CrackMe4
A gui-based crackme written in visual studio 2017 win32 api, simulating a 30-day trial period software.
Objectives:
- Crack it to extend beyond 30 days
- In the About screen – also extend it to beyond 30 days
Link: https://crackinglessons.com/crackme-4/
Software
The software was simply showing remaining days.
x32dbg
This time I did not use DIE. I used animate over and found the call that calculates trial period and stepped into it.
Now there is 2 way we can bypass this.
1st way (No trial expiration)
We can simply patch JG (JNLE) check to JMP to always have license no matter the trial period remaining.
And to update the about page we can use call stach method by pausing the program.
Then udpate it to JMP also.
And then simply patch it.
That is it. We now have unlimited trial period.
2nd way (Update the time)
While checking the calculation commands we can see that it get local time with GetLocalTime command then calculates how many days passed and stores it on eax. Then on ecx register it stores total time which is 30 days. Then it executes a sub command to calculate remaining days.
So what we can do is update the ecx register value on mov command to high value such as 0xFFFF.
And that is it.