# Fake Protection Cracked: How to recover protected files by..



## khattam_ (Jun 20, 2005)

How to defeat security of File Protection Softwares...
------------------------------------------------------

How to defeat the security of File Protection Softwares............. (Softheap's File and Folder Protector and Fridaysoft's File Securer, "all versions"*, Discussed here)

*all versions means the versions released till June 21 2005. I don't know if they enhance their security in the future versions.

*Legal Information: *

```
_khAttAm_ is a Person who spends time on these protections for LEARNING PURPOSES.
The Applications used in this Tutorial are Copyrighted by the author.
All Files and names hold Copyrights and Registered Trademarks of the Authors and are in this tutorial for EDUCATiONAL PURPOSES ONLY to show how easy it is to break such protections offered by the applications. _khAttAm_ respects the programs and the authors' efforts on making such Softwares which can protect the data from foreign use. 
The tools mentioned may not be available for free. _khAttAm_ highly encourages you to buy 'em if you want to use them and if you're  using a pirated version, use 'em AT YOUR OWN DAMN RISK.
_khAttAm_ repeats, This TUTORIAL is for EDUCATiONAL PURPOSES ONLY.
For NO REASON, will _khAttAm_ or the site hosting this tutorial be held responsible for any person's actions with the knowledge held in this Tutorial.
You can reverse engineer the applications only if you have permission from the respective authors.

1 chicken (unhatched), 3 flies and 5 mosquitoes were harmed in the making of this tutorial.
```

These softwares claim to protect files from access by other people using the computer.




			
				File and Folder Protector's Readme said:
			
		

> ....................
> File and Folder Protector is intended for *controlling* access to files and
> folders situated on local media of Windows 95/98/ME/2000/XP at Windows
> kernel level. It enables you to *control access* to certain files and folders
> ...



File Securer Speaks Louder


			
				File Securer's Readme said:
			
		

> ...............................
> *Congratulations for choosing File Securer software!*
> ================================== Introduce ========================================
> File Securer software is *the most powerful tool for protect you personal files not be accessed by others.*
> ...


*

They claim to protect the files and want us to trust them. Moreover, they charge a good amount of cash for such programs. However, the protection they provide is really VERY easy to break. These are the programs that can be cracked by any newbie reverse engineer............

We'll discuss on how to break the security of these two programs and similar process may be applied on many other applications.

Tools Required
1. Windows Disassembler
2. Hacker's View (HIEW)
PS: The tools mentioned may not be available for free. However, they can be downloaded from various sites. Google can be used. However, I highly encourage you to buy 'em if you want to use them and if you're  using a pirated version, use 'em AT YOUR OWN DAMN RISK.

If the program (File Securer or File and Folder Protector) is installed and ready to use and if you have Windows Disassembler and HIEW ready, you may proceed.

Procedure:
We'll talk about File Securer 3.80 (which is the latest version till June 21 2005). Similar process can be used for other versions and File and Folder Protector too.

1. Open the program. It will ask for a password.
*www.geocities.com/khattam_khattam/ffp0.png

2. Enter any wrong password. Now, it should show you a message. In case of file securer, it is "Please Input the Correct Software Password." Note it down. And Click OK and then Cancel.
*www.geocities.com/khattam_khattam/ffp1.png

3. Now, Open Windows Disassembler. Click on File>>Open File to Disassemble and open the main EXE file of File Securer which is "fhrapp.exe" located in :\Program Files\FridaySoft\File Securer\ directory or wherever you have installed the program.

4. Wait till it disassembles the file. Meanwhile, you can even go for peeing if you like. LOL 

5. Dissemble complete. Ah, what is this?? All nonsense characters?? 
Ok, go to Disassembler>>Font>>Select Font and select your favorite ENGLISH font. Ah, now it looks like a bit English and Maths.

6. Now, Click on the Refs>>String Data References on the File Menu.

7. You will see a window showing something like this:
*www.geocities.com/khattam_khattam/ffp2.png

8. Now, scroll downwards and look for the phrase that you had noted earlier. What was it?? Ah, yes it was "Please Input the Correct Software Password."

9. Scroll down and down and down....................... Oh yeah, there it is:
*www.geocities.com/khattam_khattam/ffp3.png
Note: You'll just see "Please Input the correct Software", and that it.

10. "Double Click" on the "phrase" and close the String Data Reference Dialog Box.

11. Now, you will return to the "Windows Disassembler"'s main window.

12. Scroll a littttle bit up and there you will see the phrase "Please Input the Correct Software Password." in red.
*www.geocities.com/khattam_khattam/ffp4.png

13. Scroll a little bit upwards and look for "Referenced by a (U)nconditional or (C)onditional.........."
*www.geocities.com/khattam_khattam/ffp5.png
Yeah there it is.
Note: In case of File and Folder Protector, you will need to scroll downwards and look for the "Referenced by a (U)nconditional or (C)onditional..........".

14. Note the referrer. Here in this case it is 00494537. Note it down.
*www.geocities.com/khattam_khattam/ffp6.png
Note that this address differs from version to version and program to program.

15. Now, You may close Windows Disassembler. 

16. Then open HIEW. For convenience, copy the main executable "fhrapp.exe" to HIEW's Directory and copy the HIEW's directory to root if you have Ntfs or HIEW may fail to load.

17. HIEW is a keyboard-Only, Dos-Mode Application. Sorry for the inconvenience, but you'll have to keep your mouse aside.
*www.geocities.com/khattam_khattam/ffp7.png


18. Now, open the file "fhrapp.exe". (Navigate with Keyboard)
*www.geocities.com/khattam_khattam/ffp8.png
Oh, now what the hell is this??

19. Now, press F4 and Select "Decode" Mode.
*www.geocities.com/khattam_khattam/ffp9.png

20. Now, it looks something arranged. Don't care what it is. Just follow what I say. Press F5, now and then Type in the referrer address you noted in step 14. In this case it is 00494537. But wait, in HIEW, you shud type in a period (.) before the address. I.E. you will need to type in ".00494537" without the quotes and press enter.
*www.geocities.com/khattam_khattam/ffp10.png

21. You'll reach here:
*www.geocities.com/khattam_khattam/ffp11.png

22. There you'll see 754B. The 75 here stands for jne (which you can see to the right of 754B). JNE, my friend, stands for Jump if Not Equal. i.e. the procedure in the program will jump to certain address if the variables compared in the preceding statement are not equal. You shud not care about this now.......

23. Now, let us change the JNE to JE (i.e. Jump if equal). Well, if it was JE, we wud change it to JNE. If it was JGE (jump if greater or equal), then we would change it to JL (Jump if less than). This is how reverse engineering works and this is why it is called so. (Don't give a damn to my lectures. Just read further.)
Ok, to change it to 74, you will need to press F3 and type in 74 Over it. Note that Del and Backspace keys wonâ€™t work. You just need to type 74 over it.

24. Now, the JNE should change to JE, if you have done everything right.
*www.geocities.com/khattam_khattam/ffp12.png

25. Ok. Then you will need to save the file by pressing F9 and exit HIEW by pressing F10. Then copy the modified "fhrapp.exe" to original location. Do backup the old file. Rename the old file to anything like "fhrapp_original.exe" and copy the cracked "fhrapp.exe" in its place.

26. Now, launch the program. It will ask for the password. Give it any password that comes to your mind. But don't enter the original password, even if you remember it. If you enter the original password, it will ask you to enter the original password. This happens since we have altered the jump.

27. Now, It will take any damn password (except the original password) and you can unlock any files that were locked...............


28. Thatâ€™s all...................Folks. If anything goes wrong, repeat from step 1. And please read very properly next time.

29. If this does not work for any of the mentioned programs or versions or if you'd like to learn how to break the similar kind of security of similar programs, you can pm me or email me @ khattam.khattam[attherateof]gmail.com

Note: [attherateof]="@". (This was done for security from spam bots.)

@MODS
If anything looks offensive, do send me a warning b4 banning me. I'd like to stay with this forum before I retire from this forum after a few weeks. I'll edit the post if you want and upload it somewhere else.


Moral: 
1. DO NOT trust any such file protection softwares and pay for them. 
2. Use encryption instead. However, that is also not always safe. 
3. Use alphanumeric passwords/keys for encryption with special characters (!, @, # etc) if supported.
4. Make sure that you remember your passwords, if using encryption, or your encrypted data can be lost for ever. Don't cry if that happens. If you do, use a tissue..............*


----------



## banned2wise (Jun 20, 2005)

> However, dont ask me to de-protect encrypted files. That is quite not possible.



Are u sure abt what u have stated here ?

How did u find the jump to be reversed ?? Iam a newbie.


----------



## khattam_ (Jun 22, 2005)

banned2wise said:
			
		

> > However, dont ask me to de-protect encrypted files. That is quite not possible.
> 
> 
> 
> ...



Question answered above



And yeah it is quite not possible to go through ENCRYPTION......

Here it is not encryption................


----------



## plasmafire (Jun 23, 2005)

lolz.. ahhhh the days before securom, safedisk 3.. how i remember them.. 
u gave me old memories khattam.. *choke*


----------



## GameAddict (Jun 23, 2005)

Nice attempt. Maybe you can suggest them to improve thier protection with newer version. Only if they had added CRC check for the main exe, it would have made the task more difficult.  8) 

GA


----------



## Shikhar (Jun 23, 2005)

I know the source from where khattam seems to have learnt this art.

Anyways. Great work!!


----------



## expertno.1 (Jun 23, 2005)

win32 dasm hiew and softice are the tools of a cracker !

this all is assmbly code to learn

well u guys can also learn this

see in the cracking gogole directory

learn this but for your knowledgede and not for illegal purpose...please..as entinoned on the leraning sites


----------



## khattam_ (Jun 23, 2005)

Shikhar said:
			
		

> I know the source from where khattam seems to have learnt this art.
> 
> Anyways. Great work!!



Oh really.........??
I have learnt it from many websites and experience man.........
It is not a days work..............


----------



## quad master (Jun 24, 2005)

Great Tutorial there.


----------



## enigmatic (Jun 24, 2005)

great stuff man ...


----------



## enigmatic (Jun 24, 2005)

khattam_ said:
			
		

> I have learnt it from many websites and experience man.........It is not a days work..............



can u pm me or post some good learning sites?


----------



## khattam_ (Jun 24, 2005)

enigmatic said:
			
		

> _khAttAm_ said:
> 
> 
> 
> ...


I'm gonna suggest the best site where you can get all such info 






GOOGLE








And this is not a great stuff................ coz the protection was not so great.......................... It is a newbie stuff..................


----------



## Shikhar (Jun 25, 2005)

@khattam

I did not mean to offend u.


----------



## khattam_ (Jun 29, 2005)

Shikhar said:
			
		

> @khattam
> 
> I did not mean to offend u.



No Probz................


take it easy..............


----------

