(Another Timelock fiasco)

by The Undertaker

(22 August 1997, slightly edited by Reverser)

Courtesy of Reverser's page of reverse engineering

Well, another Timelock fiasco... why should anyone still use such a stupid protection scheme beats me

Once, while studying in the R&D lab, I found a very good network analyzer called CENTURY LAN ANALYZER. This is a very good protocol analyzer, the best I have ever seen. But unfortunatly it comes with a 30 day trial version, which I believe can be an interesting target for our studies. In fact this software has been protected using the infamous TLOCK32.DLL (Time Lock) with its "unique key" generating facility. You can get this interesting software at www.shomiti.com. The protection scheme is very weak: it uses the KERNAL32!LSTRCMP function to compare user input & correct string. Each time you install the softwarea new "unique" registration number will be generated. To complete the crack we need to defeat the registration key genarating facility. OK, so now Lets RoLL WiTh IT !!! Load Your Beloved :- Soft-Ice for Windows 95 ver 3.01. In the purchase window, right down REGISTRATION NUMBER -- REG - 269535306778 Once you are in The Registration Window, enter Softice & put follwing breakpoints. (In addtion to the breakpoint below you may also put GETWINDOWTEXT) BPX LSTRCMP F5 Fill something in the Unlock Code window & Click OK. g you will land on the LSTRCMP Funtion XXXX:1000133A CALL [KERNAL32!LSTRCMP] --> Trace into this Process until.. XXXX:BFF77150 CALL BFF71247 --> Trace into this Process until.. XXXX:BFF71265 CALL BFF78592 --> Trace into this Process until.. XXXX:BFF7866F MOV EAX,[EBP+18] Process Once.. D EAX ------------> YOU GOT THE UNLOCK CODE. In SoftICe memory window you can see the real the UNLOCK CODE. Now write down the unlock code. Yet we are not done! This unlock code is only valid with the current registration number. For every new installtion a new registration code will occur. Due to this you unlock code is valid only with current installation. Clearly an "unclean" crack. To avoid the problem here is the solution. In \WINDOWS directory there is a file called COAGL.TDK. This file conteins the registration code (12 digit) you may feel free to change the registration code directly inside the COAGL.TDK file. Once the time for a new installtion comes, change the registraion number in the COAGL.TDK file & put the correct Unlock Code. (I am too lazy to write a key genarator for this stupid protection scheme beacuse this method works perfectly :-)
Happy packet snippering !!!!! My thanks to reverser! ****** REVERSE ENGINEERING LIVES FOREVER ****** THE UNDERTACKER -=BANDA=- /Sri Lanka/
(c) The Undertaker 1997. All rights reserved
You are deep inside reverser's page of reverse engineering, choose your way out:

homepage links red anonymity +ORC students' essays academy database
tools cocktails antismut CGI-scripts search_forms mail_fravia
Is reverse engineering illegal?