AntiWPA Forum

Full Version: Office 2007 - Cheating phone activation
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13
(07-07-2017 02:37 PM)dottluca Wrote: [ -> ]
(07-05-2017 12:12 PM)RootUser Wrote: [ -> ]
(06-17-2017 12:38 PM)dottluca Wrote: [ -> ]I don't think you tried with latest updates

What was the last update that worked before the crack stopped working? @NewEraCracker Please analyse the pattern and see if it can be cracked?

Thanks

It stop working with updates dated 13 June 2017. Last working 12.0.6768.5000

Ok thanks for your answer.
last version: MSO.DLL 12.0.6772.5000 07 Jule 2017.
MSO.DLL v12.0.6772.5000

Pattern: F0 85 F6 75 4C 39

Replace: 75 with 74 (JNZ with JZ)

Prepatched MSO.DLL v12.0.6772.5000 : https://www.sendspace.com/file/q3abou

Code:
3282D835  |. 68 3C215432    PUSH MSO_ORIG.3254213C                   ; /Arg1 = 3254213C
3282D83A  |. 8D4D AC        LEA ECX,DWORD PTR SS:[EBP-54]            ; |
3282D83D  |. AA             STOS BYTE PTR ES:[EDI]                   ; |
3282D83E  |. E8 9183ECFF    CALL MSO_ORIG.326F5BD4                   ; \MSO_ORIG.31B85BD4
3282D843  |. 33C0           XOR EAX,EAX
3282D845  |. 3BF0           CMP ESI,EAX
3282D847  |. 0F84 D2000000  JE MSO_ORIG.3282D91F
3282D84D  |. 3945 E0        CMP DWORD PTR SS:[EBP-20],EAX
3282D850  |. 0F84 C9000000  JE MSO_ORIG.3282D91F
3282D856  |. 8B0B           MOV ECX,DWORD PTR DS:[EBX]
3282D858  |. 0B4B 04        OR ECX,DWORD PTR DS:[EBX+4]
3282D85B  |. 0F84 BE000000  JE MSO_ORIG.3282D91F
3282D861  |. 3945 DC        CMP DWORD PTR SS:[EBP-24],EAX
3282D864  |. 0F84 B5000000  JE MSO_ORIG.3282D91F
3282D86A  |. 3945 D8        CMP DWORD PTR SS:[EBP-28],EAX
3282D86D  |. 0F84 AC000000  JE MSO_ORIG.3282D91F
3282D873  |. 3945 E4        CMP DWORD PTR SS:[EBP-1C],EAX
3282D876  |. 0F84 A3000000  JE MSO_ORIG.3282D91F
3282D87C  |. 8D7D EC        LEA EDI,DWORD PTR SS:[EBP-14]
3282D87F  |. AB             STOS DWORD PTR ES:[EDI]
3282D880  |. AB             STOS DWORD PTR ES:[EDI]
3282D881  |. AB             STOS DWORD PTR ES:[EDI]
3282D882  |. 6A 23          PUSH 23
3282D884  |. 8D4D AC        LEA ECX,DWORD PTR SS:[EBP-54]
3282D887  |. AB             STOS DWORD PTR ES:[EDI]
3282D888  |. E8 BB82ECFF    CALL MSO_ORIG.326F5B48
3282D88D  |. 8D45 E8        LEA EAX,DWORD PTR SS:[EBP-18]
3282D890  |. 50             PUSH EAX
3282D891  |. 56             PUSH ESI
3282D892  |. 8D4D AC        LEA ECX,DWORD PTR SS:[EBP-54]
3282D895  |. E8 1FC57600    CALL MSO_ORIG.32F99DB9
3282D89A  |. 8BF0           MOV ESI,EAX                                 ; 8B F0 (pattern start)
3282D89C  |. 85F6           TEST ESI,ESI                                ; 85 F6
3282D89E  |. 75 4C          JNZ SHORT MSO_ORIG.3282D8EC                 ; 75 4C ; opcode JNZ -> JZ (75 -> 74) to bypass activation
3282D8A0  |. 3945 08        CMP DWORD PTR SS:[EBP+8],EAX                ; 39 45 08 (pattern end)
(09-17-2017 12:10 AM)anssik Wrote: [ -> ]MSO.DLL v12.0.6772.5000

Pattern: F0 85 F6 75 4C 39

Replace: 75 with 74 (JNZ with JZ)

