Best Blackhat Forum

Full Version: [GET] How to Crack any Software Protection
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2
In this tutorial you will learn how to crack any type of software protection using W32Dasm and HIEW.

IDENTIFYING THE PROTECTION:
Run the program, game, etc., (SoftwareX) that you want to crack
without the CD in the CD reader. SoftwareX will not run of course, however, when the error window pops up it will give you all of the vital information that you need to crack the program, so be sure to
write down what it says.


CRACKING THE PROTECTION:
Now, run Win32Dasm. On the file
menu open DISASSEMBLER > OPEN
FILE TO DISASSEMBLE. Select SoftwareX’s executable file in the popup window that will appear (e.g. SoftwareX.exe).

W32Dasm may take several minutes
to disassemble the file. When W32Dasm finishes disassembling the file it will display unrecognizable text; this is what we want. Click on the String Data References button. Scroll through the String Data Items until you find SoftwareX’s error message. When you locate it, double click the error message and then close the window to return to the Win32Dasm text. You will notice that you have been moved somewhere within the SoftwareX’s
check routine; this is where the error message in generated.

Now comes the difficult part, so be
careful. To crack SoftwareX’s protection you must know the @offset of every call and jump command. Write down every
call and jump @offset number that you see (You have to be sure, that the OPBAR change its used color
to green). You need the number
behind the @offset without the “h.”
Now open HIEW, locate SoftwareX’s
executable, and press the F4 key.
At this point a popup window will appear with 3 options: Text, Hex, and Decode. Click on “Decode” to
see a list of numbers. Now press
the F5 key and enter the number
that was extracted using Win32Dasm. After you have entered the number you will be taken to SoftwareX’s check routine within HIEW.
To continue you must understand
this paragraph. If the command
that you are taken to is E92BF9BF74, for example, it means that the command equals 5 bytes. Every 2 digits equal one byte: E9-2B-F9-BF-74 => 10 digits => 5 bytes. If you understood this then you can continue.
Press F3 (Edit), this will allow you to edit the 10 digits. Replace the 5
bytes with the digits 90. In other words, E92BF9BF74 will become
9090909090 (90-90-90-90-90). After you complete this step press the F10 key to exit.

Congratulations! You just cracked
SoftwareX!
Don’t panic if SoftwareX will not
run after you finished cracking it.
It only means that something was done incorrectly, or perhaps SoftwareX’s protection technology has been improved or created after this tutorial. Simply reinstall SoftwareX and start over. If you’re
sure that you completed all steps
correctly and the program still will
not run, then tough nuts. Their protection was developed after the writing of this tutorial.
can you make a video example of this?
Please do.
Fully understood, thank you for the share, rep+.
Nice

Just waiting on the n00bs to ask what is "softwareX" :-)
................................
But....... what is the password :)
Where is a link to download SoftwareX Biggrin Biggrin Biggrin Biggrin Biggrin
Thanx ! Rep+
Now that's what I call an overreaching title!!

The method at best covers one type of protection on one platform. I've got hundreds of programs, and not one of them requires me to put in a key CD.
Here is a simple method with example
Just try it
Software:LongTail Pro Keyword
Disassembler:Win32Dasm or Ollydbg
HEX viewer:HIEW

1. First backup longtailpro exe on somewhere.
Then run LTP.exe
Enter anything on Email and license key tab.
2. The error will occur, then notedown the error created on LTP and paste it on notepad.
Just close LTP.
3. Then open your Disassembler either win32dasm or ollydbg.
In this example i use win32dasm then load the LTP.exe file
4. It takes some time to load so be patience and it displays unreadable content. Thats the thing we want.
5. Then simply click String Data Reference button present in win32Dasm.
6. On that field you have to check the error message created by LTP that you have notedown on notepad
7. Once you found that error string message then simply double click that line and then close the window.
8. You have moved somewhere on LTP.exe on that generated code.
9. Here comes the real cracking but be careful note down the call and jump instruction numbers @offset without 'h' somewhere on notepad.
10. Then open HIEW and locate LTP.exe and press F4.
11. At that time you get three tabs woth three options like text, hex and decode. You have to click "decode" and it list out the numbers.
12. Then press F5 and put the number you notedown on previous step.
13. HIEW do their search check routine and you found that number something like that E92BF9BF74 you simply change that numbers into "9090909090". Whats 90 means no operation.
14. Just change all the number you noted down.
15. If you know assembly language well you just change the no into your own operation just like JNC into JC and JC into JNC...etc
16. Thats it press F10 and exit
17. Voila you just cracked LTP.

This is just for educational purpose i do not responsible for any thing. This method works even all softwares. Try to understand all the words i written and dont ask shit noob questions. Try to learn something yourselves. If crack does not work the protection was more secure....If you crack anything just put my name on this thread somewhere. Dont be lazy to search these crack softwares on bestblackhatforum
If you think it is very useful try to thanks me and give me a REP+++++++++.
Thanks regards,
Rockzz......
Pages: 1 2
Reference URL's