###################################################################### Title: CloneCD... when a bad registry protection can be bypassed with a registry cleaner Author: Luigi Auriemma e-mail: aluigi@autistici.org web: aluigi.org ###################################################################### Introduction Theory How to bypass the 21 days ###################################################################### ============ Introduction ============ CloneCD is the "fantastic" program developed by Elaborate Bytes (http://www.elby.ch) to make perfect copies of cd-roms using the raw write function of cd burners. The program is shareware and its trial period is limited to 21 days. However when the time expires does NOT seem to lost its functions, in fact this document has been created only for fun to show a funny error made by the Elby programmers in a old version of the tool. Now is Slysoft (http://www.slysoft.com) to continue the development of this tool and by what I have seen the trick I'm going to explain is no more possible with the newer versions (from 4.3.1.6), so the latest version where is possible to see the trick is the 4.2.0.2. ###################################################################### ====== Theory ====== When the program starts, it writes the following entries in the registry: [HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{577A4CE0-FDC0-11D7-94F4-A2500D93733F}\TypeLib] @="{e01bdf19-df18-e01f-1adf-1fe018df4fb0}" The key {577A4CE0-FDC0-11D7-94F4-A2500D93733F} is the identifier of the current installation of CloneCD. It seems randomly generated or something similar, but is not interesting for us. Q: How CloneCD finds this key if it is randomly generated? A: It searchs a specific value in the registry. Look at the default value of the key: "Dyejw" <--- this is the pattern searched everytime Instead the value {e01bdf19-df18-e01f-1adf-1fe018df4fb0} is something like a timestamp retrieved by the current day, month and year (13 Oct 2003 in my case) Now we will see what really happens to the same key when the trial period finishs the next month: [HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{577A4CE0-FDC0-11D7-94F4-A2500D93733F}\TypeLib] @="{e0382634-2635-e03c-3726-3ce03526a6b1}" {e0382634-2635-e03c-3726-3ce03526a6b1} is just the value indicating something like the current time (13 Nov 2003) that is over the 21 days of the trial period. The program see it and understand that the period is ended. ###################################################################### ========================= How to bypass the 21 days ========================= First of all, take Regcleaner. Regcleaner is the great tool written by Microsoft (probably the only good thing they have done and in fact has been abandoned) to clean the Windows'registry from dead links and keys. Unfortunately the developement of this tool is finished, so I have inserted a copy of the program (4.1a, build 7364.1) on my website: http://aluigi.org/misc/regcleaner.zip When you launch Regcleaner, it will remove the dead keys inserted by CloneCD to know if the trial period is finished 8-) So: Q: how to bypass the 21 days? A: simple, launch Regcleaner. When the clean will be finished, CloneCd will still have 21 days of trial period available, so WITHOUT wasting time understanding how the program runs or with hands on debuggers, hex editors and so on. This "Regcleaner's method" has been successfully tested on Win9x and Win Me, but seems to not run on other systems (as XP). The following is a real registry file that Regcleaner creates when it deletes the CloneCd's keys: ---regfile.reg--- REGEDIT4 ; Double click on this file from Explorer to automatically ; undo these deletions or modifications and return the values to the registry. ; - Modified or removed by RegClean 4.1-a (7364.0001) from computer: 0 ; on Thursday, November 13, 2003 21:03:42 [HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{1261d020-fdbf-11d7-94f3-b7ac414a731b}\ProgID] [HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID\{577A4CE0-FDC0-11D7-94F4-A2500D93733F}\TypeLib] @="{e0382634-2635-e03c-3726-3ce03526a6b1}" ---regfile.reg--- ######################################################################