AntiWPA Forum

AntiWPA Forum > Community Grounds > WinTalk > Office 2007 - Cheating phone activation
Full Version: Office 2007 - Cheating phone activation
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13

yesung84

08-19-2015, 05:37 PM
Hello I'm not familiar with tech, just want to ask simple question.
How to use the patch? I have download office 2007 and insert (random) serial key and now it needs activation.
Please reply ASAP. thanks

yassine

08-29-2016, 09:08 PM
(05-27-2015 06:37 PM)NewEraCracker Wrote: [ -> ]Microsoft has changed their DLL in April 14th security update batches. Previous pattern wasn't working because our M$ friends seem to have built the new DLL with a different compiler (possibly a new version of Visual Studio). This caused different opcodes for the JNZ instruction we patch to mock Phone Activation.

For the more enlightned users, this is what I am talking about. Wink
Code:
MSO.DLL 12.0.6718.5000
.text:333EFADC        push    offset a0123456789 ; "0123456789"
.text:333EFAE1        lea     ecx, [ebp-54h]
.text:333EFAE4        stosb
.text:333EFAE5        call    sub_333EF1A3
.text:333EFAEA        xor     eax, eax
.text:333EFAEC        cmp     esi, eax
.text:333EFAEE        jz      loc_333EFC27
.text:333EFAF4        cmp     [ebp-20h], eax
.text:333EFAF7        jz      loc_333EFC27
.text:333EFAFD        mov     ecx, [ebx]
.text:333EFAFF        or      ecx, [ebx+4]
.text:333EFB02        jz      loc_333EFC27
.text:333EFB08        cmp     [ebp-24h], eax
.text:333EFB0B        jz      loc_333EFC27
.text:333EFB11        cmp     [ebp-28h], eax
.text:333EFB14        jz      loc_333EFC27
.text:333EFB1A        cmp     [ebp-1Ch], eax
.text:333EFB1D        jz      loc_333EFC27
.text:333EFB23        lea     edi, [ebp-14h]
.text:333EFB26        stosd
.text:333EFB27        stosd
.text:333EFB28        stosd
.text:333EFB29        push    23h
.text:333EFB2B        lea     ecx, [ebp-54h]
.text:333EFB2E        stosd
.text:333EFB2F        call    sub_333EEFD9
.text:333EFB34        lea     eax, [ebp-18h]
.text:333EFB37        push    eax
.text:333EFB38        push    esi
.text:333EFB39        lea     ecx, [ebp-54h]
.text:333EFB3C        call    sub_333EF065       ; E8 24 F5 FF FF
.text:333EFB41        mov     esi, eax           ; 8B F0
.text:333EFB43        test    esi, esi           ; 85 F6
.text:333EFB45        jnz     short loc_333EFB8F ; 75 48          ; Changed to jz (74 instead of 75) in cracked version.
.text:333EFB47        cmp     [ebp+arg_0], eax   ; 39 45 08

MSO.DLL 12.0.6721.5000
.text:33396D60        push    offset a0123456789 ; "0123456789"
.text:33396D65        lea     ecx, [ebp+var_54]
.text:33396D68        stosb
.text:33396D69        call    sub_33396430
.text:33396D6E        xor     eax, eax
.text:33396D70        cmp     esi, eax
.text:33396D72        jz      loc_33396E7F
.text:33396D78        cmp     [ebp+var_20], eax
.text:33396D7B        jz      loc_33396E7F
.text:33396D81        mov     ecx, [ebx]
.text:33396D83        or      ecx, [ebx+4]
.text:33396D86        jz      loc_33396E7F
.text:33396D8C        cmp     [ebp+var_24], eax
.text:33396D8F        jz      loc_33396E7F
.text:33396D95        cmp     [ebp+var_28], eax
.text:33396D98        jz      loc_33396E7F
.text:33396D9E        cmp     [ebp+var_1C], eax
.text:33396DA1        jz      loc_33396E7F
.text:33396DA7        lea     edi, [ebp+var_14]
.text:33396DAA        stosd
.text:33396DAB        stosd
.text:33396DAC        stosd
.text:33396DAD        push    23h
.text:33396DAF        lea     ecx, [ebp+var_54]
.text:33396DB2        stosd
.text:33396DB3        call    sub_33396266
.text:33396DB8        lea     eax, [ebp+lpMem]
.text:33396DBB        push    eax
.text:33396DBC        push    esi
.text:33396DBD        lea     ecx, [ebp+var_54]
.text:33396DC0        call    sub_333962F2      ; E8 2D F5 FF FF
.text:33396DC5        mov     esi, eax          ; 8B F0
.text:33396DC7        test    esi, esi          ; 85 F6
.text:33396DC9        jnz     loc_33396E82      ; 0F 85 B3 00 00 00  ; Changed to jz (0F 84 instead of 0F 85) in cracked version.
.text:33396DCF        cmp     [ebp+arg_0], eax  ; 39 45 08

And now I am pround to present the fix! Big Grin (source included)


Tested & Working with Office 2007 Standard in Windows XP

Thank u DUUUUUDE Smile u saved my whole life !!!! Big Grin

zygdresze

01-02-2017, 01:14 PM
Stupid question was here - deleted.

tosiek

03-18-2017, 09:54 AM
I've got original Standard 2007 but now it is not possible to activate 2007 via phone (internet limits exceeded). It will work with mso.dll version 12.0.6762.5000?

GDLC

05-04-2017, 01:32 PM
Hi,
I just try to use the crack for cheating phone activation but my computer stop it. It said there is a virus inside the patch (Win32:Evo-gen).
Real problem or false alarm ?
Thank you.

dottluca

06-14-2017, 05:42 PM
The patch doesn't work anymore with new updates, say can't find pattern

crashoverride1993

06-16-2017, 04:48 AM
(05-27-2015 06:37 PM)NewEraCracker Wrote: [ -> ]Microsoft has changed their DLL in April 14th security update batches. Previous pattern wasn't working because our M$ friends seem to have built the new DLL with a different compiler (possibly a new version of Visual Studio). This caused different opcodes for the JNZ instruction we patch to mock Phone Activation.

For the more enlightned users, this is what I am talking about. Wink
Code:
MSO.DLL 12.0.6718.5000
.text:333EFADC        push    offset a0123456789 ; "0123456789"
.text:333EFAE1        lea     ecx, [ebp-54h]
.text:333EFAE4        stosb
.text:333EFAE5        call    sub_333EF1A3
.text:333EFAEA        xor     eax, eax
.text:333EFAEC        cmp     esi, eax
.text:333EFAEE        jz      loc_333EFC27
.text:333EFAF4        cmp     [ebp-20h], eax
.text:333EFAF7        jz      loc_333EFC27
.text:333EFAFD        mov     ecx, [ebx]
.text:333EFAFF        or      ecx, [ebx+4]
.text:333EFB02        jz      loc_333EFC27
.text:333EFB08        cmp     [ebp-24h], eax
.text:333EFB0B        jz      loc_333EFC27
.text:333EFB11        cmp     [ebp-28h], eax
.text:333EFB14        jz      loc_333EFC27
.text:333EFB1A        cmp     [ebp-1Ch], eax
.text:333EFB1D        jz      loc_333EFC27
.text:333EFB23        lea     edi, [ebp-14h]
.text:333EFB26        stosd
.text:333EFB27        stosd
.text:333EFB28        stosd
.text:333EFB29        push    23h
.text:333EFB2B        lea     ecx, [ebp-54h]
.text:333EFB2E        stosd
.text:333EFB2F        call    sub_333EEFD9
.text:333EFB34        lea     eax, [ebp-18h]
.text:333EFB37        push    eax
.text:333EFB38        push    esi
.text:333EFB39        lea     ecx, [ebp-54h]
.text:333EFB3C        call    sub_333EF065       ; E8 24 F5 FF FF
.text:333EFB41        mov     esi, eax           ; 8B F0
.text:333EFB43        test    esi, esi           ; 85 F6
.text:333EFB45        jnz     short loc_333EFB8F ; 75 48          ; Changed to jz (74 instead of 75) in cracked version.
.text:333EFB47        cmp     [ebp+arg_0], eax   ; 39 45 08

MSO.DLL 12.0.6721.5000
.text:33396D60        push    offset a0123456789 ; "0123456789"
.text:33396D65        lea     ecx, [ebp+var_54]
.text:33396D68        stosb
.text:33396D69        call    sub_33396430
.text:33396D6E        xor     eax, eax
.text:33396D70        cmp     esi, eax
.text:33396D72        jz      loc_33396E7F
.text:33396D78        cmp     [ebp+var_20], eax
.text:33396D7B        jz      loc_33396E7F
.text:33396D81        mov     ecx, [ebx]
.text:33396D83        or      ecx, [ebx+4]
.text:33396D86        jz      loc_33396E7F
.text:33396D8C        cmp     [ebp+var_24], eax
.text:33396D8F        jz      loc_33396E7F
.text:33396D95        cmp     [ebp+var_28], eax
.text:33396D98        jz      loc_33396E7F
.text:33396D9E        cmp     [ebp+var_1C], eax
.text:33396DA1        jz      loc_33396E7F
.text:33396DA7        lea     edi, [ebp+var_14]
.text:33396DAA        stosd
.text:33396DAB        stosd
.text:33396DAC        stosd
.text:33396DAD        push    23h
.text:33396DAF        lea     ecx, [ebp+var_54]
.text:33396DB2        stosd
.text:33396DB3        call    sub_33396266
.text:33396DB8        lea     eax, [ebp+lpMem]
.text:33396DBB        push    eax
.text:33396DBC        push    esi
.text:33396DBD        lea     ecx, [ebp+var_54]
.text:33396DC0        call    sub_333962F2      ; E8 2D F5 FF FF
.text:33396DC5        mov     esi, eax          ; 8B F0
.text:33396DC7        test    esi, esi          ; 85 F6
.text:33396DC9        jnz     loc_33396E82      ; 0F 85 B3 00 00 00  ; Changed to jz (0F 84 instead of 0F 85) in cracked version.
.text:33396DCF        cmp     [ebp+arg_0], eax  ; 39 45 08

And now I am pround to present the fix! Big Grin (source included)


Tested & Working with Office 2007 Standard in Windows XP


Thank you This worked With Fully Updated version from windows update

dottluca

06-17-2017, 12:38 PM
(06-16-2017 04:48 AM)crashoverride1993 Wrote: [ -> ]
(05-27-2015 06:37 PM)NewEraCracker Wrote: [ -> ]Microsoft has changed their DLL in April 14th security update batches. Previous pattern wasn't working because our M$ friends seem to have built the new DLL with a different compiler (possibly a new version of Visual Studio). This caused different opcodes for the JNZ instruction we patch to mock Phone Activation.

For the more enlightned users, this is what I am talking about. Wink
Code:
MSO.DLL 12.0.6718.5000
.text:333EFADC        push    offset a0123456789 ; "0123456789"
.text:333EFAE1        lea     ecx, [ebp-54h]
.text:333EFAE4        stosb
.text:333EFAE5        call    sub_333EF1A3
.text:333EFAEA        xor     eax, eax
.text:333EFAEC        cmp     esi, eax
.text:333EFAEE        jz      loc_333EFC27
.text:333EFAF4        cmp     [ebp-20h], eax
.text:333EFAF7        jz      loc_333EFC27
.text:333EFAFD        mov     ecx, [ebx]
.text:333EFAFF        or      ecx, [ebx+4]
.text:333EFB02        jz      loc_333EFC27
.text:333EFB08        cmp     [ebp-24h], eax
.text:333EFB0B        jz      loc_333EFC27
.text:333EFB11        cmp     [ebp-28h], eax
.text:333EFB14        jz      loc_333EFC27
.text:333EFB1A        cmp     [ebp-1Ch], eax
.text:333EFB1D        jz      loc_333EFC27
.text:333EFB23        lea     edi, [ebp-14h]
.text:333EFB26        stosd
.text:333EFB27        stosd
.text:333EFB28        stosd
.text:333EFB29        push    23h
.text:333EFB2B        lea     ecx, [ebp-54h]
.text:333EFB2E        stosd
.text:333EFB2F        call    sub_333EEFD9
.text:333EFB34        lea     eax, [ebp-18h]
.text:333EFB37        push    eax
.text:333EFB38        push    esi
.text:333EFB39        lea     ecx, [ebp-54h]
.text:333EFB3C        call    sub_333EF065       ; E8 24 F5 FF FF
.text:333EFB41        mov     esi, eax           ; 8B F0
.text:333EFB43        test    esi, esi           ; 85 F6
.text:333EFB45        jnz     short loc_333EFB8F ; 75 48          ; Changed to jz (74 instead of 75) in cracked version.
.text:333EFB47        cmp     [ebp+arg_0], eax   ; 39 45 08

