09 Jan 2008
This is a great proof of how NOT to protect software. When you try to uninstall it can ask for a password configured by the network admin, but what it the server admin, servers or entire infrastructure is gone basically giving you no chance of getting the password back. Well facing that scenario myself, I hacked around and found a work around.
First off I would not have figured this out if it wasn't for a similar post about bypassing the protection on the server available at http://www.sbsfaq.com/Lists/FAQs/DispForm.aspx?ID=23
The differences on the client side (compared with article above) start with the location of the file it's in C:\Program Files\Trend Micro\OfficeScan Client. Next the keys are a little different, first you need to find the [INI_CLIENT_SECTION] and in that file, change the following keys:
  • Client_Allow_Uninstall to 1
  • Client_Allow_Unload to 1
  • Uninstall_Pwd to 70
  • Unload_Protect to 0
  • RemoveCTA to 1
Save the ini file and launch the uninstall. Now enter 1 as the password and viola it's gone! From a development point of view this is an example of how not to use encryption. The machine encryption in the patterns&practises Enterprise Library is a much better place to start, and in addition you should also look into using hash to sign files like this, so that tampering with them, invalidates them and requires an update from the server.


Zanmato's picture

Err.. I cant find the ini file... i did find the C:\Programfiler\Trend Micro\OfficeScan Client files but it doesnt contain it.
Upcoming Hackz's picture

it is located in a notepad file called ofcIMPDP.ini

Trend Micro OfficeScan 8 – Bypass Uninstall Passwo's picture

[...]  Many thanks to the following website for getting me most of the way there…  http://www.sadev.co.za/content/trend-micro-officescan-password-when-unin... About these ads var wpcom_adclk_hovering = false; var wpcom_adclk_recorded = false; var [...]

Add new comment