Special facilities

War Ukraine Russia

Hacking and protection ... Hacker (from English hack - ra ... Cracking is an art ...

Cracking is the art of exploring assembler code in order to find a vulnerable point, with its subsequent analysis and breaking

Introduction to Cracking

Start

Cracking is the art of exploring assembler code in order to find a vulnerable place, with its subsequent analysis and breaking.
I will grieve those who think that you can do cracking just without certain knowledge, skills, perseverance. It will not work just to download the software you need to crack and crack the program. Do not think that the program breaks down in 5 minutes (although if there is already experience, and protection of the program by 1 then this is possible even in a shorter period of time).
So, if you are interested in learning cracking, ready to read a lot of documents, spend a lot of time then this article is for you.
First you need to learn the basics of assembler , you do not even have to learn how to write programs on it. You just need to know the meaning of functions and commands, you need to be able to read the code. Do you think you can read a book in Spanish without knowing it? I recommend you read the material on asm: Kalashnikov's (http://www.Kalashnikoff.ru), "IBM PC assembler" Yurova, from the articles "Assembler for Cracker" S "from Dr.Golova and" Cracking for the Cowboys "from Crack.
Having mastered the material, you should know the purpose of the functions, understand the assembler code of the program a little. Understand that any program written in any programming language is transferred for processing to the processor in the form of machine code, for further processing and execution of the functions inherent in it. The machine code for it to be readable is converted into assembler. We can review it, change it with the help of special programs. But the changes are not possible if the program is packed. Packaging of the program is done in order to reduce its size and protect it from burglary (for example, UPX, Aspack and many others).

Varieties and purposes of programs

Progress is no longer possible without special software , we need:

Debugger / debugger - serves for debugging program code, tracing, setting breakpoints, etc.
(OllyDBG)

Disassembler - a program that derives the source code from assembler code in assembly language
(KWdsm)

Analyzer - analyzes the program file and reports how it is packed (if it is packed

Br> (PEiD)

Anpacker - unpacks the packed file.
(QUnpack)

A patcher is a program with the help of which you can replace the assembler code of the file with the subsequent saving of the changes.
(Hiew)

Patchmaker - you need those who do not have the opportunity to write a crack / patch yourself. The principle of the program is simple, after we have already patched the program with (hiew) and not patched, the patch maker calculates changes to the program, then creates an exe patch file.
(Tpe)
All this software can be downloaded separately, but there is a combined version, called CrackersKit (version at the time of writing the article: 1.1, weight: 7 MB). You can download it from cracklab.ru. Almost all of the above programs are there (or their analogs). After we have the initial knowledge in this area, and we have the software we need to study, we'll figure it out in Software Types:
Shareware - shareware
Freeware - freeware
Adware - advertising paid programs
Commercialware - Pay!
Donation ware - fee if desired
The goal is programs like shareware, ad ware and commercial ware.

Toolbar in Olly and DASM

Running Olly
I think you already have at least some experience with the ollie (if you can not read the article Olly Debugger from A to Z cracklab.ru)
I will remind you the functions of the debugger, with which we will work:

M - Memory map

C - CPU main window ollie

/ - Patches patches, i.e. patched places of the program

B - Breakpoints breakpoints

R - referenced text string reference text string
Always in mind, there must be a CPU (main window is an ally), Breakpoints and Patches.
CPU Window:

Run the kWdsm
We will understand the purpose of the most basic functions of the dasma.

Open file to disassambler - open file in disassembler

Project Files and Comments - save the listing in an ASCII file

Find Text - text search

Goto Code Start - move to the beginning of the code

Goto Program Entry Point

Goto Page - go to the page

Execute JMP - perform the transition

Return From Last Jmp - return from the last junction

Execute Call - make a call

Return From Call - returns from the last call
In order to analyze the security code to begin it needs to be found.