MSO.DLL 12.0.6721.5000
.text:33396D60        push    offset a0123456789 ; "0123456789"
.text:33396D65        lea     ecx, [ebp+var_54]
.text:33396D68        stosb
.text:33396D69        call    sub_33396430
.text:33396D6E        xor     eax, eax
.text:33396D70        cmp     esi, eax
.text:33396D72        jz      loc_33396E7F
.text:33396D78        cmp     [ebp+var_20], eax
.text:33396D7B        jz      loc_33396E7F
.text:33396D81        mov     ecx, [ebx]
.text:33396D83        or      ecx, [ebx+4]
.text:33396D86        jz      loc_33396E7F
.text:33396D8C        cmp     [ebp+var_24], eax
.text:33396D8F        jz      loc_33396E7F
.text:33396D95        cmp     [ebp+var_28], eax
.text:33396D98        jz      loc_33396E7F
.text:33396D9E        cmp     [ebp+var_1C], eax
.text:33396DA1        jz      loc_33396E7F
.text:33396DA7        lea     edi, [ebp+var_14]
.text:33396DAA        stosd
.text:33396DAB        stosd
.text:33396DAC        stosd
.text:33396DAD        push    23h
.text:33396DAF        lea     ecx, [ebp+var_54]
.text:33396DB2        stosd
.text:33396DB3        call    sub_33396266
.text:33396DB8        lea     eax, [ebp+lpMem]
.text:33396DBB        push    eax
.text:33396DBC        push    esi
.text:33396DBD        lea     ecx, [ebp+var_54]
.text:33396DC0        call    sub_333962F2      ; E8 2D F5 FF FF
.text:33396DC5        mov     esi, eax          ; 8B F0
.text:33396DC7        test    esi, esi          ; 85 F6
.text:33396DC9        jnz     loc_33396E82      ; 0F 85 B3 00 00 00  ; Changed to jz (0F 84 instead of 0F 85) in cracked version.
.text:33396DCF        cmp     [ebp+arg_0], eax  ; 39 45 08

And now I am pround to present the fix! Big Grin (source included)


Tested & Working with Office 2007 Standard in Windows XP


Thank you This worked With Fully Updated version from windows update

I don't think you tried with latest updates

RootUser

07-05-2017, 12:12 PM
(06-17-2017 12:38 PM)dottluca Wrote: [ -> ]I don't think you tried with latest updates

What was the last update that worked before the crack stopped working? @NewEraCracker Please analyse the pattern and see if it can be cracked?

Thanks

dottluca

07-07-2017, 02:37 PM
(07-05-2017 12:12 PM)RootUser Wrote: [ -> ]
(06-17-2017 12:38 PM)dottluca Wrote: [ -> ]I don't think you tried with latest updates

What was the last update that worked before the crack stopped working? @NewEraCracker Please analyse the pattern and see if it can be cracked?

Thanks

It stop working with updates dated 13 June 2017. Last working 12.0.6768.5000
Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13
AntiWPA Forum > Community Grounds > WinTalk > Office 2007 - Cheating phone activation
Reference URL's