Trend Micro OfficeScan Password when Uninstall - How to Bypass

This is a great example of how not to protect software. When you try to uninstall it, it can ask for a password configured by the network admin—but what if the server admin, servers, or entire infrastructure is gone? This basically gives you no chance of recovering the password. I faced this scenario myself and hacked around to find a workaround.

Here’s how I figured it out: I wouldn’t have cracked it without a similar post on bypassing the protection on the server, available at http://www.sbsfaq.com/Lists/FAQs/DispForm.aspx?ID=23. The client-side differences start with the file location—it’s in C:\Program Files\Trend Micro\OfficeScan Client. Next, the keys differ slightly:

Save the .ini file, then relaunch the uninstaller. Enter 1 as the password—et voilà, it’s gone!

From a development perspective, this is a prime example of poor encryption practices. The patterns & practices Enterprise Library offers better machine encryption methods. Additionally, using hash signatures for such files ensures that tampering invalidates them, forcing a server update.