-----cut here------------------------------------------------------------------- Cracking Chinese Horoscope Target: Chinese Horoscope - chscope.exe (398336) WWW: http://www.springsoft.com or www.geocities.com/john_aum/john_files/ch.ace Cracker: --..__J_o_h_n_n_y__A_U_M__..-- (TNT) Protections to be removed: expiring, begining nag and disabled options Tools: W32Dasm, Hacker's View, both backgrounded by Windows Commander 4.03 -------- What makes this cracking lesson interesting is a rare kind of protection that this program is having! -------- Motto: I'm for peace, love and prosperity and one global nation but without money to divide us and without ego, who keeps men separated! Be a man of good sense - be naturally, be divine! Try to progress on spiritual way! No God, no freedom! I'm against tyranny under any form, against mondial iudeo-masonic occult domination and against infiltrated bad rase of aliens! Out with Satan from this planet! Free and freedom for all! -------- This is a nice program who tells you incredible details about your personality and many other important aspects of yourself. Ok, let's explode this baby! 1) Carefull observation! Install the program. Enter in program and look about protections. First we see begining nag, very uggly is'nt it? Second, we see that this program expires in 30 days and this window is called "About". Continuing with exploration we discover, third: disabled options in COPY and PRINT - the text "This Option is not available...". So, we have 3 protections. Let's explore a little more: let's see if the program it has some ini file. I discovered in c:\windows after detailed observation that is builded 2 files: chscope.ini and jqlreg.ini. Funny name: jqlreg.ini, may be about some kind of registration. May be sure! 2) First protection. Disassemble chscope.exe with w32dasm. Alt-S-F for searching text from about: "Chinese Horoscope". 1st case it is not relevant, continue, bingo! At w32dasm adress 2.596A (Delphi program) we found second text. Look above at 2.594D 55 push bp. Let's cancel this function: 55 -> C3 at hiew adress B44D. Try to see results: bingooo!!! Nag is gone forever! 3) Second: protection by expiring. We look into jqlreg.ini. It was created when we entered first time in program. Perhaps this number 36589 (my case & time) is a coded information who tell to the program the date of instalation. Let's try this: delete the both files - chscope.ini & jqlreg.ini from c:\windows. Now set clock on 2002, for example. Let's observe what's hapening. Very strange! It is expired! But how? Must be something connected with instalation, like date of subdirector c:\program files\chinese; this become very interesting! Let's try now this: delete first the 2 files and then set the clock on year 2050; then move the files of program from c:\program files\chinese to new location c:\program files\ch. Now we make probe: bingoo!!! it looks like we found how this protection really works: read the date of subdirector and then put the date in coded way in new jqlreg.ini. Now go back in year 2000 (adjust again clock). Let's see: works or what? The expiring protection is fired! Yohoo!! That's it! The file chscope.ini is not really needed to be deleted on every time, only jqlreg.ini. What I'm worried about is that now, this program will, oh, expire in 2050! That's very bad, isn'it it? Please, make a probe after 50 years from now, see expires, or what? Newbies, what you think? Ha, ha, ha! I'm laughing because I'm a sort of newbie myself! Not bad! Learning is fun! 4) Third protection: disabled options in COPY and PRINT. Quick search in w32dasm with Alt-S-F - text "This Option". We found two places and 2 jumps: - w32dasm adresses 1) 2.433 2) 2.265D \ -> and jne on both cases. - hiew adresses 1) 7F33 815D / Let's make jne 75 -> EB on the both hiew adresses! Try for results: works just fine. Third protection defeated! Good job, Johnny!!! Final remark: this time protection focused on subdirector date is interesting! We must all notice that (in specially the new crackers) because we can encounter it on other programs! By now, let's have a good cracking time! PS. If you're wondering how to view your horoscope details, here's how: - press PEOPLE, put your name & infos, press ADD, OK, then select your name and press CLOSE. Lots of details must be showed now. ---------------- Greets: tKC (my love too!), CIA, TNT, PC, CORE, all crackers, PRO or newbies, all cracker teams (keep going, we must eliberate from iudeo-masonic tirany, all must become free), we are great guys, and nice too. Love you all (but you must be a good soul!). Romanian Greets: Salutari tuturor crackerilor din Romania! Mergeti inainte, o sa ne astepte si zile mai bune, ginditi optimist, Dumnezeu e aici cu noi! In curind, info despre Romanian Cracking Team la www.geocities.com/john_aum, sfirsitul paginii. At last, but from all my heart: I love you Heavenly Father, I know you are with me all the time!!! God is love! E-mail: johnny_aum@yahoo.com ---------------Sorry if my english is not perfect!------------------------------ -----cut here-------------------------------------------------------------------