Prepatched MSO.DLL v12.0.6772.5000 : https://www.sendspace.com/file/q3abou

Code:
3282D835  |. 68 3C215432    PUSH MSO_ORIG.3254213C                   ; /Arg1 = 3254213C
3282D83A  |. 8D4D AC        LEA ECX,DWORD PTR SS:[EBP-54]            ; |
3282D83D  |. AA             STOS BYTE PTR ES:[EDI]                   ; |
3282D83E  |. E8 9183ECFF    CALL MSO_ORIG.326F5BD4                   ; \MSO_ORIG.31B85BD4
3282D843  |. 33C0           XOR EAX,EAX
3282D845  |. 3BF0           CMP ESI,EAX
3282D847  |. 0F84 D2000000  JE MSO_ORIG.3282D91F
3282D84D  |. 3945 E0        CMP DWORD PTR SS:[EBP-20],EAX
3282D850  |. 0F84 C9000000  JE MSO_ORIG.3282D91F
3282D856  |. 8B0B           MOV ECX,DWORD PTR DS:[EBX]
3282D858  |. 0B4B 04        OR ECX,DWORD PTR DS:[EBX+4]
3282D85B  |. 0F84 BE000000  JE MSO_ORIG.3282D91F
3282D861  |. 3945 DC        CMP DWORD PTR SS:[EBP-24],EAX
3282D864  |. 0F84 B5000000  JE MSO_ORIG.3282D91F
3282D86A  |. 3945 D8        CMP DWORD PTR SS:[EBP-28],EAX
3282D86D  |. 0F84 AC000000  JE MSO_ORIG.3282D91F
3282D873  |. 3945 E4        CMP DWORD PTR SS:[EBP-1C],EAX
3282D876  |. 0F84 A3000000  JE MSO_ORIG.3282D91F
3282D87C  |. 8D7D EC        LEA EDI,DWORD PTR SS:[EBP-14]
3282D87F  |. AB             STOS DWORD PTR ES:[EDI]
3282D880  |. AB             STOS DWORD PTR ES:[EDI]
3282D881  |. AB             STOS DWORD PTR ES:[EDI]
3282D882  |. 6A 23          PUSH 23
3282D884  |. 8D4D AC        LEA ECX,DWORD PTR SS:[EBP-54]
3282D887  |. AB             STOS DWORD PTR ES:[EDI]
3282D888  |. E8 BB82ECFF    CALL MSO_ORIG.326F5B48
3282D88D  |. 8D45 E8        LEA EAX,DWORD PTR SS:[EBP-18]
3282D890  |. 50             PUSH EAX
3282D891  |. 56             PUSH ESI
3282D892  |. 8D4D AC        LEA ECX,DWORD PTR SS:[EBP-54]
3282D895  |. E8 1FC57600    CALL MSO_ORIG.32F99DB9
3282D89A  |. 8BF0           MOV ESI,EAX                                 ; 8B F0 (pattern start)
3282D89C  |. 85F6           TEST ESI,ESI                                ; 85 F6
3282D89E  |. 75 4C          JNZ SHORT MSO_ORIG.3282D8EC                 ; 75 4C ; opcode JNZ -> JZ (75 -> 74) to bypass activation
3282D8A0  |. 3945 08        CMP DWORD PTR SS:[EBP+8],EAX                ; 39 45 08 (pattern end)

Thank you for your contribution.

Virus Total Result:
https://www.virustotal.com/file/101968be.../analysis/

Untested by myself since I no longer use Office 2007.
(09-17-2017 01:06 AM)NewEraCracker Wrote: [ -> ]
(09-17-2017 12:10 AM)anssik Wrote: [ -> ]MSO.DLL v12.0.6772.5000

Pattern: F0 85 F6 75 4C 39

Replace: 75 with 74 (JNZ with JZ)

