The popularity of Windows and the ease of creating programs for this platform have lead to the development of thousands of shareware programs. Crackers usually work with the assembly code, reverse engineering it, and have an excellent grasp of the Windows APIs as well.
There is no one particular method to crack a program. Depending upon the program and the kind of protection it has, crackers employ different techniques to get into the program. But there are some common tools that crackers employ to start cracking the program. These programs are perfectly legal and useful by themselves.
They are: -
1) Debugger
2) Dissembler
3) Hex-editor
4) Unpacker
5) File Analyzers
6) Registry monitor
7) File monitor
This is the tools, which a cracker used to reverse engineer any software. Let we have take a detail look on them.
1) Debugger: -all of us knows debugger is a utility to debug the program. A programmer use debugger to find bugs in their program. Debugger is only tool by which we can trace/break a function or code live. There are many debuggers available in the market. We all know how to debug any program, first we put a breakpoint on the required statement and then we run the program. When this instruction is near to be executed the program stops and we can see values! This thing is directly related with cracking. Generally software programmer uses windows API function to get the serial number or to create nag screen or dialog boxes. Now if a debugger support breakpoint on execution of ape then a cracker easily set a breakpoint on API such as "getwindowtexta" and then after tracing only some lines of code he can easily find the algorithm to used the generate key and the key itself!!!
There are many debuggers available in the market but one of the most popular and a powerful debugger is SOFTICE from NUMEGA CORPORATION. This debugger is so powerful that earlier version of this debugger used to crack himself!!!! Almost all the cracker in this world is using this debugger. So after seeing its misuse Numega Corporation has kept some restriction on the sale of this great debugger and a buyer must show that he will not use this debugger for illegal activities. But cracked copy of this debugger is freely availiable on the net. This is a system level debugger, which works directly between a computer's hardware and windows. We cannot load this debugger within windows. We must load this debugger before windows loads in to the memory. It can monitor every process, threads silently in memory until we call it up using hotkeys. It allow us to patch memory at runtime (not permanently and hence we have to use hex editor.) viewing the contains of the register, contains at memory address etc.
2) Diassembler: - As an executable file is in binary format so a normal user cannot understand the instruction in this file. Also any exe or executable is generally in PE format (which is a standard format for exe file, decided by the commity of software companies like MICROSOFT, IBM, AT&T etc. For more about exe search any virus related site or /simply search your favorite search engines.) Hence a cracker first disassemble the program .now a Diassembler converts the binary file in its equitant assembly language instruction’s most of program is written in high level language hence size of the disassembly goes in millions (or even larger) of lines and hence it is not possible for any cracker to understand this code. And hence cracker generally looking for strings in this disassembly such as; -"your 30 day trial period has expired." Or "the serial no you entered is not valid!!!" Etc.
Then they trace the assembly code some lines and simply reverse the jumps. (For example one to jump) so that control did not come on this string and go to the statement such as "thanks for registration!!!"(We will see later how this can be done but currently this info is enough for you..)
Now there are many dissembler available. But two of them, which are most commonly used, are WIN32DASM and IDA .IDA is a powerful debugger then WIN32DASM and used for advanced cracking. But WIN32DASM is most widely used debugger by newcomer and intermediate crackers. This debugger allows you to disassemble any file which is in PE format, we can save disassembly .it can tell us which function is imported, which function is exported, we can execute jump, call, find string data reference and dialog reference easily and many more facilities it provides like we can executes the exe file, step in to it, step over and blah, blah.
3) Hex Editor: -as I mention above that softice can change the value at memory location only at the run time. Now this is not useful or not a good cracking if we have to change the value each time we run the program. Therefor we use hex editors. A hex editor allows us to change the contents of any file in hex format. It display the contains of file in hex format. We can simply have to change the value at memory location which we find using softice. Now there are a lot of hexeditor availiable such as ultredit, biew, hiew and a lot (I think many c, c++ programmers has developed it).
But the most popular among these is HIEW. Which stands for "Hacker's vIEW". This little progiee offers a lot of facilities such as editing in hex or ASCII format, searching any string in hex or ASCII format. There is another good facility which makes it different from others is that, it offers you to write the assembly code and it can automatically convert this code in to equitant hex format. This is helpful for the crackers who don’t know equitant hex value of assembly instruction. (For example: - if we have to change the jump to nope at any memory location then after pressing F7 key then we can only write nope and it will automatically convert it to its hexequilant which is 90.) There are other hex editors also but it is the most widely used.
4) Unpacker/PE Editor: - sometimes programmers used file compressor such as UPX, ASPACK to minimize the size of the program. Which is called file packer. Now what a packer do is using any algorithm he reduce he size of the file and append it code in to the exe file and at run time, first the code of the unpacker is executed and after that it decompress or unpack the program in memory. Since the program we have to crack is unpacked in the memory only hence a cracker cannot simply disassembles and patch the program. User can only patch it runtime. Therefore to un-pack the exe file permanently we use unpacked. Which unpack the exe file and we can store this unpack file to the disk. If a program is using a packer then its exe header will changed. There are various techniques available to manually unpack the exe by modifying the exe header but those are high level techniques and don’t want to discuss them here because I think most of the newsiest find difficult to understand it. The most widely used unpacker is procdump. This software has ability to unpack different kind of packer stand-alone. It also allows changing or viewing the header of exe files.
5) File Analyzers: - To identify which packer is used to pack file cracker uses this kind of programs. By using this, a cracker can know which compiler or packer is used to protect the shareware. This software simply works on signature byte. With the help of this you can find what compiler or in which language the program has written. There are many this kind of program are available such as file inspector, File Info etc.
6) Registry monitor: -Some program uses registry keys to store their registration information. Hence registry monitor is a software, which works in background and traps all the registry access by the all process, which is currently running.
7) File monitor: -some program also uses key file or they have there security algorithm in different file and hence file monitor is use to see which application is using what file.
