How To: The Hacks Behind Cracking, Part 1: How to Bypass Software Registration

The Hacks Behind Cracking, Part 1: How to Bypass Software Registration

If you've ever wondered how software pirates can take software and crack it time and time again, even with security in place, this small series is for you. Even with today's most advanced methods of defeating piracy in place, it is still relatively easy to crack almost any program in the world. This is mainly due to computer processes' ability to be completely manipulated by an assembly debugger. Using this, you can completely bypass the registration process by making it skip the application's key code verification process without using a valid key. This works because assembly allows you to speak directly to the processor and force a skip over the registration process.

In this Null Byte, let's go over how cracking could work in practice by looking at an example program (a program that serves no purpose other than for me to hack). I will not be walking you through how to actually crack a legitimate program, because I can't just crack a program for demonstration, but the techniques applied to my examples should give you the foundation needed to create your own. At that point, it's a test of your morals if you want to use your knowledge for good or bad.

Requirements

  • Windows (for examples only, debuggers exist across platforms)
  • A debugger installed: IDA, ollydbg, etc. (ollydbg will be used in examples)

Step 1 Test the Program

First, run the program that you are attempting to reverse engineer and try to activate it with a random key to verify that you need a valid software key to proceed. This is to verify that we can come up with the keys.

Step 2 Run the Program in a Debugger

  1. Run ollydbg.
  2. Open up the program you wish to bypass with ollydbg.
  3. Click the play button to run the program with the debugger attached.
  4. Right click the CPU window, and click Search For > All intermodular calls.
  5. Search for high interest DLLs. GETDLGITEMTEXT, will be for dialog boxes, which get called when you try to enter a software key. By stepping into the function with the debugger, we can examine the registration specifically. SENDDLGITEM could be used as well.
  6. Test to see which one works to break out of the activation loop by right clicking the DLL call and setting a breakpoint for all instances of that call.The Hacks Behind Cracking, Part 1: How to Bypass Software Registration
  7. Resume the program and enter any software key you feel like. If the debugger breaks (pauses the program's execution) after entering your key, then you know you found DLL in step 5.
  8. Press F8 back in the CPU window to force the next step until you get to the TEST EAX. EAX is the return of a value, which means that a check is being performed here. Upon examination, we can see that the EAX is checking for a number that is not equal to a null value. This means that if it is replaced with anything other than null, it will run.The Hacks Behind Cracking, Part 1: How to Bypass Software Registration
  9. Right-click the EAX and change it in hex value to 1, instead of 0.
  10. Resume the program again, and you will have successfully activated the program.The Hacks Behind Cracking, Part 1: How to Bypass Software RegistrationAnd for proof it was registered to me:The Hacks Behind Cracking, Part 1: How to Bypass Software Registration

This works because you are making the process jump from one register and skip the one that verifies the key entered. To exploit the key registration algorithm, keep an eye out for part two of this tutorial on making the key generator. Hooray for assembly!

Image via msbyron27

31 Comments

Well I seem to have found the point where the reference lies but canoot find the pass.....

It gives me a pop-up widow but the problem is that it is not a program itself but a packege on a program that runs inside a statistical package. Any help would be highly appreciated

how to crack this kind of registration process...?? if you have any process for this then send me urgent...i am waiting for your reply.:)

How would you crack something like this? (btw it's not installed software, just an exe. file with several .dll files in it's original folder).

Hi. I have a software what need to crack. But that software using online checking license. How can i bypass it ? Can anybody help me ?

Maybe try to turn off your Internet during the process.

A well placed jump and nop will normally do the trick

hi how to crack this this kind of registartion? rng repacer detected lock with aplib compression

how can I hack swf file of a adobe air based application like Longtailpro or Market samurai to bypass login credentials?

Did you get any responses wit this?
I myself am looking for a crack for the latest version of Long Tail Pro
Cheers!

Hmm... What about using it to Crack another Debugger... i want to use WinDBG(Needs Cracking)+ Visual Studio 2008(Activated) Professional to debug Nintendo DS homebrew! But it has a trial period and i used that up last year... i can't afford a copy of this... maybe ill ask for it for my birthday but i doubt i can get it.

anybody can help me to crack sendblaster 3. i did not find GETDLGITEMTEXT .

can any one do crack of my .exe file i want the key to use it.it verifies the key online as i enter fake serial can any one help me....

Whenever I search for "Intermodule Calls" nothing comes up?

does anybody have any ideas on how to get past internet verification of activation code? And turning off the internet does not work.

Fundy album designer software crackable???

How do you bypass software registration if GETDLGITEMTEXT or SENDDLGITEM does not show? also the software is using online registration, how do you make it offline registration?

My EAX is set to 1, so if i set it to 0 then nothing happens, i go to put the code in and it pauses execution again and EAX is set back to 1. any ideas?

How to bypass this message and i unable to this Please help

Good evening, I need your help please so that this application opens without blockage, this app works with only one pc when I try to launch another it shows an error message indicates that the data are changed then there is a relationship between the application and the pc serial numbers, here's the link to download the application must decompress and then made double-clicks the file Star.exe to see the launch of the application and the error message. here is the link for download:

http://www.mediafire.com/download/sutb9tb06qcetu7/Star+V701.rar

my email: brainyboy89@gmail.com
Thank's friends.

Can anybody help to convert the Snapgene Trial Version into a full version?
I tried via Ollydbg, but I can't find the correct string.

mail: lukas-b.89@gmx.de

Thank you very much!

Yes lukas Bethlehem I just think you are not using the right tool to get the job done I am willing to help just click on my profile you see my email address there on my bio you can reach me through that.

It is an amazing technique! I have reached until SENDDLGITEM
as the software I am using is somehow connected to online.
After that when I press F8 nothin happens can anybody help me with that? Many thanks!!! You May PM me!

And what if your software doesn't have an option to enter registration key? I'm trying to crack sparkol Videoscribe latest version 2.3.4 but I don't see any option to enter Registration key, there's only one option that's 'BUY NOW'. Please help me!

Does this Technique Cracks the Software it its using MAC address and Other Stored addresses of System.

I got a problem using this ollydb,, after setting up the breakpoint the CPU status says "paused" and then I can't open the program I wanted to crack anymore,I mean the program halt, what should I do can someone help me pls? :(

some one asked for market samurai crack... i have a temporary trick to make it running.... but it needs your effort in every time the trial expires.

Hi

Thanks for this tut, but i need some debugger for mac os x app so i can crack the app i want. there are few dissabmbler and debuger but most of them are need to purchase.

i have few app that i need to crack for personal use propose but i need guide on mac.

if you could make one i appreciated

Trying to get into remixlive 1.3.1. but i cannot find GETDLGITEMTEXT...any help?

On my home computer(windows 10) the software was running me in circles too, from what I can tell (and I'm not sure) but it looks like it doesn't like Windows 10 and maybe not 64 bit.

The software is an older software that's probably only good up till windows 8 so you may have to get ya a cheap laptop with Windows 7

All I know is both IMS 16 & 32 bit software both downloaded and open up fine on my windows 7 32 bit laptop.

And that's how you get your through with your software reg but if you finding any difficulties in that just contact me on the email on my bio that's when you click on my profile.

Share Your Thoughts

  • Hot
  • Latest