OmniGraphSketcher is a tool to manipulate and display datasets - even allowing you to manually correct data-points by hand. The protection is easily circumvented as the application relies on two subroutines to determine whether the fully-working trial has already expired.

First point of interest is around address 0x64de0, in the initialisation routine where the license is checked.

00064de0 55                              push       ebp
00064de1 89E5                            mov        ebp, esp
00064de3 57                              push       edi
00064de4 56                              push       esi
00064de5 53                              push       ebx
00064de6 83EC4C                          sub        esp, 0x4C
00064de9 8B4508                          mov        eax, dword [ss:ebp+0x8]
00064dec 8945E0                          mov        dword [ss:ebp+0xFFFFFFFFFFFFFFE0], eax
00064def A1084E0B00                      mov        eax, dword [ds:0xB4E08]
00064df4 8945E4                          mov        dword [ss:ebp+0xFFFFFFFFFFFFFFE4], eax
00064df7 8D55E0                          lea        edx, dword [ss:ebp+0xFFFFFFFFFFFFFFE0]
00064dfa A1B0190B00                      mov        eax, dword [ds:objc_msg_initialize]
00064dff 89442404                        mov        dword [ss:esp+0x4], eax
00064e03 891424                          mov        dword [ss:esp], edx
00064e06 E861560400                      call       imp___symbol_stub__objc_msgSendSuper
00064e0b 803D78EB0A0000                  cmp        byte [ds:0xAEB78], 0x0
00064e12 90                              nop        
00064e13 90                              nop        
00064e14 83C44C                          add        esp, 0x4C
00064e17 5B                              pop        ebx
00064e18 5E                              pop        esi
00064e19 5F                              pop        edi
00064e1a C9                              leave      
00064e1b C3                              ret

The next point of interest is in the subroutine around0x68010 that checks whether a license file exists. Without this modification, the program bails out claiming that no valid license file has been found and thus a new document cannot be created.

00068010 55                              push       ebp                                   ; XREF=0x3fa0, 0x67ea, 0x687a, 0x68fb, 0x662db
00068011 89E5                            mov        ebp, esp
00068013 57                              push       edi
000684b1 890424                          mov        dword [ss:esp], eax
000684b4 E8AD1F0400                      call       imp___symbol_stub__objc_msgSend
000684b9 89C3                            mov        ebx, eax
000684bb 85C0                            test       eax, eax
000684bd E916000000                      jmp        0x684D8
000684d8 31C0                            xor        eax, eax                              ; XREF=0x684bd, 0x6865f, 0x686a2
000684da 8945E0                          mov        dword [ss:ebp+0xFFFFFFFFFFFFFFE0], eax
000684dd 8B45E0                          mov        eax, dword [ss:ebp+0xFFFFFFFFFFFFFFE0]
000684e0 85C0                            test       eax, eax
000684e2 E948020000                      jmp        0x6872F
0006872f C705C4E50A0002000000            mov        dword [ds:0xAE5C4], 0x2               ; XREF=0x684e2
00068739 A1E8B30A00                      mov        eax, dword [ds:0xAB3E8]
0006873e E88DACFFFF                      call       sub_633d0
00068743 8945DC                          mov        dword [ss:ebp+0xFFFFFFFFFFFFFFDC], eax
00068746 8B5DDC                          mov        ebx, dword [ss:ebp+0xFFFFFFFFFFFFFFDC]

The last modification checks for a valid license. This is perhaps optional since it may be part of the validation process when a new license is registered with the application.

00068ce0 55                              push       ebp                                   ; XREF=0x6586d, 0x69292, 0x694f2
00068ce1 89E5                            mov        ebp, esp
00068ce3 57                              push       edi
00068ce4 56                              push       esi
00068ce5 53                              push       ebx
00068ce6 83EC3C                          sub        esp, 0x3C
00068ce9 803DDCEB0A0000                  cmp        byte [ds:0xAEBDC], 0x0
00068cf0 E9B1010000                      jmp        0x68EA6
00068ea6 83C43C                          add        esp, 0x3C                             ; XREF=0x68cf0
00068ea9 5B                              pop        ebx
00068eaa 5E                              pop        esi
00068eab 5F                              pop        edi
00068eac C9                              leave      
00068ead C3                              ret        
00068eae 6690                            nop

cracks/omnigraphsketcher.txt ยท Last modified: 2017/02/22 18:30 (external edit)

Access website using Tor

For the copyright, license, warranty and privacy terms for the usage of this website please see the license and privacy pages.