Ways to find the verification code (with OllyDGB and kWdsm)

The purpose of the search is to search for and arbitrarily modify the code, or to find the serial number. The search for the verification code is mandatory for hacking the program.
The main purpose of this code is:
1 check the validity of the serial number (entered data in the form of input CH)
2 go to the address if it is correct / incorrect
3 report non-correct registration

The main ways to find the verification code are:
1 breakpoint (Intermodular call)
2 Referenced
3 search by window (dump) memory
4 Search the stack
5 search with kWdsm
| 1 | Breakpoint is the breakpoint of a function.
You can set breakpoints either through
Command line, for example:
Bpx MessageBoxA
Bpx - breakpoint command
MessageBoxA is the function on which the breakpoint is set
About the functions of the functions can be learned from the WinAPI DIRECTORY (cracklab.ru)
Either
_Intermodular calls for example:
Find the MessageBoxA function, right-click and select Set breakpoint on every call MessageBoxA
| 2 | Search by referenced text string.
With this type of search, a phrase is used which is displayed for example when entering an incorrect serial number. Run the program, enter the CH, the program swears that the CH is not correct (for example: Wrong SN! Trying again) => to search and this phrase will be used, then go to All referenced text string (which is in the Search for tab) and search for this phrase .
| 3 | Run the program, fill in the registration windows, click on the letter M (Memory Window) In the DUMP window, right-click, and enter the information we entered in the password field. After the program has found a piece of memory where the data entered by us were saved, we put the breakpoint on the line with the password (right click on the breakpoint -> Memori Access) again trying to register the program. We enter the data and it stops on the piece of code in which the password we entered was found. Remove the breakpoint from memory and continue the study.
| 4 | | Search in the stack is done in the following way, click in the stack window with the right mouse button Search For -> Binary Sting and search for the phrase that is displayed when the SN is incorrectly entered. Next finding this phrase, look to the left in the Dissambly field, see the command there, copy it to the main window (CPU) right click Serach for -> Command
| 5 | Search using kWdsm.Search with kWdsm is very simple, in order to find the verification code you either need to enter the phrase that is displayed when the registration is incorrect, or search the line for Possible StringData Ref from Code Obj -> "

An example of hacking programs with different types of protection

In order to learn cracking, you need to explore as many programs as possible, with varying degrees of complexity protection, so let's get down to business. In this article I will consider only 2 types of protection (since they are the most common):
1 form of CH administration
2 an inscription in the program (for example, Unregistered)
Programs for research we take either from the journal discs (PL, hacker, gambling), or from sites such as softodrom.ru, and others (looking for there sharny software (ie kind of shareware) and explore).
Theoretical plan of hacking:

Search verification code

Code function analysis

Finding the CH or editing the output of functions

Patching of the program, or the introduction of the found CH
Let's start the process of finding the code itself and hacking it, I'll show you these operations using the example of EscapeClosePro
All the actions listed below I recommend to perform together with me, as this is hard to perceive only by reading the material. If you do not yet understand how it worked out for me, practice on kryakmis is possible from phantom and crafting (ngh.void.ru/soft/d/crackme.rar; ngh.void.ru/soft/d/craft1.rar)

EscapeClosePro

Protection method: CH, inscription Unregistered in the program window
Packer / Protector: absent (and we learned it thanks to PEiD, and if the program was packed, then it would just be necessary to find under it anpacker)
Cost: 100 rubles

Hacking by searching for SN:
This method of hacking is characterized by the fact that the task is to find the verification code, this can be by installing the breakpoint on the desired command, either by viewing the reference text string, or by simply viewing the disassembled code of the program and searching for a valid serial number.
1 We set the breakpoint bpx MessageBoxA (the method for finding the verification code number 1). Start the registration window, enter the data:
Name vizor
CH vizor
The program stopped at the address 0040262E at this address is the command call with this command is output (in our case) the text: Wrong code !. Pay attention to the memory dump window (in the main CPU window), try to find interesting things by simply viewing the code, scrolim Up and see at the address 0012F3D0 some figures more than 10 digits at a glance: 56C520AE713B563D5119 there is a suspicion of HF, testing and bummer.
Nobody forbade the use of several (at least all) ways of searching immediately
Now we set the breakpoint not on the message itself, but on the command to extract the phrase (Wrong code!) Ie on the push. Again, fill in the input forms, ok, the program stopped at 00402620 (where PUSH 0). Again, turn your attention to the memory dump And see there:

 0012F438 004088E8 ASCII "9B2BC2C55272E0C32B44" << Suspicion of SN 0012F43C 0012F518 << here is our crack 0012F440 00402200 EscapeCl.00402200

