Advertisements

Ollydbg – Cracking software like a pro

If you’ve ever wondered how software pirates can take software and crack it time and time again, even with security in place, this small series is for you.

Let’s go over how cracking could work in practice by looking at an example program (a program that serves no purpose other than for me to hack). I will not be walking you through how to actually crack a legitimate program, because I can’t just crack a program for demonstration, but the techniques applied to my examples should give you the foundation needed to create your own. At that point, it’s a test of your morals if you want to use your knowledge for good or bad.

 

Requirements

  • Windows (for examples only, debuggers exist across platforms)
  • A debugger installed: IDA, ollydbg, etc. (ollydbg will be used in examples)

Step 1 Test the Program

First, run the program that you are attempting to reverse engineer and try to activate it with a random key to verify that you need a valid software key to proceed. This is to verify that we can come up with the keys.

Step 2 Run the Program in a Debugger

Run ollydbg.

Open up the program you wish to bypass with ollydbg.

Click the play button to run the program with the debugger attached.

Right click the CPU window, and click Search For > All intermodular calls.

Search for high interest DLLs. GETDLGITEMTEXT, will be for dialog boxes, which get called when you try to enter a software key. By stepping into the function with the debugger, we can examine the registration specifically. SENDDLGITEM could be used as well.

Test to see which one works to break out of the activation loop by right clicking the DLL call and setting a breakpoint for all instances of that call.

 

The Hacks Behind Cracking, Part 1: How to Bypass Software Registration

 

Resume the program and enter any software key you feel like. If the debugger breaks (pauses the program’s execution) after entering your key, then you know you found DLL in step 5.

Press F8 back in the CPU window to force the next step until you get to the TEST EAX. EAX is the return of a value, which means that a check is being performed here. Upon examination, we can see that the EAX is checking for a number that is not equal to a null value. This means that if it is replaced with anything other than null, it will run.

 

The Hacks Behind Cracking, Part 1: How to Bypass Software Registration

 

Right-click the EAX and change it in hex value to 1, instead of 0.

Resume the program again, and you will have successfully activated the program.

 

The Hacks Behind Cracking, Part 1: How to Bypass Software Registration

Advertisements

Leave a Reply

Your email address will not be published. Required fields are marked *

Advertisements
%d bloggers like this: