Jump to content
Tuts 4 You

Cracking And Prevention...

Teddy Rogers

Recommended Posts

Teddy Rogers


This new serial will point out traditional mistakes when designing anti-cracking protections and will introduce methods on how to improve protection. In the introductory part we will focus on presentation of programs and techniques commonly used among crackers.

Revenue loses of software companies, caused by illegal copying of their products are not trivial and most of the time exceed earnings. Insufficient or frequently absent software protection against illegal use is therefore startling.

Many people I talked to regarding anti-cracking protection advocated this absence of anti-cracking algorithms by saying that it is useless, since „even though, someone will crack it.“

They are right, but only partially - a program, whose protection cannot be sidetracked does not exist (everything that can be run, can also be cracked). However, the question is, how long the cracking process takes and how vast experience is required.

Cracking is mostly a routine

After studying a number of so-called „cracking tutorials” (instructions on removing certain program protections) I realized that most of crackers have only a minimal knowledge in this field and mostly apply a certain action that can crack a program with hardly any effort.

As for the technical part, most of the time, they do not have an idea why this action works and their programming knowledge in Assembler (a programming language of the lowest level, a symbolic representation of processor's instructions) are minimal. Even the slightest diversion from the traditional means of serial number generating and verifying, or eventually usage of small tricks, can edge them out.

The aim of this serial is not to educate programmers in creation of unbreakable protections. Instead, we will focus on common mistakes made when designing a protection and introduce methods on how to improve ones protection. The core of introductory part will be pointing out programs and techniques commonly used among crackers.

Pre-cracking program analysis

Once a cracker obtains his next victim, he begins with a program analysis. This analysis will help him answer the basic questions, without which he would not be able to continue. It detects type of program (demo/shareware), registration method or restrictions of the demo version. He tries to insert several registration numbers and examines program reactions. He writes down very little detail that could proof useful later, such as the registration dialog title, or a text displayed after entering the invalid registration number. This information is in most cases enough for the cracker to start to tune the program (to debug).

A program to debug the applications (a debugger) is probably known to every programmer. This useful assistant enables suspension of a program initialization at certain point, tracking, memory reviewing or its modification. However, in the hands of crackers it turns into a powerful weapon. Abilities of a debugger which were once priceless are now becoming programmers’ nightmare.

Used debuggers

Mainly we recognize two types of debuggers: Kernel mode and user mode debuggers. Kernel mode debuggers enable (as the name inclines) debug absolutely everything that is happening in PC: starting from the system’s core functionality, through controlling systems, to the specific applications. The most widely used kernel mode debugger is probably SoftICE, the second one would be TRW2000.

Over bounding with the system is not welcomed by many. This might also be a reason why user mode debuggers are growing popular among crackers.

In contrast to tuning programs that operate on the controlling system level, user mode debuggers are simple programs that do not even have to be installed. In comparison with kernel mode debuggers, they are a bit weaker (it is unable to debug the code of the highest level), but are fully efficient in terms of cracking common applications. The most famous would probably be W32Dasm, even though the shareware OllyDbg is growing popular.

Now, let us have a closer look at what exactly a cracker needs to do in order to break a program’s protection.

Looking for interesting places inside a program

When a cracker opens analyzed program in debugger he is literally flooded by program printout in assembler. This listing comprises of tens thousands of lines and orientation within is at the first sight very difficult. That is why in the first phase of analysis, the cracker picks out things that would help him to find places of his interest within the program.

Text string type „Registration number inserted is invalid“ is a relatively reliable lead to the core of protection against copying. This text then usually leads the cracker directly to the place, where the validity check of serial number was done. It often happens that not even ?? lines far from this place, there is another text string in which the author thanks him for purchasing his product – as a reaction to the input of correct number. Cracker then quickly searched this fragment of program and modifies an information at the correct place (he mostly modifies the function that checks the validity of the number) and so the protection is broken.


Naturally, creation of a crack (a small program that does this change at the user’s computer) is not the only option that a cracker has. If the number validity checking function is trivial enough, he can study it and program exactly the same one. This is called keygen, a generator of correct registration numbers. User initializes this registration number generator, writes in his name and keygen generates a correct registration number for him.

Often it is possible to rebuilt keygen into a stand-alone application. A mistake is used, which is common among programmers: they compare generated correct number with the one put in. A minor modification of application can write this correct generated number on the user’s screen.

Probably the most common avoiding protection method is by using so-called serials – registration numbers to the program that can be found at various specialized pages. For a cracker it is in most cases a question of a couple of minutes. He follows the procedure just like before, however right at the point when the correct number is compared to the one put in, he writes it down and the crack is alive.

Introductory advices to protection programming

Prior to going deeper into the detailed description of particular programming techniques, let us mention a few generally useful recommendations.

Even though the information about the incorrect registration number input, eventually a thanking message for registration is a standard component of shareware programs. From the point of view of program protection, this is a huge mistake. As we mentioned before, this is the gate to the core of verifying algorithm.

User might find this strange, but as for protection it is ideal not to show any text messages during the registration attempt. If the correct number is inserted, the program unlocks, if not, nothing happens.

During the programming of an application, it is convenient to rethink the level of importance of protection. If you are developing a program that will be used only by a few users and its registration is a question of only a few dollars, it is unnecessary to work on protection for two weeks. Mostly, just a couple of conventions to make the cracking process difficult are enough.

Over trusting the operational system

Another common mistake is to trust your operational system too much. If the program in its unregistered version for example cannot have saving data option, a programmer usually makes this part appear in grey and that is it. Upon registration, this column is then activated and the data saving works accordingly. This is an elegant solution, but only until the moment when one realizes how these particular features work within Windows environment.

I will not go into details; it is enough to say that similarly to how easy it is for a programmer to deactivate a certain controlling feature, it is easy for him to activate this feature again. There are even some special programs that activate this feature and the user doesn’t have to be a cracker to use this program. Therefore it is important to remember that if a program should have certain features restricted, these should indeed be deactivated and not only available via users interface.

In the following part we will have a look at how to design a good registration number generator and how to verify them.

Article from:



Link to comment
Share on other sites

Guest shotgunner 101

why dude :( Learning to crack is hard enough and btw i wouldnt use it on commercial programs that could cause money loss I only like to know how to do it.And tnx to you you made it harder for me to learn how since people will all take your advice and make this like impossible to learn :protest:

Link to comment
Share on other sites

The most famous would probably be W32Dasm, even though the shareware OllyDbg is growing popular.

this sentence indicates that mayb the article is old

Link to comment
Share on other sites

And tnx to you you made it harder for me to learn how since people will all take your advice and make this like impossible to learn

Not impossible, just more of a challenge, which is surely why you are here in the first place? :D

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...