Download Sonic Foundry Noise Reduction v2.0

Added to site2002-12-31
Rating93/100
Votes49


sonicfoundrynoisereductionv2.0.zip (18392 bytes)

namesizecompressed
uer_sfnr20.exe 29998 16089
CrackStory.nfo 4636 1943
watodo.nfo 0 0

CrackStory.nfo

=====================================================================
Target  : Sonic Foundry Noise Reduction Plug-In
Version : 2.0
Type : Module (dll)
Name : sfnrpack.dll

Done by : UmanErrOr

=====================================================================


Stuff for insiders
==================

> crippled Getsystemtime function callback to jnz
> This function is only used at init of each
  plugin routine of sfnrpack at startup and en/disables
  the trial period after 7 days of
  using the plugin ie : installed the plugin.



Why the GetSystemTime function and not the serial/machinecode ?
----------------------------------------------------------------

At the beginning I had to choose : or disable the serial
and unlock-key functions; or disable the trial_period function.
While a serial number is floating on inet. (thanks to our Russian
friends of the RHA)
The unlock key had to be found or dissabled as a routine,
but changing your machine and also it's machinenumber, makes this
anoying popup for a new unlock-key not go away. :-(
So, a logical option to disable the trialcheck
routine to avoid this problem for the future. :-)



The job and how it was done.
----------------------------

Hit WaveLab, set a bpx GetSystemTime and run the plugin.

And what did I see ?

3 Xref-Item(s):

0x04F94B94
0x04F98738 <== Wow, this one is activated a lot for a start...
0x04F997D2

> Some F12's and we see a datecheck routine...

> Remember i have 7 days to find out....

> Ok, now see what it does with the systemtime changed to 2004...

> Hee, instead of no jump it wants to jump...

> Ok, now I'm shure this is the one... let's check.
  and hit r fl z

> No jump this time, and i'm still in my trial period,
  in 2004 that is...:-)

> Now change it to jne..

> That works ok, no jump..
> Change the date for a few years... still no jump...

> That's it for now, get HIEW and do it for ever...

> Run again, play with the dates, it's still in trialmode :-)
  and no serials or unlockkeys are asked...:--))

> Have a drink, put some music on and do the regular stuff.

- s - 
:00455034 E8F7360000              call 00458730
:00455039 8B4F04                  mov ecx, dword ptr [edi+04]
:0045503C 8BE8                    mov ebp, eax
:0045503E 8B4104                  mov eax, dword ptr [ecx+04]
:00455041 85C0                    test eax, eax
:00455043 7532                    jne 00455077
:00455045 8B411C                  mov eax, dword ptr [ecx+1C]
:00455048 85C0                    test eax, eax
:0045504A 740B                    je 00455057   ;THIS IS THE ONE - no jump (but jne) please
:0045504C 5F                      pop edi
:0045504D 5E                      pop esi
:0045504E 5D                      pop ebp
:0045504F 83C8FF                  or eax, FFFFFFFF
:00455052 5B                      pop ebx
:00455053 83C408                  add esp, 00000008
:00455056 C3                      ret

-es-

Now find the hexcode...

- s -

:00455027    8B F9 8B 47 04 85 C0 0F   ...G....
:0045502F    84 92 00 00 00 E8 F7 36   .......6
:00455037    00 00 8B 4F 04 8B E8 8B   ...O....
:0045503F    41 04 85 C0 75 32 8B 41   A...u2.A
:00455047    1C 85 C0[74]0B 5F 5E 5D   ...t._^]   << aha, here it is :-)
:0045504F    83 C8 FF 5B 83 C4 08 C3   ...[....
:00455057    8D 44 24 10 8B CF 50 E8   .D$...P.
:0045505F    CD 1A 00 00 85 C0 7C 5F   ......|_
:00455067    8B 4F 04 8B 77 38 8B 5C   .O..w8.\
:0045506F    24 10 0F AF 71 14 EB 1C   $...q...
:00455077    E8 34 3C 00 00 8B F0 85   .4<.....
:0045507F    F6 7D 0B 5F 5E 5D 83 C8   .}._^]..
:00455087    FF 5B 83 C4 08 C3 8B 57   .[.....W
:0045508F    04 8B 5A 10 8D 44 24 14   ..Z..D$.
:00455097    8B CF 50 E8 E1 01 00 00   ..P.....
:0045509F    85 C0 7C 23 39 6C 24 14   ..|#9l$.
:004550A7    77 1D 8B CF E8 F0 00 00   w.......

- es -

Now we change 

:00455047    1C 85 C0 74 0B 5F 5E 5D   ...t._^]
                      --
into

:00455047    1C 85 C0 75 0B 5F 5E 5D   ...t._^]
                      --
and save it...


Ok, let's make the patch and we are done. :-)

Well that was very easy, How did they write this silly
protection...ye ye, the serial and machinecode algo is much better.
For U, that is the next competition. So go ahead with it.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tanx to the boyz and girlz from SoftICE,
Russel Osterlund - boy u should work on a faster version of
PEbrowsedbg -  and the HIEW crew.

MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXeof


watodo.nfo




# 0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z