131 lines
5.1 KiB
Plaintext
131 lines
5.1 KiB
Plaintext
|
FRMWRK2.UNP Breaking Framework II's Softguard 2.03 Protection
|
|||
|
|
by The Lone Victor
|
|||
|
|
|
|||
|
|
Adapted to Framework II by
|
|||
|
|
George V. Hartmann / David Jelen
|
|||
|
|
|
|||
|
|
United States copyright law SPECIFICALLY grants you the right to
|
|||
|
|
make copies of programs you buy on magnetic media. Programs are copy
|
|||
|
|
protected IN VIOLATION OF YOUR RIGHTS UNDER U.S. LAW.
|
|||
|
|
|
|||
|
|
Programs that are protected by the Softguard system are distinguished
|
|||
|
|
by the files CML0203.HCL and VDF0203.VDW which are hidden in the root
|
|||
|
|
directory when you install the program on your fixed disk. The 0203
|
|||
|
|
part of the file names is the Softguard version (2.03) while CML stands
|
|||
|
|
for Common Loader and VDF is the Volume Descriptor File. The extensions
|
|||
|
|
HCL and VDW stand for Hard-disk Common Loader and Verify Descriptor Working
|
|||
|
|
copy. In addition, there will be a hidden root file with a .EXE or .LOD
|
|||
|
|
or some other extension. This is the REAL program, which has been
|
|||
|
|
encrypted and hidden.
|
|||
|
|
|
|||
|
|
The program FW.COM, in the product directory is the Softguard
|
|||
|
|
miniloader. All it does is call the Common Loader. For example, when you
|
|||
|
|
run FW, the program FW.COM loads CML0203.HCL high in memory and
|
|||
|
|
runs it. CML decrypts itself and reads VDF0203.VDW. The VDF file contains
|
|||
|
|
some code and data from the fixed disk FAT at the time of installation. By
|
|||
|
|
comparing the information in the VDF file with the current FAT, CML can
|
|||
|
|
tell if the CML, VDF, and FW.A26 files are in the same place on the disk
|
|||
|
|
where they were installed. If they have moved, say from a backup &
|
|||
|
|
restore,then CLIPPER will not run.
|
|||
|
|
|
|||
|
|
This text file is designed to let you unprotect the most current
|
|||
|
|
version of Framework, Framework II, which is protected by a variation of
|
|||
|
|
Softguard 2.03. (not 2.03A)
|
|||
|
|
|
|||
|
|
-- INSTRUCTIONS --
|
|||
|
|
|
|||
|
|
First, using your valid, original FRAMEWORK diskette, install it on a
|
|||
|
|
fixed disk. You cannot use this text to unprotect the floppy directly!
|
|||
|
|
Softguard hides three files in your fixed disk root directory: CML0203.HCL,
|
|||
|
|
VDF0203.VDW, and FW.A26. It also copies FW.COM into your chosen
|
|||
|
|
FRAMEWORK directory. FW.A26 is the real FRAMEWORK program, encrypted. The
|
|||
|
|
extension of this file does not matter. It is really an encrypted .EXE
|
|||
|
|
file.
|
|||
|
|
|
|||
|
|
Second, un-hide the three files in the root directory. You can do
|
|||
|
|
this with the programs ALTER.COM or FM.COM found on any BBS.
|
|||
|
|
|
|||
|
|
Make copies of the three files, and of FW.COM, into some other
|
|||
|
|
directory.
|
|||
|
|
|
|||
|
|
Hide the three root files again using ALTER or FM.
|
|||
|
|
|
|||
|
|
Following the FRAMEWORK instructions, UNINSTALL FRAMEWORK. You can
|
|||
|
|
now put away your original FRAMEWORK diskette. We are done with it.
|
|||
|
|
|
|||
|
|
Now copy your four saved files back into the root directory and hide
|
|||
|
|
the CML0203.HCL, VDF0203.VDW, and FW.A26 files using ALTER or FM.
