Software cracking: Difference between revisions

Browse history interactively

← Previous edit Next edit →

Content deleted Content added

VisualWikitext

Revision as of 07:22, 10 March 2023 edit Aoidh (talk \| contribs) Autopatrolled, Checkusers, Oversighters, Administrators 57,838 edits Rescuing 15 sources and tagging 0 as dead.) #IABot (v2.0.9.3 Tag: IABotManagementConsole [1.2] ← Previous edit		Revision as of 23:33, 12 September 2024 edit undo Allforrous (talk \| contribs) Extended confirmed users 27,415 edits →References: Cat main. Next edit →
(40 intermediate revisions by 29 users not shown)
Line 1: {{Short description\|Modification of software, often to use it for free}} [[File:Software crack illustration 20170116.jpg\|thumb\|Software crack illustration]] {{Use American English\|date = February 2019}} {{Use mdy dates\|date = February 2019}} Line 7 ⟶ 8: }} '''Software cracking''' (known as "breaking" mostly in the 1980s<ref name="kevelson198510">{{cite news \| url=https://archive.org/stream/Ahoy_Issue_22_1985-10_Ion_International_US#page/n71/mode/2up \|title=Isepic \|work=Ahoy! \|date=October 1985 \|access-date=27 June 2014 \|first=Morton \|last=Kevelson \|pages=71–73 \|quote=The origin of the term probably lies in the activity burglars in the still of the night.}}</ref>) is an act of removing [[copy protection]] from a software.<ref name="Goode 2006"/> ~~Software~~ ~~cracking~~Copy ~~contributes~~protection tocan ~~the~~be ~~rise~~removed ofby ~~[[online~~applying ~~piracy]]~~a ~~where~~specific ~~pirated~~''crack''. ~~software~~A is''crack'' ~~distributed~~can tomean ~~end-users.<ref~~any ~~name="Goode~~tool ~~2006"/>~~that ~~Examples~~enables ofbreaking software ~~cracking~~protection, ~~includes:~~a ~~bypassing~~stolen product key, or guessed password. Cracking software ~~registration~~generally ~~and~~involves ~~payments,~~circumventing ~~converting~~licensing aand ~~trial/demo~~usage ~~version~~restrictions ofon ~~the~~commercial software ~~into~~by ~~fully-functioning~~illegal ~~software~~methods. ~~without~~These ~~paying~~methods ~~for~~can ~~it,~~include ~~removing~~modifying ~~the~~code ~~need~~directly ~~for~~through ~~[[hardware~~disassembling ~~security~~and ~~module]]~~bit editing, ~~breaking~~sharing ~~[[Compact~~stolen ~~Disc~~product ~~and~~keys, ~~DVD~~or ~~copy~~developing ~~protection~~software to generate activation keys.<ref>{{cite book\|CDlast1=Tulloch\|first1=Mitch\|title=Microsoft orEncyclopedia ~~DVD~~of ~~copy~~Security\|date=2003\|publisher=Microsoft ~~protection]]~~Press\|location=Redmond, orWashington\|isbn=0735618771\|page=68\|url=http://examples.oreilly.de/english_examples/9780735622180/cd_contents/Encyclopedia/EncySecur.pdf\|access-date=July ~~removing~~20, ~~annoying~~2014\|archive-date=August ~~features~~10, 2014\|archive-url=https://web.archive.org/web/20140810105820/http://examples.oreilly.de/english_examples/9780735622180/cd_contents/Encyclopedia/EncySecur.pdf\|url-status=dead}}</ref> Examples of a''crack''s ~~software~~are: ~~such~~applying asa ''[[~~Shareware#Nagware~~patch (computing)\|~~nagware~~patch]]'' or by creating reverse-engineered serial number generators known as ''[[~~adware~~keygen]]~~.<ref>{{Cite~~s'', ~~journal~~thus ~~\|last=Department~~bypassing ofsoftware ~~Computer~~registration ~~Science~~and ~~University~~payments or converting a trial/demo version of ~~Port~~the ~~Harcourt,~~software ~~Port~~into ~~Harcourt,~~fully-functioning ~~Nigeria~~software without paying for it.<ref name="Kammerstetter 2012">{{Cite book \|last1=Kammerstetter \|first1=Markus \|last2=~~Oputeh~~Platzer \|first2=~~C. K.~~Christian \|last3=~~Ogheneovo~~Wondracek \|first3=~~E. E \|date=2014~~Gilbert \|title=~~Overcoming~~Proceedings ~~Trial~~of ~~Version~~the ~~Software~~2012 ~~Cracking~~ACM ~~Using~~conference aon ~~Hybridized~~Computer ~~Self-Modifying~~and ~~Technique~~communications security \|chapter=Vanity, cracks and malware \|date=2012-10-16 \|chapter-url=~~http~~https://~~www~~dl.~~iosrjournals~~acm.org/~~iosr-jce~~doi/~~papers/Vol16-issue3~~10.1145/~~Version-9/C016391321~~2382196.~~pdf~~2382282 \|~~journal~~language=~~IOSR~~en ~~Journal~~\|location=Raleigh ofNorth ~~Computer~~Carolina ~~Engineering~~USA \|~~volume~~publisher=~~16 \|issue=3~~ACM \|pages=~~13–21~~809–820 \|doi=10.~~9790~~1145/~~0661-16391321~~2382196.2382282 \|~~access~~isbn=978-~~date~~1-4503-1651-4\|s2cid=~~March~~3423843 ~~10,~~}}</ref> ~~2023~~Software ~~\|archive~~cracking contributes to the rise of [[online piracy]] where pirated software is distributed to end-~~date~~users<ref name=~~June~~"Goode 22006"/> through filesharing sites like [[BitTorrent]], ~~2018~~[[File ~~\|archive~~hosting service#One-~~url=https://web.archive.org/web/20180602070332/http://www.iosrjournals.org/iosr-jce/papers/Vol16-issue3/Version-9/C016391321.pdf~~click hosting\|~~url-status=live~~One }}click hosting]] (OCH), or via [[Usenet]] downloads, or by downloading bundles of the original software with cracks or keygens.</ref name="Kammerstetter 2012"/> A '''crack''' refers to the means of achieving, for example a stolen [[serial number]] or a tool that performs that act of cracking.<ref>{{cite book\|last1=Tulloch\|first1=Mitch\|title=Microsoft Encyclopedia of Security\|date=2003\|publisher=Microsoft Press\|location=Redmond, Washington\|isbn=0735618771\|page=68\|url=http://examples.oreilly.de/english_examples/9780735622180/cd_contents/Encyclopedia/EncySecur.pdf\|access-date=July 20, 2014\|archive-date=August 10, 2014\|archive-url=https://web.archive.org/web/20140810105820/http://examples.oreilly.de/english_examples/9780735622180/cd_contents/Encyclopedia/EncySecur.pdf\|url-status=dead}}</ref> Some of these tools are called [[keygen]], [[Patch (computing)\|patch]], [[Loader (computing)\|loader]], or [[~~No-disc_crack\|~~ no-disc crack]]. A keygen is a handmade product serial number generator that often offers the ability to generate working serial numbers in your own name. A patch is a small computer program that modifies the machine code of another program. This has the advantage for a cracker to not include a large executable in a release when only a few bytes are changed.<ref name=Craig2005>{{cite book \|last1=Craig \|first1=Paul \|last2=Ron \|first2=Mark \|editor1-first=Mark \|editor1-last=Burnett \|others=Publisher: Andrew Williams, Page Layout and Art: Patricia Lupien, Acquisitions Editor: Jaime Quigley, Copy Editor: Judy Eby, Technical Editor: Mark Burnett, Indexer: Nara Wood, Cover Designer: Michael Kavish \|title=Software Piracy Exposed - Secrets from the Dark Side Revealed \|date=April 2005 \|publisher=Syngress Publishing \|location=United States of America \|isbn=1-932266-98-4 \|doi=10.1016/B978-193226698-6/50029-5 \|pages=[https://archive.org/details/softwarepiracyex0000crai/page/75 75–76] \|chapter=Chapter 4: Crackers \|chapter-url=https://archive.org/details/softwarepiracyex0000crai/page/75 }}</ref> A loader modifies the startup flow of a program and does not remove the protection but circumvents it.<ref name="flt-flow" /><ref name="cbm-loaders">{{cite journal\|author1=Shub-Nigurrath [ARTeam]\|author2=ThunderPwr [ARTeam]\|date=January 2006\|title=Cracking with Loaders: Theory, General Approach, and a Framework\|journal=CodeBreakers Magazine\|publisher=Universitas-Virtualis Research Project\|volume=1\|issue=1\|quote=A loader is a program able to load in memory and running another program.}}<!-- http://www.codebreakers-journal.com --> </ref> A well-known example of a loader is a [[Trainer (games)\|trainer]] used to cheat in games.<ref name="cbm-oraculums"> {{cite journal \|title=Guide on how to play with processes memory, writing loaders, and Oraculumns \|first=Shub \|last=Nigurrath \|date=May 2006 \|journal=CodeBreakers Magazine \|publisher=Universitas-Virtualis Research Project \|volume=1 \|issue=2}} Line 18 ⟶ 19: ==History== ~~Softwares~~Software are inherently expensive to produce but cheap to duplicate and distribute. Therefore, software producers generally tried to implement some form of [[copy protection]] before releasing it to the market. In 1984, Laind Huntsman, the head of software development for Formaster, a software protection company, commented that "no protection system has remained uncracked by enterprising programmers for more than a few months".<ref name="Goode 2006">{{cite web\| url = http://people.anu.edu.au/sigi/goode_jbe.pdf\| title = What Motivates Software Crackers?\| publisher = Sigi Goode and Sam Cruise, Australian National University, Journal of Business Ethics (2006)\| access-date = April 30, 2022\| archive-date = October 21, 2022\| archive-url = https://web.archive.org/web/20221021152956/https://people.anu.edu.au/sigi/goode_jbe.pdf\| url-status = live}}</ref> In 2001, Dan S. Wallach, a professor from [[Rice University]], argued that "those determined to bypass copy-protection have always found ways to do so – and always will".<ref>{{Cite journal \|last=Wallach \|first=D.S. \|date=October 2001 \|title=Copy protection technology is doomed \|url=~~http~~https://ieeexplore.ieee.org/document/955098/ \|journal=Computer \|volume=34 \|issue=10 \|pages=48–49 \|doi=10.1109/2.955098 \|access-date=March 10, 2023 \|archive-date=January 21, 2022 \|archive-url=https://web.archive.org/web/20220121223205/http://ieeexplore.ieee.org/document/955098/ \|url-status=live }}</ref> Most of the early software crackers were computer hobbyists who often formed groups that competed against each other in the cracking and spreading of software. Breaking a new copy protection scheme as quickly as possible was often regarded as an opportunity to demonstrate one's technical superiority rather than a possibility of money-making. Software crackers usually did not benefit materially from their actions and their motivation was the challenge itself of removing the protection.<ref name="Goode 2006"/> Some low skilled hobbyists would take already cracked software and edit various unencrypted strings of text in it to change messages a game would tell a game player, often something considered vulgar. Uploading the altered copies on file sharing networks provided a source of laughs for adult users. The cracker groups of the 1980s started to advertise themselves and their skills by attaching animated screens known as [[crack intro]]s in the software programs they cracked and released.<ref>{{Cite journal \|last1=Reunanen \|first1=Markku \|last2=Wasiak \|first2=Patryk \|last3=Botz \|first3=Daniel \|date=2015-03-26 \|title=Crack Intros: Piracy, Creativity and Communication \|url=https://ijoc.org/index.php/ijoc/article/view/3731/1345 \|journal=International Journal of Communication \|language=en \|volume=9 \|pages=20 \|issn=1932-8036 \|access-date=June 17, 2022 \|archive-date=June 17, 2022 \|archive-url=https://web.archive.org/web/20220617173355/https://ijoc.org/index.php/ijoc/article/view/3731/1345 \|url-status=live }}</ref> Once the technical competition had expanded from the challenges of cracking to the challenges of creating visually stunning intros, the foundations for a new subculture known as [[demoscene]] were established. Demoscene started to separate itself from the illegal "warez scene" during the 1990s and is now regarded as a completely different subculture. Many software crackers have later grown into extremely capable software reverse engineers; the deep knowledge of assembly required in order to crack protections enables them to [[reverse engineering\|reverse engineer]] [[device driver\|drivers]] in order to port them from binary-only drivers for [[Microsoft Windows\|Windows]] to drivers with source code for [[Linux]] and other [[Free software\|free]] operating systems. Also because music and game intro was such an integral part of gaming the music format and graphics became very popular when hardware became affordable for the home user. Line 24 ⟶ 25: With the rise of the [[Internet]], software crackers developed secretive online organizations. In the latter half of the nineties, one of the most respected sources of information about "software protection reversing" was [[Fravia]]'s website. In 2017, a group of software crackers started a project to preserve [[Apple II]] ~~softwares~~software by removing the ~~inherent Apple II~~ [[copy protection]].<ref>{{cite news\|last1=Pearson\|first1=Jordan\|title=Programmers Are Racing to Save Apple II Software Before It Goes Extinct\|url=https://motherboard.vice.com/en_us/article/gv39mx/programmers-are-racing-to-save-apple-ii-software-before-it-goes-extinct\|access-date=27 January 2018\|publisher=Motherboard\|date=24 July 2017\|archive-url=https://web.archive.org/web/20170927222522/https://motherboard.vice.com/en_us/article/gv39mx/programmers-are-racing-to-save-apple-ii-software-before-it-goes-extinct\|archive-date=27 September 2017}}</ref> ==+HCU== The ''High Cracking University'' (+HCU) was founded by [[Old Red Cracker]] (+ORC), considered a genius of reverse engineering and a legendary figure in ~~RCE, to advance research into~~ [[Reverse Engineering\|Reverse Code Engineering]] (RCE), to advance research into RCE. He had also taught and authored many papers on the subject, and his texts are considered classics in the field and are mandatory reading for students of RCE.<ref name="PeikariChuvakin2004"/> The addition of the "+" sign in front of the nickname of a reverser signified membership in the +HCU. Amongst the students of +HCU were the top of the elite Windows reversers worldwide.<ref name="PeikariChuvakin2004">{{cite book\|author1=Cyrus Peikari\|author2=Anton Chuvakin\|author2-link=Anton Chuvakin\|title=Security Warrior\|url=https://archive.org/details/securitywarrior0000peik\|url-access=registration\|date=12 January 2004\|publisher="O'Reilly Media, Inc."\|isbn=978-0-596-55239-8\|page=[https://archive.org/details/securitywarrior0000peik/page/31 31]}}</ref> +HCU published a new reverse engineering problem annually and a small number of respondents with the best replies qualified for an undergraduate position at the university.<ref name="PeikariChuvakin2004"/> Line 36 ⟶ 37: ==Methods== The most common software crack is the modification of an application's binary to cause or prevent a specific key branch in the program's execution. This is accomplished by [[reverse engineering]] the compiled program code using a [[debugger]] such as [[SoftICE]],<ref>{{cite journal\|last1=Ankit\|first1=Jain\|last2=Jason\|first2=Kuo\|last3=Jordan\|first3=Soet\|last4=Brian\|first4=Tse\|title=Software Cracking (April 2007)\|date=April 2007\|url=https://courses.ece.ubc.ca/cpen442/previous_years/2007_1_spring/modules/term_project/reports/2007/software_cracking.pdf\|access-date=27 January 2018\|publisher=The University of British Columbia - Electrical and Computer Engineering\|archive-date=March 19, 2018\|archive-url=https://web.archive.org/web/20180319101416/http://courses.ece.ubc.ca/cpen442/previous_years/2007_1_spring/modules/term_project/reports/2007/software_cracking.pdf\|url-status=live}}</ref> [[OllyDbg]], [[GDB]], or [[MacsBug]] until the software cracker reaches the [[subroutine]] that contains the primary method of protecting the software (or by [[disassembler\|disassembling]] an executable file with a program such as [[Interactive Disassembler\|IDA]]).