Post Reply 
 
Thread Rating:
  • 2 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Office 2007 - Cheating phone activation
07-10-2017, 08:30 AM
Post: #111
RE: Office 2007 - Cheating phone activation
(07-07-2017 02:37 PM)dottluca Wrote:  
(07-05-2017 12:12 PM)RootUser Wrote:  
(06-17-2017 12:38 PM)dottluca Wrote:  I don't think you tried with latest updates

What was the last update that worked before the crack stopped working? @NewEraCracker Please analyse the pattern and see if it can be cracked?

Thanks

It stop working with updates dated 13 June 2017. Last working 12.0.6768.5000

Ok thanks for your answer.
Find all posts by this user
Quote this message in a reply
07-15-2017, 11:40 PM (This post was last modified: 07-16-2017 04:06 AM by 161.)
Post: #112
RE: Office 2007 - Cheating phone activation
last version: MSO.DLL 12.0.6772.5000 07 Jule 2017.
Find all posts by this user
Quote this message in a reply
09-17-2017, 12:10 AM
Post: #113
RE: Office 2007 - Cheating phone activation
MSO.DLL v12.0.6772.5000

Pattern: F0 85 F6 75 4C 39

Replace: 75 with 74 (JNZ with JZ)

Prepatched MSO.DLL v12.0.6772.5000 : https://www.sendspace.com/file/q3abou

Code:
3282D835  |. 68 3C215432    PUSH MSO_ORIG.3254213C                   ; /Arg1 = 3254213C
3282D83A  |. 8D4D AC        LEA ECX,DWORD PTR SS:[EBP-54]            ; |
3282D83D  |. AA             STOS BYTE PTR ES:[EDI]                   ; |
3282D83E  |. E8 9183ECFF    CALL MSO_ORIG.326F5BD4                   ; \MSO_ORIG.31B85BD4
3282D843  |. 33C0           XOR EAX,EAX
3282D845  |. 3BF0           CMP ESI,EAX
3282D847  |. 0F84 D2000000  JE MSO_ORIG.3282D91F
3282D84D  |. 3945 E0        CMP DWORD PTR SS:[EBP-20],EAX
3282D850  |. 0F84 C9000000  JE MSO_ORIG.3282D91F
3282D856  |. 8B0B           MOV ECX,DWORD PTR DS:[EBX]
3282D858  |. 0B4B 04        OR ECX,DWORD PTR DS:[EBX+4]
3282D85B  |. 0F84 BE000000  JE MSO_ORIG.3282D91F
3282D861  |. 3945 DC        CMP DWORD PTR SS:[EBP-24],EAX
3282D864  |. 0F84 B5000000  JE MSO_ORIG.3282D91F
3282D86A  |. 3945 D8        CMP DWORD PTR SS:[EBP-28],EAX
3282D86D  |. 0F84 AC000000  JE MSO_ORIG.3282D91F
3282D873  |. 3945 E4        CMP DWORD PTR SS:[EBP-1C],EAX
3282D876  |. 0F84 A3000000  JE MSO_ORIG.3282D91F
3282D87C  |. 8D7D EC        LEA EDI,DWORD PTR SS:[EBP-14]
3282D87F  |. AB             STOS DWORD PTR ES:[EDI]
3282D880  |. AB             STOS DWORD PTR ES:[EDI]
3282D881  |. AB             STOS DWORD PTR ES:[EDI]
3282D882  |. 6A 23          PUSH 23
3282D884  |. 8D4D AC        LEA ECX,DWORD PTR SS:[EBP-54]
3282D887  |. AB             STOS DWORD PTR ES:[EDI]
3282D888  |. E8 BB82ECFF    CALL MSO_ORIG.326F5B48
3282D88D  |. 8D45 E8        LEA EAX,DWORD PTR SS:[EBP-18]
3282D890  |. 50             PUSH EAX
3282D891  |. 56             PUSH ESI
3282D892  |. 8D4D AC        LEA ECX,DWORD PTR SS:[EBP-54]
3282D895  |. E8 1FC57600    CALL MSO_ORIG.32F99DB9
3282D89A  |. 8BF0           MOV ESI,EAX                                 ; 8B F0 (pattern start)
3282D89C  |. 85F6           TEST ESI,ESI                                ; 85 F6
3282D89E  |. 75 4C          JNZ SHORT MSO_ORIG.3282D8EC                 ; 75 4C ; opcode JNZ -> JZ (75 -> 74) to bypass activation
3282D8A0  |. 3945 08        CMP DWORD PTR SS:[EBP+8],EAX                ; 39 45 08 (pattern end)
Find all posts by this user
Quote this message in a reply
09-17-2017, 01:06 AM
Post: #114
RE: Office 2007 - Cheating phone activation
(09-17-2017 12:10 AM)anssik Wrote:  MSO.DLL v12.0.6772.5000

