HOME

TheInfoList



OR:

Software cracking (known as "breaking" mostly in the 1980s) is the modification of
software Software is a set of computer programs and associated documentation and data. This is in contrast to hardware, from which the system is built and which actually performs the work. At the lowest programming level, executable code consists ...
to remove or disable features which are considered undesirable by the person cracking the software (software cracker), especially copy protection features (including protection against the manipulation of software, serial number, hardware key, date checks and disc check) or software annoyances like nag screens and
adware Adware, often called advertising-supported software by its developers, is software that generates revenue for its developer by automatically generating online advertisements in the user interface of the software or on a screen presented to the ...
. A crack refers to the means of achieving, for example a stolen
serial number A serial number is a unique identifier assigned incrementally or sequentially to an item, to ''uniquely'' identify it. Serial numbers need not be strictly numerical. They may contain letters and other typographical symbols, or may consist enti ...
or a tool that performs that act of cracking. Some of these tools are called
keygen A key generator (key-gen) is a computer program that generates a product licensing key, such as a serial number, necessary to activate for use of a software application. Keygens may be legitimately distributed by software manufacturers for lice ...
,
patch Patch or Patches may refer to: Arts, entertainment and media * Patch Johnson, a fictional character from ''Days of Our Lives'' * Patch (''My Little Pony''), a toy * "Patches" (Dickey Lee song), 1962 * "Patches" (Chairmen of the Board song) ...
,
loader Loader can refer to: * Loader (equipment) * Loader (computing) ** LOADER.EXE, an auto-start program loader optionally used in the startup process of Microsoft Windows ME * Loader (surname) * Fast loader * Speedloader * Boot loader ** LOADER.COM ...
, or no-disc crack. A keygen is a handmade product serial number generator that often offers the ability to generate working serial numbers in your own name. A patch is a small computer program that modifies the machine code of another program. This has the advantage for a cracker to not include a large executable in a release when only a few bytes are changed. A loader modifies the startup flow of a program and does not remove the protection but circumvents it. A well-known example of a loader is a trainer used to cheat in games. Fairlight pointed out in one of their .nfo files that these type of cracks are not allowed for
warez scene The Warez scene, often referred to as The Scene, is a worldwide, underground, organized network of pirate groups specializing in obtaining and illegally releasing digital media for free before their official sale date. The Scene distributes all fo ...
game releases. A nukewar has shown that the protection may not kick in at any point for it to be a valid crack. Software cracking is closely related to
reverse engineering Reverse engineering (also known as backwards engineering or back engineering) is a process or method through which one attempts to understand through deductive reasoning how a previously made device, process, system, or piece of software accompli ...
because the process of attacking a copy protection technology, is similar to the process of reverse engineering. The distribution of cracked copies is illegal in most countries. There have been lawsuits over cracking software. It might be legal to use cracked software in certain circumstances. Educational resources for reverse engineering and software cracking are, however, legal and available in the form of Crackme programs.


