.ly

Friday 7 June 2013

The Removal of Software Copy Protection

For your benefit, I have again delved into the seedy underbelly of the Internet to help keep you informed of what it has to offer.
I submit this report on Cracking for your approval.

A Definition
Cracking is defined as the attempt to remove the copy protections inserted into software programs.
A program successfully stripped of protections is then known as having been "Cracked".
Some of the removed protections include:
Time limits - example of this is a 30-day trial period, after which the program will no longer run.
Nag Screen - graphic that appears, at programmer determined intervals, asking you to register the software.
Serial Number - the use of an assigned number that is required for the program to function.
A Crack usually comes in the form of an .exe or .com file. Like a file you download from a software company to correct a bug or add a feature, a Crack patches one or more of the applications .dll files or the main .exe file itself.

Is This Legal?
Similar to the other Internet giveaway, Warez, the legality of Cracks is far from being globally defined.
The most common belief stated online is that it is legal to write, upload and even download a Crack, as long as you don't use it to disable a software title's copy protection. However on 10-24-97, it was reported here in the U.S. that two separate arrests were made for the "illegal distribution of Cracks."
The news article reveals a few interesting points about how the FBI and the SPA had two sites under surveillance for seven months!
Wow, it took that long to gather evidence!
The article also states that the SPA found over 17,000 sites listed on the net that were similar to the ones taken down. Lets see, at seven months for every two sites that would take them only 4,958 years to bust them all.
While it may or may not be illegal to use and distribute Cracks, the legality of actually "Cracking" a piece of software is an entirely different matter.

Software License
The legality of reverse engineering software has been established in many parts of the world. In Europe for example, this activity is clearly defined as legal in the European Union Directive.
In the United States, several court cases have ruled that the reverse engineering of software is legal, as long as the motive is not commercial gain.
Read more about cases that ruled in favor of the right to disassemble software.
You may have read the above text and said to yourself, "Hey the software license says I am forbidden to decompile the software I own."
You're right, it does. Except, you don't "own it". You are being "allowed to license it".
The reason for this is so that the company that produced the software can be exempt from any liability resulting from a faulty product.
Did that hot new software title format your hard drive? Nothing the manufacturer can do for you because you do not "own" the title and only legal owners have the right to demand compensation.
In reality of course, things are different. Even the standard "Software License" states that depending on where you live, all the previous gibberish "may not apply to you".
This does not stop them from saying it however, also you "must agree" to this license or you will not be allowed to proceed with the installment of most software titles.

Fish Tales and Hand Grenades
The computer industry is no corporate slouch when it comes to "telling lies" to deceive the public. Here are just a few examples:
    17" Monitor? - Not even 16", if you're lucky 15.9" - I guess they thought the average computer user would not notice the difference in an item that they only stare at all day!
    56k x2 Modem? - Sorry, maxes out at 53k recv. and 33.6k sending. USRobotics blames this on FCC regulations, actually the problem is the modem sends too much voltage thru the phone line, limiting speed to 53k. But hey, what's one more lie among friends?
    32x CD-rom? - Possibly the greatest flat out, screw you, lie yet - These drives average speeds of between 16X - 20X and are only able to achieve a rate as high as 30X. The 30X speed is only attained when the CD has data written all the way to the edges of the disk. Once the outer edge data is read the CD drive slows to half speed. This is why you see CD-ROM Drives labeled as 24/12 or 32/16.
The automobile industry used to treat customers like dirt too, until the day that their utter contempt and disregard for the general public peaked with the release of their "gutter car" line. This pathetic lineup included the abominations that were to be known as, "gremlin" and "pinto".
Note: The mere sight of a gremlin caused other drivers to veer off the side of roads in utter fear of these "moon buggies".
But it was the pinto's bad habit of exploding like a hand grenade, that finally brought the auto industry back down to earth. The pinto was as ugly as it was dangerous, which made for great T.V.
The news media wasted no time in gleefully broadcasting video, graphically demonstrating just how awful burning to death in an "ugly car" could be.
I can only guess at the event that will provoke the regulation of the computer industry. For the chances of something happening are good, for history has a habit of repeating itself.
Sorry for the digresion but I just love to ramble on about all kinds of irrelevant shit.

