Monday, May 24, 2010

Migrating and Cracking Tritek Legal Case Management

In my development of the MerusCase module that does a data migration from Tritek to MerusCase, I have thoroughly decoded their database schema.  What a mess!  I had to develop contact 'de-duping' software using what we call 'fuzzy matching' via a Levenshtein metric.  That was really intriguing to develop.

However, in order to properly map data from their system to ours, I needed a working copy of the software to reference from and see how that data was being stored in their archaic dBase (Microsoft FoxPro) format. It's funny that Microsoft has officially announced the death of FoxPro, i.e. they have announced the dates after which they will no longer support the product.  It's even funnier that if Tritek has any chance of keeping up with technology they will have to start their app from scratch.  Anyone who as ever used the program realizes how shoddy the user interface is -- irritating to navigate, an eyesore to look at (no taste for aesthetics whatsoever!), and a counter-intuitive approach to UI design.

Apparently Tritek's tampering check is easy to crack.  First off, if you rename the xmgmt.exe file with a .txt extension and open it up in TextPad, you'll see that all the FoxPro code is embedded in plain text.  That is, you can see exactly what the developers wrote that make the application run and do what it does.  If you do a search for 'tampered' or 'exempt' you will find the dialog box that tells you to buy a license, and you will also find the code that does the security check.

All it does is do a 'dir x: > WORK\vsno.txt' on the drive that your data sits on, saves the output into the WORK folder, looks for 'Volume Serial Number' in that text file, because it grabs the 9-char s/n for your drive.  It then hashes it and computes the corresponding 8 to 11 digit integer using a built-in FoxPro hash function (SYS 2007).  That integer is compared to the value contained in serno.dbf file, located in your data folder.  There are 'backdoors' aka Tritek Maintenance logins hard-coded too (see code snippet below).  I could run a brute force attack on those codes using a utility like MDCrack to find out the universal volume-s/n they use...

Fortunately, there is a simple command-line utility that allows you to change your drive's serial number.  This has no effect to anything else, so far as I can think of.  Nothing uses HDD serial numbers except for the occasional 15-year old p.o.s. software (Tritek for one!).  Download volumeid.exe from Microsoft Technet (it's free) or from here.  It's usage is simple: volumeid <driveletter:> xxxx-xxxx.  You'll have to reboot for changes to take effect.

Maybe if I have time in the future, I'll throw together a little script that will disable or patch tritek to completely bypass security checks altogether.  In the world of cracking, a bypass may be as simple as converting a machine code instruction 'jump if equal (je)' to 'jump if not equal (jne)'.  =)


a="dir "+xdata+" >"+xwork+"\vsno.txt"
RUN &a
b=xwork+"\vsno.txt"
a=FILETOSTR(b)
c="Volume Serial Number is "
L=LEN(c)
d=AT(c,a)
d=d+L
z=SUBSTR(a,d,9)
a=SYS(2007,z,0,1)
b=a
a=a+a
L=LEN(a)
SELECT serno
vtampered=.f.
z=ALLTRIM(vsno)
LL=LEN(SYS(2007,z,0,1))
    IF (b="446519453" .or. b="487413866" .or. b="1505040575" .or. ;
    b="3629040784" .or. b="659246687" .or. b="140427344" .or. ;
    b="3772951423")
*!*        IF (b="446519453" .or. b="487413866" .or. b="1505040575" .or. ;
*!*        b="3629040784" .or. b="659246687")
    usesmsg="TRITEK MAINTENANCE LOGIN"
    thisform.uses1.visible=.t.
    xe=0

25 comments:

  1. This article gives the light in which we can observe the reality. this is very nice one and gives indepth information. thanks for this nice article

    PVC Flow Meter

    ReplyDelete
    Replies
    1. This is one of the best note on Migrating and cracking tritek legal case management and I enjoyed it really well. www.price4india.co.in mobiles is another source where you can find similar articles on your mobile in India.

      Delete
  2. To be a good student can be a good future. because he get a proper life. college paper writing service A student is very important person.Because he solved his problem properly.

    ReplyDelete
    Replies
    1. I enjoyed every little bit part of it and I will be waiting for the new updates.Really loved reading your we blog post. The information was very informative and helpful.White Label SEO

      Delete
  3. Looking at the number of people joining social networking sites these days, I feel it is the best platform to present or share anything with the world. But the problem is I don't really know how to get started. I want to advertise my company and I don't understand which platform to use and how to place my ad as these sites have many guidelines and norms to be followed or you might be blacklisted. It would be a great pleasure if you can help me out with it. personal statement editing services

    ReplyDelete
  4. Uncommon of the dominant joint loving trips soothing to juveniles routinely the realm may not be what you would read. In item, mixed deal thru stable chattels and fair trace on how to write essay mortalities which denial a surprising deal of data to support up one’s crucial authorities. Evoke, view print is quite some from exercise upsurge and conjectures print the latter claim a extravagance of facts and unpaid feature to be bright.

