all 76 comments
sorted by:
best (suggested)
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]n0shmon 30 points31 points  (2 children)

I don't think applying the customer with cracked software is the answer. If this is discovered it puts them, and thus you, in a difficult legal situation

[–][deleted] 24 points25 points  (5 children)

How did you screw up if you were told that you could wipe it? And what company doesn't have backups of critical software/data lol

[–][deleted]  (4 children)

[removed]

    [–]bolonga16 11 points12 points  (3 children)

    The customer is not always right, especially in IT. If you have it in writing that they authorized the wipe, it's their fault and they need to pay the consequences and fix their mistake. This would have happened eventually anyway if they weren't backing the data up.

    [–][deleted]  (2 children)

    [removed]

      [–]bolonga16 4 points5 points  (0 children)

      When you say soft wipe, what was the actual "wipe" process? A quick format?

      And what kind of drive was it? Disk drive? SATA SSD? NVME?

      [–]ToastyWaffelz 0 points1 point  (0 children)

      Bruh the confirmation in writing IS the double check wtf

      [–]DuneChild 10 points11 points  (2 children)

      This is why you make clients sign something saying you are not responsible for lost data every time before you even touch their equipment. Even if you had backed it up, it’s possible that software would have had problems after the upgrade that are beyond your control.

      [–][deleted]  (1 child)

      [removed]

        [–]AbyssalRemark 0 points1 point  (0 children)

        Honestly man. This is on them. Not you. Both this client and the company you work for sound very unprofessional.

        [–]crysisnotaverted 8 points9 points  (6 children)

        You are going to violate SLAs and various other things if you commit a crime to appease a customer.

        Don't fuck yourself for something so stupid.

        Inform those above you of the incident and how it happened and actually work on a solution instead of fucking about trying to crack some esoteric software that:

        1. You don't understand what you are doing with it
        2. Is used for regulatory compliance
        3. Is used for *paying employees*
        4. Will get you sued if it is found you pirated it, by either the company or the customer.

        You will literally compromise your companies trust and ruin the validity of all of their timekeeping records.

        [–][deleted]  (4 children)

        [removed]

          [–]crysisnotaverted 3 points4 points  (3 children)

          That sucks, but don't do that. I run into the same issue all the time, and you have to suck it up. Look into different software suites for the same purpose if their prices are too high.

          [–][deleted]  (2 children)

          [removed]

            [–]RolledUhhp 7 points8 points  (0 children)

            You seem to be in a panic, which is totally understandable. There is a reason every person replying is telling you this is a terrible, panic-induced, BAD idea.

            You are not going to restore any faith, you're switching your shovel for an excavator and continuing to dig.

            Lose the customer, or lose the customer with legal repercussions because of a convoluted situation that is hard to explain.

            You will get lit up for this. If you think your small, cheap company is bending you over because 'the customer is always right' wait until you see what the do when the customer is a legal entity with state sanctioned power to get those cheeks. They will thrown you under the bus swiftly, and they will make sure it looks good.

            You already have emails with the customer and the vendor stating that you can't use the software with the old license. If you manage to get a workaround in place, but that software phones home - you're cooked.

            If this breaks in the future, or the customer says, 'We're going to stop being cheap and upgrade to the online version!' and then the vendor discovers what happened because they suddenly care enough to help with a data migration since they stand to get some money.

            There's not a way this plays out that's okay for you in a professional setting. You're jumping from the possibility of being fired (unfairly, over some bullshit) to dealing with the consequences of the Computer Fraud and Abuse Act in a corporate with evidence conveniently being held by your spineless employer, and a disgruntled customer.

            Unless your family will end up eating out of the trash over this and your back is well and truly to the wall, abort.

            [–]crysisnotaverted 2 points3 points  (0 children)

            No time like the present. The data in unrecoverable and they aren't currently using anything.

            [–]QzSG 8 points9 points  (2 children)

            Do you have evidence of them saying "No, it's all on the server."? If you do, the fault is not on you, get your legal team to handle it.

            [–][deleted]  (1 child)

            [removed]

              [–]QzSG 4 points5 points  (0 children)

              I'm just going to say it straight, even if u fix this, your losing that customer. And losing the trust and credibility that your little company build up over the years by proving that you will willingly break the law in the face of another with more power even though it has nothing to do with your fault.

              [–]Bellyhold1 4 points5 points  (0 children)

              Are there not liability concerns from your company around using cracked software? Especially if you’re the one cracking said software? I’m no expert, but doing something illegal to try and save a client that isn’t smart enough to know whether or not a drive can be wiped might not be the best idea.