Where to Search
As I state in my article on Warez, you should be able to track down all the info you need regarding this subject by making good use of the many search engines the net has to offer.
Astalavista Look no further than this site for that crack that your too lazy to learn to write yourself.
Since the file size of most Cracks are small, around (5-10 KB), you can find them posted on Usenet, even if your provider does not carry binary newsgroups. Alt.cracks is one group that receives thousands of weekly posts.
Update: Cracks are no longer small in the age of broadband, software bloat and huge storage capacities. Usenet is not what it used to be with regards to cracks. Astalavista is your best bet.
Incredible though it may sound, there is a program called Oscar, yes the same green thingy from Sesame Street, that you can download containing well over 7,000 serial numbers. The latest version is Oscar 10.2 You can also find a lot of lists floating around the net containing thousands of serial numbers.
Update: I still have a copy of this on a old hard drive, serial #'s are between 12-15 years old now. But still fun to look through.

A Deeper Understanding
You can find sites online run by would be "Capitalists" who download as many Cracks as they can find and then offer to sell to you for a price. Avoid these places, most of the people who Crack these programs are more than glad to give them away for they are said to be in it for a "deeper understanding."
Many people involved in Cracking protection schemes say they are in it for the challenge, as well as, the opportunity to learn more about how programs communicate with the operating system, memory and microprocessor.
Cracking a program can be an excellent way to learn about programming since you often need to debug and/or disassemble a program. By doing these things you get to trace or step through the inner workings of the software, as well as, receive a text readout of the source code displayed in assembly language (ASM). I'll talk more about these two cracking methods a little later.
Note: ASM is the language used to write the tight, fast code needed for the graphics you see in 3D video games.
You'll find a lot of disdain among Crackers for the software companies use of reusable object code development platforms like Visual C++. They feel that these type of languages do most of the work for the programmer, who in turn, never learns how to write good code, much less an uncrackable protection scheme.

Cracking the Code
There are many different ways to penetrate most software programs protections. I will briefly focus on two of them.
HMEMCPY can be used to "trap" valid serial numbers for shareware programs. Using a debugger such as Soft-Ice, you can set a "breakpoint" on HMEMCPY, so that the debugger pops up when HMEMCPY is called. Now that your serial number, and most likely the correct one are stored in RAM, a cracker can proceed to "fish" for a valid serial number.
Many shareware programs utilize HMEMCPY for comparisons of serial numbers, and this method is extremely effective on applications written in Delphi or Visual Basic.
The next technique involves disabling jumps and is almost certain to work, IF, you can find them.
This cracking method involves disassembling the target programs (.exe) file using either my old favorite, Wdasm 8.93, or OllyDBG which, as I stated earlier, outputs the programs source code in assembly language (ASM).
While using disassemblers in this fashion will not likely reveal the actual serial or registration number, it will expose the locations in the code where the softwares protections lurk. Once found, these protections are sometimes easily disabled, allowing for the program to be registered by entering the wrong info or no info at all.
Here is an edited view of disassembled code of a software program produced in one of the windows in OllyDBG.


00484B11 .... |. E8 A240FDFF..... CALL ####32.00458BB8
00484B16 .... |. 84C0 ........... TEST AL,AL

00484B18 .... |. 74 1A .......... JZ SHORT ####32.00484B34

00484B1A .... |. 6A 00........... PUSH 0 .......................... ; /Arg1 = 0
00484B1C .... |. B9 6C4B4800..... MOV ECX,####32.00484B6C ........ ; |ASCII "Shareware Registration"
00484B21 .... |. BA 844B4800..... MOV EDX,####32.00484B84 ........ ; |ASCII "Thanks for registering, You are Swell, really, I mean it!"