<ref>{{cite book \|last=Cerven \|first=Pavol \|date=2002 \|isbn=1-886411-79-4 \|title=Crackproof Your Software: Protect Your Software Against Crackers\|publisher=No Starch Press }}</ref> The binary is then modified using the [[debugger]] or a [[hex editor]] such as [[HIEW]]<ref>{{cite web\| url = https://www.cerias.purdue.edu/assets/pdf/bibtex_archive/bibtex_archive/2001-49.pdf\| title = Protecting Software Codes By Guards\| publisher = Hoi Chang, Mikhail J. Atallah, CERIAS, Purdue University (2001)\| access-date = June 6, 2022\| archive-date = March 10, 2023\| archive-url = https://web.archive.org/web/20230310072122/https://www.cerias.purdue.edu/assets/pdf/bibtex_archive/bibtex_archive/2001-49.pdf\| url-status = live}}</ref> or [[Machine code monitor\|monitor]] in a manner that replaces a prior branching [[opcode]] with its complement or a [[NOP (code)\|NOP]] [[opcode]] so the key branch will either always execute a specific [[subroutine]] or skip over it. Almost all common software cracks are a variation of this type. A region of code that must not be entered is often called a "bad boy" while one that should be followed is a "good boy".<ref name="Megabeets 2018 z717">{{cite web \| title=Reversing a Self-Modifying Binary with radare2 \| website=Megabeets \| date=2018-01-14 \| url=https://www.megabeets.net/reversing-a-self-modifying-binary-with-radare2/ \| access-date=2023-06-29}}</ref> [[Proprietary software]] developers are constantly developing techniques such as [[code obfuscation]], [[encryption]], and [[self-modifying code]] to make ~~this~~binary modification increasingly difficult.<ref>{{Cite book \|url=https://www.worldcat.org/oclc/272383172 \|title=Reverse engineering code with IDA Pro \|date=2008 \|publisher=Syngress Pub \|~~others~~first1=Justin \|last1=Ferguson, \|first2=Dan \|last2=Kaminsky \|isbn=978-0-08-055879-0 \|location=Burlington, MA \|oclc=272383172 \|access-date=June 8, 2022 \|archive-date=March 10, 2023 \|archive-url=https://web.archive.org/web/20230310072141/https://www.worldcat.org/title/272383172 \|url-status=live }}</ref> Even with these measures being taken, developers struggle to combat software cracking. This is because it is very common for a professional to publicly release a simple cracked EXE or Retrium Installer for public download, eliminating the need for inexperienced users to crack the software themselves. A specific example of this technique is a crack that removes the expiration period from a time-limited trial of an application. These cracks are usually programs that alter the program executable and sometimes the [[Library (computing)\|.dll or .so]] linked to the application and the process of altering the original binary files is called patching.<ref name=":0">{{Cite book \|last=Eilam \|first=Eldad \|url=https://www.worldcat.org/oclc/80242141 \|title=Reversing : secrets of reverse engineering \|date=2005 \|publisher=Wiley \|others=Elliot J. Chikofsky \|isbn=0-7645-9768-X \|location=Indianapolis, IN \|oclc=80242141}}</ref> Similar cracks are available for software that requires a hardware [[dongle]]. A company can also break the copy protection of programs that they have legally purchased but that are [[software license\|licensed]] to particular hardware, so that there is no risk of downtime due to hardware failure (and, of course, no need to restrict oneself to running the software on bought hardware only). Another method is the use of special software such as [[CloneCD]] to scan for the use of a commercial copy protection application. After discovering the software used to protect the application, another tool may be used to remove the copy protection from the software on the [[CD]] or [[DVD]]. This may enable another program such as [[Alcohol 120%]], [[CloneDVD]], [[Game Jackal]], or [[Daemon Tools]] to copy the protected software to a user's hard disk. Popular commercial copy protection applications which may be scanned for include [[SafeDisc]] and [[StarForce]].