Test another 1 found by us SN for validity. (Name vizor sn 9B2BC2C55272E0C32B44) and Thanks for registering!
2 We'll try again, but in a slightly different way, again we return to the address 00402620 (who forgot this push) and start looking for something interesting in the main window .. scroll above .. and stumble at the address 00402598 in which we see in the open the familiar SN ) 9B2BC2C55272E0C32B44. (You can check its validity once again

3 Go to Search For -> All referenced text string and see just terrible things

Valid CH in an open form, strides once 10 in the reference text string.
Change function output:
Change the output of the function in turn is characterized by the search for a verification code, an arbitrary change to a cyclic one, such that for any data entered it will consider itself registered.
Again, we set the breakpoint on MessageBoxA as before, enter the same data in the field name, CH, we stop there. Only now we move higher in the search for the transition (jump, jump). On the way up we analyze all the transitions. And upward promotion is done because, for example, if the message output function is roughly speaking at address 5, then its testing occurs above this address, since testing always occurs above the result (the concept of the stack).
Scrolling above we see:

 004025CD> 85C0 TEST EAX, EAX
 004025CF.  A3 58AF4000 MOV DWORD PTR DS: [40AF58], EAX
 004025D4 74 4A JNE SHORT EscapeCl.00402620

Analyzing JNE 00402620 transition, we pay attention first of all to the jump address ie 00402620. We look at this address, we see that the output of the message that the program is unregistered. Now if we change the transition JNE (jump if not equal ie jump If not equal) to JE (jump if equal ie jump if equal). Double clicking the left mouse button, click on:

 004025D4 74 4A JNE SHORT EscapeCl.00402620

And change JNE to JE. Now any introduced SN program counts for the correct (of course, apart from the present SN

, But this is due to the fact that its output is changed so that the program always returns a positive result for any data entered.
But this is not all, do not rush and run the patch 1 output of this program. Recall, what other method of protection does the program use? True, simple at first glance, the inscription Unregistered in the program window. Simply after restarting the program, it looks whether this inscription was changed to something else and if it is so then she considers herself to be registered, but we have such nebylo therefore not everything is done we move on.
We set the breakpoint on the already pretty annoying MessageBoxA.
We start to argue if the program is unregistered, then it shows the inscription Unregistered, hence somewhere in the code of the program it should be. We begin the search, but before that just read the code and see it .. scroll down and see:

  0040265F.  85C0 TEST EAX, EAX << comparison of data in registers
 00402661 74 23 JE SHORT EscapeCl.00402686 << jump
 00402663.  8B5424 70 MOV EDX, DWORD PTR SS: [ESP + 70]
 00402667.  68 64724000 PUSH EscapeCl.00407264;  / Text = "Unregistered version!"
 ...
 00402686> 8B7424 70 MOV ESI, DWORD PTR SS: [ESP + 70]
 0040268A.  8B3D 70714000 MOV EDI, DWORD PTR DS: [<& USER32.SetDlgIte>;  USER32.SetDlgItemTextA
 00402690.  68,547,400 PUSH EscapeCl.00407254;  / Text = "Registered to:"

"SetDlgItemTextA - header or text function in the"
And here is this message. We begin the analysis of the code. We see the standard construction of checking the contents of registers and the function of the jump. JE 00402686 - JE - go further by code. Look what to be at 00402686 and there is a message stating that RegiRegistered to: => if you change JE to JNZ, the program assumes itself to be registered in any scenario and writes about it in its main window.
Thus, by changing these 2 functions, the program will always be registered and all of this is due to all 2 bytes changed in the code.
Patching:
Patching the program is performed immediately after the hacking program.
In order to patch our experimental program you need to change:

 Address function and change
  Function address
	  Transition
 004025D4 JNE 00402620 JE
 00402661 JE 00402686 JNE

For patching we will use hiew, we can learn more about hiew commands from my article (ngh.void.ru/lec/crack.html).
Before we produce the program patching, we need to create a folder (where it's more convenient, you can at the root of the disk) and copy the exe file EscapeClosePro there, in case we did something wrong. After we copied it, we run hiew and find our file (EscapeClosePro.exe). In this place I would like to tell you a little about the main options of hiew'a.In this menu, choose Decode. Code selection selection menu

The main hiew panel:

Help - HELP function (F1)

Edit - Edit (F3)