00484B32 .... |. EB 18........... JMP SHORT ####32.00484B4C

00484B34 .... |> 6A 30 .......... PUSH 30 ......................... ; /Arg1 = 30
00484B36 .... |. B9 9C4B4800..... MOV ECX,####32.00484B9C ....... ; |ASCII "Registration Error"
00484B3B .... |. BA B04B4800..... MOV EDX,####32.00484BB0 ....... ; |ASCII "Invalid name or registration number."

00484B4C .... |> 33C0 ........... XOR EAX,EAX
The third line from the top 00484B18 shows that it contains a "Jump if Zero" instruction 74 1A (JZ) that will land at "00484B34.... 6A 30... PUSH 30" which is right on top of the line that says "Registration Error".
Replacing the "Jump if Zero" instruction to a "Jump if NOT Zero" 75 1A or two "NOP" instructions is all that's needed for this program to thank you for being a swell guy and registering it.
The program would not be permanently cracked, there are a couple of other places in the code that would need patching. Also, this is a Delphi program so there are jumps and compares all over the place, but a cracker would be on their way to cracking this program.

Do Cracks Really Work?
In a word, HELL YEAH they do. Oh, that's two words. But the fact remains, Cracks do indeed work.
The Cracking groups "reputation" is at stake. Cracking is hard, tedious, dull and frustrating work. Seriously, try it sometime. See if you can last 5 minutes without wanting to blow your brains out. Some of the work these guys do borders on genius, so respect from peers is important.
One of the reasons you see so many new versions of software, especially shareware, is that the software authors also watch this group and release new versions that can withstand the previous Crack. This is not always the case as some cracks work with many versions.
The Cracks FAQ is one of the best documents on the topic of Cracks that I've ever seen. And trust me, I've seen a shit load o' documents. Packed with all kinds of helpful tips and info, it will go a long way toward answering your questions about Cracks and Cracking or Getting High on Crack.

Cracking - Learning from the Masters
Long did I search for info on the art of cracking. Just when I thought it only to be a myth, I stumbled onto one out of a total of a dozen "lessons" written by +ORC.
Reading these documents will give you a whole new "perspective" on how just like cracking is the attempt to gain the hidden secrets of a software program, the same type of techniques can also be applied when trying to learn what is really going on in the world, without having to take the word of the government or news media.
Here are all twelve documents in one zip file - How to Crack (120 kb).
Fravia's (R.I.P) is a great site that discusses every aspect of Cracking. You can learn more about the tools listed below, as well as, read some of the many tutorials, pages of commentary and advice, or actually download some of the tools you'll need to get more involved in Cracking.
Even though Fravia has departed this world, his site lives on as a testament to his devotion to seeking a deeper understanding of the world around him... or just blatant socialism.
The Legend of Random blog is a virtual treasure chest of useful tools, tutorials and some of the best links I've come across.
The Art of Assembly The most complete ASM tutorial on the net. Strongly recommended.

Tools of the Trade
Here is a list of some of the tools used in Cracking: For a full list, check out Random's blog that I linked above. He has them all. I would stop by soon, seeing that like Mammon and +Fravia before him, Random has seemingly vanished. I do hope everything is ok, very informative website.
Wdasm 8.93 - old, but proud, this shareware disassembler also includes a debugger.
Soft-Ice - the most awesome cracking tool back in the day, from Numega.
OllyDBG - Olly Debugger is pronounced Ollydebug and always spelled OllyDBG, has taken over as the most indispensable tool in Cracking. You can get it here.
Hacker Viewer (hiew.exe) - used to patch disassembled code.
WinHex 17.0 - This program provides a rich set of functional capabilities. This program can be found here.
Text Editor - get one that is made with programmers in mind. Ultra Edit (my favorite) or even the one I'm using to type this, Notepad ++. Every possible feature for the very reasonable price of free.
Posted by
Labels:

No comments :

Post a Comment

Subscribe to: Post Comments ( Atom )