How to Reverse Lotus SmartSuite-97

("Date coding magic number galore")

by +Rcg

(26 September 1997)


Courtesy of fravia's page of reverse engineering

Well, I decided to leave +Rcg's email to me... I'm leaving for two weeks and have no time any more to search the archies. If anybody has DDK-95, please contact +Rcg



Hi Fravia, this is a small essay... nothing new but interesting.

BTW, I like the new style of your pages.



One more thing....I need the DDK-95 include files to create

the Vxd dinamically loaded, but I have not been capable to

find them...Could you help me with this inconvenience?



Thanks again for your dedication, +Rcg
Well, an interesting thought: cracking Lotus to damage Microsoft... I'm not so sure, yet the reasoning by +Rcg seems sound: read on


How to Reverse Lotus SmartSuite-97 Well this is another essay based on a ?? days trial scheme, and of course you won't take profit of it because in Master +ORC words is 'the same soup' as the other essays you can read on these pages, but the main reason I'm writing this is because it deals with micro$oft war, yes... you could think we are supporting MS by Reversing the protections of his (few) rivals... it could be possible, nevertheless I consider that if we can move people to 'trial' these programs for a long time, maybe in a future they (or we ourself) will buy them (or at least buy them for our job computers :-) Another reason is that, as you know, MS Office 97 modifies the Kernel, fiddles with your desktop and does a lot of other "internal" things that you and me can imagine and eventually find out, but that zombies will never discover. They will never think that during their 90 day "trial" of MS Office this Trojan horse is possibly (and probably), sending to the MS-Internet site quite a lot of information about the software inside their computers and other kinds of datas (Read the "Trojan essay" on Fravia's great site), so I will never install Micro$oft Trojan Horse in my computer (at least not until I have fully reversed it :-), so I have decided to install my 'unlimited' trial version of Lotus SmartSuite. OK, I admit that it might sound funny... help Lotus cracking it, yet that is EXACTLY WHAT THEY ARE THEMSELVES DOING! The UNRESTRICTED full version of the COMPLETE Lotus smartsuite 97 has been PUBLISHED in hundred thousand copies by Lotus itself on many Cd-Rom bundled with PC-reviews... just to name one: PCPLUS n0 35A of May 1997: "SmartSuite complete"... yes, WITHOUT any trial limit. Since it's a nuisance to download uselessly million of bytes from the web, let's teach everybody how to transform the trial version in the (already published and given away for free) complete version. Let's begin as usual firing the program... you will see a 'dialogboxparama' box telling you have 30 days. Now as usual 'bpx getlocaltime' and fire again the program, then after pressing f11 and f12 you will be at: (inside the file LTSMKT01.DLL) :1967 68C0F00010 push 1000F0C0 :196C 68E0ED0010 push 1000EDE0 :1971 FF1590120110 Call KERNEL32.MoveFileA :1977 68E0ED0010 push 1000EDE0 :197C 68C0F00010 push 1000F0C0 :1981 FF1590120110 (0) Call KERNEL32.MoveFileA :1987 6A00 push 00000000 :1989 6880000000 push 00000080 :198E 6A03 push 00000003 :1990 6A00 push 00000000 :1992 6A01 push 00000001 :1994 68000000C0 push C0000000 :1999 68E0ED0010 push 1000EDE0 :199E FF1588120110 (1) Call KERNEL32.CreateFileA :19A4 8BF0 mov esi, eax :19A6 83FEFF cmp esi, FFFFFFFF :19A9 0F8454010000 je 10001B03 :19AF 8D442418 lea eax, dword ptr [esp+18] :19B3 50 push eax :19B4 E807090000 (2) call 100022C0 Limit date? (7) Is Act. Date <Inst. date? (8) Stores 'days left' (9) Sets a flag (A) & (B) Stores magic numbers for future uses. (C) Sets file time (D) 'LLL' to 'DLL' (E) If flag was set then return eax=3842 Now we are going to make the next changes on the file: at (6) and (7) make a jmp always. at (8) nop the sub ecx,edx. at (A) put [esp+28] instead of [esp+18] so we will have Install date=Act. date always. Now, only is necessary (for aesthetical reasons) remove the nagscreen, so 'bpx messageboxparama' then f11 as usual and you will be at: (inide the 'LTSUITE.EXE' file) :128B E820FEFFFF call 004010B0 :1290 56 (F) push esi :1291 68C0124000 push 004012C0 :1296 6A00 push 0 :1298 6A65 push 65 :129A 57 push edi :129B FF1580C24000 Call USER32.DialogBoxParamA :12A1 5F pop edi (c) +Rcg 1997. All rights reversed
You are deep inside fravia's page of reverse engineering, choose your way out:

redhomepage redlinks redanonymity +ORC redstudents' essays redacademy database
redtools redcocktails redantismut CGI-scripts redsearch_forms redmail_fravia
redIs reverse engineering legal?