Bullet Proof FTP V1.0
(hidden, bloated exe creation)
by Frog's Print
(24 September 1997)
Courtesy of reverser's page
of reverse engineering
Well, another pathetical trick bites dust.
**** Bullet Proof FTP V1.0 ****
by Frog's Print
When running this program, it extracts a "~XYnnnn.TMP' file in the
Windows\Temp directory and runs it. This .TMP file is an ordinary .EXE
Is this a brand new protection??
Open it with W32Dasm.
Searching the String Data Refs for "UNREGISTERED EVALUATION COPY"
we can find two occurences:
:0046FF65 80BB2A04000000 cmp byte ptr [ebx+42A], 00 ; Is it 0?
:0046FF6C 743B je 0046FFA9
:0046FF6E BAA8004700 mov edx, 004700A8 ;"Registered to "
:0046FFA9 BACC004700 mov edx, 004700CC ;"UNREGISTERED EVALUATION COPY-"
:0047CCEC 80BB2A04000000 cmp byte ptr [ebx+42A], 00 ; Is it 0?
:0047CCF3 743D je 0047CD32
:0047CD30 EB43 jmp 0047CD75 ; Go_Ahead otherwise...
:0047CD32 BA00CE4700 mov edx, 0047CE00 ;"UNREGISTERED EVALUATION COPY"
==> There is no need to crack this part as the program would be
"registered" yet it WOULD NOT download/upload files and would exit
Searching for the string "You have exceeded your 30 day" we land here:
:004809E0 80BB3204000000 cmp byte ptr [ebx+432], 00 ; 0=Expired / 1=30 Days Left
:004809E7 7534 jne 00480A1D
:004809E9 6A00 push 00000000
:004809EB 668B0D280A4800 mov cx, word ptr [00480A28]
:004809F2 B201 mov dl, 01
:004809F4 B8340A4800 mov eax, 00480A34 ->"You have exceeded your 30 day "
->"trial limit. Click OK to go to "
->"BPFTP's web page to register so "
->"you can continue using it."
:004809F9 E8E22AFBFF call 004334E0
:004809FE BAB40A4800 mov edx, 00480AB4 ->"This evaluation version of BPFTP "
->"has expired - everything will "
->"continue to function as normal, "
->"except you will not be able to "
->"transfer any files."
To have 30 days left forever, just search for the
'cmp byte ptr [xxx+432],00' (there are 4 occurrences of them)
in the program and change each occurrence to
'cmp byte ptr [ebx+432],01'.
Just rename the "~XYnnnn.TMP" file > "Whatever_you_want.EXE" and run it.
Now it can be moved to another directory as well.
There's no need to use again the original BPFTP.EXE file.
You can throw that stupid "loader" away!
This protection is stupid.
According to me, the fact that BPFTP.EXE is just a packed program that
creates another .EXE file and runs it 'undercover' doesn't mean that the
programmers wrote a "new" kind of protection: in fact, they wrote a 724Kb
program (bigger than CuteFTP) and want us to believe it is just 377Kb
(smaller than CuteFtp)!!
What a perfidious mind....
BTW, CuteFtp is a much better program (see +RCG's crack of
CuteFtp), and I would advice you to use it anyway.
Frog's Print, September 1997
(c) Frog's Print 1997. All rights reversed
You are deep inside reverser's page of reverse engineering,
choose your way out:
Back to Project 7 ("Most stupid protection")
Is reverse engineering legal?