History

The first software copy protection was applied to software for the
Apple II The Apple II (stylized as ) is an 8-bit home computer and one of the world's first highly successful mass-produced microcomputer products. It was designed primarily by Steve Wozniak; Jerry Manock developed the design of Apple II's foam-m ...
,
Atari 8-bit family The Atari 8-bit family is a series of 8-bit home computers introduced by Atari, Inc. in 1979 as the Atari 400 and Atari 800. The series was successively upgraded to Atari 1200XL , Atari 600XL, Atari 800XL, Atari 65XE, Atari 130XE, Atari 800XE, ...
, and
Commodore 64 The Commodore 64, also known as the C64, is an 8-bit home computer introduced in January 1982 by Commodore International (first shown at the Consumer Electronics Show, January 7–10, 1982, in Las Vegas). It has been listed in the Guinness ...
computers.. Software publishers have implemented increasingly complex methods in an effort to stop unauthorized copying of software. On the Apple II, the operating system directly controls the step motor that moves the
floppy drive A floppy disk or floppy diskette (casually referred to as a floppy, or a diskette) is an obsolescent type of disk storage composed of a thin and flexible disk of a magnetic storage medium in a square or nearly square plastic enclosure lined w ...
head, and also directly interprets the raw data, called ''
nibble In computing, a nibble (occasionally nybble, nyble, or nybl to match the spelling of byte) is a four-bit aggregation, or half an octet. It is also known as half-byte or tetrade. In a networking or telecommunication context, the nibble is oft ...
s'', read from each track to identify the data sectors. This allowed complex disk-based software copy protection, by storing data on half tracks (0, 1, 2.5, 3.5, 5, 6...), quarter tracks (0, 1, 2.25, 3.75, 5, 6...), and any combination thereof. In addition, tracks did not need to be perfect rings, but could be sectioned so that sectors could be staggered across overlapping offset tracks, the most extreme version being known as spiral tracking. It was also discovered that many floppy drives did not have a fixed upper limit to head movement, and it was sometimes possible to write an additional 36th track above the normal 35 tracks. The standard Apple II copy programs could not read such protected floppy disks, since the standard DOS assumed that all disks had a uniform 35-track, 13- or 16-sector layout. Special nibble-copy programs such as Locksmith and Copy II Plus could sometimes duplicate these disks by using a reference library of known protection methods; when protected programs were cracked they would be completely stripped of the copy protection system, and transferred onto a standard format disk that any normal Apple II copy program could read. One of the primary routes to hacking these early copy protections was to run a program that simulates the normal CPU operation. The CPU simulator provides a number of extra features to the hacker, such as the ability to single-step through each processor instruction and to examine the CPU registers and modified memory spaces as the simulation runs (any modern disassembler/debugger can do this). The Apple II provided a built-in opcode disassembler, allowing raw memory to be decoded into CPU opcodes, and this would be utilized to examine what the copy-protection was about to do next. Generally there was little to no defense available to the copy protection system, since all its secrets are made visible through the simulation. However, because the simulation itself must run on the original CPU, in addition to the software being hacked, the simulation would often run extremely slowly even at maximum speed. On Atari 8-bit computers, the most common protection method was via "bad sectors". These were sectors on the disk that were intentionally unreadable by the disk drive. The software would look for these sectors when the program was loading and would stop loading if an error code was not returned when accessing these sectors. Special copy programs were available that would copy the disk and remember any bad sectors. The user could then use an application to spin the drive by constantly reading a single sector and display the drive RPM. With the disk drive top removed a small screwdriver could be used to slow the drive RPM below a certain point. Once the drive was slowed down the application could then go and write "bad sectors" where needed. When done the drive RPM was sped up back to normal and an uncracked copy was made. Of course cracking the software to expect good sectors made for readily copied disks without the need to meddle with the disk drive. As time went on more sophisticated methods were developed, but almost all involved some form of malformed disk data, such as a sector that might return different data on separate accesses due to bad data alignment. Products became available (from companies such as
