hcu98
Micro$oft bashing

Bypassing Win98 FULL Version's serial check "without cracking"
06 September 1998

by IH8U


Courtesy of reverser's pages of reverse engineering

Target: M$ Win98 FULL Version Serialcheck

Tools required: brain

Comments: I hope this essay will show you the stupidity of M$. It will also show how lame the serial check of the FULL Version installation is. I don't know if someone has discovered this crack/trick before me, if yes please let me know. This will not work with the Update, I think. Please excuse my bad English, I'm German and this is my first tutorial...


A few weeks ago I got Win98 and decided to install it. So I erased my harddisk and started the installation. I had no serial, but as you will see this doesn't matter.
The whole program was copied to harddisk without any serialchek. I still hoped that I could install it without a serial.
But before the first start, it asked my for my serial. It now has a new serial which isn't something like xxxxx-OEM-xxxxxxx-xxxxx. I tried the serial of the Win98 update which is new, too. But this didn't work. So I pushed the Cancel button. It told me that I can turn off my computer. I rebooted and pushed during the startup <F8>. Hmm. The same menu like the one of Win95.
I selected SAFE MODE. And *tatarata*, it boots into Windows98. Now I had a look at Msdos.sys, Config.sys, Win.bat, Win.ini, System.ini and Autoexec.bat. I searched something like "reg=false". But I found nothing. I didn't even found something unusual. It was all normal (for a M$ Program ). So I had a look at c:\, windows\ and windows\system. This time I searched a "new or strange" file. I found a file called Sudhlog.dat in c:\.
I think this is new and not in Win95. So I had a look at it. You should look at it right after the installation, because later it is totally different. This is interesting. Let's rename it to Sud.tad or whatever you like. OK restart Windows without this file. Man, it still wants a serial from us. I restarted my computer and went into MS-DOS MODE. Perhaps Windows calls a executable before win.com to ask the serial. I decided to try and started win.com, but it didn't work. Man, it still wanted a serial. Now I've called a friend, who had Win98 already installed. I asked him to give me his serial and he did. I had a look at it and wondered. It was the standard M$ OEM format. I wondered and tried to type in this number, I just leave the rest blank. But it didn't work. That means that the serial for the installation is coded... and after the installation decoded.
Now I could use SoftICE to go into the serial check routine of Windows, but I have not installed it yet and I didn't want to do that, too.
So perhaps it is after all true that you must have a valid serial to start this bazaar?
NEVER BELIEVE THE INFORMATION THEY GIVE YOU!!! as +Orc said!!! So let's start one more time in SAFE MODE... Now just think. M$ is lazy + commercial.
They store ALL information in the registry, the username + serial, too. I don't think that they have a flag which says that this Win98 copy is not registered. Because this would be more work for below average programmers that are only concerned with money and the many bugs they write. I think Windows only checks if a serial is in the registry and if not it will just ask the user for it!
I even think that the serial which they store in the registry is ENCODED! So I tried and started regedit.exe. I went to the key
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion] and wrote in:

"RegisteredOwner"="IH8U"
"RegisteredOrganization"=""
"ProductId"="xxxxx-OEM-xxxxxxx-xxxxx"

Then I restarted Windows and *boom* it worked. Just imagine how stupid M$ programmers must be. They make a real good encryption routine for the serial and then there is such a possibility to bypass the whole serial check. Now you could make you a .reg file, so you must not start regedit every time you install Windows. My file looks like this:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion]
"RegisteredOwner"="IH8U"
"RegisteredOrganization"=""
"ProductId"="xxxxx-OEM-xxxxxxx-xxxxx"

Now you have simply boot to SAFE MODE and execute the .reg file if you reinstall Windows.

OK, this is all for now. I hoped this taught you a lot. Please send comments + questions to:

ih8u_@gmx.net


red homepage red +ORC red anonimity academy red counter measures red tools red bots' wars
red javascript wars red reality cracking red students' essays red academy database red programmer's corner
red antismut CGI-scripts red cocktails red search_page red how to search red mail_reverser
red Is reverse engineering legal?