Mode - text view mode (F4)

Goto - search by address (F5)

Search - text search (F7)

Files - saving changes (F9)
Download our file, EscapeClosePro.exe in hiew, search for either the phrase (F7) or the address (F5). I would advise you to search for the phrase, so click F7 and type Registered to :, after finding this phrase, You need to patch:

 004025D4 JNE 00402620 JE
 00402661 JE 00402686 JNE

Patches. After patching, (remember, I told you we need to copy the program file and patch it) duck after we patched it for example in p.exe and copy the UNEXIGNED program file, ie now we have 2 files in the folder, 1 patch, and another deflovy programmny.Eto we need in order to make a patch with a patchmaker tpe:

In order to create a patch in this window in the Original file form (original, ie unmodified / unpatched), you need to select the unpatched file, and in the Patched File window, respectively, the patched file. After in the main window of tpe, fill in the forms, who created the patch, And his site. And in the File tab, choose to create a patch. After you save under the desired name and the patch is ready!
I hope this article helped you in mastering the basics of cracker art, answered some of your questions. Then everything will be much more interesting, practice more, read and you will succeed.
Ps to this article there is an application in the form of video clips of hacking the program EscapeClosePro in various ways.

  Ps thank you so much Armiоlu
 For what nudged me is not the right way,
 Helped in the development of incomprehensible things for me)

By Rel4nium (ngh.void.ru)

Liked? Subscribe to RSS news!
You can also support shram.kiev.ua, press:

It will not be superfluous for your friends to learn this information, share their article with them!

Expand / Collapse

Comments

Commenting on, remember that the content and tone of your message can hurt the feelings of real people, show respect and tolerance to your interlocutors even if you do not share their opinion, your behavior in the conditions of freedom of expression and anonymity provided by the Internet, changes Not only virtual, but also the real world. All comments are hidden from the index, spam is controlled.

All news

Site
Forum

The work will not make you rich - unlike the five things Photo 2017-03-10
Representatives of which zodiac signs will be the best wives. Bachelors on a note! Photo 2017-03-10
Exercises for eye health Photo 2017-03-10
How our favorite products looked before they were collected Photo 2017-03-10
The Japanese "Virginity Killer" Photo 2017-03-10
How to choose the right wine for your dish Photo 2017-03-08
How to dress by age and not look stupid Photo 2017-03-08
Sexual variant "Follow me" Photo 2017-03-08
Plate of healthy food Photo 2017-03-08
NASA has opened free access to its software Photo 2017-03-08
Kate Moss, the main beauty of the generation, the femme fatale Photo 2017-03-08
101 Method of application of the paracord Photo 2017-03-05
Everything you wanted to know about tires. Marking, types, seasonality Photo 2017-03-05
How to choose quality natural spices and spices Photo 2017-03-04
Emma Watson (26 years) undressed for the March Vanity Fair Photo 2017-03-04
Emma Watson (Emma Watson) undressed for Natural Beauty Photo 2017-03-04
Tattoo with the image of famous heroes Photo 2017-03-03
Scheme of all municipal transport in Kiev Photo 2017-02-28
How often to have sex according to age Photo 2017-02-28
Fisherman's calendar and forecast of the biting of peaceful / predatory fish for 2017 Photo 2017-02-26
Fishing knots, how to tie a hook, prepare for summer Photo 2017-02-26
Euthanasia Coaster, a project of roller coasters designed for the death penalty Photo 2017-02-26
VEB Page can be evidence in court Photo 2017-02-26
In such a cosplay, you yourself will want to play Photo 2017-02-25
A smart selection of girls from Japan. Photo 2017-02-25
GOI paste (from GOI - State Optical Institute) Photo 2017-02-24
Unnecessary things, which you should quickly get rid of Photo 2017-02-24
Harmful daily habits, because of which there is bloating Photo 2017-02-24
The levers of control of aircraft engines (ORE), it is not enough ... Photo 2017-02-24
Modern design of the Business card Photo 2017-02-23
Cats, artist Vladimir Rumyantsev Photo 2017-02-23