|
|||
|
|
|
|||
|
|
We can now run FW.COM using DEBUG, trace just up to the point where it
|
|||
|
|
has decrypted FW.EXE, then write that file out.
|
|||
|
|
|
|||
|
|
LET 'ER RIP!
|
|||
|
|
|
|||
|
|
Instructions Comments
|
|||
|
|
|
|||
|
|
|
|||
|
|
debug CLIPPER.com ; name of file that runs the product
|
|||
|
|
r <CR> ; dump debug's registers
|
|||
|
|
|
|||
|
|
**** WRITE DOWN THE VALUE OF DS FOR USE BELOW. ****
|
|||
|
|
**** THIS VALUE IS DEPENDENT ON YOUR PARTICULAR MACHINE. ****
|
|||
|
|
|
|||
|
|
g 4D7 ; now we can trace CML
|
|||
|
|
t
|
|||
|
|
g 1B5
|
|||
|
|
t
|
|||
|
|
e cs:A2
|
|||
|
|
74.EB ; debug reports the 74 here, you enter EB
|
|||
|
|
e cs:127 ;
|
|||
|
|
E8.90 ; you enter the 90's followed by a space, and
|
|||
|
|
D1.90 05.90 <CR> ; a carriage retirn after the 3rd 90 (no space).
|
|||
|
|
g 127
|
|||
|
|
a 185
|
|||
|
|
jmp 1C5
|
|||
|
|
<CR> ; this second CR gets you out of the assembler
|
|||
|
|
a 22B
|
|||
|
|
jmp 265
|
|||
|
|
<CR>
|
|||
|
|
a 41F
|
|||
|
|
mov ax,22
|
|||
|
|
<CR>
|
|||
|
|
e cs:42F
|
|||
|
|
01.89 ; debug reports the 01, you enter 89
|
|||
|
|
a 4CE
|
|||
|
|
mov bl,7A
|
|||
|
|
<CR>
|
|||
|
|
g 4DF
|
|||
|
|
g 281
|
|||
|
|
t
|
|||
|
|
g 24D
|
|||
|
|
t
|
|||
|
|
g 5A6 ; wait while reading VDF & FAT
|
|||
|
|
g=5B1 5C1
|
|||
|
|
g=5C9 9DA ; FW.EXE has been decrypted
|
|||
|
|
|
|||
|
|
d cs:1E7 L8 ; just for grins, here's the password
|
|||
|
|
|
|||
|
|
rBX <CR>
|
|||
|
|
:3 ; set BX to 3
|
|||
|
|
rCX <CR>
|
|||
|
|
:7600 ; set CX to 7600
|
|||
|
|
|
|||
|
|
n fw.bin ; name of file to write to
|
|||
|
|
w XXXX:100 ; where XXXX is the value of DS that
|
|||
|
|
; you wrote down at the beginning.
|
|||
|
|
q ; quit debug
|
|||
|
|
|
|||
|
|
REN FW.BIN FW.EXE
|
|||
|
|
|
|||
|
|
Now unhide and delete the files FW.A26, VDF0203.VDW and CML0203.HCL.
|
|||
|
|
FW.COM should also be deleted from the root directory and the product
|
|||
|
|
directory. Copy FW.EXE from the root directory to the product directory
|
|||
|
|
and you are done. (And so is Ashton-Tate)
|
|||
|
|
|
|||
|
|
NOTE: The Lone Victor is the author of this method to unprotect
|
|||
|
|
Softguard protected products, and deserves all the credit. I adapted his
|
|||
|
|
method to Framework II and "cleaned-up" a "chain-letter" unprotection file
|
|||
|
|
that some novices would have had trouble fathoming. Robert White and Steve
|
|||
|
|
Diamond had nothing to do with this. GVH
|
|||
|
|
���������������������������������������������������
|
|||
|
|
�����������������������������������������������
|