<ref>{{cite web\| url = http://m0001.gamecopyworld.com/games/gcw_cd-backup.shtml\| ~~title~~website= GameCopyWorld \|title=Backup Protected Game ~~Gamecopyworld~~CD/DVDs ~~Howto~~\| access-date = June 11, 2008\| archive-date = June 5, 2008\| archive-url = https://web.archive.org/web/20080605182827/http://m0001.gamecopyworld.com/games/gcw_cd-backup.shtml\| url-status = live}}</ref> In other cases, it might be possible to [[decompile]] a program in order to get access to the original [[source code]] or code on a [[High level programming language\|level higher]] than [[machine code]]. This is often possible with [[scripting language]]s and languages utilizing [[Just-in-time compilation\|JIT]] compilation. An example is cracking (or debugging) on the .NET platform where one might consider manipulating [[Common Intermediate Language\|CIL]] to achieve one's needs. [[Java (programming language)\|Java's]] [[bytecode]] also works in a similar fashion in which there is an intermediate language before the program is compiled to run on the platform dependent [[machine code]].<ref>{{cite web\| url = https://www.cs.drexel.edu/~spiros/teaching/CS675/asmrceFINAL.pdf\| title = A Survey of Reverse Engineering Tools for the 32-Bit Microsoft Windows Environment\| ~~publisher~~ first1= ~~RAYMOND~~Raymond J. ~~CANZANESE, JR~~Jr., ~~MATTHEW~~\|last1=Canzanese ~~OYER,~~\|first2=Matthew ~~SPIROS~~\|last2=Oyer ~~MANCORIDIS,~~\|first3=Spiros ~~MOSHE~~\|last3=Mancoridis ~~KAM,~~\|first4=Moshe ~~Drexel~~\|last4=Kam \|publisher =College of EngineeringDrexel University, ~~USA~~\| access-date = June 7, 2022\| archive-date = March 25, 2022\| archive-url = https://web.archive.org/web/20220325231523/https://www.cs.drexel.edu/~spiros/teaching/CS675/asmrceFINAL.pdf\| url-status = ~~live~~dead }}</ref> Advanced reverse engineering for protections such as [[SecuROM]], [[SafeDisc]], [[StarForce]], or [[Denuvo]] requires a cracker, or many crackers to spend much more time studying the protection, eventually finding every flaw within the protection code, and then coding their own tools to "unwrap" the protection automatically from executable (.EXE) and library (.DLL) files. There are a number of sites on the Internet that let users download cracks produced by [[warez groups]] for popular games and applications (although at the danger of acquiring malicious software that is sometimes distributed via such sites).<ref>{{Cite magazine\|url=https://www.wired.com/1997/04/ff-warez/\|title=Warez Wars\|last=McCandless\|first=David\|date=1997-04-01\|magazine=Wired\|access-date=2020-02-04\|issn=1059-1028\|archive-date=September 16, 2021\|archive-url=https://web.archive.org/web/20210916043855/https://www.wired.com/1997/04/ff-warez/\|url-status=live}}</ref> Although these cracks are used by legal buyers of software, they can also be used by people who have downloaded or otherwise obtained unauthorized copies (often through [[Peer-to-peer\|P2P]] networks). ==Software piracy== Software cracking led to the distribution of pirated software around the world (software piracy). It was estimated that the United States lost US$2.3 billion in business application software in 1996. Software piracy rates were especially prevalent in African, Asian, East European, and Latin American countries. In certain countries such as Indonesia, Pakistan, Kuwait, China, and El Salvador,<ref>{{Cite journal \|last1=Gopal \|first1=Ram D. \|last2=Sanders \|first2=G. Lawrence \|date=September 2000 \|title=Global software piracy: you can't get blood out of a turnip \|journal=Communications of the ACM \|language=en \|volume=43 \|issue=9 \|pages=82–89 \|doi=10.1145/348941.349002 \|s2cid=6706490 \|issn=0001-0782\|doi-access=free }}</ref> 90% of the software used was pirated.<ref>{{Cite journal \|last1=Gopal \|first1=Ram D. \|last2=Sanders \|first2=G. Lawrence \|date=1998 \|title=International Software Piracy: Analysis of Key Issues and Impacts \|url=https://www.jstor.org/stable/23011033 \|journal=Information Systems Research \|volume=9 \|issue=4 \|pages=380–397 \|doi=10.1287/isre.9.4.380 \|jstor=23011033 \|issn=1047-7047}}</ref> ==See also== [[Reverse engineering]] [[System Reconfiguration Attacks]] ==References== {{Reflist~~\|30em~~}} {{Independent production}} {{Digital rights management software}} {{Authority control}} [[Category:Software cracking\| ]] ~~[[Category:Hacker culture]]~~ ~~[[Category:Copyright infringement]]~~ ~~[[Category:Copyright infringement of software]]~~ ~~[[Category:Warez]]~~