Work will not make you rich - unlike these five things All millionaires know about this. But silent.Charles Tips, a former scientist ... Photo 2017-03-10
Representatives of which zodiac signs will be the best wives. Bachelors on a note! In this material, we tried to project the behavior of those or ... Photo 2017-03-10
Exercises for eye health Shram.kiev.ua collected 10 simple exercises for the eyes that are easy to make ... Photo 2017-03-10
How our favorite products looked before they were collected We studied the fruits and vegetables that we buy in the supermarket, ... Photo 2017-03-10
Japanese "Virginity Killer" In Japan, a new trend: a sweater called Virgin-Killing Sweater or ... Photo 2017-03-10
How to choose the right wine for your dish The rule "red for meat, white for fish" is in effect ... Photo 2017-03-08
How to dress by age and not look stupid How long have you felt? Go, I suppose, like a pimple ... Photo 2017-03-08
Sexual version of "Follow Me" A few years ago, Russian photographers Murad and Natalia Osman created ... Photo 2017-03-08
A plate of healthy food Harvard University and modern science conducts numerous studies to optimize ... Photo 2017-03-08
NASA has opened free access to its software NASA has opened free access to the software catalog 2017-2018. How to ... Photo 2017-03-08
Kate Moss, the main beauty of the generation, the fatal woman Every generation has its own main beauty, a fatal woman, who ... Photo 2017-03-08
101 Paracord method of use For most people the paracord is known as a very convenient device with ... Photo 2017-03-05
Everything you wanted to know about tires. Marking, types, seasonality Tires are the main link between the car and the road. From the ... Photo 2017-03-05
How to choose quality natural spices and spices How to choose natural spices and spices in the market or in ... Photo 2017-03-04
Emma Watson (26 years old) undressed for the March Vanity Fair Emma undressed for the March Vanity Fair, true, on the cover ... Photo 2017-03-04
Emma Watson (Emma Watson) undressed for the book Natural Beauty Emma decided to do it for the book Natural Beauty! And she ... Photo 2017-03-04
A tattoo featuring famous heroes A bitane tattoo artist creates incredibly realistic tattoos with images of famous heroes ... Photo 2017-03-03
Scheme of all municipal transport in Kiev The scheme indicates all buses, trolleybus and tram routes, and ... Photo 2017-02-28
How often you need to have sex according to age Many are curious to know if they are having sex too much or too much ... Photo 2017-02-28
The calendar of the fisherman and the forecast of the biting of peaceful / predatory fish for 2017 There are certain phases of the luminary when you just need to be alone ... Photo 2017-02-26
Fishing knots how to tie a hook, prepare for the summer The type of knot is chosen taking into account the type of fishing line used (monofilament or ... Photo 2017-02-26

Cats. Artist Vladimir Rumyantsev. Photo 2017-02-23
Prometheus - Interesting Facts Photo 2017-02-23
Did you see the Lithuanian Cheerleaders? Worth Seeing! 2017-02-23
Olsen, Elizabeth / Elizabeth Olsen Photo 2017-02-23
She sat at the Window, And He Entered Her Car ... Photo 2017-02-23
Photo of Cats, Cats, Kitties Photo 2017-02-23
How the Turtle Can Run Photo 2017-02-23
Bengal Cat Talking With a Kitten 2017-02-23
National Bank Introduces New Coin to Circulation (Photo) Photo 2017-02-23
Protasov Yar 30 Years Ago Photo 2017-02-23
Photo of the Animals Photo 2017-02-23
Nasa Broadcast What's Reported At the Nasa Photo Conference 2017-02-23
Something, Size With Jupiter, Rushing "Through" the Sun Photo 2017-02-22
Central Streets of Kiev Will Be Blocked For Five Days Photo 2017-02-20
3 Folk Ways to Make the Vagina Narrow And Elastic Photo 2017-02-20
Monica Bellucci In The Magazine Gq Italy, February 2017 Photo 2017-02-20
The Serebro Group In Maxim Magazine, March 2017 Photo 2017-02-20
What to Do If You Have been Detained by Police - 146 Article Piracy Photo 2017-02-20
New Free Os has appeared Photo 2017-02-18
Wood Under the Electron Microscope Photo 2017-02-18
The Market of Payment Cards In 2016, Demonstrated a Significant Growth Photo 2017-02-18

Social

Your IP: 66.102.9.131
Your Country: USA
Your Region: California
Your City: Mountain View

Free 50 UAH for your Monobank card?