1. 1
SOFTWARE CRACKING

2. 2
copy protection
software annoyances
manipulation of software
serial number
hardware key
date checks
disc check
nag screens
adware

3. 3
Patch
Keygen
Loader

5. 5
lawsuits
Crackme

6. 6

7. 7

8. +HCU
(High Cracking University)
+ORC
(Old Red Cracker)

9.  The most common software crack is the
modification of an application's binary to cause or
prevent a specific key branch in the program's
execution.
 reverse engineering the compiled program code
using a debugger (such as GDB, SoftICE,
x64dbg,…)
 until the software cracker reaches
the subroutine that contains the primary method
of protecting the software
 The binary is then modified using the debugger or
a hex editor or monitor
 replaces a prior branching opcode with its
complement or a NOP opcode
 Almost all common software cracks are a
variation of this type.
9

10.  Obfuscation
 creating source or machine code that is difficult for humans to understand.
 Self-modifying code
 Program that can change itself.
 Obsufscate protection branch some way and chnag eit at run time.
 People can't so wasily patch exe file.
 Encryption
 Encrypt code and unencrypt it at run time
 Code segment encryption can make static analysis very complicated but it doesn’t
necessarily make dynamic analysis any more challenging.
 This is because at run-time, these encrypted binaries have something called a decryption
stub.

11.  Disassemble binary code to assembly code using x64dbg
 Click Search for string references
 You can see the message in this section
 Now you know where should you modify
 Jump to the correct password section (For example replace jeq with jneq)

12.  You can use break point instead of search for strings
 Trace program to find the activation instruction

13.  Sometimes a verification ID is being checked by the internet
 In this case, after you replace jeq instruction, you need to do something else.
 You can capture packets sent by the program.
 Check response.
 Find the coed segment that check the response and modify it. (Using breakpoint
or...)

14.  For example expired program and free trial program
 Trace all assembly instructions in free trial program and save in the file
 Trace all assembly instructions in expired program and save in the file
 Compare two files and find instruction that flow changes.
 Get the address and modify that instruction

15.  immunity debugger
 Immunity Debugger is a powerful new way to write exploits,
analyze malware, and reverse engineer binary files.
 X64dbg
 This is a new king of Windows debuggers.
 HIEW - An ultimate hex editor & deasembler
 IDA
 IDA is an all-in-one tool, it's a disassembler for many formats
of binary files (PE, ELF, MachO, etc.), with a built-in
decompiler, hex editor, debugger.
 DiE - Protections / obfuscators identifier
 Detect it Easy can tell you exactly which one was used to
protect the binary, so it can be easier to find a ready-to-use
solution to remove it (for example - an unpacker or a
deobfuscator).
 Bytecode Viewer - Java decompiler (also for Android apps)
 Wireshark - Network sniffer

16.  A program to generate activation
codes and serial numbers.
 Keygen programs use various
password-cracking algorithms to
 find a combination that serves as a
correct password
 crack the software in order to find a
list of correct passwords
 rewrite parts of the software to create
their own correct passwords

17.  Product activation
 Use of ID numbers and product keys that are printed on the material of software, hardware
 In order to activate the product user must enter both of these verification keys
 Keygens are often unable to hack software that uses product activation (vendor's database)
 Online verification
 Multiple algorithms to ensure that a serial number or product key is not fake (vendor's database)
 A secondary algorithm may be used by the vendor to eliminate certain characters within the
serial number.

18.  A program that modifies the machine code of
another program
 Software Patch
 generally provided by the software provider
themselves to improve the existing product by
adding new features, fixing bugs or improving
performance
 Illegal patch
 Replaces existing functionality in the
program with the purpose of
altering behavior in a way not intended by
the original developer
 Example: disabling a section of code that
checks for a valid license with code that
assumes a license exists

19.  Involves changing a few byte values in existing code with the goal of altering the existing
behavior without actually modifying the code itself.
 If the default trial is 30 days, a crack could change that value to 9999 days. It is minimally
invasive