Software cracking is the process of bypassing the registration and payment options on a software product to remove copy protection safeguards or to turn a demo version of software into a fully functional version without paying for it.
Cracking software generally requires loading the executable into a hexadecimal code editor and directly modifying it. The executable is then run in place of the original.
Software cracking is considered illegal and cracked software is often called pirated software. Cracked software generally has had the executable modified and can cause undesirable behaviour.
The most common software crack is the modification of an applications binary to cause or prevent a specific key branch in the programs execution. This is accomplished by reverse engineering the compiled program code using a debugger until the software cracker reaches the subroutine that contains the primary method of protecting the software (or by disassembling an executable file with a program such as IDA). The IDA (Interactive Disassembler), as a disassembler commonly used for reverse engineering, performs the process of automatic code analysis thereby leveraging cross-references between code sections and interactively identifying the parameters of API calls. Normally, the software cracker using an IDA begins with tracking an automatically generated disassembly listing and then renames and annotates the information to the listing, until the algorithm of the software is traced to be effectively reverse-engineered.
The binary is then modified using the debugger or a hex editor in a manner that replaces a prior branching opcode with its complement or a NOP opcode so the key branch will either always execute a specific subroutine or skip over it. Almost all common software cracks are a variation of this type.
A good example of this technique is a crack that removes the expiration period from a time-limited trial of an application. These cracks are usually programs that patch the program executable and sometimes the .dll or so linked to the application.
Similar cracks are available for software that requires a hardware dongle. A company can also break the copy preventions of programs that they have legally purchased but that are licensed to particular hardware, so that there is no risk of downtime due to hardware failure (and, of course, no need to restrict oneself to running the software on bought hardware only).
In other cases, it might be possible to decompile a program in order to get access to the original source code or code on a level higher than machine code. This is often possible with scripting languages. An example is cracking (or debugging) on the .NET platform.
Download Cracking Software
The buttons do the following:
- Start thread - start new thread that increases counter each 100 milliseconds;
- Suspend last - suspends last created thread. There is no corresponding "Resume" button, use OllyDbg;
- New process - starts new instance of itself;
- New suspended - starts new instance of itself in suspended state;
- FatalExit() - calls FatalExit(), what else?
- Current Dir - displays current directory;
- Load ws2_32 - loads ws2_32.dll (must be present on all systems);
- Unload ws2_32 - unloads ws2_32.dll;
- Set filter - calls SetUnhandledExceptionFilter(). The handler only displays the error. Note: it wont work on stack overflow;
- Sedt VEH - calls AddVectoredExceptionHandler(), same note as above;
- Read [00000000] - attempts to read memory at zero address;
- 0 : 0 - integer division by zero;
- INT3 - executes INT3;
- INT ff - executes INT FF;
- JMP 123456 - jumps to (most probably) non-existing memory;
- Stack overflow - calls function that recursively calls itself;
- 1.0 : 0.0 - floating-point division by zero. Note where this exception is reported!
- Set Trap - sets bit T (single-step trap);
- POP SS/PUSHF - executes POP SS, PUSHF, POP EAX and displays the contents of EAX (and especially bit T);
- MOV SS/PUSHF - executes MOV AX,SS; MOV SS,AX, PUSHF, POP EAX and displays the contents of EAX (and especially bit T);
- INT 2D - executes INT 2D, has special meaning under Windows;
- String A - executes OutputDebugStringA() (ASCII version);
- String W - executes OutputDebugStringW() (UNICODE version);
- ZwAlloc(0) - allocates memory block at address 00000000. Try Read [00000000] afterwards and be astonished!
Mirror via Direct Link
0 comments:
Post a Comment