Reversing the protection scheme of Opera 3.60
a not so easy protection scheme
student
Not Assigned
30 July 1999
by -alx
Courtesy of Fravia's page of reverse engineering
slightly edited
by fravia+
fra_00xx
98xxxx
-alx
1100
NA
PC
I have hesitated before publishing this essay. Opera is a browser so good that once you get used to it you will never want to go back to the huge stupid browsersaurii. Opera deserves our support and our help. And now we publish an essay that explains its most recent version protection scheme. Why do we do it? Wont this damage Opera?
There are two reasons: first (I checked) the "ready-made cracks" (lamers' food) for Opera (3.6) abound on the web: a simple altavista search has given me 198 different pages two minutes ago. Therefore I think and hope that this essay could be more helpful than anything else for the programmers of Opera, allowing them to see the flaws in their protection scheme (which are pretty evident) from an (advanced :-) newbye perspective.
Secondly the more people will use Opera the more people will 'see the light', at least in the browsers' field. And I can imagine that this essay will motive people to delve even deeper in the inner code of this little jewel of an application.
Yes, please pay for Opera (I did it, as the Opera people probably know :-)
There is a crack, a crack in everything That's how the light gets in
Rating
( )Beginner (x)Intermediate ( )Advanced ( )Expert

An useful essay for beginners who alredy know the usage of some tools (SoftIce and WinDasm) but do not know the right way......
This is a collection of attempts with only one purpose: remove the 30-days limitation from a shareware (Opera 3.60)
Reversing the protection scheme of Opera 3.60
a not so easy protection scheme
Written by -alx


Introduction
I think I'm an "advanced" beginner but cracking Opera 3.60 has taken me 2 days instead of the 2 hours of Opera 3.20! This means that Opera's programmers read HAL's essay and you should read it too.

Tools required
SoftIce
WinDasm 8.93
an hex editor (I use UltraEdit 5.20)


Target's URL/FTP
Here you can download all versions of Opera in many of the most common languages

Essay
First of all, let's run Opera 3.60.
As you can see, there is a "Thanks for using Opera"
window with your 
remaining days and some options: Evaluate, Purchase,
Register.
Click on Register and Opera will ask you for a name,
an organization and a 
registration code. Type whatyouwant in the first two fields and a 12
chars reg-code in the last one.

A message box appairs: "You have probably entered a
pre 3.50 reg-code".

Ok, now go to Help......Register Opera... and type a
14 chars reg-code.
Another message box will inform you that your code is
wrong.

Why are there 2 different message boxes? 
Because Opera's programmers probably have changed
their previous protection 
scheme (Opera 3.20 end so on) with a more complex one;
I think it's more 
complex because it wants more chars than previous one
(see my introduction  about opera 3.20).  

Well, return to the registration window (RW from now),
press CTRL-D and

breakpoint at MessageBoxA; (have you read HAL's essay ?)

:bpx MessageBoxA

return to RW, fill the fields and press OK.

SoftIce pops up just before the message box.
press F12, read the message and click on OK. You will
land here:

:00470195 E86123FFFF              call 004624FB
:0047019A 389D80FDFFFF            cmp byte ptr [ebp+FFFFFD80], bl
:004701A0 7513                    jne 004701B5
.........
......... 
:004701C6 FF1520664F00            Call [USER32.MessageBoxA,]
:004701CC 56                      push esi            


Final Notes

I hope you have understood that the main problem of
this essay is
finding 
the protection and not to crack it. 
Reading this essay and then de-protect Opera is very
easy but as you 
already know this has taken me much time.

Notice that in Opera there are tons of string
references 
but none deals with a greeting message (but IT MUST
EXISTS!!!!!).
We have found only a warning (it does not exist in
Opera 3.20) and we
have 
never seen it before patching the REG-FLAG. 

Notice that if I persevered with my first approach I
would probably get
crazy.
(so, open your mind. be SUPPLE).



thanks to:

    Jade for her moral support 
    Sugar for his unvaluable music
    +ORC; without him, all this would have not been possible.


-alx


YES, I'll send you another that follows the ZEN way. 



Ob Duh
I wont even bother explaining you that you should BUY this target program if you intend to use it for a longer period than the allowed one. Should you want to STEAL this software instead, you don't need to crack its protection scheme at all: you'll find it on most Warez sites, complete and already regged, farewell, don't come back.

You are deep inside fravia's page of reverse engineering, choose your way out:


redhomepage redlinks redsearch_forms red+ORC redhow to protect redacademy database
redreality cracking redhow to search redjavascript wars
redtools redanonymity academy redcocktails redantismut CGI-scripts redmail_fravia+
redIs reverse engineering legal?