Results 1 to 10 of 10

Thread: Expired software

  1. #1
    marco_ul
    Guest

    Expired software

    Hi, I am a newbie to reverese engineering and cracking. I read a lot of tuts last 2 weeks on RE and softice. I got many the tools needed to crack 'regular' software. I did crack some of them following many great tuts over the internet.

    Now I have that software, that calls alot of dll and runs under java.
    After installing, when I start the program, there is a window titled "Expired" that mention that this is a demo version, etc. My only option is to press the "X" button to close the window and the program closes automaticaly. This program was supposed to be a 30 day evaluation trial. I downloaded this software from the compagny ftp site about a year ago. Now (one year later the download), when I try to reinstall the software on a different computer, the software disply the "Expired" windows again.

    I tried to use softice to get a bpx on that window, but no function seems to work. The software runs under java, so I think that it might be more complicated that I think ? THe only bpx that works is GetLocalTime. When I step into calls I find lines of code were it tell the program to set registery to 1970-1-1. Then Systemtimetofile time. I changed the registry, I chaged the code... always this 'Expired' window.

    So this is where I need a hint ? My guesses are that there is a protection associated with the installer, that remembers when I downloaded it ? Help would be appreciated !

    Thanks in advance
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Naides is Nobody
    Join Date
    Jan 2002
    Location
    Planet Earth
    Posts
    1,647
    It may not remember when you downloaded, but it may have an upper time limit. Let me explain:

    If (time since install > 30 days) OR (current date later than December 31, 2004)

    expired = true;


    Try setting back the time in the new computer to some time last year, then install the program in that clean, living in the past computer. Bet you it will run.

    It may also be reading the date form some file in the system, so setting the CMOS time back may not do the trick.

    Reverse, man, Reverse. Java can be reversed.

  3. #3
    reknihT esreveR SiGiNT's Avatar
    Join Date
    Sep 2004
    Location
    Wherever I am
    Posts
    750
    Just as a small tip - I've never worked on Java but using that break point either trace into by hand first until you reach the nag then look above that spot for a jump past where the nag is generated - you can try to just jump past it but nowadays that seldom works - there are usually multiple checks - look for a variable test or comparison such as Test eax.eax followed by the jump or cmp dword ptr(followed by address or variable), 1Eh (or 0), and try to set the value to one that will trigger the jmp past the nag but much earlier in the program flow - IDA subview - graphs can help.

    SiGiNT

    Just something I remembered later, of course it happened to me when I wanted to share a demo with a friend, a small percentage of demos require you to download a license file - that lic. is only good for XX days from when it was sent to you. Could be another reason why it installed expired.
    Last edited by SiGiNT; September 18th, 2005 at 22:15.
    Unemployed old fart Geek - Self Employed Annoyance
    Team: Noobisco Crackers
    If someone can't do it for you, you'll never learn!

  4. #4
    To elaborate a bit on the point made by Naides: you need to figure out how the app determines what the time and date is. It can do this in different ways, for instance using api's to determine system time (you need to get the win32api help file or the windows platform sdk - search the net, try win32asm.cjn.net for a link to the first, and microsoft for the second), or perhaps determining the time from system files (like system.dat or something). There are many possibilities, and you need to figure out which one it uses (and perhaps it uses more than one). A tool that might help you is filemon - you can try and see if it tries to get the date from system files, or other files (perhaps when you downloaded it, a given file was created just then, and it checks for the time and date of this file).

    Fake

  5. #5
    marco_ul
    Guest

    (Mind) progess

    First, thanks for advices !

    naides: Seems a good idea, i'll try it as soon as I will have access to a "new" computer. Maybe programmers are that lazy when comes the time to protect their valuable software !
    sigint33:I already tried to start from the nag, but I don't know how. I reversed the DLL file that call the GetLocalTime fuction (see attachement). At a certain point, a specific call launches the software (java initiation ?) and I cannot control the progress by SI anymore.
    New observation : I made a Properties on the setup file and the date is 27 jully 2004. I'll try to modife my system clock to that particular time befoer installing it (on a new computer). Is there any ways to modify the date associated with the file ? Is this date the one when I downloaded it or when I burned it on a CD ?
    I'll try a couple of things from your advices and maybe try to learn some java programming, reverse the java code and trying understand what's happenning in there. Since there, if the file give you other clues that I missed, could you please let me know.

