xxxxxxxx.htm: Your

	Copernic 4.1 reversing You pay for the ads	Anti Advertisement
1/1/2000	by Tsehp
	Courtesy of reverser's page of reverse engineering	slightly edited by Tsehp
	There is a crack, a crack in everything That's how the light gets in
Rating	(x)Beginner (x)Intermediate ( )Advanced ( )Expert

Ads are getting more and more inside your computer. Even if you pay for a program, conceptors now don't hesitate to forward them to you. The money they get from their applications is not enough and they need you to click on their big bucks banners.

Lets end all of this...

Copernic 4.1 reversing
You pay for the ads
Written by Tsehp

Introduction

Almost everybody knows this application, it's a meta search engines that uses all the 

most current search engines. It's the most used, so like m$, they use their almost 

monopolistic situation and transform your computer into a mall. Without asking you

if they are authorised to.

Just try this : download the copernic 2000 pro version 4.0 (it will self update to 4.1)

Use a regular, non burned serial (a lot of keygens exists), at first launch, it shows no

ads and everything is working fine. But this tool is auto updating to have the last

links to search engines, and when it does it shows you at the next searches beautiful

banners at the top of your screen. Off course you bought it and you can disable the

ads : tools,options,uncheck display ads while searching. But at the next update (almost

every day) it will self check this option and show you again the ads, so they are sure

you will see at least one. You'll be bored to uncheck this option everytime and will

give up, covered by ads.

Off course there is a crack to destroy all this devious work, you still have the right

to control what's happen inside your pc. I will just show you this easy crack.

Tools required

Softice (latest version 4.01)
windasm 8.93
regmon

Crack is made on my actual win 2000 build 2195.3

Target's URL/FTP

www.copernic.com install the free version and use it against itfself to find the pro version ;-)

Program History

Before this prog was gentle with us. Not after version 4.1

Essay

The first step is not to hurry on softices bpx, use zen cracking and think :

There is a feature to remove the ads, so this prog keeps a flag for it, inside a file or

the registry.

Use regmon and check and uncheck the display ads option, bingo it's inside the registry

at HKEY_CURRENT_USER\Software\Copernic Technologies\Copernic4Plus\Preferences\showad

If this key contains ffffffff, copernic will show them, if contains 00000000 it will

not.

You can delete also this key, the ad banners will be gone.

But at the next links update, this f****** key appears again.

So re-install this prog, and just before doing a new search (before the update feature)

fire softice, bpx regcreatekeyExa do "d esp->8" and pret

until HKEY_CURRENT_USER\Software\Copernic Technologies\Copernic4Plus\Preferences\ shows

inside the data buffer. So the handle of this key is retrieved, the next function to

come for copernic to create the showad key is : regsetvalueExa, so put a

bpx regsetvalueExa do "d esp->8", you land into the api. Do a d esp->14 and the

ffffffff value appears.

Exit this function with F12, you land here :

:00461A17 E8B028FAFF call 004042CC

:00461A1C 50 push eax

:00461A1D 8B4304 mov eax, dword ptr [ebx+04]

:00461A20 50 push eax

* Reference To: advapi32.RegSetValueExA, Ord:0000h

:00461A21 E82A5FFAFF Call 00407950

:00461A26 85C0 test eax, eax **** you land here

:00461A28 7424 je 00461A4E

:00461A2A 897DF4 mov dword ptr [ebp-0C], edi

:00461A2D C645F80B mov [ebp-08], 0B

:00461A31 8D45F4 lea eax, dword ptr [ebp-0C]

:00461A34 50 push eax

:00461A35 6A00 push 00000000

:00461A37 8B0D789C5900 mov ecx, dword ptr [00599C78]

:00461A3D B201 mov dl, 01

:00461A3F A1C0104600 mov eax, dword ptr [004610C0]

The crack is very simple, at the first install, copernic doesn't create the key, only at the first update.

We avoid the key creation, and it will never show the ads.

Trace back a little (two calls before) and you land here :

:004660F1 E832B2FFFF call 00461328

:004660F6 84C0 test al, al

:004660F8 7412 je 0046610C ***(1)

:004660FA 8B4DF4 mov ecx, dword ptr [ebp-0C]

:004660FD 8B55F8 mov edx, dword ptr [ebp-08]

:00466100 8B45EC mov eax, dword ptr [ebp-14]

:00466103 E808B8FFFF call 00461910 *** This call creates the key

:00466108 C645F301 mov [ebp-0D], 01

* Referenced by a (U)nconditional or (C)onditional Jump at Address:

|:004660F8(C)

:0046610C 33C0 xor eax, eax

:0046610E 5A pop edx

:0046610F 59 pop ecx

:00466110 59 pop ecx

:00466111 648910 mov dword ptr fs:[eax], edx

:00466114 6829614600 push 00466129

* Referenced by a (U)nconditional or (C)onditional Jump at Address:

|:00466127(U)

:00466119 8B45EC mov eax, dword ptr [ebp-14]

:0046611C E86FB1FFFF call 00461290

:00466121 C3 ret

A very easy one, just force the jump at (1) at 46610c and the key will never be created.

Final Notes

I usually say, this is for learning purposes...blah blah...buy this prog...but not

this time. Those guys takes your money and split on your face with the banner

autoshow feature. So I encourage you to create the patch and spread it with the

keygen, until those guys remove the feature on the next version.

Tsehp

Ob Duh

I wont even bother explaining you that you should BUY this target program if you intend to use it for a longer period than the allowed one. Should you want to STEAL this software instead, you don't need to crack its protection scheme at all: you'll find it on most Warez sites, complete and already regged, farewell, don't come back.

You are deep inside reverser's page of reverse engineering, choose your way out:

links

+ORC

academy database

javascript wars

tools

anonymity academy

cocktails

antismut CGI-scripts

mail_reverser

Is reverse engineering legal?

SPACE=0 HSPACE=0>mail_reverser

Is reverse engineering legal?