Happy Computers Happy drives are series of disk drive enhancements for the Atari 8-bit and Atari ST computer families produced by a small company Happy Computers. Happy Computers is most noted for the add-in boards for the Atari 810 and Atari 1050 disk drives, w ...
) which replaced the controller BIOS in Atari's "smart" drives. These upgraded drives allowed the user to make exact copies of the original program with copy protections in place on the new disk. On the Commodore 64, several methods were used to protect software. For software distributed on
ROM cartridge A ROM cartridge, usually referred to in context simply as a cartridge, cart, or card, is a replaceable part designed to be connected to a consumer electronics device such as a home computer, video game console or, to a lesser extent, electroni ...
s, subroutines were included which attempted to write over the program code. If the software was on ROM, nothing would happen, but if the software had been moved to
RAM Ram, ram, or RAM may refer to: Animals * A male sheep * Ram cichlid, a freshwater tropical fish People * Ram (given name) * Ram (surname) * Ram (director) (Ramsubramaniam), an Indian Tamil film director * RAM (musician) (born 1974), Dutch * ...
, the software would be disabled. Because of the operation of Commodore floppy drives, one write protection scheme would cause the floppy drive head to bang against the end of its rail, which could cause the drive head to become misaligned. In some cases, cracked versions of software were desirable to avoid this result. A misaligned drive head was rare usually fixing itself by smashing against the rail stops. Another brutal protection scheme was grinding from track 1 to 40 and back a few times. Most of the early software crackers were computer hobbyists who often formed groups that competed against each other in the cracking and spreading of software. Breaking a new copy protection scheme as quickly as possible was often regarded as an opportunity to demonstrate one's technical superiority rather than a possibility of money-making. Software crackers usually did not benefit materially from their actions and their motivation was the challenge itself of removing the protection. Some low skilled hobbyists would take already cracked software and edit various unencrypted strings of text in it to change messages a game would tell a game player, often something considered vulgar. Uploading the altered copies on file sharing networks provided a source of laughs for adult users. The cracker groups of the 1980s started to advertise themselves and their skills by attaching animated screens known as
crack intro __NOTOC__ A crack intro, also known as a cracktro, loader, or just intro, is a small introduction sequence added to cracked software. It aims to inform the user which "cracking crew" or individual cracker removed the software's copy protection and ...
s in the software programs they cracked and released. Once the technical competition had expanded from the challenges of cracking to the challenges of creating visually stunning intros, the foundations for a new subculture known as
demoscene The demoscene is an international computer art subculture focused on producing demos: self-contained, sometimes extremely small, computer programs that produce audiovisual presentations. The purpose of a demo is to show off programming, visual ...
were established. Demoscene started to separate itself from the illegal "warez scene" during the 1990s and is now regarded as a completely different subculture. Many software crackers have later grown into extremely capable software reverse engineers; the deep knowledge of assembly required in order to crack protections enables them to
reverse engineer Reverse engineering (also known as backwards engineering or back engineering) is a process or method through which one attempts to understand through deductive reasoning how a previously made device, process, system, or piece of software accompli ...
drivers in order to port them from binary-only drivers for
Windows Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for serv ...
to drivers with source code for
Linux Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which ...
and other free operating systems. Also because music and game intro was such an integral part of gaming the music format and graphics became very popular when hardware became affordable for the home user. With the rise of the
Internet The Internet (or internet) is the global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a '' network of networks'' that consists of private, pub ...
, software crackers developed secretive online organizations. In the latter half of the nineties, one of the most respected sources of information about "software protection reversing" was
Fravia Francesco Vianello (30 August 1952 – 3 May 2009), better known by his nickname Fravia (sometimes +Fravia or Fravia+), was a software reverse engineer, who maintained a web archive of reverse engineering techniques and papers. He also worke ...
's website.


