gabri3l
April 21st, 2004, 16:21
I have been working on a program that is used to view an infobase. The infobase is protected by a corresponding license file. The license allows/restricts you from viewing past a certain date, seeing certain sections of the text, printing, copying, exporting (to a pdf for example). I first started by trying to enable all the grayed out menu items. Then i figured that would be too much work there had to be an easier way. Well there is: included with the program is another one that lets you update/upgrade your license file. You update by calling the company, giving them your generated challange number and then putting in the one they give back to you. You can now view the file for another 3 days. Well, i wanted to do more than just see it for another few days. So it seems that if you log in as a administrator with the right password then you can edit the license. You choose admin from the drop down box of allowed logins and then type the pass. All in all, it turns out that with all the protection, put into this program there still existed one little flaw. Using a resorce editor I changed the drop down box to a text box. Type in a name that doesnt exist and no password. As the program does a check my name which doesn't exist has a password that doesn't exist aka: null. my null field in the password box is the correct pass! funny enough it logged me in with complete administrator control. it now allows me to edit the license file. Just thought that this was a unique way of cracking this security feature. Has this sort of thing happened to anyone else?