BlackB
February 16th, 2001, 05:24
Well, here we are again....with a new interesting target. Well, actually, I don't know if this protection's already defeated, but I never heard of it.
It's protected with SoftWrap (http://www.softwrap.com). Site already gives good info on the protection
Summary: SoftWrap 's a commercial wrapper, that wraps and encrypts the original program. You have two options: 1. buy online, 2. buy by telephone. The first one connects to the net, you have to enter creditcard number, this number gets verified online, if everything's okay, the program gets unlocked.
In the second one you have to enter a regcode (41 chars long). I tried to fish for a valid serial, but didn't succeeded yet. I could however, make the program believe it was a right one, and was able to run the program. Of course, after exitting and re-running, I got the buy-me dialogbox again :-)
The "buy online" option may be better to attack...would be a matter of bypassing the server verification of the creditcard number....then probably i valid license is downloaded automatically (but hey, i didn't try this yet)
I also tried to crack the code itself, here are some things I found out:
1. anti-sice, anti-regmon, anti-filemon
------------------------------------
anti-sice is easy to bypass with frogsice (uses old createfilea method)
anti-regmon and anti-filemon is probably executed while installing the shareware product, because you can't run filemon and regmon afterwards. If you move your filemone/regmon files to another place and execute it, it works.
However, I noticed in the disassembly (IDA) that there are string references "SoftWrap cannot load while Filemon/Regmon running", but in practice they never show up.
2. Anti-cracking
---------------
Most of your cracking attempts will get logged (no idea where yet), and after 2 attempts, you get "Locked out of using the program". I have no idea where this is stored: i uninstalled the program, deleted all registery keys that remained and license files on the harddrive, but it didn't work.
Anyway, I was able to nop-out this check and succeeded to make the "buy it" option available again. This "nopping-out" is kinda tricky, as this jump-to-badboy isn't there yet if you look at it with a hex editor. So you have to take the previous instruction and change it in a cmp al, al .... so the next instruction (it's a JZ) will always jump
3. license
---------
there are 3 licenses: one in the registery, one in the install directory and one in a subdir in c:\program files\SoftWrapLicense. they are .sw files.
4. last remark
-------------
when run, a file 2findmp3.locked.exe is created. This probably contains the unwrapped program, but entry point or IAT may be encrypted or something like that. didn't check this out either :-P
Well, that's all for now. Feel free to contribute on this one. I 'm sure I can manage alone, but it goes a lot faster if other people help too :-)
Last but not least: direct download link: http://www.npssoftware.com/2findmp3/retail/2findmp3v50Retailsetup.exe
enjoy
greets
The Blackbird
It's protected with SoftWrap (http://www.softwrap.com). Site already gives good info on the protection
Summary: SoftWrap 's a commercial wrapper, that wraps and encrypts the original program. You have two options: 1. buy online, 2. buy by telephone. The first one connects to the net, you have to enter creditcard number, this number gets verified online, if everything's okay, the program gets unlocked.
In the second one you have to enter a regcode (41 chars long). I tried to fish for a valid serial, but didn't succeeded yet. I could however, make the program believe it was a right one, and was able to run the program. Of course, after exitting and re-running, I got the buy-me dialogbox again :-)
The "buy online" option may be better to attack...would be a matter of bypassing the server verification of the creditcard number....then probably i valid license is downloaded automatically (but hey, i didn't try this yet)
I also tried to crack the code itself, here are some things I found out:
1. anti-sice, anti-regmon, anti-filemon
------------------------------------
anti-sice is easy to bypass with frogsice (uses old createfilea method)
anti-regmon and anti-filemon is probably executed while installing the shareware product, because you can't run filemon and regmon afterwards. If you move your filemone/regmon files to another place and execute it, it works.
However, I noticed in the disassembly (IDA) that there are string references "SoftWrap cannot load while Filemon/Regmon running", but in practice they never show up.
2. Anti-cracking
---------------
Most of your cracking attempts will get logged (no idea where yet), and after 2 attempts, you get "Locked out of using the program". I have no idea where this is stored: i uninstalled the program, deleted all registery keys that remained and license files on the harddrive, but it didn't work.
Anyway, I was able to nop-out this check and succeeded to make the "buy it" option available again. This "nopping-out" is kinda tricky, as this jump-to-badboy isn't there yet if you look at it with a hex editor. So you have to take the previous instruction and change it in a cmp al, al .... so the next instruction (it's a JZ) will always jump
3. license
---------
there are 3 licenses: one in the registery, one in the install directory and one in a subdir in c:\program files\SoftWrapLicense. they are .sw files.
4. last remark
-------------
when run, a file 2findmp3.locked.exe is created. This probably contains the unwrapped program, but entry point or IAT may be encrypted or something like that. didn't check this out either :-P
Well, that's all for now. Feel free to contribute on this one. I 'm sure I can manage alone, but it goes a lot faster if other people help too :-)
Last but not least: direct download link: http://www.npssoftware.com/2findmp3/retail/2findmp3v50Retailsetup.exe
enjoy
greets
The Blackbird
