|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Before we start, please read the Disclaimer section of this essay! | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| WRQ's @Guard is software that runs
on your PC and monitors network traffic going in and out of your computer.
Depending on how you have @Guard configured, it can also step in and intervene
in network connections and block data on your behalf. Specifically, it
can: Block images (usually advertisements) that you don't want to
see, Speed up web page loading, Block refer fields and cookies to reduce
the amount of targeted advertising you receive, Allow you to customize
web pages that you visit often, Stop animated GIFs from cycling endlessly,
reducing cache disk thrashing, Keep track of various statistics as you
surf the web, like how much data you've downloaded and how many cookies
you would have sent back to web sites, Prevent software from communicating
with your computer or with remote computers without your knowledge or permission.
I decided to crack this application, because I think 30 days are not enough to try out the application completly and I'm currently using the Internet just once/twice a month, so I can't try it out in this short time. Now you know enough to start with Step 1 We saw the icon from IAMAPP.EXE in the explorer and then, after we rebooted, in the bottom of our screen. So we know that it must have to do something with that file. So let's start W32DASM and have a look at the string reference. I found the following strings interesting:
I want to extend the trial period, so I've double-clicked on "The trial period for %s will expire ". Then I scrolled up a few lines to see where this function was called from. It was called from 403ED0. But it was an unconditional jump. So go to 403ED0. You'll get the following:
If you don't change that JG at 403EC8 to a JMP, there will always a NAG be displayed, saying, your trial will expire in ..., so change that JG to a JMP. After you've seen that, jump to 403E88, because it's a conditonal jump and we're going close to the protection now. You'll get something like this:
If there were no days left for the trial it won't jump and so, it will display the message "expired". But we don't want that. So change that JG to JMP (I won't give you the hex-values, etc. any longer, because I think you know them - if not: read "Cracker's Notes"). So let's make the changes to IAMAPP.EXE, because we don't want to do the same all the time! If you've done this, continue with Step 2 If we click on the icon of IAMAPP.EXE in the taskbar with the right-mouse-button and choose Setting, we got "Trial has expired" in the about tab. So let's fix this too. In the about tab you also see what modules are being used. So let's look for interesting ones ... IAMEVENT.DLL, IAMCPL.CPL. So let's load IAMEVENT.DLL in W32DASM and look in the string reference. I found no interesting strings, so I decided to load IAMCPL.CPL in W32DASM (you should have recognized, that it's in your Windows-System-Directory). Now look at the string reference, if you can find interesting strings. I found the following strings interesting:
What changes have not been applied? Do you know what this is trying to tell us? Yeah, you right! It detects, that we've cracked it ... ups! So let's double-click on that one. You'll get something like this:
Let's find out why this was called, so goto 10006E11. You'll get something like this:
Ah! It detects, that we've changed the IAMAPP.EXE to extend the trial and this is a second check. So we need to change this JLE with NOP, NOP or better: INC EAX, DEC EAX! If you want, you can also change this "Trial has expired", but it's not important, it's just an info. The lesson is over ... |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| This tutorial
was written by TORN@DO. I hope you enjoyed reading it as I enjoyed writing
it - I'm always trying to improve my writing skills.
I'd like to greet the following people (no specific order): +ORC, Fravia, nIabI, JosephCo, Razzia, MisterE, Krazy_N, Vizion, YOSHi, Qapla, Odin ... and everyone in #Cracking and in #Cracking4Newbies ... and everyone else I forgot! |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Back to Students Essay's |