy protections. They were written around the time this was fashionable, so you may get some ideas out of them.

    Based on what you are describing, the protected program probably READS information out of the "bad" sector, and uses it to validate the floppy as autentic. The license counter is probably stored there. Any DOS or windows API call would fail miserably in attempting this endeavor. But this gives you a point of attack: Disassemble the program and its dlls, if any, and look for a Int 13 instruction. Rarely will you see such beast in modern Windows programs, because they all use API functions to encapsulate disk access, but your protected program must be accessing the disk in an unconventional fashion, by using Int 13 directly to read the "bad" sector from your floppy, bypassing windows and DOS services. Your protection should be around this operation(s).

    In regard to suggestion 2 of previous post, Does the program give you an "invalid disk" or such when it does not find the key disk?
    can you use the nag screen to trace back? check the Cracknotes (there is a copy inCrackZ site): "nag screens"
    In short:

    Ispy utility will tell you the name of the owner of the nag screen and its Handle number( a short int).
    Also Hwnd instruction in Sice will list all the process handles along with the owners of such processes. locate the Handle of your Nag screen and set up a BPMSG /your nag Handle/ wm_destroy. when the nag is clicked Sice pups up. F12 Trace back from inside the windows API until you get to your program. you will be in the place where your nag is destroyed, which probably resides in the same call where the nag is generated. then you have a general idea where the protection check(s) are happening.

    If you don't mind, ZIP the contents of the floppy and e-mail it to me. You got me curious now.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. Dumping files from dos1.0 floppy disc image
    By duga in forum The Newbie Forum
    Replies: 13
    Last Post: June 20th, 2012, 16:02
  2. Article: Defeating Microsoft Windows XP SP2 Heap protection and DEP bypass
    By dELTA in forum Advanced Reversing and Programming
    Replies: 3
    Last Post: February 2nd, 2005, 16:20
  3. Authorization from floppy disk
    By bestobest in forum The Newbie Forum
    Replies: 11
    Last Post: December 9th, 2004, 20:39
  4. how to copy bad mared floppy?
    By nirali in forum Malware Analysis and Unpacking Forum
    Replies: 1
    Last Post: March 23rd, 2002, 13:12

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •