+HCU 1998
hcu98
Strainer solutions
(Updated 15 september 1997)
Here are the solutions to the +HCU 1998 strainer, and the names of the new +HCUkers...

If you check +ORC's lesson 4.2., You'll be able to see that the required solution to the strainer should have consisted of four parts:

- Part 1: Finding MsMoney 3 demo (finding an old program)

This has been considerably facilitated by us, as I published on my page the old french version of MsMoney I found myself and +gthorne inserted it inside his orcpaks... an +HCU "bonus", therefore, to those few that have found the ENGLISH version of it (for instance on Fidonet, which many of you probably don't even know that exists)

- Part 2: The reason for the crack +ORC used for MS Project

- Part 3: Cracking MS Money 3 demo

- Part 4: Cracking MS Money 97 demo
All future +HCUkers may use the following badges wherever they want (on their essays, on their pages, wherever)...
hcu98 +cracker

The "+" inside their handles, below, are only indicative, promoted students are free to position them wherever they want inside their handles.

Here follows what +ORC has decided:

Contributors that get in (and their GOOD solutions!)
(The text snippets are intended only as "aperitive" to these very interesting texts :=)


1) red +ReZiDeNt's solution
"...by the way, you were right about MS Money 3 demo - it was *very* hard to find. I eventually found it after a lot of intensive and careful searching via FIDONet, rather ironic considering it's decline due to the incredible success of the Internet"

2) red +Yoshi's solution
"...jnb 00470E07 ; this makes sure that you havent set your clock before the installation code, change to jump just for the hell of it"

3) red +Alt-F4's solution
"...The Call to 81:10AE calculates a number based on the date. The formula is number=(year-1948)*512 + (month-1) * 32 + (day-1)"

4) red +Toxine's solution
"...for those unfamiliar with Hiew (who?), press F3 to edit, position your cursor then press TAB to switch into ASM coding. Now, can you feel its POWER!"

5) red SiuL+Hacky's solution
"...it is important to know how the program gets the installation date. There are two possibilities:
1) Get it once and store it (even with copies in memory).
2) Get it whenever you need it (even checking it with some copies).
The second one is safer, but less common. Try the first one, which i am going to explain thoroughtly"


6) red +Zer0's solution
"... I have actually done the cracking on MSMONEY 1.0 and just simply checked if the later versions 3 and 5 have the same protection routines. (Of course they have the same protections! Amazing!)"

7) red iNCuBuS++' solution
"...All we have to do is to bypass the call to nagscreen opening routine. We can't just noop it because it is referenced by the relocation table and the system will try to correct the segment address of the call when it loads the program thus corrupting any instruction we put there and the program will not run. So, we will put a JMP immediately after the call to ShowWindow... ...+ORC's SOLUTION ALSO DOESN'T WORK IN ALL CASES !!! It works if the current date is greater than expiration date or if it is outside the range 1984 to 2049 ! If the current date is lower than the installation date (but it doesn't go below 1984) protection will react - the nagscreen will pop up and the program will terminate."

8) red +heres' solution
"...But near the second address, no conditional jumps are present and breakpointing the first you get a Protection Fault... We have a chance, make a backtrace buffer. So breakpoint the only CS+C8:360F and re-enter your date. You have to establish the buffer range, so type: bpr cs:0000 cs:360F T and re-enter the date. With the SHOW command of SoftICE, you can see:"

9) red +Aitor's solution
"...Ripping the encryption code we can write a little program to do the job (it may help in future Micro$oft cracking sessions :)) ... here you got the TP/BASM code (with a few little modifications you can get the C translation)"

A) red +swann's solution
"...Nuff said about this truly ZEN crack of an intrinsically useless program. Don't ask me why I've done this. I don't know... ...+orc suggested we nop this jump at 8.17e8 out. I don't know whom he is kidding, but certainly noone who's studied his tutorials. Obviously, we _do_ want to take that jump, and therefore patch "EB46" for "7246" at 8.17e8."

B) red +Malattia's solution
"...Ah, I usually run Wdasm just ONE time to disasm the progs, then I save the file and read it with LIST.COM... it's very fast! ...If you have Borland Resource Workshop, give a look to dialog 0494hex, that is 1172. It is the "Avertissement de limite de validé" we do not want to have to deal with!"


Contributors that can get in if they complete their solution before the end of November

+SNiKkEL, he has sent a solution which is partly correct, yet incomplete and not "explaining" much

A+heist, he has sent a solution which is partly correct, yet incomplete

Lera+h, she has sent a solution which is partly correct, yet incomplete.
Contributors that wont get in this year

All other contributors, that do not get in, should understand why I decided this way just looking at the above (good) solutions. Better luck next year. If you believe this is injust, and if you are sure that you should get in, because you think that your solution is as good as the solutions above (or even better in your opinion), feel free to send a (motivated) protest to reverser+ or +gthorne. It will be read and examined by +gthorne, reverser+ and +Sync, and I will accept their opinion as binding.
+ORC



The new +HCUkers will be divided in "units".
+ORC's letter to the new +HCUkers ("A real university") will be published asap. +HCU 1998 lessons will begin on 01/01/1998 with a message by +ORC ("New year, new tasks")
Any new +HCUker may ask any information to +ORC (or ask any tool to me, +gthorne or +Sync)


red Back to +ORC's page
red homepage links red anonymity students' essays academy database tools
antismut counter measures cocktails search_forms mail_fravia
Is reverse engineering legal?