Log in

View Full Version : Where is the Mark ??? (CrapKey)

Mandar
December 17th, 2002, 11:01
1)What is the problem....
I am studying timetrials and how they mark the fact that the
licence has expired . I am using a target protected with CrapKey .

2)What is the protection.....
It is CrapKey Version 5.6
( I found this by checking 'CrypKey Version' in cki32h.dll properties ).

3)What tools are you using....
FileMon , RegMon on Win98

4)What tutorials have you read....
General Timetrial tuts and Marigold's tut about CrypKey

5)Show your output listing WITH comments....
I am attaching Regmon/FileMon logs.

6)NOW ask your question....
As you can see in the logs :
RegMon: there are no obvious entries here .
Filemon: there are only two possibilities of
a mark : ckinfo.txt and jsm51161.tbl .
So how does the program know that license has expired ???

Attachement deleted.
We don't need RegMon/FileMon logs, we need disassembled code with your comments, problems and possible solutions.
Snatch
December 17th, 2002, 12:33
Mandar, the solution is not always found in Regmon or Filemon I suggest some other approaches. I used to think of them as great tools that would always show me where the data in the registry or what file was being used. It certainly is not that easy why not try some other approaches?

Snatch
squidge
December 17th, 2002, 14:24
Yup, it's quite easy now to enter data into the registry without regmon being able to spy on it. There's also ways around Filemon so don't assume that just because they are not giving you the place of storage, that it is not happening...

Note also that some programs simply list a directory (normally a big one, like Windows\System) which doesn't really show a great deal in filemon, and then check the time/date or attributes field of a few specific files to get the installation date.
FoolFox
December 17th, 2002, 14:25
Hello,

There is numerous way to check how many days have passed,
if you want to study time trial scheme you better ask yourself
"how could i check that time in a way that's not easily tampered
with ?"

you can just check the date when your app have been created and retrieve the system date from the Bios.... or try to find more obscure way to do so.....


Regards
FoolFox
r00t
December 26th, 2002, 02:09
squidge:
it's quite easy now to enter data into the registry without regmon being able to spy on it?, really?, how can i do it?.

(I'm on Win98).

Greets