by +Sync, May 1997
Courtesy of fravia's page of reverse engineering
How to Crack SSS Convertable by Scientific Solutions Software
by +Sync
May 12, 1997
Get software at: http://members.aol.com/sss5000/
I am almost embarrassed to be typing this. This piece of software is
the biggest piece of shit I've ever seen (shouldn't be surprised considering
the 'company' who makes it has a web page at aol). I downloaded this program
because it actually does something useful for me, being an engineering
student, which is unit conversions. I saw that it had a password protect on
it, and figured a good tutor on how to dis-assemble some code and work
backwards to get the correct password would be useful. However, this program
is not even that advanced. Here's what I did, I present this as a good method
to follow, most cracks are not this easy. However programmers are idiots, and
here's proof.
Like always the first thing I do is install the program and run it
once to see what is going on. I found that by choosing 'Register' from the
'Help' menu I was prompted to enter a password. I wrote down the text exactly
as 'Enter the password to unlock below:'. So I closed the program and opened
up CONVERTABLE.EXE in my hex-editor and took a look. The first thing I
noticed by scrolling down about half a screen was the text 'VB40032.DLL' .
Oh shit, a VB program. This tips us off to several things.
1. The programmer is a moron and can't program a real language. Expect bugs.
2. The program is SLOW.
3. Tracing with Winice would not be fun.
4. Text strings are stored in Wide Format.
The fourth item is worth discussion. VB 4.0 stores strings with their
characters separated by hex 00. Just to double check this, I search through
the file looking for 'Enter the password' and get nothing. So I search for
the string in wide form.
Hex: 45 00 6E 00 74 00 65 00 72 00 20 00 74 00 68 00 65
text: E . n . t . e . r . . t . h . e
And needless to say I find the text. It is at offset 7DBA. I look around in
the file and directly after this I see, in wide form again, the word
'Garbonzo' at offset 7E56. No fucking way. The password is hard coded into
the file in (almost) plain text. What a fucking moron (see #1 above). Go
into the program and type Garbonzo in for the password and see if it works,
then immediately delete this program.
So, what have we learned? Unfortunately not much. However, the main points
of this whole mess are:
1. Check the obvious answer first, don't make things harder than they are.
2. Know your enemy. If I had not know that VB 4 used wide format, I would
have searched vainly for text in the program and never found it.
3. Use the correct tool for the job. This crack required only 1 tool, your
trusty hex-editor. While I also cracked this program with winice by
putting break points on the password I typed in, why go to the trouble to
search for the answer, when the author has given it to you?
I am writing this file with the hope that it will be useful to someone.
While this one is short, and obvious to anyone with any experience, there are
those out there who do not see the easy answer first. Beginners must learn to
walk before they can run. To the next generation of crackers who replace my
generation I say this: Cracking is the most noble art. Learn it and respect
it.
Note: This company has several other programs out, and probably equally
stupid protections on them.
+Sync
homepage
links
anonymity
+ORC
student
tools
javascripts
cocktails
search_forms
mailFraViaFravia 13 May 1997