Office 2007 - Cheating phone activation

[dottluca]

(06-16-2017 04:48 AM)crashoverride1993 Wrote:  

(05-27-2015 06:37 PM)NewEraCracker Wrote:  Microsoft has changed their DLL in April 14th security update batches. Previous pattern wasn't working because our M$ friends seem to have built the new DLL with a different compiler (possibly a new version of Visual Studio). This caused different opcodes for the JNZ instruction we patch to mock Phone Activation.

For the more enlightned users, this is what I am talking about.

Code:

MSO.DLL 12.0.6718.5000
.text:333EFADC        push    offset a0123456789 ; "0123456789"
.text:333EFAE1        lea     ecx, [ebp-54h]
.text:333EFAE4        stosb
.text:333EFAE5        call    sub_333EF1A3
.text:333EFAEA        xor     eax, eax
.text:333EFAEC        cmp     esi, eax
.text:333EFAEE        jz      loc_333EFC27
.text:333EFAF4        cmp     [ebp-20h], eax
.text:333EFAF7        jz      loc_333EFC27
.text:333EFAFD        mov     ecx, [ebx]
.text:333EFAFF        or      ecx, [ebx+4]
.text:333EFB02        jz      loc_333EFC27
.text:333EFB08        cmp     [ebp-24h], eax
.text:333EFB0B        jz      loc_333EFC27
.text:333EFB11        cmp     [ebp-28h], eax
.text:333EFB14        jz      loc_333EFC27
.text:333EFB1A        cmp     [ebp-1Ch], eax
.text:333EFB1D        jz      loc_333EFC27
.text:333EFB23        lea     edi, [ebp-14h]
.text:333EFB26        stosd
.text:333EFB27        stosd
.text:333EFB28        stosd
.text:333EFB29        push    23h
.text:333EFB2B        lea     ecx, [ebp-54h]
.text:333EFB2E        stosd
.text:333EFB2F        call    sub_333EEFD9
.text:333EFB34        lea     eax, [ebp-18h]
.text:333EFB37        push    eax
.text:333EFB38        push    esi
.text:333EFB39        lea     ecx, [ebp-54h]
.text:333EFB3C        call    sub_333EF065       ; E8 24 F5 FF FF
.text:333EFB41        mov     esi, eax           ; 8B F0
.text:333EFB43        test    esi, esi           ; 85 F6
.text:333EFB45        jnz     short loc_333EFB8F ; 75 48          ; Changed to jz (74 instead of 75) in cracked version.
.text:333EFB47        cmp     [ebp+arg_0], eax   ; 39 45 08

MSO.DLL 12.0.6721.5000
.text:33396D60        push    offset a0123456789 ; "0123456789"
.text:33396D65        lea     ecx, [ebp+var_54]
.text:33396D68        stosb
.text:33396D69        call    sub_33396430
.text:33396D6E        xor     eax, eax
.text:33396D70        cmp     esi, eax
.text:33396D72        jz      loc_33396E7F
.text:33396D78        cmp     [ebp+var_20], eax
.text:33396D7B        jz      loc_33396E7F
.text:33396D81        mov     ecx, [ebx]
.text:33396D83        or      ecx, [ebx+4]
.text:33396D86        jz      loc_33396E7F
.text:33396D8C        cmp     [ebp+var_24], eax
.text:33396D8F        jz      loc_33396E7F
.text:33396D95        cmp     [ebp+var_28], eax
.text:33396D98        jz      loc_33396E7F
.text:33396D9E        cmp     [ebp+var_1C], eax
.text:33396DA1        jz      loc_33396E7F
.text:33396DA7        lea     edi, [ebp+var_14]
.text:33396DAA        stosd
.text:33396DAB        stosd
.text:33396DAC        stosd
.text:33396DAD        push    23h
.text:33396DAF        lea     ecx, [ebp+var_54]
.text:33396DB2        stosd
.text:33396DB3        call    sub_33396266
.text:33396DB8        lea     eax, [ebp+lpMem]
.text:33396DBB        push    eax
.text:33396DBC        push    esi
.text:33396DBD        lea     ecx, [ebp+var_54]
.text:33396DC0        call    sub_333962F2      ; E8 2D F5 FF FF
.text:33396DC5        mov     esi, eax          ; 8B F0
.text:33396DC7        test    esi, esi          ; 85 F6
.text:33396DC9        jnz     loc_33396E82      ; 0F 85 B3 00 00 00  ; Changed to jz (0F 84 instead of 0F 85) in cracked version.
.text:33396DCF        cmp     [ebp+arg_0], eax  ; 39 45 08

And now I am pround to present the fix! (source included)


Tested & Working with Office 2007 Standard in Windows XP

Thank you This worked With Fully Updated version from windows update

I don't think you tried with latest updates