Prepatched MSO.DLL v12.0.6772.5000 : https://www.sendspace.com/file/q3abou

Code:
3282D835  |. 68 3C215432    PUSH MSO_ORIG.3254213C                   ; /Arg1 = 3254213C
3282D83A  |. 8D4D AC        LEA ECX,DWORD PTR SS:[EBP-54]            ; |
3282D83D  |. AA             STOS BYTE PTR ES:[EDI]                   ; |
3282D83E  |. E8 9183ECFF    CALL MSO_ORIG.326F5BD4                   ; \MSO_ORIG.31B85BD4
3282D843  |. 33C0           XOR EAX,EAX
3282D845  |. 3BF0           CMP ESI,EAX
3282D847  |. 0F84 D2000000  JE MSO_ORIG.3282D91F
3282D84D  |. 3945 E0        CMP DWORD PTR SS:[EBP-20],EAX
3282D850  |. 0F84 C9000000  JE MSO_ORIG.3282D91F
3282D856  |. 8B0B           MOV ECX,DWORD PTR DS:[EBX]
3282D858  |. 0B4B 04        OR ECX,DWORD PTR DS:[EBX+4]
3282D85B  |. 0F84 BE000000  JE MSO_ORIG.3282D91F
3282D861  |. 3945 DC        CMP DWORD PTR SS:[EBP-24],EAX
3282D864  |. 0F84 B5000000  JE MSO_ORIG.3282D91F
3282D86A  |. 3945 D8        CMP DWORD PTR SS:[EBP-28],EAX
3282D86D  |. 0F84 AC000000  JE MSO_ORIG.3282D91F
3282D873  |. 3945 E4        CMP DWORD PTR SS:[EBP-1C],EAX
3282D876  |. 0F84 A3000000  JE MSO_ORIG.3282D91F
3282D87C  |. 8D7D EC        LEA EDI,DWORD PTR SS:[EBP-14]
3282D87F  |. AB             STOS DWORD PTR ES:[EDI]
3282D880  |. AB             STOS DWORD PTR ES:[EDI]
3282D881  |. AB             STOS DWORD PTR ES:[EDI]
3282D882  |. 6A 23          PUSH 23
3282D884  |. 8D4D AC        LEA ECX,DWORD PTR SS:[EBP-54]
3282D887  |. AB             STOS DWORD PTR ES:[EDI]
3282D888  |. E8 BB82ECFF    CALL MSO_ORIG.326F5B48
3282D88D  |. 8D45 E8        LEA EAX,DWORD PTR SS:[EBP-18]
3282D890  |. 50             PUSH EAX
3282D891  |. 56             PUSH ESI
3282D892  |. 8D4D AC        LEA ECX,DWORD PTR SS:[EBP-54]
3282D895  |. E8 1FC57600    CALL MSO_ORIG.32F99DB9
3282D89A  |. 8BF0           MOV ESI,EAX                                 ; 8B F0 (pattern start)
3282D89C  |. 85F6           TEST ESI,ESI                                ; 85 F6
3282D89E  |. 75 4C          JNZ SHORT MSO_ORIG.3282D8EC                 ; 75 4C ; opcode JNZ -> JZ (75 -> 74) to bypass activation
3282D8A0  |. 3945 08        CMP DWORD PTR SS:[EBP+8],EAX                ; 39 45 08 (pattern end)

Thank you for your contribution.

Virus Total Result:
https://www.virustotal.com/file/101968be.../analysis/

Untested by myself since I no longer use Office 2007.

Thanks.

Are you able to update your tool?
Well, I carved up a patch for Office2007 activation for all versions from 12.0.4518.1014 (unpatched retail version) to 12.0.6777.5000 (current September 2017 patch).
Not every version in between has been tested, but should work.

EDIT: September 2017 security update was released for Office 2007. The patcher version 1.2 still works for the newest patch.

Tested versions:
12.0.4518.1014
12.0.6683.5000
12.0.6721.5000
12.0.6755.5000
12.0.6768.5000
12.0.6772.5000
12.0.6777.5000
(09-21-2017 09:47 PM)anssik Wrote: [ -> ]Well, I carved up a patch for Office2007 activation for all versions from 12.0.4518.1014 (unpatched retail version) to 12.0.6772.5000 (current July 2017 patch).
Not every version in between has been tested, but should work.

Tested versions:
12.0.4518.1014
12.0.6683.5000
12.0.6721.5000
12.0.6755.5000
12.0.6768.5000
12.0.6772.5000

Thanks a lot.
Great job dude!Tongue
Thanks a lot!Smile
(09-21-2017 09:47 PM)anssik Wrote: [ -> ]Well, I carved up a patch for Office2007 activation for all versions from 12.0.4518.1014 (unpatched retail version) to 12.0.6777.5000 (current September 2017 patch).
Not every version in between has been tested, but should work.

EDIT: September 2017 security update was released for Office 2007. The patcher version 1.2 still works for the newest patch.

Tested versions:
12.0.4518.1014
12.0.6683.5000
12.0.6721.5000
12.0.6755.5000
12.0.6768.5000
12.0.6772.5000
12.0.6777.5000

i used the activation patch but i can t write in word... why?
(09-21-2017 09:47 PM)anssik Wrote: [ -> ]Well, I carved up a patch for Office2007 activation for all versions from 12.0.4518.1014 (unpatched retail version) to 12.0.6777.5000 (current September 2017 patch).
Not every version in between has been tested, but should work.

Thanks
Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13
Reference URL's