EvilZone
Hacking and Security => Reverse Engineering => : romeluc February 22, 2014, 04:15:50 PM
-
I've been trying to get around the trial of a software called MultiCharts, and nothing is working.
I tried using Trial-Reset to look for keys in the registry and delete them.
I tried installing it in a sandbox.
I tried changing my MAC
I tried using a different network card all together
I tried installing it in a fresh virtual machine
I tried using a proxy then installing it
Everytime, when it starts up it tells me I have 19 days left.
Wtf?
Could someone explain how this is even possible? If you could suggest a solution, that would be great as well.
-
I don't know much about MultiCharts but if all that fails, it's possible that they are using a rootkit program to prevent copyright violation. (and no, rootkits don't always have to be malicious)
..
..
Try to scan your system with something like GMER (http://www.gmer.net/) to find hidden processes and look for process that have something to do with multicharts. And remove it.
..
..
Be careful tho, you don't want to kill some other process and make a mess of your system.
-
I don't know much about MultiCharts but if all that fails, it's possible that they are using a rootkit program to prevent copyright violation. (and no, rootkits don't always have to be malicious)
..
..
Try to scan your system with something like GMER (http://www.gmer.net/) to find hidden processes and look for process that have something to do with multicharts. And remove it.
..
..
Be careful tho, you don't want to kill some other process and make a mess of your system.
It can't be a rootkit. I installed it on different virtual machines and the trail is still 19 days left (instead of 30). As soon as it starts, it tries to call home and check for activation. If I'm offline, it will disable features. I don't need to log in, or anything like that. I just downloaded the exe from their site and ran it. Somehow it is keeping track of the trail start date on different installations.
Also, I tried downloading the installer again from their site, in case the trail is somehow hard coded there.
-
First of all, it's "trial". Second, it might be tracking your IP since you said it makes a connections and if it can't, program disables features. I can only suggest you try to forge the packets of data it receives. To see what is being transmitted you can use Wireshark, or WPE_Pro (http://wpepro.net/index.php?categoryid=1) (I prefer the latter one).
-
First of all, it's "trial". Second, it might be tracking your IP since you said it makes a connections and if it can't, program disables features. I can only suggest you try to forge the packets of data it receives. To see what is being transmitted you can use Wireshark, or WPE_Pro (http://wpepro.net/index.php?categoryid=1) (I prefer the latter one).
Problem Solved!
I found out that some trial software use hardware id to keep track of the trial. I was able to spoof my hw id and then the trial was reset finally.
Staff note: DO NOT DOUBLE POST FFS
-
I found out that some trial software use hardware id to keep track of the trial. I was able to spoof my hw id and then the trial was reset finally.
Ok, mind writing a tutorial or at least explaining how you have accomplished that?
-
Ok, mind writing a tutorial or at least explaining how you have accomplished that?
I just used a tool called "Hard Disk Serial Number Changer."
You can download it from http://hard-disk-serial-number-changer.en.softonic.com/download#downloading
Actually I tried that again and it didn't work :(
-
Update:
Ok, I was able to reproduce the resetting by first deleting some keys from the registry. I probably did that before at some point before it worked the first time.
1) use trial reset to scan you registry for activation methods. http://www.nsanedown.com/?request=6573996
2) use volumeid to change your hardware ID. http://technet.microsoft.com/en-us/sysinternals/bb897436.aspx
-
Hi , could you write here how exactly where your speps when did you reseting again trial version . What did you choose in trial reset , where are the gegistry they shout by deleted.
Thanks.
-
Why not try using something like vmware thinapp on a fresh machine so its portable and see if it continues to count down days
-
Hi, any news on the possibility to restart the trial period on Multicharts with the Romeluc procedure?or with some other procedure? Can someone confirm this?Change the VolumeID can create problems on a Oracle VM VirtualBox with win 7 64bit? or to the rest of the hard disk used from the principal SO installed on my pc and to the programs installed on the hd where I will change the volumeID?
Thanks in advance for any help.