+HCU

The ''High Cracking University'' (+HCU) was founded by
Old Red Cracker Old Red Cracker (abbreviated +ORC) is an anonymous reverser. He was one of the pioneers of publishing cracking lessons on the Internet. While his identity is unknown, reverse engineer Fravia had email correspondence with him and spread his tutori ...
(+ORC), considered a genius of reverse engineering and a legendary figure in RCE, to advance research into Reverse Code Engineering (RCE). He had also taught and authored many papers on the subject, and his texts are considered classics in the field and are mandatory reading for students of RCE. The addition of the "+" sign in front of the nickname of a reverser signified membership in the +HCU. Amongst the students of +HCU were the top of the elite Windows reversers worldwide. +HCU published a new reverse engineering problem annually and a small number of respondents with the best replies qualified for an undergraduate position at the university. +Fravia was a professor at +HCU. Fravia's website was known as "+Fravia's Pages of Reverse Engineering" and he used it to challenge programmers as well as the wider society to "reverse engineer" the "brainwashing of a corrupt and rampant materialism". In its heyday, his website received millions of visitors per year and its influence was "widespread". On his site, +Fravia also maintained a database of the tutorials generated by +HCU students for posterity. Nowadays most of the graduates of +HCU have migrated to Linux and few have remained as Windows reversers. The information at the university has been rediscovered by a new generation of researchers and practitioners of RCE who have started new research projects in the field.


