131 lines
5.1 KiB
Plaintext
131 lines
5.1 KiB
Plaintext
FRMWRK2.UNP Breaking Framework II's Softguard 2.03 Protection
|
||
by The Lone Victor
|
||
|
||
Adapted to Framework II by
|
||
George V. Hartmann / David Jelen
|
||
|
||
United States copyright law SPECIFICALLY grants you the right to
|
||
make copies of programs you buy on magnetic media. Programs are copy
|
||
protected IN VIOLATION OF YOUR RIGHTS UNDER U.S. LAW.
|
||
|
||
Programs that are protected by the Softguard system are distinguished
|
||
by the files CML0203.HCL and VDF0203.VDW which are hidden in the root
|
||
directory when you install the program on your fixed disk. The 0203
|
||
part of the file names is the Softguard version (2.03) while CML stands
|
||
for Common Loader and VDF is the Volume Descriptor File. The extensions
|
||
HCL and VDW stand for Hard-disk Common Loader and Verify Descriptor Working
|
||
copy. In addition, there will be a hidden root file with a .EXE or .LOD
|
||
or some other extension. This is the REAL program, which has been
|
||
encrypted and hidden.
|
||
|
||
The program FW.COM, in the product directory is the Softguard
|
||
miniloader. All it does is call the Common Loader. For example, when you
|
||
run FW, the program FW.COM loads CML0203.HCL high in memory and
|
||
runs it. CML decrypts itself and reads VDF0203.VDW. The VDF file contains
|
||
some code and data from the fixed disk FAT at the time of installation. By
|
||
comparing the information in the VDF file with the current FAT, CML can
|
||
tell if the CML, VDF, and FW.A26 files are in the same place on the disk
|
||
where they were installed. If they have moved, say from a backup &
|
||
restore,then CLIPPER will not run.
|
||
|
||
This text file is designed to let you unprotect the most current
|
||
version of Framework, Framework II, which is protected by a variation of
|
||
Softguard 2.03. (not 2.03A)
|
||
|
||
-- INSTRUCTIONS --
|
||
|
||
First, using your valid, original FRAMEWORK diskette, install it on a
|
||
fixed disk. You cannot use this text to unprotect the floppy directly!
|
||
Softguard hides three files in your fixed disk root directory: CML0203.HCL,
|
||
VDF0203.VDW, and FW.A26. It also copies FW.COM into your chosen
|
||
FRAMEWORK directory. FW.A26 is the real FRAMEWORK program, encrypted. The
|
||
extension of this file does not matter. It is really an encrypted .EXE
|
||
file.
|
||
|
||
Second, un-hide the three files in the root directory. You can do
|
||
this with the programs ALTER.COM or FM.COM found on any BBS.
|
||
|
||
Make copies of the three files, and of FW.COM, into some other
|
||
directory.
|
||
|
||
Hide the three root files again using ALTER or FM.
|
||
|
||
Following the FRAMEWORK instructions, UNINSTALL FRAMEWORK. You can
|
||
now put away your original FRAMEWORK diskette. We are done with it.
|
||
|
||
Now copy your four saved files back into the root directory and hide
|
||
the CML0203.HCL, VDF0203.VDW, and FW.A26 files using ALTER or FM.
|
||
|
||
We can now run FW.COM using DEBUG, trace just up to the point where it
|
||
has decrypted FW.EXE, then write that file out.
|
||
|
||
LET 'ER RIP!
|
||
|
||
Instructions Comments
|
||
|
||
|
||
debug CLIPPER.com ; name of file that runs the product
|
||
r <CR> ; dump debug's registers
|
||
|
||
**** WRITE DOWN THE VALUE OF DS FOR USE BELOW. ****
|
||
**** THIS VALUE IS DEPENDENT ON YOUR PARTICULAR MACHINE. ****
|
||
|
||
g 4D7 ; now we can trace CML
|
||
t
|
||
g 1B5
|
||
t
|
||
e cs:A2
|
||
74.EB ; debug reports the 74 here, you enter EB
|
||
e cs:127 ;
|
||
E8.90 ; you enter the 90's followed by a space, and
|
||
D1.90 05.90 <CR> ; a carriage retirn after the 3rd 90 (no space).
|
||
g 127
|
||
a 185
|
||
jmp 1C5
|
||
<CR> ; this second CR gets you out of the assembler
|
||
a 22B
|
||
jmp 265
|
||
<CR>
|
||
a 41F
|
||
mov ax,22
|
||
<CR>
|
||
e cs:42F
|
||
01.89 ; debug reports the 01, you enter 89
|
||
a 4CE
|
||
mov bl,7A
|
||
<CR>
|
||
g 4DF
|
||
g 281
|
||
t
|
||
g 24D
|
||
t
|
||
g 5A6 ; wait while reading VDF & FAT
|
||
g=5B1 5C1
|
||
g=5C9 9DA ; FW.EXE has been decrypted
|
||
|
||
d cs:1E7 L8 ; just for grins, here's the password
|
||
|
||
rBX <CR>
|
||
:3 ; set BX to 3
|
||
rCX <CR>
|
||
:7600 ; set CX to 7600
|
||
|
||
n fw.bin ; name of file to write to
|
||
w XXXX:100 ; where XXXX is the value of DS that
|
||
; you wrote down at the beginning.
|
||
q ; quit debug
|
||
|
||
REN FW.BIN FW.EXE
|
||
|
||
Now unhide and delete the files FW.A26, VDF0203.VDW and CML0203.HCL.
|
||
FW.COM should also be deleted from the root directory and the product
|
||
directory. Copy FW.EXE from the root directory to the product directory
|
||
and you are done. (And so is Ashton-Tate)
|
||
|
||
NOTE: The Lone Victor is the author of this method to unprotect
|
||
Softguard protected products, and deserves all the credit. I adapted his
|
||
method to Framework II and "cleaned-up" a "chain-letter" unprotection file
|
||
that some novices would have had trouble fathoming. Robert White and Steve
|
||
Diamond had nothing to do with this. GVH
|
||
���������������������������������������������������
|
||
����������������������������������������������� |