A Tutorial On Installshield
Script Cracking
Using Windows Installshield Decompiler v1.00 Beta
Author : SiraX / [NaTzGUL/SiraX Production 98] Email : sirax@dongle.net
Contents 1. Introduction 2. Tools Needed For This Tutorial 3. A Walk Through Of Cracking Sample Script Using Windows IS Decompiler 4. Summary 5. Greets
1. Introduction
The purpose of this tutorial is to demonstrate the usage of Windows Installshield Decompiler v1.00. By going through this tutorial, you will see exactly how this tool is used in defeating Installshield serial protection, which is commonly used by many software packages. Hopefully, by the end of this tutorial, you will be comfortable in using this tool and most importantly locating the spot in the script to be tackled.
2. Tools Needed For This Tutorial
Believe it or not, only this Installshileld Decompiler is needed to defeat the protection. With its ability of performing CRC correction, changes can be automatically saved. Thus, no other tools are neccessary. In this tutorial, I picked the popular graphics tool - Adobe PhotoShop V4.0 as the target. It's protected by Installshield 3.0 serial protection. I will included the neccessary setup files along with this tutorial for you to do some live practice, since this can't be downloaded from the net.
3. A Walk Through Of Cracking Sample Script Using Windows IS Decompiler
In this section, I will explain the process to defeat the serial protection in Adobe Photoshop V4.0 step by step. Each step will be listed in point form and pictures are used to help with the demonstration. 1. First, fire up the Installshield Decompiler.
2. Run the setup.exe for Adobe PhotoShop and follow the instructions. When comes to the screen which asks you for a serial number, just enter any serial number along with any name or company name. Then click on next. A warning message box should then come up, saying "The serial number xxxxxxxxxx is not a valid Adobe PhotoShop serial number, Please re-enter your serial number.", unless you're lucky to get it right. 3. Now write down the above warning message or write down a few keywords like "invalid". We're going to search for this message in the decompiled script text later on.
4. Quit the setup for Adobe PhotoShop and make a backup copy of setup.ins in case for neccessary restore.
4. Now switch back to Installshield Decompiler and goto menu "File", click on "Open Script File" to bring up the open dialog box(Or you can press ctrl-O short cut key). Pick the Adobe PhotoShop setup.ins file.
3. Once the script file is opened. Click on "Start" from the "Decompile" menu or press F2 to decompile the script. Before the decompile, you can also check the options under "Misc" menu to see various information about the currently opened script file.
4. If you pressed F2 or chose to decompile, you should see some text scrolling up. And a percentage bar is also going at the same time. If you wish to cancel the decompile process, you can click on the cancel button on the toolbar.
5. Once the decompile process is done, now it's time to find the spot where we got that warning message about wrong serial number. To find the place, all we have to do is to search for the word "valid". To do this, you can type "invalid" in the text box on the toolbar, and then click on the search button beside it. This should bring you to the first occurance of the word "valid". The following spot is where you should land at this point:
<LABEL_002> REF:00000F97 00001016 00001388 | 00000DB9: 0128 IF (SdRegisterUserEx_[LABEL_0214]=000000C) THEN 00000DD9: 002C Goto (LABEL_0001) 00000DDA: 0000 ENDIF 00000DE6: 0125 StrVar[002F] = SUPPORTDIR ^ "PSSupprt.DLL" 00000E12: 0128 IF (UseDLL (StrVar[002F]) != 00000000) THEN 00000E32: 0013 StrVar[001A] = "An Error occurred during the setup process! Please contact Adobe Systems Technical Support." 00000E95: 0104 SprintfBox (FFFF0003,"Adobe Photoshop Setup",StrVar[001A]) 00000EBA: 002B Exit () 00000EBB: 0000 ENDIF 00000ED4: 0128 IF (PSSupprt.PSFunc1 (StrVar[0024]) = 00000000) THEN //function return value is compared to 0. 0 is bad. 00000EF4: 00B3 UnUseDLL ("PSSupprt") 00000F01: 0013 StrVar[001A] = "The serial number %s is not a valid Adobe Photoshop serial number. Please re-enter your serial number." 00000F6F: 0104 SprintfBox (FFFF0002,"Adobe Photoshop Setup",StrVar[001A],StrVar[0024]) //Displays the error message 00000F97: 002C Goto (LABEL_0002) //Loops back and let user to re-enter info 00000F98: 0000 ENDIF 00000FA4: 0125 StrVar[002F] = SUPPORTDIR ^ "PSSupprt.DLL" 00000FBB: 00B3 UnUseDLL (StrVar[002F]) 00000FF6: 0128 IF (SdConfirmRegistration_[LABEL_0260] = 00000000) THEN 00001016: 002C Goto (LABEL_0002) 00001017: 0000 ENDIF 00001023: 0013 StrVar[0023] = "File Components" 0000103A: 00B5 Call Function_0055_[LABEL_00F4] (StrVar[0023]) ............... 6. From the above section of decompiled script text, you can clearly see the point where we need to make a change. At 0000E12:0128, we have a comparison with the return value of a function and the value 0. If the return value is zero, then we're in trouble. The error message will be displayed at line 00000F6F:0104. Then at line 00000F97:002C, we go back to Label_002 so that this process is repeated and user can re-enter the info. 7. Since we have identified the spot to be changed, now it's time to crack it. To make a change so that it will accept our wrong serial, we can change the "=" operator at line 00000ED4:0128 to "!=". Clear enough!
8. To make the change, it's very simple. First, double click on the "=" operator. Then right-click your mouse to bring up the popup menu. Choose "Change To" and pick the "!=" operator. After this, you should see that the operator is now "!=".
9. Once the above is done, we need to save the changes we made. You can either goto "Misc" menu to pick "CRC Correction" or you can quit the IS decompiler and you will automatically be asked whether you want to save changes or not. Click on "yes" when you're asked. And then just sit back and relax. In a few minutes, you will see it in action.
10. After it's done, simply run the Adobe PhotoShop setup again, and enter any info and serials at that screen. Then click on "Next". Whoaaaa. Beauti! A confirm box popped up this time, asking us whether this information is correct or not. We DID NOT see the error message box. Now, just click on "yes" to confirm this info is right and follow the instructions to install the rest.
11. Hey, wasn't that easy! I did it in about 10 min. The decompile process took a while. But would you rather spent a few hours tracing through the code or POINT and CLICK to defeat it?
4. Summary
From the above walk through, we can see how easy it is to defeat such Installshield protection with this decompiler. I hope I have made the steps clear enough for you to walk through and get some general feel for this tool. If you have any questions, suggestions, or even bug reports regarding this tool, we would love to hear from you. You can email us, or find us on EFNET. After all, this is still in beta.
5. Greets
Groups:
DONGLE, GPF, REVOLT, GLoW, ENTITY, CONCEPT, PNC, etc
PERSONAL:
NaTzGUL, Vizion, BLeetz, Krazy_N, Niabi, Deviant, Norway, FaNt0m, Knoweffex, JoG, Pitty, Info[e], [Mad], [Sketch] Hazzy, Perish, JJJ, 45mBit, CoPhiber, Spanky, Doc-Man, SuperChic, Wildwendy, Tane, TeRaPhY, Razzia, +ORC, Fravia+ LordCaligo, Dap24, Op-Ivy, Ghi, etc.....
(c) 1998 SiraX / [NaTzGUL/SiraX Production] All rights reversed