Methods

The most common software crack is the modification of an application's binary to cause or prevent a specific key branch in the program's execution. This is accomplished by
reverse engineering Reverse engineering (also known as backwards engineering or back engineering) is a process or method through which one attempts to understand through deductive reasoning how a previously made device, process, system, or piece of software accompli ...
the compiled program code using a
debugger A debugger or debugging tool is a computer program used to software testing, test and debugging, debug other programs (the "target" program). The main use of a debugger is to run the target program under controlled conditions that permit the pr ...
such as
SoftICE SoftICE is a kernel mode debugger for DOS and Windows up to Windows XP. It is designed to run underneath Windows, so that the operating system is unaware of its presence. Unlike an application debugger, SoftICE is capable of suspending all oper ...
,
OllyDbg OllyDbg (named after its author, Oleh Yuschuk) was an x86 debugger that emphasizes binary code analysis, which is useful when source code is not available. It traces registers, recognizes procedures, API calls, switches, tables, constants a ...
,
GDB The GNU Debugger (GDB) is a Software portability, portable debugger that runs on many Unix-like systems and works for many programming languages, including Ada (programming language), Ada, C (programming language), C, C++, Objective-C, Free Pasc ...
, or
MacsBug MacsBug is a low-level (assembly language/machine-level) debugger for the classic Mac OS operating system. MacsBug is an acronym for ''Motorola Advanced Computer Systems Debugger'', as opposed to ''Macintosh debugger'' (The Motorola 68000 Micropr ...
until the software cracker reaches the
subroutine In computer programming, a function or subroutine is a sequence of program instructions that performs a specific task, packaged as a unit. This unit can then be used in programs wherever that particular task should be performed. Functions may ...
that contains the primary method of protecting the software (or by disassembling an executable file with a program such as
IDA Ida or IDA may refer to: Astronomy * Ida Facula, a mountain on Amalthea, a moon of Jupiter *243 Ida, an asteroid *International Docking Adapter, a docking adapter for the International Space Station Computing *Intel Dynamic Acceleration, a techn ...
). The binary is then modified using the
debugger A debugger or debugging tool is a computer program used to software testing, test and debugging, debug other programs (the "target" program). The main use of a debugger is to run the target program under controlled conditions that permit the pr ...
or a
hex editor A hex editor (or ''binary file editor'' or ''byte editor'') is a computer program that allows for manipulation of the fundamental binary data that constitutes a computer file. The name 'hex' comes from ' hexadecimal', a standard numerical format f ...
such as HIEW or
monitor Monitor or monitor may refer to: Places * Monitor, Alberta * Monitor, Indiana, town in the United States * Monitor, Kentucky * Monitor, Oregon, unincorporated community in the United States * Monitor, Washington * Monitor, Logan County, West ...
in a manner that replaces a prior branching
opcode In computing, an opcode (abbreviated from operation code, also known as instruction machine code, instruction code, instruction syllable, instruction parcel or opstring) is the portion of a machine language instruction that specifies the operat ...
with its complement or a NOP
opcode In computing, an opcode (abbreviated from operation code, also known as instruction machine code, instruction code, instruction syllable, instruction parcel or opstring) is the portion of a machine language instruction that specifies the operat ...
so the key branch will either always execute a specific
subroutine In computer programming, a function or subroutine is a sequence of program instructions that performs a specific task, packaged as a unit. This unit can then be used in programs wherever that particular task should be performed. Functions may ...
or skip over it. Almost all common software cracks are a variation of this type.
Proprietary software Proprietary software is software that is deemed within the free and open-source software to be non-free because its creator, publisher, or other rightsholder or rightsholder partner exercises a legal monopoly afforded by modern copyright and int ...
developers are constantly developing techniques such as
code obfuscation In software development, obfuscation is the act of creating source or machine code that is difficult for humans or computers to understand. Like obfuscation in natural language, it may use needlessly roundabout expressions to compose statem ...
,
encryption In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can decip ...
, and
self-modifying code In computer science, self-modifying code (SMC) is code that alters its own instructions while it is executing – usually to reduce the instruction path length and improve performance or simply to reduce otherwise repetitively similar code, ...
to make this modification increasingly difficult. Even with these measures being taken, developers struggle to combat software cracking. This is because it is very common for a professional to publicly release a simple cracked EXE or Retrium Installer for public download, eliminating the need for inexperienced users to crack the software themselves. A specific example of this technique is a crack that removes the expiration period from a time-limited trial of an application. These cracks are usually programs that alter the program executable and sometimes the .dll or .so linked to the application and the process of altering the original binary files is called patching. Similar cracks are available for software that requires a hardware
dongle A dongle is a small piece of computer hardware that connects to a port on another device to provide it with additional functionality, or enable a pass-through to such a device that adds functionality. In computing, the term was initially synonym ...
. A company can also break the copy protection of programs that they have legally purchased but that are
licensed A license (or licence) is an official permission or permit to do, use, or own something (as well as the document of that permission or permit). A license is granted by a party (licensor) to another party (licensee) as an element of an agreeme ...
to particular hardware, so that there is no risk of downtime due to hardware failure (and, of course, no need to restrict oneself to running the software on bought hardware only). Another method is the use of special software such as
CloneCD CloneCD is proprietary optical disc authoring software that makes exact, 1:1 copies of music and data CDs and DVDs, regardless of any Digital Rights Management (DRM) restrictions. It was originally written by Oliver Kastl and offered by Swiss ...
