I have got an .exe file which is password protected. I have got the password, but the password was only valid between specific dates. When I type in the password nothing happens as the password has expiered (no warning messages come up), even if I back up the clock it is still locked, you just have to close the password box. I opened the .exe file with softice and a backdoor addon, but I am totally lost within the assembly code. Any help would be most appreciated.

Regards

Mogsey

1.The program has to read the date at some point. BPX on getsystemtime
getlocaltime, and try to understand how it encodes the date and then where it compares it with another (encoded) date.

2. The program detects date tampering. At some point, it wrote to a file, to the registry or both, the date. run the program under Filemon and Regmon and hunt down for weird file and registry access.

3. Try to install the program in another computer, this time notice, with filemon and Regmon, when the program writes down information to detect date tampering and learn how to defuse it.

Have fun, that is the point of cracking.

Thanks for the tips I will give them a try, I have got a feeling it may be storing the password info in user32.dll.

Just one other thing I have been trying to detect the password box using softice and breakpoints I have used the usual ones such as getmessageboxa, Createwindow, createwindowexa, showwindow but softice is not breaking on any of these do you have any ideas on what to do.

Thanks alot for you time it is appreciated.

Regards


Mogsey

[QUOTE]Originally posted by Mogsey
Thanks for the tips I will give them a try, I have got a feeling it may be storing the password info in user32.dll.


user32.dll is a windows system library. I doubt the program is storing any information in that file, because: That file is used by several, perhaps all the programs you are running, and it could not be modified in any way, by storing some password information without crashing the system. On the other hand, FUNCTIONS contained in that library may well be used to store the password somewhere else.

Just one other thing I have been trying to detect the password box using softice and breakpoints I have used the usual ones such as getmessageboxa, Createwindow, createwindowexa, showwindow but softice is not breaking on any of these do you have any ideas on what to do.

I am not sure if I completely understand your question.
Are you trying to catch the program creating the password box?
In that case find a tool named Ispy, it is shareware in the net. This will help you find out the handle of the message box. then use "Bmsg [Handle: word] wm_destroy". Sice will break when the box is destroyed, deep inside the windows kernel. F12 out of it until you get to your program code. A box is usually created and destroyed inside the same call. This may help you find the area in the code where the box is created.

Alternatively, Look in the imported function list of the program, either by Dissasembling or by using "Quick View" This will help you narrow down the API that creates the Box.

If you want to catch the program READING your password out of the box, try BPX hmemcpy, if you use win9x.