Pattern: F0 85 F6 75 4C 39

Replace: 75 with 74 (JNZ with JZ)

Prepatched MSO.DLL v12.0.6772.5000 : https://www.sendspace.com/file/q3abou

Code:
3282D835  |. 68 3C215432    PUSH MSO_ORIG.3254213C                   ; /Arg1 = 3254213C
3282D83A  |. 8D4D AC        LEA ECX,DWORD PTR SS:[EBP-54]            ; |
3282D83D  |. AA             STOS BYTE PTR ES:[EDI]                   ; |
3282D83E  |. E8 9183ECFF    CALL MSO_ORIG.326F5BD4                   ; \MSO_ORIG.31B85BD4
3282D843  |. 33C0           XOR EAX,EAX
3282D845  |. 3BF0           CMP ESI,EAX
3282D847  |. 0F84 D2000000  JE MSO_ORIG.3282D91F
3282D84D  |. 3945 E0        CMP DWORD PTR SS:[EBP-20],EAX
3282D850  |. 0F84 C9000000  JE MSO_ORIG.3282D91F
3282D856  |. 8B0B           MOV ECX,DWORD PTR DS:[EBX]
3282D858  |. 0B4B 04        OR ECX,DWORD PTR DS:[EBX+4]
3282D85B  |. 0F84 BE000000  JE MSO_ORIG.3282D91F
3282D861  |. 3945 DC        CMP DWORD PTR SS:[EBP-24],EAX
3282D864  |. 0F84 B5000000  JE MSO_ORIG.3282D91F
3282D86A  |. 3945 D8        CMP DWORD PTR SS:[EBP-28],EAX
3282D86D  |. 0F84 AC000000  JE MSO_ORIG.3282D91F
3282D873  |. 3945 E4        CMP DWORD PTR SS:[EBP-1C],EAX
3282D876  |. 0F84 A3000000  JE MSO_ORIG.3282D91F
3282D87C  |. 8D7D EC        LEA EDI,DWORD PTR SS:[EBP-14]
3282D87F  |. AB             STOS DWORD PTR ES:[EDI]
3282D880  |. AB             STOS DWORD PTR ES:[EDI]
3282D881  |. AB             STOS DWORD PTR ES:[EDI]
3282D882  |. 6A 23          PUSH 23
3282D884  |. 8D4D AC        LEA ECX,DWORD PTR SS:[EBP-54]
3282D887  |. AB             STOS DWORD PTR ES:[EDI]
3282D888  |. E8 BB82ECFF    CALL MSO_ORIG.326F5B48
3282D88D  |. 8D45 E8        LEA EAX,DWORD PTR SS:[EBP-18]
3282D890  |. 50             PUSH EAX
3282D891  |. 56             PUSH ESI
3282D892  |. 8D4D AC        LEA ECX,DWORD PTR SS:[EBP-54]
3282D895  |. E8 1FC57600    CALL MSO_ORIG.32F99DB9
3282D89A  |. 8BF0           MOV ESI,EAX                                 ; 8B F0 (pattern start)
3282D89C  |. 85F6           TEST ESI,ESI                                ; 85 F6
3282D89E  |. 75 4C          JNZ SHORT MSO_ORIG.3282D8EC                 ; 75 4C ; opcode JNZ -> JZ (75 -> 74) to bypass activation
3282D8A0  |. 3945 08        CMP DWORD PTR SS:[EBP+8],EAX                ; 39 45 08 (pattern end)

Thank you for your contribution.

Virus Total Result:
https://www.virustotal.com/file/101968be.../analysis/

Untested by myself since I no longer use Office 2007.

