Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > Reverse Code Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #1  
Old 10-12-2004, 03:03 PM
mehargags mehargags is offline
Junior Member
 
Join Date: Oct 2004
Posts: 2
Send a message via MSN to mehargags
Default Registry entry

My ISP provides internet Over LAN & uses "Cyberoam 24online" client To authenticate to the Server. Check the link for detail http://www.elitecore.com/cyberoam.htm

I have to keep logged in with this Client to use internet.. Now the Problem Part:-
when u use this client Software, it kind of exhibits Firewall behaviour & Blocks all the Popular Ports(7,80,21,137,139) on the Perticular ethernet Interface. u cant even ping the Machine. but still i managed to run FTP using the Port 2121. BUT recently 3 days back my isp upgraded the Software & now the Problem is that the bandwidth of all inbound & outbound TCP connections from the Lan card do not Cross more than 128 kbps. Now this is pathetic as i suffer alot on my home LAN. Even if i have to copy something from my PC to Laptop -- it will only Download/upload with the 128 kbps(be it Any port) which used to be over 5mbps earlier
there is a Registry setting which bounds the Bandwidth of a Certain ethernet NIC.

The Client makes some Specific entries in the Registry Key
HKEY_LOCAL_MACHINESYSTEMControlSet001ServicesTcpip Parameters
which Thus Disables the TcpIP Ping & File sharing Ports & also restricts the Bandwidth from a Specific Adapter.
I attach the REG file for Study

when I deleted the & Rebooted mymachine Once -- the Pinging & File sharing Etc. were back in Action-- which Confirms that the Client is using some Registry Based Tweak only. Moreover --after deleting the keys when i tried running the Client it Stopped saying "Client Tampered- - components Missing Reinstall Client"

now what i wanted is that if somehow its possible Patch the EXE & make it work Without the KEYS -- my Purpose is Solved

If anybody intrested i can send him the exe thorugh mail it of 400 kb
So just plz reply
Reply With Quote
  #2  
Old 10-13-2004, 01:40 PM
rous rous is offline
Member
 
Join Date: Jan 2004
Posts: 38
Default

mehargags,

Hi and welcome.

I don't know your circumstances, but I believe that removing the throttle on your internet connection, unless used abruptly and seemingly sporadically, will surely result in termination of service. With limited bandwith, ISP's tend to notice obvious siphoning.

Depending on your system, I don't believe you would even have to reverse the security scheme of the code in order to bypass the firewall...if you are root, then you are root; no installed software can keep a port closed if you don't want it to. Now, installed hardware or a disruption of the protocol(s) by your ISP is a different matter entirely.

With both of these in mind, may I suggest some easier options: 1) If you are unsatisfied with you ISP, and unless it is your only viable financial option, why continue doing business with it? 2) I just installed a wireless network in our home and because I know next to nothing of networks, it was an interesting experience. In provide stronger security for my girlfriends PC, I set up my box to act as the NAT, firewall, and DHCP server instead of the router...

...sorry, I tend to ramble. My point is that I was astonished by the number of wireless networks in our immediate vicinity and the ease of which they, including mine, might be hijacked. You could buy a network card for the price of one month with your ISP. Obviously, I am NOT advocating the theft of personal information, just the utilization of unused bandwith. 3) My grandparents house is in the forests of northern Wisconson; they receive internet service via satellite.

Good luck,
rous
Reply With Quote
  #3  
Old 10-13-2004, 01:43 PM
Crudd Crudd is offline
Administrator
 
Join Date: Dec 2002
Posts: 22
Default

From what youve described, it sounds like you would be able to disable the check for the registry keys (as long as none of the deleted keys are actully needed for the program to run). Also, have you just tried changing the values of the keys? Maybe you can change the values to get the speed you desire. If you have a backup of your old registry, you may be able to find out what those values should be. Otherwise, some simple guessing might work. Also, you have a PM.
Crudd [RET]
__________________
Just another freak, in the freak kingdom.
Reply With Quote
  #4  
Old 10-13-2004, 02:27 PM
mehargags mehargags is offline
Junior Member
 
Join Date: Oct 2004
Posts: 2
Send a message via MSN to mehargags
Default

i dont know What Keys to Edit - Plus most of them are HEX in value
W'd u like to Study it & so let me change some Values ?
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2022, Jelsoft Enterprises Ltd.