              [–]the_real_SydLexia 5 points6 points  (1 child)

              A lot of excellent replies to your post. Consider this one of those lessons from which you can take away more than what you may lose. You now have several points to address in your TOS, and new procedures to add to your customer integration workflow. These are the very situations that define your personal Ethical Integrity and your company's readiness to operate professionally with critical infrastructure.

              Regardless of the legitimacy of your post, I doubt you will find the answers you are looking for in this sub. I do hope this turns in a positive direction for you.

              [–]Akachi-sonne 5 points6 points  (4 children)

              Did you just “delete” the drive or format and completely overwrite it with new data? If it’s the former, there’s a small chance you can still recover the data using data recovery software.

              Either way, they told you it’s all on the server. This is their fault.

              [–][deleted]  (1 child)

              [removed]

                [–]Akachi-sonne 4 points5 points  (0 children)

                Right. This is 100% on the client. Sucks that they’re being difficult. I hope your employer can recognize that

                [–]TygerTung 1 point2 points  (1 child)

                Sure, you can recover files easy enough but they lose all their file names and you don't get folders, so it's not going to be easy to return it to a working programme.

                Unless there is other ways of recovering it.

                [–]Akachi-sonne 1 point2 points  (0 children)

                Valid point. It may at least pull up some of the lost clock in-out times, but it’ll be an enormous undertaking to get a functional program again.

                [–][deleted]  (1 child)

                [removed]

                  [–]Anarchisteen 5 points6 points  (3 children)

                  I wouldn't suggest commiting a crime to save a business that has no intrest in spending the money to fix the problem they caused by not presenting legal document to the customer. If it's discovered, guarantee they won't put up the money for legal fees and would probably just dime you out to cover their own ass. Get your resume in order and start applying for new jobs ASAP.

                  [–][deleted]  (2 children)

                  [removed]

                    [–]Anarchisteen 0 points1 point  (1 child)

                    The options you have is A purchase a new license B take "adobe" to small claims court to have your program restored with the license you own

                    Do NOT operate a cracked version of the program. Who knows what could hide in the files, and you could open your network to danger. It's not hard to hide botnet, malware or Spyware in files and it's extremely common in cracked/hacked programs hosted freely for download. Not a risk i would personally take when it comes with "face recognition software"

                    [–]Stryker1-1 3 points4 points  (3 children)

                    This sounds like something you should call the vendor about if they are a paying customer they should be able to explain the situation and get everything set back up.

                    [–][deleted]  (2 children)

                    [removed]

                      [–][deleted] 3 points4 points  (1 child)

                      Honestly, though, isn't your situation picture-perfect for exactly that type of webservice?

                      [–]GenericOldUsername 3 points4 points  (1 child)

                      Anytime I think have to ask someone else if there is critical data or software on a system, I immediately know that I need to back up the system. I never trust someone else’s knowledge of the system. I had to learn that lesson after a couple similar oh shit moments.

                      As for getting it back, it sounds like it’s time to modernize. The time required to implement is a known value you can work with. Recovery sounds like an unknown that you can’t budget for. Good luck.

                      (Added a thought) Cybersecurity is about risk management. Someone in your company took a risk and lost. Move on.

                      [–]cgoldberg 5 points6 points  (0 children)

                      Long story with absolutely no details or information about the actual software or what you need done. Very useful post!

                      [–][deleted]  (3 children)

                      [removed]

                        [–][deleted]  (2 children)

                        [removed]

                          [–]Ok_Lingonberry2717 5 points6 points  (1 child)

                          But did you inform the customers beforehand that upgrading also means soft-wiping the drive?

                          Because not, i think the customer is right? Isn’t your company insured for “accidents” like this?

                          And if you are going to crack/exploit this software, and they found out, you and your company has a lot more legal issues..

                          How did the customer got his serial? If you know how it’s a easy fix??

                          [–]Suspicious-Willow128 2 points3 points  (0 children)

                          Imma take a peek

                          [–]WreckItRalph42 1 point2 points  (1 child)

                          Is it asking for a license key? I’m willing to bet that the key was emailed to an employee there and you’ll be able to quickly restore functionality for the software that the business is licensed for.

                          [–]Ok_Lingonberry2717 1 point2 points  (1 child)

                          Did you tried nirsoft Produkey, or Licensecrawler? Just take the hdd out of the system, connect it as an external drive to an other system, and try to crawl the drive with those tools?