    ReplyDelete
  5. Oh! Mythical flier. Truly this site is exceptionally geared up to modify a help for all regarding this. I got scarcely any assertive helps from here and awfully recommended it. Dead I faculty http://online-casino-canada.co be placeable with my relatives and applicable competitors concerning this blog and gift waffle for writer. Thanks a lot……

    ReplyDelete
  6. It was a beneficial workout for me to go through your webpage. It decisively stretches the bounds with the mind when you proceed through very proceedod info and make an effort to interpret it correctly. credit card processor

    ReplyDelete
  7. Thanks for such an interesting article here. I was searching for something like that for quite a long time and at last I have found it here.

    Truflo Paddle Wheel Flow Meter

    ReplyDelete
  8. WOW! what a great concept art. I love how you got the guy that was originally Sonic to return!!!!!!!! you guys are doin
    great! keep up the good work
    Hayward Valves

    ReplyDelete
  9. I am very happy to find this blog.Thanks for creating the page ! I am positive that it will be very popular. It has good and valuable content which is very rare these days.
    Plastic valves

    ReplyDelete
  10. How much you pay for cheap car insurance depends on several factors, including your age and marital status, where you live, and what you drive. You can't do anything about your age, and few people will move just to lower their cheap car insurance premium. You can, however, choose a vehicle that costs less to insure.

    ReplyDelete
  11. I'll bookmark your blog and check again here regularly. I am quite certain I will learn a lot of new stuff right here! Best of luck for the next.
    hayward Plastic Strainers

    ReplyDelete
  12. Some sense to share by using it - wonderful, Therefore i favored a grievance to look at is an effective fulfillment. I'm sure effective in examine things as long as substantial trust, but presented on being a everyday web surfer learned... I always however inspiration!
    essay writing

    ReplyDelete
  13. I really enjoyed reading it. It is very pleasure to get it as I got huge helps right here . I do like your hard workings and appreciate your concept . Thanks for sharing this. Thanks and keep sharing the quality content.sell gift cards

    ReplyDelete
  14. I am so happy to read this article.And Its a very good article. I am really enjoyed reading.Thanks for sharing to this article. Carpet Cleaners And i say its a great site.I like this site.

    ReplyDelete
  15. competitively priced Cabinet Panel Cooler is a solution to these very concerns. The cabinet cooler incorporates STREAMTEK's™ reliable Vortex Tube to purge as it cools electronic and electrical enclosures. The filtered air that enters your electronic control panel cabine
    http://www.stream-tek.com/products/vortextubes/vortex-tube.php

    ReplyDelete
  16. I am fully impressed with your post and words which march together with your concept.
    Essay Writing Services

    ReplyDelete
  17. Work Corps lives up to expectations with its graduates to help them discover steady employments in high-development commercial enterprises with managers over the country.Employers spare time and cash by contracting talented Job Corps graduates who are prepared on industry systems and gear. Post CV online

    ReplyDelete
  18. Great post but I was wondering if you could write a little more on this subject? I’d be very thankful if you could elaborate a little bit further. Thanks in advance! legal document management software

    ReplyDelete
  19. Are you needing to cash into a checking account, the entire amount usually cannot be promptly accessed; there may even be a waiting quantity for the check to clear? we've an inclination to unit the companyproviding you the foremost effective services regarding check cashing inside a quick quantity. In USA you will notice U.S. check cashing Burlington

    ReplyDelete
  20. As said before in this article, you may purchase an auto from a dealership and after 3 days the auto actually tumble to pieces. trademark registration

    ReplyDelete
  21. This comment has been removed by the author.

    ReplyDelete

  22. Bitcoin Support Number is the right place where you will get all kind of bitcoin support starting from transaction issues, blockchain issues etc. Bitcoin support service customer helpline number will help you in every possible manner to fix all of the bitcoin wallet problems and glitches.

    bitcoin support
    www.norton.com/setup
    Office Setup
    www.webroot.com/safe

    ReplyDelete
  23. click for more blog here additional resources visit the site why not look here look at here now

    ReplyDelete