(Explaining a very stupid quiver protection)
"Beware! If the user forgets his password, it will be impossible for him to access his account"... yeah? should really one of the poor 'clients' of this stupid target believe what the Author told him, he would be well advised to read the following... and don't be so naïv to believe that this does not happen often enough elsewhere as well... current favourite sport by infowarfarer lusers on the web is to pick supposedly 'protected' and 'secure' zip and excel files from (stupid but countless) industrial sites... unfortunately (for them) all software is open like a sea...
On waters far
Where map-man never made survey,
Gliding along in easy plight
The strong Fravia brake the lull of night
Pointage Express v1.0 is a french account manager. It's one of the
four programs of TRIAGONE, a french society specialised in custom made
programs. Their proggies are written in WINDEV.
(Beware it's in french).
- Limitation The program can be used 30 times. On the 31th time it's locked! - Type of protection name / serial number On the beginning, a nagscreen appears with a countdown of your remaining uses. You must click on the "Je suis d'accord" button (ie :I Agree) to continue. On the background of the main window there is a text showing your unregistered status. - Registration To register, clic on "?" then on the logo (a triangle).Enter your name and serial number. A bogus answer results in an error message. 1- How to defeat the protection After a first run, i searched the Registry for new entries, in HKCU\Software and HKLM\SOFTWARE but there was nothing about Pointage Express! - Load Regmon then "Pointage express.exe" . - Two interesting lines appeared: HKCR\Log_tri.Config.Parameters\CPT SUCCESS "29" HKCR\Log_tri.Config.Parameters\LIC NOTFOUND CPT stands for COMPTEUR (ie COUNTER)in decimal value. LIC stands for LICENCE (ie LICENSE) On every load, CPT is decremented until you reach "0". What's funny is that you can change the value to whatever you want, say...10000 :) But the nagscreen screen is still there :( Adding the string "LIC" with no value won't register you. After a few "searches" it appears that the registered format is: LIC="nnnnnnnnnncccccccc" n=characters, 10 are needed to fill up the serial number line. c=characters up to 32. For example a valid line could be: LIC="1F3-4H6-7Tint24h" or LIC="0123456789int24h" 2- How to retrieve the password of an account. What the author says in the help file about protecting an account: (translation) " The fact to protect an account gives the owner of this account a great confidentiality on his budget position." "Beware! If the user forgets his password, it will be impossible for him to access his account." Well, that's not true! In fact the name and the password (when existing) of an account appears in CLEAR in two files, COMPTE.NDX and COMPTE.FIC. - COMPTE.NDX This file stores the name and the password (if existing) of any account you created. The names are numerically/alphabetically ordered, beginning at offset 0x80B. Two names are spaced by 0x2D bytes. The passwords are stored the same way, beginning at offset 0x140B and they are seprated by 0x19 bytes. Changing a name or a password in this file will created an error on the access of the modified account. - COMPTE.FIC Here, the names and the passwords are stored in the same order you created them.
|1st acc. created||2nd acc. created||3rd acc. created|
And so on... If you modify the name or/and the password of an account, be sure to use CAPITAL letters. And do the same changes in COMPTE.NDX .
Bah, we're not supposed to edit COMPTE.xxx files, but we like to know what's on our system ...and how things work ! There are three other softwares on their site and the protection is (you'll easily be able to find it out, but believe me, it is not worth it) ...the same!
|- Prev | Next||Back to Inbox|