A Tutorial On Installshield Script Cracking
Using Windows Installshield Decompiler v1.00 Beta

Author : SiraX / [NaTzGUL/SiraX Production 98]
Email  : sirax@dongle.net
Contents
	1.  Introduction
	2.  Tools Needed For This Tutorial
	3.  A Walk Through Of Cracking Sample Script Using Windows IS Decompiler
	4.  Summary
	5.  Greets

1.  Introduction
	The purpose of this tutorial is to demonstrate the usage of Windows Installshield
Decompiler v1.00.  By going through this tutorial, you will see exactly how this tool is
used in defeating Installshield serial protection, which is commonly used by many software
packages.  Hopefully, by the end of this tutorial, you will be comfortable in using this
tool and most importantly locating the spot in the script to be tackled.

 

2.  Tools Needed For This Tutorial
	Believe it or not, only this Installshileld Decompiler is needed to defeat the
protection.  With its ability of performing CRC correction, changes can be automatically
saved.  Thus, no other tools are neccessary.  In this tutorial, I picked the popular
graphics tool - Adobe PhotoShop V4.0 as the target.  It's protected by Installshield 3.0
serial protection.  I will included the neccessary setup files along with this tutorial
for you to do some live practice, since this can't be downloaded from the net.

 

3.  A Walk Through Of Cracking Sample Script Using Windows IS Decompiler
	In this section, I will explain the process to defeat the serial protection in Adobe
Photoshop V4.0 step by step.  Each step will be listed in point form and pictures are used
to help with the demonstration.

1.  First, fire up the Installshield Decompiler.
2.  Run the setup.exe for Adobe PhotoShop and follow the instructions.  When comes to the screen
    which asks you for a serial number, just enter any serial number along with any name or
    company name.  Then click on next.  A warning message box should then come up, saying
    "The serial number xxxxxxxxxx is not a valid Adobe PhotoShop serial number, Please
    re-enter your serial number.", unless you're lucky to get it right.

3.  Now write down the above warning message or write down a few keywords like "invalid".
    We're going to search for this message in the decompiled script text later on.
4.  Quit the setup for Adobe PhotoShop and make a backup copy of setup.ins in case for neccessary
    restore.
4.  Now switch back to Installshield Decompiler and goto menu "File", click on "Open Script File"
    to bring up the open dialog box(Or you can press ctrl-O short cut key).  Pick the Adobe
    PhotoShop setup.ins file.
3.  Once the script file is opened.  Click on "Start" from the "Decompile" menu or press F2 to
    decompile the script.  Before the decompile, you can also check the options under "Misc"
    menu to see various information about the currently opened script file.
4.  If you pressed F2 or chose to decompile, you should see some text scrolling up.  And a
    percentage bar is also going at the same time.  If you wish to cancel the decompile process,
    you can click on the cancel button on the toolbar.
5.  Once the decompile process is done, now it's time to find the spot where we got that warning
    message about wrong serial number.  To find the place, all we have to do is to search for
    the word "valid".  To do this, you can type "invalid" in the text box on the toolbar, and
    then click on the search button beside it.  This should bring you to the first occurance of
    the word "valid".  The following spot is where you should land at this point:
<LABEL_002> REF:00000F97 00001016 00001388
  |
00000DB9: 0128	IF (SdRegisterUserEx_[LABEL_0214]=000000C) THEN
00000DD9: 002C        Goto (LABEL_0001)
00000DDA: 0000   ENDIF
00000DE6: 0125   StrVar[002F] = SUPPORTDIR ^ "PSSupprt.DLL"
00000E12: 0128   IF (UseDLL (StrVar[002F]) != 00000000) THEN
00000E32: 0013        StrVar[001A] = "An Error occurred during the setup process! Please contact Adobe Systems Technical Support."
00000E95: 0104        SprintfBox (FFFF0003,"Adobe Photoshop Setup",StrVar[001A])
00000EBA: 002B        Exit ()
00000EBB: 0000   ENDIF
00000ED4: 0128   IF (PSSupprt.PSFunc1 (StrVar[0024]) = 00000000) THEN  //function return value is compared to 0.  0 is bad.
00000EF4: 00B3        UnUseDLL ("PSSupprt")
00000F01: 0013        StrVar[001A] = "The serial number %s is not a valid Adobe Photoshop serial number. Please re-enter your serial number."
00000F6F: 0104        SprintfBox (FFFF0002,"Adobe Photoshop Setup",StrVar[001A],StrVar[0024])  //Displays the error message
00000F97: 002C        Goto (LABEL_0002)  //Loops back and let user to re-enter info
00000F98: 0000   ENDIF
00000FA4: 0125   StrVar[002F] = SUPPORTDIR ^ "PSSupprt.DLL"
00000FBB: 00B3   UnUseDLL (StrVar[002F])
00000FF6: 0128   IF (SdConfirmRegistration_[LABEL_0260] = 00000000) THEN
00001016: 002C        Goto (LABEL_0002)
00001017: 0000   ENDIF
00001023: 0013   StrVar[0023] = "File Components"
0000103A: 00B5   Call Function_0055_[LABEL_00F4]  (StrVar[0023])
...............


