Quick crack of a Visual Basic program with a discompiler
(WRZSplit v3.5 for Win3.11/Win95)

by Frog's Prin+

HCU

Courtesy of Reverser's page of reverse engineering
~
Well, This one came short after Zero's precedent essay, and underlines once more HOW EASY it is to disassemble a Visual Basic program... hopefully the shareware programmers will take care! C'mon boys, learn how to protect or, as Frog's prin+ writes, let it be


Quick crack of a Visual Basic program with a discompiler
WRZSplit v3.5 for Win3.11/Win95
By Frog's prin+, 20 July 1997
WRZSplit is a small utility to split and join any size files very quickly. 
Split files are also compatible with DOS version. Its Uncrippled (there is 
only a random nagscreen) and Shareware. 
It can be found on most of FTPs, Compu$erve, Aol... There is a new Win95 version 1.5 
but I prefer to use the Win3xx/Win95 version because it is, as usual, smaller (only 17Kb) 
and faster than the Win95-only version. 
A quick look at the documentation file will inform us of the following:
 Windows WRZSplit v3.5
 ====================
 This program was written in Visual Basic 3.0, so you need to have
 the file VBRUN300.DLL, and SETUPKIT.DLL in your \windows\system directory.
 ...

Now we know where we are and where we're going.
Though I hate VB programs, WRZSplit is the only one I have on my PC because I think it is
a good tool (times change!).
When running WRZSplit and pressing the ABOUT button we get:
 "This program is Shareware and only $10.0 
 Email me for instructions on how to register it."
This sounds funny as there are no registration dialog box or serial number requested.
So there should be a way to register it.
Let's have a look:
As WRZSplit is only 17 Kb, the shareware version of the excellent Dodi's VB3 Discompiler
will quickly disassemble it (I am using v3.48e for VB3 and v4.05e for VB4 both found
on DoDi's home page).

' WRZSPLIT.FRM
Option Explicit
Declare Function extfnC8 Lib "SETUPKIT.DLL" Alias "DiskSpaceFree" () As Long
Dim m001E As String
Dim m0022 As Integer
Dim m0024 As String
Dim m0028 As String; Registration variable a string 
Sub about_Click (Index%) ; "About" dialog box:
Dim l002E As Variant
Dim l0032 As String
 l002E = Chr$(10)
 l0032$ = "RZSplit for Windows - ver. " & m0024 &
 " - By R. Zino" + l002E + l002E
 If m0028 = "NOT Registered" Then ; check if NOT registered
 l0032$ = l0032$ + "This program is Shareware and only $10. ; and display it...
 Email" + l002E
 l0032$ = l0032$ + "me at 'rzino@abraxis.com' for instructions
 on how" + l002
 l0032$ = l0032$ + "to register it"
 Else ; else "Thanks..."
 l0032$ = l0032$ + "Thank you for registering this program."
 + l002E
 End If
 MsgBox l0032$, 64, "About..."
End Sub
...
...
...
If m0028 = "NOT Registered" Then; If NOT registered
Randomize ; display a nag dialog about
 m0022 = Int(3 * Rnd + 1); every 3 times you press
 If m0022 = 1 Then ; the "GO" button
 Beep
 l0064 = Chr$(10)
 l0068$ = "This program is Shareware, not Freeware.
 Please register it." + l0064
 l0068$ = l0068$ + "For information, click on the
 'about' pull down." + l0064
 MsgBox l0068$, 16, "Random Nag Screen"
 End If
End If
...
...
...
Sub Form_Load () ; Beginning of the program
Option5.Value = 1
Option2.Value = 1
File1.FileName = "*.*"
m0024 = "3.5"
Screen.MousePointer = 11
Form2.Top = (Screen.Height * .85#) / 2 - Form2.Height / 2
Form2.Left = Screen.Width / 2 - Form2.Width / 2
Screen.MousePointer = 0
On Error GoTo L2A74

Open "wrzsplit.rjz" For Input As #4 ; Open "WRZSPLIT.RJZ"
Close #4 ; Close it
m0028 = "Registered"  ; If no error then "Registered"
GoTo L2AA0

L2A74:
 m0028 = "NOT Registered"  ; otherwise "NOT Registered"
 Resume L2AA0

L2AA0: ; and display it in the Title bar
 Form2.Caption = "RZSplit for Windows - ver. " & m0024 ; of the Main window
 & " - " & m0028
End Sub
...
...

As you can see, the program will assume it is Registered if there is no error occurring after trying to open the WRZSPLIT.RJZ file in the current directory. Of course, if you search for such a file you won't find it. If you create one and run WRZSPLIT.EXE, it will be Registered. The program doesn't care if this file is empty or not, only its presence is required.
The best way to crack it is to load WRZSPLIT.EXE with HexWorkShop and to search
for "WRZSPLIT.RJZ" then to replace it with "WRZSPLIT.EXE" so that the program will
now search for itself and will then be registered.
(Note that this protection (registration/missing file) is used by a lot of programs).

If lines like "Email me for instructions on how to register it" were removed, it would
make our life a little more complicate (and we would assume that this is only a Demo).
It's like if the program would tell you:
"Sorry but I cannot find WRZSPLIT.RJZ so you are NOT a Registered User!".
I remember the very first copies of "WinZip" for Win3.xx:
The program was supposed to be a Demo until someone discovered that, in the About
dialog box, when pressing the "R" key on keyboard a little message box was popping
asking for a serial number to unlock it!
Such tricks can be good 'home made' protections and it is not to much complicate to
hide them so that even BRWorkshop will not reveal them.
And finally, there are plenty of available tools protecting from VB Discompilers.

It doesn't make any sense to write a 17Kb VB ShareWare program if it is NOT protected.
Better give it away for free.
Frog's Print
Frog_s_Print@ThePentagon.com
That's all for now. Frog's Print, 20 July 1997 frog_s_print@thepentagon.com


You are deep inside reverser's page of reverse engineering, choose your way out:

homepage links red anonymity +ORC students' essays tools cocktails
antismut CGI-scripts search_forms mailFraVia