to scan for the use of a commercial copy protection application. After discovering the software used to protect the application, another tool may be used to remove the copy protection from the software on the CD or
DVD The DVD (common abbreviation for Digital Video Disc or Digital Versatile Disc) is a digital optical disc data storage format. It was invented and developed in 1995 and first released on November 1, 1996, in Japan. The medium can store any kind ...
. This may enable another program such as
Alcohol 120% Alcohol 120% is a disk image emulator created by Alcohol Soft. It can create and mount disc images in the proprietary Media Descriptor File format. Images in this format consist of a pair of .mds and .mdf files. Alcohol 120% can also convert im ...
,
CloneDVD CloneDVD is a proprietary DVD cloning software, developed by Elaborate Bytes, that can be used to make backup copies of any DVD movie not copy-protected. The program is able to transcode a dual layer DVD movie to fit it onto a DVD-R, DVD+R ...
,
Game Jackal Game Jackal is a PC application developed by Antiguan-based company SlySoft that allows users to play PC game titles without the need for the game's media to be in the CD-ROM or DVD-ROM drive. The program functions similar to a virtual drive; ...
, or
Daemon Tools DAEMON Tools is a virtual drive and optical disc authoring program for Microsoft Windows and Mac OS. Overview DAEMON tools was originally a successor of ''Generic SafeDisc emulator'' and incorporated all of its features. The program claims ...
to copy the protected software to a user's hard disk. Popular commercial copy protection applications which may be scanned for include
SafeDisc ''SafeDisc'' is a copy protection program for Microsoft Windows applications and games distributed on optical disc. Created by Macrovision Corporation, it was aimed to hinder unauthorized disc duplication. The program was first introduced in 19 ...
and
StarForce The Starforce is a supervillain team appearing in American comic books published by Marvel Comics. Its first appearance was in the comic ''The Avengers (comic book), Avengers'' #346 released in 1992, as part of the "Operation: Galactic Storm" st ...
. In other cases, it might be possible to
decompile A decompiler is a computer program that translates an executable file to a high-level source file which can be recompiled successfully. It does therefore the opposite of a typical compiler, which translates a high-level language to a low-level la ...
a program in order to get access to the original
source code In computing, source code, or simply code, is any collection of code, with or without comments, written using a human-readable programming language, usually as plain text. The source code of a program is specially designed to facilitate the wo ...
or code on a level higher than
machine code In computer programming, machine code is any low-level programming language, consisting of machine language instructions, which are used to control a computer's central processing unit (CPU). Each instruction causes the CPU to perform a very ...
. This is often possible with
scripting language A scripting language or script language is a programming language that is used to manipulate, customize, and automate the facilities of an existing system. Scripting languages are usually interpreted at runtime rather than compiled. A scripting ...
s and languages utilizing
JIT Jit (also known as jiti, jit-jive and the Harare beat) is a style of popular Zimbabwean dance music. It features a swift rhythm played on drums and accompanied by a guitar. Jit evolved out many diverse influences, including domestic chimurenga, ...
compilation. An example is cracking (or debugging) on the .NET platform where one might consider manipulating CIL to achieve one's needs. Java's
bytecode Bytecode (also called portable code or p-code) is a form of instruction set designed for efficient execution by a software interpreter. Unlike human-readable source code, bytecodes are compact numeric codes, constants, and references (norma ...
also works in a similar fashion in which there is an intermediate language before the program is compiled to run on the platform dependent
machine code In computer programming, machine code is any low-level programming language, consisting of machine language instructions, which are used to control a computer's central processing unit (CPU). Each instruction causes the CPU to perform a very ...
. Advanced reverse engineering for protections such as
SecuROM SecuROM was a CD/DVD copy protection and digital rights management (DRM) product developed by Sony DADC. It aims to prevent unauthorised copying and reverse engineering of software, primarily commercial computer games running on Microsoft Win ...
,
SafeDisc ''SafeDisc'' is a copy protection program for Microsoft Windows applications and games distributed on optical disc. Created by Macrovision Corporation, it was aimed to hinder unauthorized disc duplication. The program was first introduced in 19 ...
,
StarForce The Starforce is a supervillain team appearing in American comic books published by Marvel Comics. Its first appearance was in the comic ''The Avengers (comic book), Avengers'' #346 released in 1992, as part of the "Operation: Galactic Storm" st ...
, or
Denuvo Denuvo Anti-Tamper is an anti-tamper technology and digital rights management (DRM) system developed by Austrian software company Denuvo Software Solutions GmbH, a subsidiary of Irdeto. The company also developed an anti-cheat counterpart. Hi ...
requires a cracker, or many crackers to spend much more time studying the protection, eventually finding every flaw within the protection code, and then coding their own tools to "unwrap" the protection automatically from executable (.EXE) and library (.DLL) files. There are a number of sites on the Internet that let users download cracks produced by
warez groups A warez group is a tightly organised group of people involved in creating and/or distributing warez such as movies, music or software ("warez") in The Scene. There are different types of these groups in the Scene: ''release groups'' and ''courier ...
for popular games and applications (although at the danger of acquiring malicious software that is sometimes distributed via such sites). Although these cracks are used by legal buyers of software, they can also be used by people who have downloaded or otherwise obtained unauthorized copies (often through
P2P P2P may refer to: * Pay to play, where money is exchanged for services * Peer-to-peer, a distributed application architecture in computing or networking ** List of P2P protocols * Phenylacetone, an organic compound commonly known as P2P * Poin ...
networks).


See also

*
Reverse engineering Reverse engineering (also known as backwards engineering or back engineering) is a process or method through which one attempts to understand through deductive reasoning how a previously made device, process, system, or piece of software accompli ...


References

{{Independent production Hacker culture Copyright infringement Copyright infringement of software Warez