6.  From the above section of decompiled script text, you can clearly see the point where we
    need to make a change.
    At 0000E12:0128, we have a comparison with the return value of a function and the value 0.
    If the return value is zero, then we're in trouble.  The error message will be displayed
    at line 00000F6F:0104.  Then at line 00000F97:002C, we go back to Label_002 so that this
    process is repeated and user can re-enter the info.

7.  Since we have identified the spot to be changed, now it's time to crack it.  To make a
    change so that it will accept our wrong serial, we can change the "=" operator at line
    00000ED4:0128 to "!=".  Clear enough!
8.  To make the change, it's very simple.  First, double click on the "=" operator.  Then
    right-click your mouse to bring up the popup menu.  Choose "Change To" and pick the "!="
    operator.  After this, you should see that the operator is now "!=".
9.  Once the above is done, we need to save the changes we made.  You can either goto "Misc"
    menu to pick "CRC Correction" or you can quit the IS decompiler and you will automatically
    be asked whether you want to save changes or not.  Click on "yes" when you're asked.  And
    then just sit back and relax.  In a few minutes, you will see it in action.
10.  After it's done, simply run the Adobe PhotoShop setup again, and enter any info and serials
     at that screen.  Then click on "Next".  Whoaaaa.  Beauti!  A confirm box popped up this time,
     asking us whether this information is correct or not.  We DID NOT see the error message box.
     Now, just click on "yes" to confirm this info is right and follow the instructions to
     install the rest.
11.  Hey, wasn't that easy!  I did it in about 10 min.  The decompile process took a while.  But
     would you rather spent a few hours tracing through the code or POINT and CLICK to defeat it?

 

4.  Summary
	From the above walk through, we can see how easy it is to defeat such Installshield
protection with this decompiler.  I hope I have made the steps clear enough for you to walk
through and get some general feel for this tool.  If you have any questions, suggestions, or
even bug reports regarding this tool, we would love to hear from you.  You can email us, or find
us on EFNET.  After all,  this is still in beta.

 

5.  Greets
Groups:
     DONGLE, GPF, REVOLT, GLoW, ENTITY, CONCEPT, PNC, etc
PERSONAL:
     NaTzGUL, Vizion, BLeetz, Krazy_N, Niabi, Deviant, Norway, FaNt0m, Knoweffex, JoG, Pitty, Info[e], [Mad], [Sketch]
     Hazzy, Perish, JJJ, 45mBit, CoPhiber, Spanky, Doc-Man, SuperChic, Wildwendy, Tane, TeRaPhY, Razzia, +ORC, Fravia+
     LordCaligo, Dap24, Op-Ivy, Ghi, etc.....

 

(c) 1998 SiraX / [NaTzGUL/SiraX Production] All rights reversed