Hi guys, I hope you can help me.

I got a "beta version" of a level editor. But the problem is it is time protected.
When i run it i get this message:
Sorry, but license data has expired.
Please contact the software provider to update the software or extend the license.
When I turn back the date a couple of years i get: Sorry, but license date not valid yet, it will become valid on 17-07-2005
When I change it to that date, i get: Invalid system-time detected.

I googled these errors and i found this:
http://www.sheriff-software.com/help/hs1000.htm It sounds very familiar to the errors i'm getting.

I don't care how, but i and the whole game community really need this to work.

I've downloaded w32dasm and ollydbg (because i have xp) and already have a hex editor.

I've read some tutorials about cracking time protected programs, but these protections don't seem the same.
The main problem I have is that i don't know where to start, because the error messages come from a windows .dll file and not the .exe itself.

So can anybody help me, maybe by showing me a tutorial that applies on this kind of protection? Or any help at all would be welcome.

Thx for your time.

It really depends on what the soft was written with, but usually the string info is in the resources info and is passed to the .dll - it's not generated there - w32dasm is quite good at finding these references - but not with Delphi apps - you could run a trace over or even an animate over to find where in the process the window is generated - or set a breakpoint on the api that creates the window - the call may be listed in the stack. I usually run an olly script made for time trials - I set a bp on GetLocalTime and run the script from there and then compare the log from the script generated on another machine where the soft has yet to expire - and you could always try DeDe, if it is a Delphi app.

SiGiNT

Thanks for your quick reply, but did i mention i was a big n00b at this?

Don't know how to do a trace, or an animate. But i did found this: "RtlRaiseException()" and this does something to ntdll.dll, is this the api you were talking about?

that's enough for today, its 9am and i really need some sleep.

Goodnight.

Trace over, and animate over can be found by clicking on the debug option - animate over will show you in the cpu window what is actually occuring - trace over will create a log that is displayed by clicking view - run trace the bottom most instruction will be the last to be executed as your message box is being constructed - you'll want to sceoll up to the last line executed by your app and double click on it that will take you to that line in yoiur code - look for a conditional jump over that instruction - you may have to trace deeper by setting a break point at that last line then when it breaks hit f7 and trace over from there - ad infinitum - eventually you'll end up in and endless loop that is waiting for you to click the OK button - thats too deep in the code so go back and look for those jumps. GetLocalTime and MessageBoxA two other good points to break on can be found by right clicking on your app in the executable modules window shown by hitting the "blue "E" cightclicking on the API will allow you to set a break point on it - RaiseException is too late in the code the decision has already been made.

SiGiNT

9:00 bedtime WOW!

Ok i really appreciate what you are doing , and i still need that sleep.

So what i do is, I load the editor, I get the license expired message.
I load ollydbg and attach the editor. I trace over and view the log.

This is the last log data:



I doubleclick it and in the bottom right corner it says this:



Am I on the right track?

mmh...
If you really want to learn cracking, for whatever reason you wish, you'd start from easier things and learn the manuality of actions.
Suggestion: go to crackmes.de site, download very very simple crackme challenges and learn using Olly with them.
Then, once you acquired skills, get back to your app and check if your skills are sufficient to do the work.
If you don't know how to break at an API and do the basic work, you have to learn it -do you really think you can open the engine of your car and alter it without knowledge, just because you possess the toolbox?
So, start from simple things, and learn ghe basis.
In the process, you can of course ask when you get struck.
----------edit
you need basic tutorials to understand how windows work. That's why I'm saying you'd have to learn the basic. You won't crack even a minimally protected application if you move blindly around. Also, if you can find them, the SnD group made good video tutorials on Olly, and good tutorials on Olly can be found at ARTeam.

Well,

You PM'd me a link to the target and a cursory look tells me it's way out of your current ability to even think about, defeating this one on your own, and it's way out of my area of expertise, it's a game related app that is protected with securom, and contains SFX compression, you might want to do a search for securom on this forum - and with Google, I'm not saying it can't be reversed, because it can, but you've got a lot of learning to do.

SiGiNT

There could be some securom stuff in there, but i doubt you need a cd or dvd to run it. Basicly what i'm trying to get is somehow change that 17-07-2005 to a date that will be accepted.

Anyway thanks for you help and time guys.

That's the problem with packers. You may have no interest whatsoever in removing the packer but usually it's necessary to do so if you need to get at the target app.

Jonny79, you may have success patching the date comparison that's bothering you on your first trace, but fixing it in general will probably cause many more problems when SecuRom decides to run a CRC check at some arbitrary later point. Also, patching this date-check on disc will be out of the question since SecuRom unpacks the target each time it's executed: You're attaching your debugger when the check is made, but much work has been done before this to ensure the target is all present and correct.
The entire issue may be worked around if you write a loader but you'd be a fool to assume this will be as easy as it may seem (which isn't really that easy at all).

So I don't like to demoralise you or to make judgements about your target (or ability level) without seeing anything for myself, but if sigint33 is right, you have a mountain to climb yet.

Regards
Admiral

(Edit: Customary context corrections)

Admiral,

If you like I'll PM you the link - but I can say this, the next obstacle after getting rid of the license expired (date probably macine resident), is "Security Device Missing".

SiGiNT

I sense Hardware Dongle. Definitely not a topic that's suitable for beginning reversers...

Yes, it does check the hardware, I also got some request and certificate files.
But normally no cd or dvd required. I know i don't have the skills to crack it, but it was worth the try, the whole community is waiting for the editor.