|
|
HOW DO CRACKERS CRACK
All applications can be cracked. Easy vs. difficult to crack is defined by the skill level needed and the time required.
One of the cracker's goals is to remove the copy protection in an application or game. A further objective is to develop a tool for automatic removal of the protection. Such tools can be found on the internet for many protection products.
To remove the copy protection requires finding it in the code and determining how to circumvent it – removing it may suffice or it can be necessary to manipulate it to return a proper value. Thus, crackers main task is to understand where the copy protection is and how it works, without having access to the source code.
Crackers are very skilled in reading machine code residing in memory when a program executes. The machine code is translated from the source code and with some skills and the right tools, a cracker can get close to the same information from this code as from the source code. The most common tools used in this process are:
Debuggers allow crackers to see and understand how the application executes, with many capabilities to control the execution and the data. The cracker can choose the starting point which makes most sense, step through the application instruction by instruction to see how it executes and changes the data. The cracker can also set break points (stop execution at a particular point), inspect and alter memory locations. With such capabilities, a cracker can in a fairly short period of time get a pretty good understanding of how any less complicated protection system works. Disassemblers translate the binary code in an executable file back to readable and understandable assembler code. This code is at a lower level than most programming languages like C but can be read and understood by crackers or anybody else with such training and experience, and can be translated back to readable source code. Decompilers are similar to disassemblers but instead of translating the .exe file back into assembler, it proceeds into a higher level language like C or C++. The use of a decompiler can increase the efficiency of a cracker significantly, if it is optimized for the compiler used for the application originally.
Armed with these tools, and many others, crackers set out to find all the instances of copy protection in an application and resolve each one. Thus, the work effort to crack a particular copy protection solution is driven by the number of instances of protection and the difficulty of resolving each one. Copy protection with 1000s of instances and using many different kinds of protection mechanisms, such as ByteShield™, will be very difficult and time consuming to crack.
Conversely, the most common reasons most protections against illegal copying fail are:
A single patch removes all protection. A good example is the original design of the most popular License Manager. A single patch in the right place of the application and all calls to the License Manager were removed, resulting in the application open to use by anyone. Reliance on encryption only. Encryption by itself is usually not a very strong protection. It is much stronger if combined with other techniques like obfuscation and anti-debugging or implemented on multiple levels. The entire code is available in one piece locally.
|
|
|
|
|
