Neperos
SIGN IN
Copy Link
Add to Bookmark
Report

DnA 8-6: How To Crack Software [Part 1]

eZine's profile picture
eZine lover (@eZine)
Published in 
DnA Electronic Magazine
 · 16 May 2023

      =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- 
    =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- 
  =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- 
-=-=-=-=-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-=-=-=-=- 
=-=-=-=-=\              How To Crack Software [Part 1]              /=-=-=-=-= 
-=-=-=-=-/ By Z-N0TE -/- President, Founder & Crackist -\- SiAC '94 \-=-=-=-=- 
=-=-=-=-=\                    February 7th 1994                     /=-=-=-=-= 
-=-=-=-=-/ -(c) 1994 All Rights Reversed SiAC International Corp.-  \-=-=-=-=- 
=-=-=-=-=\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/=-=-=-=-= 
  =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- 
    =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- 
      =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- 

  /--------------------------------------------------------------------------\ 
-[ You dont know how long it took to get this exactly 10,000 bytes long !!! ]- 
 \--------------------------------------------------------------------------/

Hello.

"So you want to crack some programs huh ? ... Well f**k you, LAMER !!!" -- If you asked how to crack something on a warez BBS the chances are that some knowledgable fellow would turn around and repeat something similar to the above. Now I don't want to say that every WaReZ board is like this, most are not (now!) ... Let me tell you a story ...

I started on the PC scene in May 1991, I was given alone of an XT, VGA 20mb Hard drive and 720k floppy drive, this was 1991 so most games ran fine, but I got bored with that ... I started learning MSDOS commands, then when I had learned them I started looking for a programming language to learn, I had never liked BASIC as I had used it on my Commodore a few year previously ... So I called a few shareware companies and found a program called PowerBATCH. This was quite good, it was like the batch language I had learned before and also had variables and other commands similar to pascal ... I started on PowerBATCH ... Then in July 1992 I started up a shareware BBS system, this ran until December of the same year when I started programming in Turbo Pascal (I also changed the BBS into a HPAVCT board then as well) I programmed in Pascal until February of 93 then started on assembler. I didn't buy any books, I only used the A86 DOC files and a DOS Reference file by Dave Williams ... I learned what commands did what by DEBUGGING small .COM file utilities under DEBUG ... I then wrote a file encrypter, a checksum program various other things then in July 93 I got a modem and started phreaking calls to the USA ... I started to get interested in cracking, although none told me how to do it ... I read a few text files by Buckaroo Banzai which helped a little but were quite outdated ... I then got rid of my modem in August 20th 1993 and started virus writing, for a month I wrote viruses, shitty simple COM file appenders but they are still unscannable and undetectable with TBScan ... In September 93 I started cracking full-on ... I cracked games I had in my collection that were uncracked ... Super Tetirs, Stunt Island, Bart v Space Mutants, Golden Axe, F117a, F19, The Incredible Machine and lots more, once I finished cracking my games I started removing nagware screens and delays from shareware programs ... I cracked about 175 programs and games from September > December 1993, the volume was because I had a lot of time on my hands and I didn't have a amodem to distract me ... In December (27th) I got another modem, this one is for good ... I released a library of cracks called the Z-N0TE Hack Library, the filename was ZHLIB11.ZIP ... I then thought about starting a PC shareware cracking crew ... So SiAC was born ... SiAC stands for Superior Intelligent Advanced Crackists/Coders, I had a look around for other crackists and found Dark Avenger (not the virus guy) but he didn't reply, so I called MiSS and found a few cracks by some guy called Virogen ... I invited him to join SiAC and he accepted ... He was the dude who wrote the viruses Offspring and ASeXuAL ... So we started cracking, myself using Soft-ICE and Virogen using Turbo Debugger, in January of 1994 we released 75 cracks and patches ... SiAC is going strong ! ... Anyway back to the tutor ... The reason I included the above is because people ask how I started cracking and assembling ...

How to crack ...

To crack you basically need the following :

  • Patience
  • A good understanding of assembler
  • A decent debugger

If you haven't got any of the above you cant start cracking ... If you have continue ...

Basically to crack a program you have to search for the right part of the program to hack into ... Say you were trying to crack a program with an annoying beg screen ... You would proceed down the program until you came across a CALL that would display the nag screen or whatever and write down the offset and segment ... You would then check around that area to see if there were any CMP [xxxx],xx commands, if there were, run the program again up to the CMP command and instead of going to way it SHOULD go, take the other route.
(Now go to PART II)

If there weren't any then dig deeper into the CALLS and once you eventually hit a lot of CALLS that start to display the screen you know that the program needs to be hacked and cant be registered (Goto PART 2)

Exit the program and run it up to the part where you saw the first CALL ... Now try nopping it out, it its a CALL xxxx:xxxx you'll have some difficulty as when you search the EXE file you wont find the right bytes to change as the CALL xxxx:xxxx gets edited by the relocation tables in the EXE header ... Trace into the CALL xxxx:xxxx and then straight away put a RETF command there, run the program and if it doesn't crash you have cracked the nag screen, you may have to do the same to remove more nag screens throughout the program though ... To fix the program using a hex editor search for the bytes just inside the CALL xxxx:xxxx command, write down at least 20 bytes as most CALL xxxx:xxxx begin with the same pile of shite ... PUSH BP - MOV BP,SP - etc etc ... Now place a CB over the 55 you'll find (if its a normal CALL xxxx:xxxx you will have a PUSH BP as the first command and the hex equivalent is 55, so replace the 55 with CB (RETF) and save the file back to disk and run it, if it works fine, if it crashes dig deeper into the CALLS and do the same kind of thing ...
(Goto PART III)

(Part II)

If the beg screen doesn't appear then you know that you have cracked it. Now using SoftICE what I would do is place a breakpoint on the memory location specified in the CMP [xxxx] part and rerun the program, noting down if any other bits of the program tried to put a value inside ... Usually you will find a piece of code that places the exact opposite of what you want inside ... Say the check was like this :

        CMP     WORD PTR [1234],+00 
        JNZ     ITSREGISTERED 
        CALL    NAGSCREEN 

ITSREGISTERED: 
        ... REST OF PROGRAM

You would set a break point on the current DS:1234 and run the program again to find the bit that places the bum value inside ... You may find :

        MOV     WORD PTR [1234],0000 
        ...

You would simply change the 0000 to 0001 and 9/10 times the program would act registered ... This is how simple most shareware programs are ... The next step is to try all the different features to see if it works ok ... If it does run the program again and note down a few commands aove the MOV WORD PTR ... Note down the hex bytes as well, now using FED (File Editor, my fave Hex editor) search for the bytes, if the file is encrypted or compressed then try UNP v3.15 or if that fails use TRON v1.06 Registered ... If that fails, tough shit, its loader maker time ! Now say you searched the file and only found one occurance of the bytes, note the offset of the bytes found and what was there (offset : 2345h was 00 is 01), now when patching the file remember that Intel processors use the big-endain method of storing words so if you are thinking of changing 00-00 to 00-01 you should change it to 01-00 instead ... Now run the program and hopefully the program will run registered ... If the program has a CRC check or some other crap built in then you'll have to try and fix that yourself ... BTW this method of cracking has worked on LOTS of shareware programs, SHEZ 90,95,96, COMMO 5.52 and millions of otheres ... Have phun ...
(Part III)

             [/==========================================\] 
      -(*)-=[<]- Z-N0TE, Crackist & Founder Of SiAC '94 -[>]=-(*)- 
             [\==========================================/]

If you have any questions or additions or suggestions contact me whereever you see my handle (ZNOTE) ... Esp on MISS, Digital Decay, MalPhorMation and CoI.

Coming in part 2 and 3 ...

Part 2

How to stop anti debug trix and how to avoid them !

Part 3

How to crack games, remove doc checks and key disks !

Part 4

How to write loaders for those games that use annoying CRC checks or encrypt their main EXE files.

Part 5

How to write a trainer or games (using Pinball Fantasies for an example!)

And if there is the demand and I am not locked up I may continue the series ...
Its up to you, the readers/user ... If you think I'm full of bullshit let me know and correct me if I make mistakes (I'm human, kinda) ... If you like what I do send me your daughters and suggestions etc ...

This file file is a SiAC Official Document, number : 0FF - (SOD-0FF)

Hi 2 : ArcLite, SpeeD, Virogen, Urnst, Blenderhead, Spawn, Jackel, Galileo, iMP (No hard feelings dude) ...

← previous
next →
loading
sending ...
New to Neperos ? Sign Up for free
download Neperos App from Google Play
install Neperos as PWA

Let's discover also

Recent Articles

Recent Comments

guest's profile picture
@guest
8 May 2024
I like the old PC-viruses. They were very popular in the 90s
guest's profile picture
@guest
8 May 2024
Sabung Ayam Online
guest's profile picture
@guest
7 May 2024
I like the idea of using Caraffa to color the beer
guest's profile picture
@guest
7 May 2024
Sabung Ayam Online
guest's profile picture
@guest
6 May 2024
Situs Sabung Ayam Digmaan
AniphaeS's profile picture
@AniphaeS
5 May 2024
Yes, you are right! The correct spelling is " QUEENS". Thanks a lot for the warning 🙂
guest's profile picture
@guest
5 May 2024
Daikatana was my favorite game on the Nintendo64. I have played it a lot but never managed to complete it 100%
Francesco's profile picture
Francesco Arca (@Francesco)
5 May 2024
Shouldn't be called 'Queens'?
guest's profile picture
@guest
5 May 2024
How long does it take to make beer at home?
guest's profile picture
@guest
5 May 2024
lot of interesting information
a Francesco Arca production 2016 - 2024
Terms of Service - Privacy Policy
neperos on mastodon
Neperos cookies
This website uses cookies to store your preferences and improve the service. Cookies authorization will allow me and / or my partners to process personal data such as browsing behaviour.

By pressing OK you agree to the Terms of Service and acknowledge the Privacy Policy

By pressing REJECT you will be able to continue to use Neperos (like read articles or write comments) but some important cookies will not be set. This may affect certain features and functions of the platform.
OK
REJECT