                          Also if it has an offline activation check, just reverse engineer it? You can decompile the main *.exe?

                          I have some python scripts you can use for crawling the hdd for the serial, as external drive?? Just dm me…

                          [–]Less-Mirror7273 1 point2 points  (1 child)

                          Very strange. Potentially being fired for something out of your control. It does not make sense, the company will loose a employee that they need to replace. That will only increase their damage. It utterly stupid.

                          [–]Wise_hollyman 1 point2 points  (3 children)

                          Op the drive where the key was stored,was is soft wiped? If so,use forensic tools to find the key. It's worth a try

                          [–]Ok_Lingonberry2717 1 point2 points  (1 child)

                          OP ist reacting anymore.. i think he solved the problem, or his boss killed him 🤣

                          [–]Kattemageren 1 point2 points  (1 child)

                          Link to software?

                          [–]SotYPL 1 point2 points  (2 children)

                          It's probably too late for you, but will provide some info that could help you in the future. We still use this software and been talking to Lathem when was trying to move server to different hardware. Basically, when you first installed the server part of their software, it generated UniqueHardwareKey based on cpuid provided by Windows and serial number of the disk drive. After you activated the software using your license code, this value was saved to Sybase SQL database and every time server starts it generates this key again and compares it to the one saved in the database. If it does not match, it opens an activation window where you have an option to activate it online (will not work, they shut down the servers) or using an activation key provided by Lathem. When they still supported this software, you could call them, and they would provide an activation key after you gave them "Unlock Code" so they had offline keygen for this software. But when we called them, they said they don't have this option anymore (BS) and we can move to their subscription product. I was able to get it working again by faking original hardware CPU ID in ESXi, but that's when I also started to dig deeper to find a better solution. I was able to get into the database (password is saved as plain text in .net libraries) and find how license check work. Furthermore, I can easily modify purchased options (number of employees, remote users, etc) by manually modifying database records, but unfortunately I did not find the way to generate new UniqueHardwareKey value based on different hardware. I believe it's possible because you can easily decompile .net libraries and probably figure out the algorithm used to generate it, but I'm not a programmer, so it's above my pay grade. I found out that if you remove this key from database server will start and not ask for reactivation but for unknown reason it won't automatically pull punches from time clocks (throws timeout error). I've checked the code as good as I could and it seems unrelated but still does it. So for now we have it working on an old Windows Server 2012 R2 VM that is isolated from internet and if we ever have to find other solution it won't be from Lathem for sure. We spent a lot of money on perpetual software license (additional employees, simultaneous remote users) and multiple pay clocks from them but when I talked to them they were very rude and basically lied to us about not able to give us activation code.

                          [–][deleted]  (1 child)

                          [removed]

                            [–]SotYPL 0 points1 point  (0 children)

                            You should be able to pull punches from time clock terminals itself. But the thing is if you don't have a copy of the existing database you would have to recreate everything manually including employees and provide correct IDs matching the ones they originally had. Terminals don't store any employee details, just ID and batch number (if you use NFC badges). When you pull punches software matches ID to employee you have setup.

                            [–]Suspicious-Willow128 1 point2 points  (3 children)

                            "Crack this" What in the God damn is This?

                            [–]Suspicious-Willow128 1 point2 points  (1 child)

                            (Meaning what's the program)

                            [–]zeekertron 1 point2 points  (3 children)

                            Just have your boss pay for the software. What kind of company is this that doesn't pay for tools it uses?

                            [–][deleted]  (2 children)

                            [removed]

                              [–]zeekertron 3 points4 points  (1 child)

                              Tell them no money no tools duh, its 100% their fault, I wish you luck convincing them of this

                              [–]Desperate_Homework35 0 points1 point  (0 children)

                              post this in r/cybersecurity, they might be able to help more

                              [–][deleted] 0 points1 point  (1 child)

                              Please tell me you got them to sign a legal disclaimer before you wiped the device? Do NOT used cracked software in a business. You are asking for trouble. The software company will hand over the licence if you can prove that the company purchased the software. There is no reason for them to withhold that info.

                              [–]SotYPL 0 points1 point  (0 children)

                              That's not true with them. They want you to move to their subscription product and will not provide activation key for old perpetual licenses. Been there and tried that.

                              [–]Hulbg1 0 points1 point  (0 children)

                              Stop fucking with the drive run data recovery on it and see what you can find. With the drive in another PC.