-----cut here-------------------------------------------------------------------
Cracking Chinese Horoscope

Target: Chinese Horoscope - chscope.exe (398336)
WWW: http://www.springsoft.com or www.geocities.com/john_aum/john_files/ch.ace
Cracker: --..__J_o_h_n_n_y__A_U_M__..-- (TNT)
Protections to be removed: expiring, begining nag and disabled options 
Tools: W32Dasm, Hacker's View, both backgrounded by Windows Commander 4.03

--------
  What makes this cracking lesson interesting is a rare kind of protection that
this program is having!
--------
Motto:
  I'm for peace, love and prosperity and one global nation but without money to
divide us and without ego, who keeps men separated! Be a man of good sense - be
naturally, be divine! Try to progress on spiritual way! No God, no freedom!
I'm against tyranny under any form, against mondial iudeo-masonic occult
domination and against infiltrated bad rase of aliens! Out with Satan from this
planet!
Free and freedom for all!
--------

  This is a nice program who tells you incredible details about your personality
and many other important aspects of yourself.
  Ok, let's explode this baby!
1) Carefull observation! Install the program. Enter in program and look about
protections. First we see begining nag, very uggly is'nt it? Second, we see that
this program expires in 30 days and this window is called "About". Continuing 
with exploration we discover, third: disabled options in COPY and PRINT - the
text "This Option is not available...". So, we have 3 protections. Let's explore
a little more: let's see if the program it has some ini file. I discovered in
c:\windows after detailed observation that is builded 2 files: chscope.ini and
jqlreg.ini. Funny name: jqlreg.ini, may be about some kind of registration. May
be sure!

2) First protection. Disassemble chscope.exe with w32dasm. Alt-S-F for searching
text from about: "Chinese Horoscope". 1st case it is not relevant, continue,
bingo! At w32dasm adress 2.596A (Delphi program) we found second text. Look
above at 2.594D 55 push bp. Let's cancel this function: 55 -> C3 at hiew adress
B44D. Try to see results: bingooo!!! Nag is gone forever!

3) Second: protection by expiring. We look into jqlreg.ini. It was created when
we entered first time in program. Perhaps this number 36589 (my case & time) is
a coded information who tell to the program the date of instalation. Let's try
this: delete the both files - chscope.ini & jqlreg.ini from c:\windows. Now set
clock on 2002, for example. Let's observe what's hapening. Very strange! It is
expired! But how? Must be something connected with instalation, like date of
subdirector c:\program files\chinese; this become very interesting! Let's try
now this: delete first the 2 files and then set the clock on year 2050; then
move the files of program from c:\program files\chinese to new location 
c:\program files\ch. Now we make probe: bingoo!!! it looks like we found how
this protection really works: read the date of subdirector and then put the date
in coded way in new jqlreg.ini. Now go back in year 2000 (adjust again clock).
Let's see: works or what? The expiring protection is fired! Yohoo!! That's it!
The file chscope.ini is not really needed to be deleted on every time, only
jqlreg.ini.
  What I'm worried about is that now, this program will, oh, expire in 2050!
That's very bad, isn'it it? Please, make a probe after 50 years from now, see
expires, or what? Newbies, what you think? Ha, ha, ha! I'm laughing because I'm
a sort of newbie myself! Not bad! Learning is fun!

4) Third protection: disabled options in COPY and PRINT. Quick search in w32dasm
with Alt-S-F - text "This Option". We found two places and 2 jumps:
- w32dasm adresses 1) 2.433 2) 2.265D  \ -> and jne on both cases.
- hiew adresses    1)  7F33      815D  /
Let's make jne 75 -> EB on the both hiew adresses!
Try for results: works just fine. Third protection defeated! Good job, Johnny!!!

Final remark: this time protection focused on subdirector date is interesting!
We must all notice that (in specially the new crackers) because we can encounter
it on other programs! By now, let's have a good cracking time!

PS. If you're wondering how to view your horoscope details, here's how:
- press PEOPLE, put your name & infos, press ADD, OK, then select your name and
press CLOSE. Lots of details must be showed now.

----------------
Greets: tKC (my love too!), CIA, TNT, PC, CORE, all crackers, PRO or newbies, all
cracker teams (keep going, we must eliberate from iudeo-masonic tirany, all
must become free), we are great guys, and nice too. Love you all (but you must
be a good soul!).
Romanian Greets: Salutari tuturor crackerilor din Romania! Mergeti inainte, o
sa ne astepte si zile mai bune, ginditi optimist, Dumnezeu e aici cu noi! In
curind, info despre Romanian Cracking Team la www.geocities.com/john_aum,
sfirsitul paginii.
At last, but from all my heart: I love you Heavenly Father, I know you are with
me all the time!!! God is love!
E-mail: johnny_aum@yahoo.com
---------------Sorry if my english is not perfect!------------------------------
-----cut here-------------------------------------------------------------------