This week has been the reverse Si3.5 (version 3.5.66.0), the encryption algorithm is to restore them, but because they are lazy, do not want to write RI. Fillmore is not, in fact, mean no break SI, so I can try a variety of tricky way unrestricted use si.
After the trial in order to activate si, every start, will display the number of days remaining in the trial:
Red part should be shaped like a "Trial License expire in% d days" string constant, the IDA open, can search for a character string which:
Follow it to find the piece of code that reference characters:
.text:004A7263 loc_4A7263: ; CODE XREF: sub_4A7077+1D1↑j
...
.text:004A72AC mov eax, totalTrialDays ;si3.5试用版设定的试用天数
.text:004A72B1 sub eax, trialDays ;已经试用的天数
.text:004A72B7 mov [ebp+remainDays], eax
.text:004A72BD push 0FFh ; color
.text:004A72C2 push [ebp+hdc] ; hdc
.text:004A72C5 call ds:SetTextColor ;设置字体颜色
.text:004A72CB mov [ebp+color], eax
.text:004A72D1 cmp [ebp+remainDays], 0
.text:004A72D8 jle short loc_4A72F6
.text:004A72DA push [ebp+remainDays]
.text:004A72E0 push offset trialRemainDays ; "Trial License expires in %d days."
.text:004A72E5 lea eax, [ebp+String]
.text:004A72EB push eax ; char *
.text:004A72EC call _sprint
si call _sprint format string, the instruction
.text:004A72DA push [ebp+remainDays]
Just the variable [ebp + remainDays]% d as a placeholder parameters on the stack. Exactly, modify variables [ebp + remainDays] statement in the vicinity:
.text:004A72AC mov eax, totalTrialDays ;si3.5试用版设定的试用天数
.text:004A72B1 sub eax, trialDays ;已经试用的天数
.text:004A72B7 mov [ebp+remainDays], eax
Note, totalTrialDays and trialDays are global variables in the data segment:
.data:005E6F8C trialDays dd ? ; DATA XREF: sub_445B93:loc_445BC4↑r
.data:005E6F8C ; sub_448894+185↑w ...
.data:005E6F90 totalTrialDays dd ? ; DATA XREF: sub_445B93+36↑r
I try to use OD modify the subtraction instruction at a 04A72B1, then let run si, si already extended the show there actually has 35-day trial period:
=>
Ah, in fact, to this stage it is considered successfully cracked. But every time you open the display as well as dozens of days si total, giving a total software soon to expire pressure. If so, then a change, so that the remaining number of days available is large. This is elementary knowledge of arithmetic, nothing less than to change the minuend and subtrahend trialDays totalTrialDays. IDA compared the software with reference to totalTrialDays / trialDays number, found a relatively small number of totalTrialDays cited, so I decided to get it cut.
View totalTrialDays again references, found a prominent instruction, "mov totalTrialDays, 23":
Directive 23 decimal 35 is not it? Is not that always the probation source insight3.5 it? Well, put the big immediate change, it changed to 100 years, 100 years later, anyway, I do not see the code.