Cracking WinRAR v3.71

This tutorial will show you how to remove the 40 days
trial timer for WinRAR 3.71 and create a patch for it.
Download this which includes the following for what you need:

  • WinRAR 3.71 Trial Version
  • Disassembler: HDASM (Hacker’s Disassembler)
  • Hex Editor: HIEW (Hacker’s View)
  • Patch Creator: dUP (diablo2oo2’s Universal Patcher)

First open the wrar371 setup file to install WinRAR. Now open WinRAR, and as you can see, there is the notice that comes up that says that you have 40 days to evaluate WinRAR then you have to buy it.
[Image: WinRAR 40 days trial notice]

First before doing anything, make a copy/backup of WinRAR.exe “C:\Program Files\WinRAR\WinRAR.exe”.
Now we will disassemble WinRAR. So open HDASM and through here, load the copy of WinRAR.exe that you created, don’t worry about the settings for disassembling; just stick with the default and click Disassemble. Once loaded, we will look at the dialog box references of this program; the one that we will try to find is called (by window title) “Please purchase WinRAR license” (the dialog we see when we open WinRAR). To see this list of dialogs, click ‘D’ on the toolbar. Now search for the dialog by typing in the search bar “Please purchase WinRAR license”. Of course, you don’t have to type the whole thing: once you have typed ‘Please pur’ it will index to the only possible item for what we are searching for. When indexed you will see the ID keyword next to it which in this case is “REMINDER”. Now we can take this ID and search for it in the disassembly. Exit the dialog references box and click ‘S’ (for search string references) on the toolbar and search for “REMINDER” w/out the quote. Double click on the result and it will bring to the offset address 0043FF47, please make a note of this address.
[Image: HDASM 'REMINDER' search in disassembly

At this address the instruction is ‘push 004A8AA0’, if you go to the 004A8AA0 address in the file (with a hex editor) you will see that all the hex bytes [up until the hex 00 (null termination)] spell out ‘REMINDER’ in ascii. And remember that this is an ID for the trial reminder dialog box. on the second to next instruction you will see a call to USER32.DialogBoxParamA external library to show and execute the functions of the trial reminder box that was pushed to the stack for one of the arguments.

Now that we know the address of where this dialog comes in we can modify it to take it out by replacing the instruction ‘push 004A8AA0’ with ‘nop”s so when the library call is executed it will return nothing since the ID of the dialog template is not specified. A hex editor is required for the raw modification of files. So we shall exit HDASM and drag and drop WinRAR.exe into HIEW to load the hex dump and disassembly of WinRAR into HIEW (HIEW32.exe). Now after you have loaded WinRAR into HIEW press F4 (mode) and select decode, press F5 (goto address) and enter ‘.0043FF47’ to go to the address of the REMINDER dialog setup. Once at this address, press F3 to edit, and type 90 five times to replace ‘push 0004A8AA0’ with ‘nop {newline} nop {newline} nop {newline} nop {newline} nop’, nop means No Operation it will perform no instruction; it’s just a byte to take up file space.
[Image: Comparison of old WinRAR code to new modified code
Press F9 to update.

Finally we have a cracked version copy of WinRAR! Optionally we can make a patcher for this so when you re-install the trial of winrar 3.71 again, you can just open the patcher in the same directory and winrar will be modified again for the crack, instead of going through what we just did all over again. This patch will be made with dUP.

Before starting, we should have our patched cracked version of WinRAR.exe (which we just made) and the original WinRAR.exe file that is not cracked.

First to make a winrar crack patch open dUP and select New Project.
From here just enter patch info to show to the user before they execute the patch. After saving, click Add and select [offset patch]. Edit the offset patch data by double-clicking [Offset Patch] in the listbox. The file that we want this program to patch is WinRAR.exe, so browse and select the original WinRAR.exe file for the Target File. And instead of entering the offset, the original byte, and the patched byte, we will just compare the orignal WinRAR.exe file to the cracked WinRAR.exe. Do this by going to the Compare Files groupbox and enter the orignal winrar and our patched winrar for the appropriate fields and click Compare. Now that the file knows what to patch we can save this, click save.
[Image: Offset patch data to enter]
Finally, click Create Patch.
The patcher file will be created in your specified directory, after refreshing that directory you should see it. Congrats on creating your WinRAR 3.71 Patch Crack! As said earlier, after you install the trial of winrar 3.71 just open the patch within the same folder as WinRAR.exe and patch it.

One thought on “Cracking WinRAR v3.71

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: