Cracking programs

Using Soft Ice to crack WinRar and other programs:

In the previous case you learned how to cheat a game using cheat engine. Its fairly easy and straight forward. But it has a huge draw back. Using cheat engine we can only change the values, not the program flow. But in other programs we need to change the way program behave.

This is where soft ice and other tools come in. I would advice to have a good hex editor and a dissassembler as helper tools. As you already know each program will end up in assembly code. Think about the part where it asks for a serial number or a registration code:

Somewhere in the program there will be something like

If (User_input_serial_nimber == real_serial_number)

Then : Unlock

Else : Print “Wrong serial number ”

End if

Comparison may happen directly or user may go further as to compare hash values. But most certainly there must be a comparision. What happened is if we enter the correct value it will unlock the program else it will show an error message. Now thinksome how we change the code in following way

If (User_input_serial_nimber  != real_serial_number)

Then : Unlock

Else : Print “Wrong serial number ”

End if

We have simply introduce a ‘not’ to the comparison. Now if what we enter is not the correct number it will unlock the program. This is the method we will use to unlock the winrar. But you may wonder where we will get the source code. Answer is we can’t and we don’t want to.  Although not crear as in high level languages same instruction should be in the assembly code also. What we do is we change the comparison in the assembly code and run it. Now if we enter any number  (except the correct serial) it will be registered under it.

Here are some important instructions in assembly

1.         je (hexadezimal is 74) = Jump if equal

2.        jne (hexadezimal is 75) = Jump if not equal

3.        nop (hexadezimal is 90) = No operation

4.        call (no random hexadezimal) = call a operation

5.        jmp (no random hexadezimal) = jump to string/operation

These are the five basics we’ll need at first. Ok now we’ll take a look what does they do in a asm-code string.

Je (Jump if equal) jumps to a operation if he found what he check.

Example:

The game needs a cd to. So the “jump if equal” je command check if there is a CD in drive. If there is a cd in drive it’ll continue and execute the commands after it. That’s an equal operation. The cd was found (equal) and it continues in asm-code (jump if equal).

Jne (Jump if not equal) jumps to a operation (most times, to the error message you’ll receive on your screen) if it don’t found what it check.

Example:

The game needs a cd to start the main game. So the “jump if not equal” jne command check if there is a cd present in drive. If not it’ll jump , and you’ll receive the error message on screen like “Cannot find CD in drive. Please insert CD and click on OK.”

That’s a “jump if not equal” operation. The check failed (cause it didn’t find a CD in drive) and he jump to the “unwanted section” and the ” unwanted section ” end the load process and let the error message be shown on your screen.

Nop (no operation) a nop command kill the current operation like checking after CD in drive or checking if password valid.

Example:

The game need a cd to start the main game. Its like before cause you set the nop command.

You can replace the jne/je/call/jmp commands with a nop command. The nop will then disable the jne/je/call/jmp command this mean that the program don’t check if a cd is present in drive and continuous in asm-code.The game run (you can do that but it’s also a style for simply cd protections).

Call (Call a operation) a call command do what his name say. He call a command what can be a error message, a nag screen…This you can disable with a nop command.

Jmp (Jump to a string/operation) a jmp command is like a call (not the same but…you can say it is) it don’t call commands but jump to them.

Example:

The jmp jumps to a string/operation which will call a error message The jmp you can also disable with a nop command.