• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

How do hackers figure out cracking algorythms?

B

bmacd

Lifer
I've always thought that companies would use these difficult algorythms to try and defeat piracy, yet there's a crack out there for every program that requires this. Are these guys mathematicians or do they just know where to find a weak spot in the copy protection?

-=bmacd=-
 
For games and such, I would guess a lot of it is examining assembly code and using disassemblers. There is also the fact that many protection schemes are published. To my knowledge cd keys are becoming really hard to crack, and often times illegal copies of software use a generic key rather than generate or calculate one.
 
Both.

And in many cases, they will just purchase a real copy, then reverse engineer the missing pieces that make the software work and make a crack based on that, and distribute it.
 
Originally posted by: torpid
For games and such, I would guess a lot of it is examining assembly code and using disassemblers. There is also the fact that many protection schemes are published. To my knowledge cd keys are becoming really hard to crack, and often times illegal copies of software use a generic key rather than generate or calculate one.
Click to expand...

Let's put it this way - you can either stand there trying every combination of the lock on the steel door, or you can know the key, get in, then open the window so everyone else can get in.
 
if you know assembly and are familiar with programming and have the proper tools, any program = virtually plain source code in assembly. unless there's an online part of authentication, no cdkey algorithm is safe.
 
A crack is not the same thing as a code generator. A crack generally circumvents the functionality that checks for licensing, and a code generator actually generates a proper license number. There are quite a number of ways to crack an app, and it's obviously contingent upon how it was developed, but a generally successfull process is as follows:

- Launch the app you wish to crack
- Launch an interactive debugger
- Attach to the app
- In the app, go to the section that requires a license. If it prompts you, you're golden; if not, it's a little more difficult.
- You can search the binary for the text that prompted you, and this will give you the general address in the binary that you need (this is the simplest part, and I'm not going to explain what to do if it doesn't prompt you)
- Disassemble the binary, and find the literal text used in the prompt. This will give you the general address for the assembly instructions that you need.
- Trace back the assembly instructions until you find the "jump point"; this is usually a jmp (or a derivative) instruction that calls a license validation procedure. Different applications implement this differently.
- Once you find the jump point you can then insert assembly NOP instructions (hexadecimal 0x90) in place of the instructions for the jump. This is effectively a "no operation", and as a result the license will be ignored.

Anyway, I purposely obfuscated some of the parts, but that gives you all the general idea.
 
anybody can learn a programming language this is the sort of stuff they should teach you in college.......i feel ripped off.
 
Originally posted by: gigapet
anybody can learn a programming language this is the sort of stuff they should teach you in college.......i feel ripped off.
Click to expand...

haha. i wish they taught us something useful too.
 
Originally posted by: gigapet
anybody can learn a programming language this is the sort of stuff they should teach you in college.......i feel ripped off.
Click to expand...
Hacking 101.

I would totally take that class!
 
Originally posted by: Descartes
Originally posted by: polm
"purposely obfuscated" :roll:
Click to expand...

Do you have a problem with that?
Click to expand...

ob·fus·cate ( P ) Pronunciation Key (bf-skt, b-fskt)
tr.v. ob·fus·cat·ed, ob·fus·cat·ing, ob·fus·cates
To make so confused or opaque as to be difficult to perceive or understand: ?A great effort was made... to obscure or obfuscate the truth? (Robert Conquest).
To render indistinct or dim; darken: The fog obfuscated the shore.


--------------------------------------------------------------------------------
[Latin obfuscre, obfusct-, to darken : ob-, over; see ob- + fuscre, to darken (from fuscus, dark).]
--------------------------------------------------------------------------------
obfus·cation n.
ob·fusca·tory (b-fsk-tôr, -tr, b-) adj.
 
Originally posted by: bmacd
I've always thought that companies would use these difficult algorythms to try and defeat piracy, yet there's a crack out there for every program that requires this. Are these guys mathematicians or do they just know where to find a weak spot in the copy protection?

-=bmacd=-
Click to expand...

hackers are not cracking any encryption algorithms, what they are doing is sitting down and modifying the original binary to skip instructions that it normally would execute normally by inserting a jump instruction where none exsisted before. It's a fairly painful process but not all that difficult if you know what your looking for.
 
Originally posted by: Ameesh
Originally posted by: bmacd
I've always thought that companies would use these difficult algorythms to try and defeat piracy, yet there's a crack out there for every program that requires this. Are these guys mathematicians or do they just know where to find a weak spot in the copy protection?

-=bmacd=-
Click to expand...

hackers are not cracking any encryption algorithms, what they are doing is sitting down and modifying the original binary to skip instructions that it normally would execute normally by inserting a jump instruction where none exsisted before. It's a fairly painful process but not all that difficult if you know what your looking for.
Click to expand...

That's pretty much what I said, but apparently a few didn't like my use of the word obfuscate.

🙂
 
After all is said and done, all computer programming translates to a sequence of instructions in memory, that are run sequentially. For example, we'd have thousands of:

mov a,b,c
mul r1,q,34
gre r2,32,f

However, we have special instructions that correspond to if statemens that allow jumps in code. What 99% of code comes down to is this :

You take the following block of code:

a: {lots of random code}
b: {proitection check}
c: {more random code}

You simply find where b is, and you change it to this:

a: {lots of random code}
JUMP c
b: {protection code}
c: {more random code}

Also, you can analyze B to find out how the CD keys are checked, and then just reverse it to create a generator.
 
Originally posted by: bmacd
I've always thought that companies would use these difficult algorythms to try and defeat piracy, yet there's a crack out there for every program that requires this. Are these guys mathematicians or do they just know where to find a weak spot in the copy protection?

-=bmacd=-
Click to expand...

reverse engineering...makes it easy

-edit- also think about it...do you REALLY think a company is going to hire thier own guy to come up with a great encryption? no. too expensive when you can just buy one from a company that has already done the work.
 
Originally posted by: Descartes
A crack is not the same thing as a code generator. A crack generally circumvents the functionality that checks for licensing, and a code generator actually generates a proper license number. There are quite a number of ways to crack an app, and it's obviously contingent upon how it was developed, but a generally successfull process is as follows:

- Launch the app you wish to crack
- Launch an interactive debugger
- Attach to the app
- In the app, go to the section that requires a license. If it prompts you, you're golden; if not, it's a little more difficult.
- You can search the binary for the text that prompted you, and this will give you the general address in the binary that you need (this is the simplest part, and I'm not going to explain what to do if it doesn't prompt you)
- Disassemble the binary, and find the literal text used in the prompt. This will give you the general address for the assembly instructions that you need.
- Trace back the assembly instructions until you find the "jump point"; this is usually a jmp (or a derivative) instruction that calls a license validation procedure. Different applications implement this differently.
- Once you find the jump point you can then insert assembly NOP instructions (hexadecimal 0x90) in place of the instructions for the jump. This is effectively a "no operation", and as a result the license will be ignored.

Anyway, I purposely obfuscated some of the parts, but that gives you all the general idea.
Click to expand...

seems fairly straightforward
 
As mentioned above, Hackers simply bypass the encryption, they don't break it.

And, as a breed, Hackers would be more worried about encrypting their stuff so noone else can read it, nothing would suck more than being faced with email records of your activities in a civil suit . .

Is people like the NSA that worry about cracking encryption algoriithms.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top