|
Reversing the protection scheme of Opera 3.60
a not so easy protection scheme
|
Not Assigned
|
|
30 July 1999
| by
-alx
|
|
 |
Courtesy of Fravia's page
of
reverse engineering
|
slightly edited
by fravia+
|
fra_00xx
98xxxx
-alx
1100
NA
PC
|
I have hesitated before publishing this essay. Opera is a browser so good
that once you get used to it you will never want to go back to
the huge stupid browsersaurii. Opera deserves our support and our help.
And now we publish an essay that explains its most recent version protection
scheme. Why do we do it? Wont this damage Opera?
There are two reasons: first (I checked) the "ready-made cracks" (lamers' food)
for Opera (3.6) abound on the web: a
simple altavista search has given me 198 different pages two minutes ago. Therefore
I think and hope that
this essay could be more helpful than anything else for the programmers of
Opera, allowing them to see the flaws in their protection scheme (which are pretty evident)
from an (advanced :-)
newbye perspective.
Secondly the more people will use Opera the more people will 'see the light', at least
in the browsers' field. And I can imagine that this essay will motive people to delve
even deeper in the inner code of this little jewel of an application.
Yes, please pay for Opera (I did it, as the Opera people probably know :-)
| |
|
There is a crack,
a crack in
everything
That's how the light gets in
| |
| Rating
|
( )Beginner (x)Intermediate (
)Advanced (
)Expert
| |
An useful essay for beginners who alredy know the
usage of some tools
(SoftIce
and WinDasm) but do not know the right way......
This is a collection of attempts with only one
purpose: remove the
30-days limitation
from a shareware (Opera 3.60)
Reversing the protection scheme of Opera 3.60
a not so easy protection scheme
Written by
-alx
I think I'm an "advanced" beginner but cracking Opera
3.60 has taken me
2 days
instead of the 2 hours of Opera 3.20! This means that
Opera's
programmers read
HAL's essay and you should
read it too.
SoftIce
WinDasm 8.93
an hex editor (I use UltraEdit 5.20)
Here
you can
download all
versions of Opera in many of the most common languages
First of all, let's run Opera 3.60.
As you can see, there is a "Thanks for using Opera"
window with your
remaining days and some options: Evaluate, Purchase,
Register.
Click on Register and Opera will ask you for a name,
an organization and a
registration code. Type whatyouwant in the first two fields and a 12
chars reg-code in the last one.
A message box appairs: "You have probably entered a
pre 3.50 reg-code".
Ok, now go to Help......Register Opera... and type a
14 chars reg-code.
Another message box will inform you that your code is
wrong.
Why are there 2 different message boxes?
Because Opera's programmers probably have changed
their previous protection
scheme (Opera 3.20 end so on) with a more complex one;
I think it's more
complex because it wants more chars than previous one
(see my introduction about opera 3.20).
Well, return to the registration window (RW from now),
press CTRL-D and
breakpoint at MessageBoxA; (have you read HAL's essay ?)
:bpx MessageBoxA
return to RW, fill the fields and press OK.
SoftIce pops up just before the message box.
press F12, read the message and click on OK. You will
land here:
:00470195 E86123FFFF call 004624FB
:0047019A 389D80FDFFFF cmp byte ptr [ebp+FFFFFD80], bl
:004701A0 7513 jne 004701B5
.........
.........
:004701C6 FF1520664F00 Call [USER32.MessageBoxA,]
:004701CC 56 push esi
I hope you have understood that the main problem of
this essay is
finding
the protection and not to crack it.
Reading this essay and then de-protect Opera is very
easy but as you
already know this has taken me much time.
Notice that in Opera there are tons of string
references
but none deals with a greeting message (but IT MUST
EXISTS!!!!!).
We have found only a warning (it does not exist in
Opera 3.20) and we
have
never seen it before patching the REG-FLAG.
Notice that if I persevered with my first approach I
would probably get
crazy.
(so, open your mind. be SUPPLE).
thanks to:
Jade for her moral support
Sugar for his unvaluable music
+ORC; without him, all this would have not been possible.
-alx
YES, I'll send you another that follows the ZEN way.
I wont even
bother explaining you
that you should BUY this target program if you
intend to use it for
a
longer period than the allowed one. Should you want
to STEAL this
software instead, you don't need to crack its
protection scheme at
all:
you'll find it on most Warez sites, complete and
already regged,
farewell, don't come back.
You are deep inside fravia's page of
reverse
engineering,
choose your way out:
homepage
links
search_forms
+ORC
how to
protect
academy database
reality cracking
how
to search
javascript wars
tools
anonymity academy
cocktails
antismut
CGI-scripts
mail_fravia+
Is
reverse engineering
legal?