Regards,
NewEraCracker
Find all posts by this user
Quote this message in a reply
Yesterday, 09:34 AM
Post: #115
RE: Office 2007 - Cheating phone activation
(09-17-2017 01:06 AM)NewEraCracker Wrote:  
(09-17-2017 12:10 AM)anssik Wrote:  MSO.DLL v12.0.6772.5000

Pattern: F0 85 F6 75 4C 39

Replace: 75 with 74 (JNZ with JZ)

Prepatched MSO.DLL v12.0.6772.5000 : https://www.sendspace.com/file/q3abou

Code:
3282D835  |. 68 3C215432    PUSH MSO_ORIG.3254213C                   ; /Arg1 = 3254213C
3282D83A  |. 8D4D AC        LEA ECX,DWORD PTR SS:[EBP-54]            ; |
3282D83D  |. AA             STOS BYTE PTR ES:[EDI]                   ; |
3282D83E  |. E8 9183ECFF    CALL MSO_ORIG.326F5BD4                   ; \MSO_ORIG.31B85BD4
3282D843  |. 33C0           XOR EAX,EAX
3282D845  |. 3BF0           CMP ESI,EAX
3282D847  |. 0F84 D2000000  JE MSO_ORIG.3282D91F
3282D84D  |. 3945 E0        CMP DWORD PTR SS:[EBP-20],EAX
3282D850  |. 0F84 C9000000  JE MSO_ORIG.3282D91F
3282D856  |. 8B0B           MOV ECX,DWORD PTR DS:[EBX]
3282D858  |. 0B4B 04        OR ECX,DWORD PTR DS:[EBX+4]
3282D85B  |. 0F84 BE000000  JE MSO_ORIG.3282D91F
3282D861  |. 3945 DC        CMP DWORD PTR SS:[EBP-24],EAX
3282D864  |. 0F84 B5000000  JE MSO_ORIG.3282D91F
3282D86A  |. 3945 D8        CMP DWORD PTR SS:[EBP-28],EAX
3282D86D  |. 0F84 AC000000  JE MSO_ORIG.3282D91F
3282D873  |. 3945 E4        CMP DWORD PTR SS:[EBP-1C],EAX
3282D876  |. 0F84 A3000000  JE MSO_ORIG.3282D91F
3282D87C  |. 8D7D EC        LEA EDI,DWORD PTR SS:[EBP-14]
3282D87F  |. AB             STOS DWORD PTR ES:[EDI]
3282D880  |. AB             STOS DWORD PTR ES:[EDI]
3282D881  |. AB             STOS DWORD PTR ES:[EDI]
3282D882  |. 6A 23          PUSH 23
3282D884  |. 8D4D AC        LEA ECX,DWORD PTR SS:[EBP-54]
3282D887  |. AB             STOS DWORD PTR ES:[EDI]
3282D888  |. E8 BB82ECFF    CALL MSO_ORIG.326F5B48
3282D88D  |. 8D45 E8        LEA EAX,DWORD PTR SS:[EBP-18]
3282D890  |. 50             PUSH EAX
3282D891  |. 56             PUSH ESI
3282D892  |. 8D4D AC        LEA ECX,DWORD PTR SS:[EBP-54]
3282D895  |. E8 1FC57600    CALL MSO_ORIG.32F99DB9
3282D89A  |. 8BF0           MOV ESI,EAX                                 ; 8B F0 (pattern start)
3282D89C  |. 85F6           TEST ESI,ESI                                ; 85 F6
3282D89E  |. 75 4C          JNZ SHORT MSO_ORIG.3282D8EC                 ; 75 4C ; opcode JNZ -> JZ (75 -> 74) to bypass activation
3282D8A0  |. 3945 08        CMP DWORD PTR SS:[EBP+8],EAX                ; 39 45 08 (pattern end)

Thank you for your contribution.

Virus Total Result:
https://www.virustotal.com/file/101968be.../analysis/

Untested by myself since I no longer use Office 2007.

Thanks.

Are you able to update your tool?
Find all posts by this user
Quote this message in a reply
Yesterday, 09:47 PM
Post: #116
RE: Office 2007 - Cheating phone activation
Well, I carved up a patch for Office2007 activation for all versions from 12.0.4518.1014 (unpatched retail version) to 12.0.6772.5000 (current July 2017 patch).
Not every version in between has been tested, but should work.

Tested versions:
12.0.4518.1014
12.0.6683.5000
12.0.6721.5000
12.0.6755.5000
12.0.6768.5000
12.0.6772.5000


Attached File(s)
.zip  Office2007.Activation.Patch.1.2.zip (Size: 18.66 KB / Downloads: 2)
Find all posts by this user
Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)

Contact Us | Homepage | Return to Top | Return to Content | Lite (Archive) Mode | RSS Syndication