Trend Micro OfficeScan Password when Uninstall - How to Bypass
This is a great example of how not to protect software. When you try to uninstall it, it can ask for a password configured by the network admin—but what if the server admin, servers, or entire infrastructure is gone? This basically gives you no chance of recovering the password. I faced this scenario myself and hacked around to find a workaround.
Here’s how I figured it out: I wouldn’t have cracked it without a similar post on bypassing the protection on the server, available at http://www.sbsfaq.com/Lists/FAQs/DispForm.aspx?ID=23. The client-side differences start with the file location—it’s in C:\Program Files\Trend Micro\OfficeScan Client. Next, the keys differ slightly:
[INI_CLIENT_SECTION]Client_Allow_Uninstall→ 1Client_Allow_Unload→ 1Uninstall_Pwd→ 70Unload_Protect→ 0RemoveCTA→ 1
Save the .ini file, then relaunch the uninstaller. Enter 1 as the password—et voilà, it’s gone!
From a development perspective, this is a prime example of poor encryption practices. The patterns & practices Enterprise Library offers better machine encryption methods. Additionally, using hash signatures for such files ensures that tampering invalidates them, forcing a server update.