-modified by MIHIR
I have read many cracking tutorials lately.
Frankly speaking, I myself learned cracking from tutorials (and some book, but
this doesn't really matter).
The majority of the cracking tutorials out there have a few disadvantages:
either they are too long and contain a lot of garbage, or they are too short,
and don't contain the basics.
I decided to write a tutorial which will not have those two disadvantaged.
Anyway, I divided the tutorial into 3 parts:
Part 1: Introduction, tools and The basics of cracking.
Part 2: Practical training, using W32Dasm, and HIEW
Part 3: Key-generators.
Welcome to the first part. ;-)
For me, cracking is:
"Letting a program, which is on your computer behave as you want it to
behave and not behave as someone else (the programmer) wants"
As INTERN said:
"Hey, it is your stuff right? your numbers, your bits,
you should be able to do anything you wish to do with it :)"
Actually, I agree to this.
So cracking is modifying your programs, and making them work they way you want
them to.
If you can get a free demo program, crack it, and use it.
BUT!!!!
I repeat, if you crack a program, and start selling the cracked version or even
offering it for free, it is a crime!
After reading those three tutorials (this is the first one in this series),
you will feel the power you have in your hands (I mean, in your head).
well, let's get started?
There are very few tools you need by now...
It is very easy to find them over the web, cause they are quite popular:
The first one is "Win32 Disassembler", which is also know as W32Dasm.
The Win32 Disassembler allows you to:
1. Disassemble files - translate the program to it's assembly origin, or machine
code.
The file types which can be disassembled in Win32 Disassembler:
exe, 386, com, cpl, drv, dll, fon, mpd, ocx, vbx, vbx and sys.
2. Load the program process and trace the program.
3. Browse the disassembled file and go to any code location that you want.
4. Find text.
5. Execute, insert or remove jumps and calls.
6. Import and export functions.
7. Show a HEX display of a code area.
8. Show the list of the STRINGS, DIALOGS and REFERENCES.
9. Save the Disassembly source in text format.
Get it HERE
I think that's about enough.
The second tool you need is Hiew, which is also known as Hacker's View.
The Hacker's View Tool allows you to:
1. Disassemble files.
2. Make changes in the disassembled file, such as:
write commands, modify commands and reassemble the file.
3. View the file in ASCII, Hex or assembly mode.
Get it HERE
You can also download an excellent program for cracking called Soft-Ice.
Anyway, we won't need it in this part of the tutorial.
Anyway, here are some URLs for Soft-Ice.
Get it HERE
The main steps of cracking:
There are 7 steps in the process of cracking:
1. Run the program you want to crack and learn it's
standard behavior.
Try to locate strings and keywords, try to enter the password and see how the
program responds.
2. Open up the program with the W32Dasm and
disassemble it.
3. Find typical and common strings in the
disassembly that appeared in the program. In most cases, you have to look for
keywords such as: password, name, date, expired, time limit, wrong, entered and
so on.
4. Find and observe the password generator, find
the learn protection routine and the API calls.
5. Try to understand the jumping mechanism of the
protection.
6. Open up the program in HIEW. Change the jump of
the flow control to it's opposite jump command, or nop it out.
7. Run and see how the change you have made
in the original program affected it. Feel the power you have, the power of
cracking, letting programs behave as you want them to.
Learn those steps very well, until u dream of them, u will use them in every
program you crack.
A. Registers:
Registers are variables which are stored in your processor.
The processor uses these variables for basic mathematical and logical
operations.
The mostly used registers are: eax, ebx, ecx and edx.
Sometimes you will see edi, esi, esp, ebp.
There are three types of registers: 32Bit registers, 16Bit registers and 8Bit
registers.
The 32Bit registers start with e, such as eax.
There are 16Bit equivalents of these registers.
The only Difference between the two types is the variable size.
These registers are: ax, bx, cx, dx, di, si, sp, bp.
There are also 8 bit registers.
Tthe 8Bit registers are: al, ah, bl, bh, cl, ch, dl, dh.
l - means the lower 8 bits of the 16Bit register.
h - means the higher 8 bits of the 16Bit register. Here the l stands for the
lower and h for the higher 8 bits of a 16 bit register.
B. Flags
Flags are Boolean variables (get 0 or 1 values).
Flags are used by the processor for internal logical and mathematical
operations, in order to get the result of the operation.
The most important flag is the Zero Flag, which can get zero or non-zero (1)
values.
C. Code Flow
When you are analyzing a piece of code, you must understand that the
processor is actually quite stupid, and all it does is to simply follow the
basic instructions, line by line.
It does anything the code tells it to do, and cannot do anything that is not
written in the code (unless it has been run over by a herd of cows and abducted
by aliens).
This is why you have to think like the processor when you're analyzing a piece
of code, and to act like it (just don't get used to it! Inhale, exhale, inhale,
exhale... never mind, stupid joke) :)
You have to do everything the processor does, you have to compare registers and
variables, execute jumps and calls, calculate Basic mathematical operations,
store and load register values and addresses, and so on...
The processor has an instruction pointer especially for this, which is also
called IP (it has nothing to do with IP addresses in the Internet Protocol,
trust me).
Using the instruction pointer, the processor points to the instruction that is
about to be executed.
The processor also has and executes instructions which change the code flow.
These instructions can be function calls, any other routine calls, jumps,
conditional jumps, which depend on the zero flag, negative conditional jumps...
In this part of the tutorial we have learnt the meaning of the word
cracking.
Making programs behave as you want them to, and not the way the programmer wants
them to.
We have also learnt about the basic and the popular tools of cracking: W32Dasm,
Hiew and SoftICE. And finally we have learnt the 7 main steps of cracking.
Now, Before you go to the next chapter, you have to learn these 7 steps and
download the tools mentioned above, because we can't go on to the next chapter
unless you have those tools and know the steps.
CHAPTER 2 here
--=MIHIR=--