(BEST VIEWED WITH WORDWRAP ENABLED & FONT= COURIER , SIZE =10) @$@$#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@@$@ @#$#$@ @@0@0@0@0@0@0@0@0@0@0@0@0@0@0@0@0@0@0@0@0@0@0@0@0@0@0@0@0@0@0@0@0@0@0@ @#$#$#$@ @@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#@#$@ @#$#$@ @#$@ @#$@ @$@$@$@$@ @$@$@ $@$@$ @$@$@ $@$@$ @#@#@#@#@@ @$@$@ $@$@$ @$#$#$#@ @#$@ @#$#$#$#$@@ @#$#$#$#$#$ @#$#$#$#$#$ @$#$#$#$#@@@ @#$#$#$#$#$ @#$#$@ @#$@ @ @#@#@#@#@#@ @#$@$#$#@@@ @#$@$#$#@@@ @#@@ @#$@ @#$@$#$#@@@ @$#@ @#$@#$#$@ @#@# #@#@ @#$@ @@@ @#$@ @@@ @$@ @#$@ @#$@ @@@ @$#@ @#$@@#@#@ @#@#@#@#@#@ @#$@ @@ @#$@ @@ @#@#$@ @#$@ @@ @$#@ @#$@#$#$@ @$@$@$@$@$@ @#$@ @#$@ @@#@@#@#@#@ @#$@ @$#@ @#$@ @ @$@# @#$@ @#$@ @#$#$#$#$#$@ @#$@ @$#@ @#$@ @$@# @#$@ @#$@ @#$@ @#$@ @#$@ @$#@ @#$@ @#@#@#@#@#@ @#$@ @#$@ @#$@#$#$#$#@ @#$@ @$#@ @#$#@ @$@$@$@$@$@ @#$#@ @#$#@ @#$@#@#@#@#@ @#$#@ @#$#$@ @#@#@#@#@ @#@#@#@#@ @#@#@#@ @#@#@#@ @#@#@#@#@# @#@#@#@ @$#$#$#@ :-)---> ARTeam <---(-: Visit:-http://cracking.accessroot.com @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ PASSWORD SHIELD PRO $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$@@@@@@@@@@@@@ @@@@@@@@@@@@@ AUTHOR : FERRARI @@@@@@@@@@@@@ @@@ @@@ PROTECTION : Time Trial @@@ @@@ @@ ferrari @@ TARGET FILE : PasswordShieldPro.exe @@ ferrari @@ @@@ @@@ TARGET URL : http://www.passwordshield.com @@@ @@@ @@@@@@@@@@@@@ OPERATING SYSTEM : WINDOWS ALL @@@@@@@@@@@@@ @@@@@@@@@@@@@ RELEASE DATE : 31.01.2004 @@@@@@@@@@@@@ @@@@@@@@@@@@$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ TOOLS USED & TARGET SOFTWARE @ @ ============================= @ @ @ @ OllyDbg :- http://grinders.withernsea.com/tools/odbg110b1.rar @ @ PasswordShieldPro :- http://grinders.withernsea.com/tools/Password_Shield_Pro.rar @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ In this program we are not going to attack the registration serial part. Instead we will patch the time trial so that the software never expires. As you know there different ways of attacking a program and some times you got to use Trial n error method. The method i am going to use is a real easy one. No setting any breakpoints on API calls. You see that you can only use the program for 31 days. Nah i wanna use it for lifetime. Okay dude let's start! Advance your system clock by one year and run the program. What you see, it asks you to register. Okay now set back your original time. Make a back up of the original file.Fire up ollydbg,load PasswordShieldPro.exe in ollydbg. Right click in the CPU window-->'Search for reference text Strings'-->Maximize the new window-->Scroll up to the top then click once-->right clcik-->search for text-->Type-->Password Shield Trial Version---> you should be on this line(see below) Text strings referenced in Password:CODE, item 4761 Address=00496751 Disassembly=MOV EAX,Password.00496818 Text string=ASCII "Password Shield Trial Version" Now double click on the above line and you should land on below address in the CPU window. 00496751 . B8 18684900 MOV EAX,Password.00496818 ; ASCII "Password Shield Trial Version" now have a look above this address, you see a couple of following JE(Jump if equal) and a JNZ(jump if not equal) <--our target he he! --> 0049674F . 74 0C JE SHORT Password.0049675D this JE jumps at address "0049675D" -->0049673F . 74 28 JE SHORT Password.00496769 this JE jumps at address "00496769" If you see, both 0049675D and 00496769 are within the code range which expires the Trial Period of the Program after 30 Days. Now see the following code. 00496728 . E8 AFF4FFFF CALL Password.00495BDC 0049672D . 84C0 TEST AL,AL <--- This test if the 30 day trial is over 0049672F . 75 50 JNZ SHORT Password.00496781 <---If not over than jump to 00496781 Now to use the program for unlimited period we always have to jump to address 00496781. So what we do is change the JNZ to JMP. To edit select the above JNZ-->Right Click-->Binary-->Edit-->Change '75' to 'EB'-->click OK Now right click in the CPU window-->Copy to executable-->All modifications-->Copy All-->Right click in the new window that opens-->Save File-->Choose to overwrite-->Done :-) Congratulations you can now use the program for unlimited time!!! @@@@@@@@@@###########################################################################@@@@@@@@@@ @@@@@@@@@@# ---SHOUTZ AND GREETZ--- #@@@@@@@@@@ @@@@ @@@@# #@@@@ @@@@ @@@ H @@@# To Nilrem-->Merlin who's Tutorials helped me to use #@@@ H @@@ @@ O @@# Ollydbg for debugging. Thanks to el-kiwi whose tutorials #@@ O @@ @ R @# helped me alot. Thanks to Pompeyfan, www.tech-arena.com #@ R @ @@ S @@# staff, members for encouraging me to write these tutorials. #@@ S @@ @@@ E @@@# exetools.com,Sir JMI, SatyricOn, R@dier and others who #@@@ E @@@ @@@@ @@@@# helped me alot. #@@@@ @@@@ @@@@@@@@@@@@@$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$@@@@@@@@@@@@@ @@@@@@@@@@@@@ @@@@@@@@@@@@@ @@@ @@@ @@@ @@@ @@ ferrari @@ REMEMBER IF U USE THE PROGRAM THEN BUY IT ;-) ! @@ ferrari @@ @@@ @@@ @@@ @@@ @@@@@@@@@@@@@ @@@@@@@@@@@@@ @@@@@@@@@@@@@$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$@@@@@@@@@@@@@