Wednesday, February 27, 2008

Cracking - an outcover

How to crack a software
How to crack a software
tools required
1.hiew
2.win32dasm89++

you may download these tools from
http://www.esnips.com/web/hackingstuffs?docsPage=2#files

as we are using dissembler it will dissemble the soft into its assembly codes so u need to know some basic codes which we need in this job

----------------------------------------------------------
this part is copied from anither community post as i dont feel to rewrite the same thing again


EB-----------------jmp---------------------------Unconditional jump
90-----------------nop---------------------------No operation
75/0F85------------jne---------------------------jump if not equal
74/0F84------------je----------------------------jump if equal
77/0F87------------ja----------------------------jump if above
0F86---------------jna---------------------------jump if not above
0F83---------------jae------------------------jump if above or eq

-------------------------------------------------------------------

now start

1st step-

try to register the software with some random character. you will get an error messege like "wrong code"
note down this code

dessemble the exe file using win32dasm

u will getthe codes in too many lines .. may be 10000 depending upon the size of soft.

now find "wrong code" by search option in the dissembler

as you can see the codes are written in modules

just the line you find the "wrong code" ..try to check for the start of that module

hint* check for the lines "unconditional and conditional jump statements"

see the memory addresses written there
eg- oo1a009877...

leave this thing here only

now open the same .exe file with the help of hiew
open hiew.exe and start working on it with keyboard only

select the folder and select the file to open it
after opening it u can see garbage characters that you can not understand.
press f4 and select 3rd option ie- decode

now you can see the codes

now note the addresses written on dissembler part where we left

on hiew window press f5 and press "." then foloowed by the address u noted there

now after coming to the desired position select edit option by pressing f3


now we have to revert the statements
like lets say we encountered jne
like jne to je and vice-versa by changing there corresponding values ie 84<-->85

like this revert all the loop statements noted on dissembler module where we left after searching

now after editing the values press enter key and then press "f9" to update the changes in the exe file

now exit hiew

done!!!

now replace the .exe file with the one you just cracked

now it will accpet all the wrong codes which u will ener for registration and on entering the correct key only it will show error messege

Any type of registration protection.
First of all.Use Softice cause i don't like Live Approch.
Ok
Run Your target program and go on the registration dialog,then put
in the dialog any name and any serial number but DON'T press OK
before press "control+d" to pops up softice and in softice sets some
Break points.......for approching with a registration routine we must
breakpoint on api(windows functions) used to read Your name and Your
Sn.
They are
Getwindowtext
GetwindowtextA
Getdlgitemtext
GetdlgitemtextA
Hmemcpy (that's not an api but it's the best)

Well the "A" after the api means 32 bit so if your program is 32 bit
put the A if not don't.Easy!
I always use only Hmemcpy cause it runs 99,9% of the times.
Well now exit from softice by pressing control+d and press ok,if you have set
a working bpx softice will pops up.

Now start the real cracking.....
Press F12 until you can read on the bottom line of SoftIce the name
of the file of the program you're cracking....
then if before your location there's a call ok,if not press again F12 until you find it.
Then you must step into the code.....(by pressing F10),if in your stepping you find some
condictional jumps have a look at them......btw step until you find a call that prompt you
something like a messagebox or something else that prompt you the "You entered a Wrong code",
well before that call you noticed a condictional jump that jumped on that call or dindn't jump
over that call....if yes try to inverse the jump (change a jz into a jnz)
or (a better way) change the value of the eip in order to make that jump to jump or not.
Doing this if you find the good jump the program must prompt you "Thank for Registering this
fucked program",
now the crack is near to the end...
Often cracking this way you will only prompt the "You Are Regged" but the program still continue
to be unregged so in order to crack it 100% and easly there are 2 ways-

1) trace into the call BEFORE our important condictional jump and try to understand the code,
in order to find the real compare instrucion that often is kept in this call not out....if
you find out our real compare instruction,and change the below condictional jump in order to
make it jump or not(it depends if it before jumped or not,do the reverse).
Ok now the program should be fully cracked!

2) this is a worse way than the first but it works!This way is easyer for beginners
You must trace into the call before our important codictional jmp,and then put a bpx in its first line,then press "x" and exit from softice and use the program in all its functions,create new,open,about,save, and when softice pops up press "f12" in order to get out that call and look for a near condictional jump and try to inverse it and look if the program looks like regged,
you must sign up all these condictional jump and inverse it,and your program is cracked!

No comments: