Application Trial bypass(draft)
April 26, 2011 Leave a comment
This document covers the very basics of working around the limitations of programs that have not been fully activated in other words trial programs. I do not promote piracy and do not recommend it. This document is for educational purposes only! I also assume that you have a basic understanding of assembly and basic knowledge of a debugger.
Tools that you will need will be; a computer and OllyDbg which can be found here http://www.ollydbg.de/version2.html and an application to test this on. For the application that will be covered in this document it will be a simple application that I wrote that asks for a “password” and will tell you if you have the password correct or wrong. Our goal is to have the application display that we have the correct password no matter what password we give it. Keep in mind that this is a very simple application to break including you can see the password when you debug the application.
If we enter a password we get the following:
If I put the password in correctly we get the following message:
This is the message that we want to receive for any password that we input.
Lets get busy and open of OllyDbg and open up the main executable file and make sure there are required arguments following the image here:
After you open the file up you will get a screen that may look like a forging language to you. This is okay you do not need to know everything that is on the screen. If you do this more frequently than just this time it will help to learn assembly and know each of the registers and how to read the hex dump and the stack.
The debugging will start out paused. Since this is a simple application and there are not methods that try to “confuse” the debugger and make things harder then what it should we will simply look for the string. We need to locate the following string “You have the password correct”
You can search for the string by several methods. The easiest two is to scroll through the main thread module and look for it on the ASCII side of the view or right click in the assembly view and search for > all reference strings. This will bring up another window and scroll through the list of reference strings until you find the correct string and double click.
The two lines above it is testing to see if the password is correct. If you know any basics of programming this would look something like the following:
If (password == password)
Then print password is correct
Print password is incorrect
The line right above it(JNE SHORT 004121a0) is basically saying if the passwords do not match then jump to address 004121a0 which you can find at the very left of the screen that points to “You have the wrong password.” What we need to do is have it point to the line right below it. The simplest approach is to change the address to the address right below it making the line (JNE SHORT 00412191)
In order to perform this action we need to right click and go to edit > copy to executable. Then we need to double click the line that says JNE SHORT 0000158F and change the line to JNE SHORT 00001591. Remember this address may be different on your machine.
Then line that you just changed will be in red. Right click then click save file. Save the file as a different name and try any password and if you done everything right then it should say “You have the password correct.” This is the first step in learning how to bypass software restrictions.
Please remember this document is for educational purposes only. I do not promote piracy.