Application

The application has two annoyances:

  • first, it throws a modal and terminates once the trial period is over
  • second, it displays an About/Registration… menu that shows that the application is not registered.

Remove Time Bomb

Removing the time-bomb consists in disabling an entire section or manipulating the jump right before that section (the beq) in order to skip over it.

00022b54         beq        0x22b80
 
;;;;;;;;;;;;;;;;;;;;;;;;;;; SKIP SECTION BEGIN ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;
; This section references 0xb7afc which is the string "The Trial [...]" so we either 
; eliminate this entire section or we change "beq 0x22b80" to an unconditional jump.
;
00022b58         ldr        r2, = 0xb7ae8      ; 0x22bac (sub_22b14 + 0x98)
00022b5c         mov        r3, #0x0
00022b60         ldr        r1, = 0xb7afc      ; 0x22ba8 (sub_22b14 + 0x94)
00022b64         mov        r0, r4
00022b68         bl         sub_a5d08
00022b6c         mov        r0, r4             ; argument #1 for method sub_24e28
00022b70         bl         sub_24e28
00022b74         ldr        r0, [r5]
00022b78         cmp        r0, #0x0
00022b7c         beq        0x22b98
;
;;;;;;;;;;;;;;;;;;;;;;;;;;; SKIP SECTION END ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 
00022b80         ldr        r0, = 0xd12f8      ; 0x22ba4 (sub_22b14 + 0x90), XREF=sub_22b14+48, sub_22b14+64
00022b84         ldr        r0, [r0]           ; 0xd12f8 (imp_ordinal_olece300.dll_88 + 0x208b0)
00022b88         cmp        r0, #0x1
00022b8c         bne        0x22bbc
 
00022b90         mov        r0, r4            ; argument #1 for method sub_24b84
00022b94         bl         sub_24b84
 
00022b98         mov        r0, #0x0          ; XREF=sub_22b14+104
00022b9c         bl         sub_a6df4
00022ba0         b          0x23c94
00022ba4         dd         0x000d12f8        ; XREF=sub_22b14+108
00022ba8         dd         0x000b7afc        ; "The Trial [...]" referenced by XREF=sub_22b14+76
00022bac         dd         0x000b7ae8        ; XREF=sub_22b14+68
00022bb0         dd         0x000d12e8        ; XREF=sub_22b14+52
00022bb4         dd         0x000d12e4        ; XREF=sub_22b14+36
00022bb8         dd         0x00000a68        ; XREF=sub_22b14+4

Remove Registration Menu Item

Removing the menu item is quite easy given that PocketRSS builds the menu items sequentially by calling sub_6691c after pulling-in the strings.

; ... Above and below this section builds the menu ... 
 
;;;;;;;;;;;;;;;;;;;;;;;;;;; NOP SECTION BEGIN ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; This section must be noped entirely to remove the "About/Registration" menu item.
00023e2c         mov        r2, #0xbb0
00023e30         ldr        r3, = 0xb88b8  ; "About/Registration..." reference.
00023e34         orr        r2, r2, #0xc
00023e38         str        r4, [sp]
00023e3c         mov        r1, #0x0
00023e40         add        r0, sp, #0x18
00023e44         bl         sub_6691c
;;;;;;;;;;;;;;;;;;;;;;;;;;;; NOP SECTION END ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
00023e48         mov        r3, #0x0
00023e4c         str        r4, [sp]
00023e50         mov        r2, #0x0
00023e54         mov        r1, #0x800
00023e58         add        r0, sp, #0x18
00023e5c         bl         sub_6691c
; ...
00023ec4         dd         0x000b88e4   ; XREF=sub_23cb8+428
00023ec8         dd         0x000b88b8   ; "About/Registration..." referenced by XREF=sub_23cb8+376
00023ecc         dd         0x000b88ac   ; XREF=sub_23cb8+348
00023ed0         dd         0x000b8880   ; XREF=sub_23cb8+296
00023ed4         dd         0x000b8854   ; XREF=sub_23cb8+268
00023ed8         dd         0x000b8834   ; XREF=sub_23cb8+216
00023edc         dd         0x000b8814   ; XREF=sub_23cb8+188
00023ee0         dd         0x000b87f4   ; XREF=sub_23cb8+136
00023ee4         dd         0x000b87cc   ; XREF=sub_23cb8+84
00023ee8         dd         0x000b87a8   ; XREF=sub_23cb8+52
00023eec         dd         0x000d13ac   ; XREF=sub_23cb8+8

Today Plugin

; ...
001053c8         ldr        r3, [sp, #0x30]  ; XREF=sub_104b18+2208
001053cc         cmp        r3, #0x0
001053d0         mov        r0, r0           ; "bne 0x106c78" replaced with "mov r0, r0" (NOP)
001053d4         ldr        r3, [r4, #0x110] ; The original code jumps to ''0x0106c78'' which
; ...                                        ; we want to avoid: 
00106c78         add        r1, r4, #0x90    ; XREF=sub_104b18+2232 is now eliminated.
00106c7c         add        r0, sp, #0x18
00106c80         bl         sub_17672c
00106c84         mov        r3, #0x190
00106c88         ldrb       r0, [r5]
00106c8c         str        r3, [sp, #0xec]
00106c90         ands       r3, r0, #0xff
00106c94         ldrne      r1, = 0x17e464   
00106c98         bne        0x106dfc
00106c9c         ldr        r3, [sp, #0x30]
00106ca0         cmp        r3, #0x0
00106ca4         ldrne      r1, = 0x17e4f4   ; references the trial over message
00106ca8         mov        r0, r0           ; "bne 0x106dfc" replaced with "mov r0, r0" (NOP)
00106cac         ldr        r3, [r4, #0x110]
00106cb0         cmp        r3, #0x0
00106cb4         beq        0x106cd0
00106cb8         add        r1, r4, #0x114  
00106cbc         add        r0, sp, #0x18
00106cc0         bl         sub_176720
00106cc4         b          0x106e04
00106cc8         dd         0x0017e4f4       ; Sorry, but the Trial Period for [...]
00106ccc         dd         0x0017e464       ; XREF=sub_105576+5918
00106cd0         ldr        r1, = 0x17e628   ; XREF=sub_105576+5950
; ...

Index


cracks/pocketrss/2.1.7.txt · Last modified: 2022/04/19 08:28 by 127.0.0.1

Access website using Tor Access website using i2p Wizardry and Steamworks PGP Key


For the contact, copyright, license, warranty and privacy terms for the usage of this website please see the contact, license, privacy, copyright.