    Thanks !
    Attached Files Attached Files
    Last edited by marco_ul; September 19th, 2005 at 10:52. Reason: Forgot the attachment
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    reknihT esreveR SiGiNT's Avatar
    Join Date
    Sep 2004
    Location
    Wherever I am
    Posts
    750
    Well like I said I've never run into a Java app. before - and the example I gave you is a very simplified example that seldom works these days, (similar to what you'll find in tuts, I swear a lot of the tuts are based on as simple a program the author could find), but sometimes you may be surprised. Learning how everything works leading up to that point is very usefull. As for modifying the file date properties almost any hex editor Winhex, Hackman etal will do that for you, its a quick process to give it a try, but I really doubt that will change anything, why not get a new version demo? or is the Co. out of business,

    SiGiNT33
    Last edited by SiGiNT; September 19th, 2005 at 14:37.
    Unemployed old fart Geek - Self Employed Annoyance
    Team: Noobisco Crackers
    If someone can't do it for you, you'll never learn!

  7. #7
    Naides is Nobody
    Join Date
    Jan 2002
    Location
    Planet Earth
    Posts
    1,647

    look I my coments

    Explore a little about virtual machines, VMWARE. you do not need a new computer each time, you can install a VM in your very own computer, keep a "virgin" clone set asside and you have a fresh new system for you experiments, as often as needed.

    Take a look at my comments in the file attached. I think you are close . . .


    ADD on:

    Without tracing the program live, my GUESS:

    The program keeps the current date and time in a quad word EDX:EAX. It appears to compute it as the number of seconds since Jan 1 1970 at 00:00:00. or some variation on the theme.

    That quad gets stored in the global variables [068c7b20] and [068c7b24].

    Someone else reads it and makes sure every thing is Kosher, settting or returning "good boy" flags.

    Place BPMD on [068c7b20] and [068c7b24] and see who reads them.
    Attached Files Attached Files
    Last edited by naides; September 20th, 2005 at 05:19.

  8. #8
    Quote Originally Posted by marco_ul
    Is there any ways to modify the date associated with the file ?
    Using DOS kernal:
    Int 21 Function 5705 - Set Last Access Date and Time
    Int 21 Function 5708 - Set Creation Date and Time

    Using Win32 API:
    SetFileTime()

    You could write a little utility that uses those syscalls, or BPX on GetFileTime.

  9. #9
    No one has mentioned that java decompiles very easily! Go to google and type in java decompiler, and I bet you get 1000 hits. I've fixed some java apps, and I found that decompiling them was always the starting point. (Even if they are obfuscated, you could still possibly single step them in a java development environment, and see what does what.)

    I fixed a farking PowerBuilder app that way. (ripped out snippets of code, and put them in my own project in PB, and single stepped them to watch what it did).

  10. #10
    marco_ul
    Guest
    Just wanna thank you all for tips. For now, I just can't get over it (
    Lack of knowledge and time. This project is certainly not dead. Go to learn for now !

    'Later !
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. What's the software being used here?
    By Aimless in forum Off Topic
    Replies: 11
    Last Post: April 21st, 2011, 09:11
  2. what software can i use?
    By DENiSON in forum Tools of Our Trade (TOT) Messageboard
    Replies: 9
    Last Post: July 23rd, 2009, 19:52
  3. Can anyone identify this software and OS?
    By Aimless in forum Off Topic
    Replies: 9
    Last Post: March 29th, 2009, 21:36
  4. Demo software
    By Signum in forum The Newbie Forum
    Replies: 13
    Last Post: May 14th, 2006, 20:33

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •