iNCLUDED fiLES: dBC nfo file fileid How to crack - Newbie Tutorial 1.0 _.,-*~'`^`'~*~'`^`'~*~'`^`'~*-,._ _.,-*~'`^`'~* dA bREAKER cREW 2001 *~'`^`'~*-,._ ÚÄÄÄÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÄÄÄ¿ ³ How to Crack - Newbie Tutorial 1.0 ³ ÚÄÄÄÄÁÄÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÄÁÄÄÄÄ¿ ³ Welcome to another newbie tutorial by DBC. In this document I will learn ³ ³ you about what Reverse Engineering really is, and a brief explenation how ³ ³ you do it. Hopefully you will find this essay funny and exciting. ³ ³ ³ ³ /SvenZZon ³ ³ ³ ³ Easy [X] Medium [ ] Hard [ ] Advanced [ ] Advanced as hell [ ] ³ ³ ³ ³ HTTP://KICKME.TO/DBC ³ ÃÄÄÄÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÄÄÄ´ I could start this tutorial like the masses do...Welcome to my first tutorial. But since I don't want to be like the rest, i'll let it go. Actually I don't think that you are so very interested in knowing that this is my first one, as long as it's good. Although you might be interested in knowing that English is not my native language, so If the text is a bit weird, you know why. Story About Myself. ------------------- My nick is SvenZZon and I am 17 years old. Why I say this is because I know how hard it can be when you'r new at this subject, but if a seventeen years old guy can do it...so can you, right? I have not been reversing software for too long, a matter of fact I don't even know how to use SoftIce properly but one thing I know is that if you really want to learn, it will come to you. Sure, it will take time...and maybe alot of time but time is all we have in this world so you take YOUR time and read, test...whatever you think is needed for you to be a good reverser. Now, even if I haven't started to use thoose weird words (like: winapi's, registers, bits, bytes, dwords and all that stuff) I know that some of you out there might already be confused. The word you might be confused about is "reverser". What is Reverse Engineering? ---------------------------- So what the heck is a reverser? Well, reverser is the same as a cracker, it's only a more sofisticated word for it. Reverse Engineering is what you do when you crack a program. When you code a program, you engineere (Hope the spell is right). This is the things you do when you'r programming in any language: *********************************************************************** 1> You write the code (Pascal, C++ and VB for example) 2> The program you'r using (Ex. Borland C++) compiles the source code into an object file. 3> The program links all object files to an executable file. 4> You debug and test the program *********************************************************************** This is what you do when you MAKE a program, this is called "engineering". But when you crack a program, you do this routine backwards. You want to modify a program, but you only have the final executable file (.exe, .com). The source- code aint there. So in order to be able to modify the program you need to "reverse-engineer" it. This means that you hafto get a source code somehow. You can do this by either disassemble the file (A program rewrites the targets ASM sourcecode, more about this later),modify the Assembly code and then recompile it. Or you can (For not so hard cracking tasks) use a debugger like Softice to analyze the desired code part and then patch the .exe afterwards. *[Explenation, There are programs out there that disassamble exe files. This means that they go through the whole programs routines and translates it to an ASM (Assembly) source-code, and then shows you the code. This is a disassembler. You can see a DEBUGGER as a "hunter". It allows you to set out traps that the .exe file you wanna crack falls into. You can set out traps on many things, for example if the target exe search in the memory for the correct serial number etc. There are many debuggers on the net, but Softice is the most used for windows 16 and 32-bit programs.]* Okay, the problem is that every compiler (Borland, Visual Studio ect) has its own way of translating its specific commands to machine-language. (Machine language = the 0 and 1 [zeros and ones], also called binary-code) This is when ASM comes into play. ASM (Assembly) is a readable form of Machine-language. This makes it pretty easy to convert an executable (machine-language) into an ASM-source code. Ofcourse there is much more difficult to edit programs in ASM than in a High-level language like C++ or visual basic (Thoose languages, C++. vb, pascal, java bla..bla, are called High-level languages) but in the other hand you can reverse ANY program with the disassembling methods. Although, you need to choose what disassemble software you need to use, depending on the environment your crack target is running from. For example, most crackers use Win32Dasm for windows tasks and for DOS programs they use two programs called SOURCER or IDA. This is ofcourse an individual choice that you don't hafto worry about...yet. Okaaaaaaay, you get the whole point? What you do when you reverse engineer (crack) programs? If not I will say this once more...in a simple way: You edit/explore the ASM source-code from the cracking target, that has been disassembled so you can understand the Machine-language. *Hope you get it, if you don't try some other tutorial about this subject.* What you will need to start with Reverse Engineering ---------------------------------------------------- First of all, you need a tutorial like this, that tells you what you need >:) hehe. After you've read that tutorial you need to get some other stuff, more tutorials. The best and only(!) way to learn how to crack is to read, read and read some more. If you don't like to read, I recommend you from stop trying to tech yourself how to crack. Another thing you might need is the tools, so that you can explore them, test them for your self. The very basic programs are: Debugger -> SoftIce (There are different versions but I use 4.05 on a win98/2k machine) Disassembler -> Win32Dasm (Don't know what the newest version is, I use 8.9) Hexeditor -> Hackers View (I use 6.16, a good hex/asm editor) Hex Workshop (Another good hexeditor) With theese programs, you are able to crack alot of software...on a simple level. Although, many programs use more sofisticated protection, for them you will need other tools. Here is a list of all the tools I downloaded when I decided to start with cracking. Softice Win32Dasm Hackers View, Hex Workshop Regmon and Filemon (Monitoring Programs) Win eXpose Registry A couple of "Make Crack/Patch" programs (Compile your work to .exe crackfile) More than 1300 tutorials (Hehe, don't be chocked) Alot of crackme files (+ tutorials on how to crack them) So, where do you find all theese tools? Actually me and a friend of mine called tKC (The Keyboard Caper) started a project a while ago called Crack The World. It is a webpage containing more than 2000 tutorials, 150 crackmes and alot of tools. You can get everything you need when you Reverse Engineer from that page. URL: http://ctw.ztechcorp.org [Hopefully still up] Why do people crack programs? ------------------------------ This is a question that comes up everytime when I scroll the internet for cracking articles. Most of the crackers do it for fun, they don't even use the programs they have cracked. Personally I think this is wrong, if you go over the limit and say: I don't use any of my cracked programs. Ofcourse, you can't use all the programs that you crack, you don't have needs for em. But many crackers use their own cracked software. Another reason why to crack is the competition. The main reason why to become a cracker theese days is to be famous. Many peoples say that this is not a good reason to begin with cracking. I say it is, atleast if you are serious in getting famous. As long as you are serious, I think that every motivation is a good motivation. If you decide to release cracks/serials/keygens to be famous and to join that hardass group called Phrozen Crew, then you are helping the scene... you provide the cracking scene with your crack files and your serial nums. And that is not a bad thing, not according to me. Although, there are also another reason why crackers crack programs. Software theese days are way to expensive. BUT if all software would be free, their would not be so many good programs. Noone would make any profit if they couldn't take credit for it in cash. I do not want to get into a discussino about open source and that shit... actually I support it but this is not the information YOU need to become a good cracker is it :) ? What kinds of protection does software use? ------------------------------------------- In order to crack a program you need to know what type of protection it has, and what kind of program it is. I don't mean that you need to know what the program can do, if it is a texteditor or a graphical toolset. But you need to know what environment it is coded in, and what environment it is running under. For example, you can not crack a visual basic program the same way as you cracked a Win32 app coded in C++. For VB apps you'll need to use a tool called Numega Smartcheck. Another thing to think about is if the .exe file is packed with some kind of packer. For example the exe packer UPX (Universal Packer for Executables). This will make the cracking progress alittle bit harder, but if you search for answers about what you should do if a program is packed you will find it. I can not write every kind of protection or routine that can be protecting an exe executable, go to http://ctw.ztechcorp.org for more info about sertain protections. What is this Hmempcy and GetItemTextA and all that shjit? --------------------------------------------------------- Theese things are winapi calls. It's on theese functions that you set the "traps" in SoftIce. For example, if a program uses a serial-code to prevent you from running the fully working version, you can set a breakpoint on Hmempcy, in Softice. When you then type in a serial number and press OK SoftIce will popup and show you exactly where in the code the program calls your serial number. Although, you need to know or atleast understand most of the ASM code to be able to trace the correct serial. One of the major problems when you are first starting to crack is to know what to do and when to do it. Don't worry, it will come to you when you are starting to understand the ASM code. What exactlly is WinApi's? Well, WinApi's is stored in Library files (.dll). If you have installed Softice, you will have a file in that directory called winice.dat. IF you scroll down you will see the following lines: EXP=c:\windows\system\kernel32.dll EXP=c:\windows\system\user32.dll EXP=c:\windows\system\gdi32.dll EXP=c:\windows\system\comdlg32.dll EXP=c:\windows\system\shell32.dll EXP=c:\windows\system\advapi32.dll EXP=c:\windows\system\shell232.dll EXP=c:\windows\system\comctl32.dll EXP=c:\windows\system\crtdll.dll EXP=c:\windows\system\version.dll EXP=c:\windows\system\netlib32.dll EXP=c:\windows\system\msshrui.dll EXP=c:\windows\system\msnet32.dll EXP=c:\windows\system\mspwl32.dll EXP=c:\windows\system\mpr.dll Theese files is storing the WinApi calls that Softice can use to put breakpoints. Breakpoint is the nice word for our "traps" by the way. If you recently installed Softice with the original configuration of winice.dll, you will need to change some things. All the semicolons ";" under the section: ; ***** Examples of export symbols that can be included ***** ; Change the path to the appropriate drive and directory got to be removed. Semicolons make softice see the line behind the colon as a message, not a command. Here is a copy of my winice.dat, ofcourse you can add/change alot more than I did, but I do not think this is necesarry for my cause. ;Copy of SvenZZons winice.dll -----------------------------------START PENTIUM=ON ; If you have a pentium processor this should be setted as ON NMI=ON ECHOKEYS=OFF ; You need echokeys? NOLEDS=OFF NOPAGE=OFF SIWVIDRANGE=ON THREADP=ON LOWERCASE=OFF WDMEXPORTS=OFF MONITOR=0 PHYSMB=132 ; This is your physical memory SYM=1024 HST=256 TRA=8 MACROS=32 DRAWSIZE=16384 FAULTS=OFF ; Important! Make this OFF if you don't want Softice to popup when a program ; hangs. Although this option did not work for me, I had to write FAULTS OFF ; in the Softice Command window. INIT="CODE ON; X;" ; Important, make the line exactly like this. F1="h;" F2="^wr;" F3="^src;" F4="^rs;" F5="^x;" F6="^ec;" F7="^here;" F8="^t;" F9="^bpx;" F10="^p;" F11="^G @SS:ESP;" F12="^p ret;" SF3="^format;" CF8="^XT;" CF9="TRACE OFF;" CF10="^XP;" CF11="SHOW B;" CF12="TRACE B;" AF1="^wr;" AF2="^wd;" AF3="^wc;" AF4="^ww;" AF5="CLS;" AF8="^XT R;" AF11="^dd dataaddr->0;" AF12="^dd dataaddr->4;" CF1="altscr off; lines 60; wc 32; wd 8;" CF2="^wr;^wd;^wc;" ; WINICE.DAT ; (SIW95\WINICE.DAT) ; for use with SoftICE Versions greater than 3.0 (Windows 95) ; ; ************************************************************************* ; If your have MORE than 32MB of physical memory installed, change ; the PHYSMB line to the correct # of Megabytes. ; If you have LESS than 32MB you can save a bit of memory by ; specifying the correct # of Megabytes ; Example: PHYSMB=32 ; ************************************************************************* ; ***** Examples of sym files that can be included if you have the SDK ***** ; Change the path to the appropriate drive and directory ;LOAD=c:\windows\system\user.exe ;LOAD=c:\windows\system\gdi.exe ;LOAD=c:\windows\system\krnl386.exe ;LOAD=c:\windows\system\mmsystem.dll ;LOAD=c:\windows\system\win386.exe ; ***** Examples of export symbols that can be included ***** ; Change the path to the appropriate drive and directory EXP=c:\windows\system\vga.drv EXP=c:\windows\system\vga.3gr EXP=c:\windows\system\sound.drv EXP=c:\windows\system\mouse.drv EXP=c:\windows\system\netware.drv EXP=c:\windows\system\system.drv EXP=c:\windows\system\keyboard.drv EXP=c:\windows\system\toolhelp.dll EXP=c:\windows\system\shell.dll EXP=c:\windows\system\commdlg.dll EXP=c:\windows\system\olesvr.dll EXP=c:\windows\system\olecli.dll EXP=c:\windows\system\mmsystem.dll EXP=c:\windows\system\winoldap.mod EXP=c:\windows\progman.exe EXP=c:\windows\drwatson.exe ; ***** Examples of export symbols that can be included for Windows 95 ***** ; Change the path to the appropriate drive and directory EXP=c:\windows\system\kernel32.dll EXP=c:\windows\system\user32.dll EXP=c:\windows\system\gdi32.dll EXP=c:\windows\system\comdlg32.dll EXP=c:\windows\system\shell32.dll EXP=c:\windows\system\advapi32.dll EXP=c:\windows\system\shell232.dll EXP=c:\windows\system\comctl32.dll EXP=c:\windows\system\crtdll.dll EXP=c:\windows\system\version.dll EXP=c:\windows\system\netlib32.dll EXP=c:\windows\system\msshrui.dll EXP=c:\windows\system\msnet32.dll EXP=c:\windows\system\mspwl32.dll EXP=c:\windows\system\mpr.dll ; Copy of SvenZZons Winice.dat ---------------------------------------- END Okay, I think this will be enough about Softices configuration. Although if you have problems with it there are alot of tutorials that explains how you set it up properly. One more thing, Softice has got a bad idea about sertain graphic cards, if you not are able to close the Softice window this may be a problem like that...the gfx card. How do I use this Softice thing? -------------------------------- When you have installed Softice it will automatically be started in your autoexec.bat file. Softice is always running under beneeth windows. Press buttons ctrl+d to get directly to Softice. And press again to hide it. To set breakpoints you do the bpx command (Break on execution). Example: bpx GetTextItemA -> This command will make Softice popup when that Api is called in the dll used by the program you are trying to crack. Softice will then show you where in the ASM code the program are currently working. And if you then understand the ASM code, you will be able to count out what the program are doing. If it compares serialz, searching the registry for a key or anything like that. One thing a cracker needs is a WinApi Guide. This will show you what Api's are used and for what. Get it at http://ctw.ztechcorp.org. One thing I started with when working with Softice is to explore all the crackme files that are included on http://ctw.ztechcorp.org, atleast thoose with solutions. If you download a crackme file with the solution file you will be able to follow the procedure of cracking without knowing any ASM codes, and you will learn how the cracker thinks. So...crackme's are goooood! WARNING though, don't try to follow the very most advanced crackme's. They are coded by ASM gurus and they have with purpose made it alot more difficult than a newbie can handle. What about Nagscreens? How do I remove them and why? ---------------------------------------------------- Nagscreens can be annoying splashscreens, irritating text messages or bad ass "UNREGISTERED" reminders. If you crack a program and theese nagscreens still are popping up you will need to search for the source "jump" in the ASM code, and disable it. Why you need to disamble them? Well, if you think that they are nice, and you are going to use the cracked program your self, ofcourse you can let them be. But most of the guys who crack programs use to remove them because the users that use their cracked programs doesn't like irritating messages. You can also remove nagscreens that are used on already registered programs. This is called adding or removing a function of a program. This is also the thing if you need support for more ASCII characters in a text editor for example and you modify the ASM code to get it. Modifying a program is often much more hard than cracking a program. Although, removing a nagscreen is not hard. There are alot of tutorials about removing nagscreens. How do I build crack files or keygenerators? -------------------------------------------- Well, I don't think that you schould get into this before you have learned how to crack. But generally to produce a crack file you need to search the bytes in the target program you want to change, change it and then get out of there. It is actually that simple...most often, depending on what kind of target we are talking about. This method is called "Patching". So what about keygens? Well you hafto understand the method that your cracking target is using to produce its serial numbers. After you have done this, reverse this code and you got a keygen...understand? Didn't thought you would either...hehe just kidding. know this, you don't hafto program your keygen or crack file in Assembly (Machine-level language). Proper High-level language knowledge is enough for this, like C++, pascal or Delphi. Not many crackers use Visual Basic to produce keygens or crack files. This is because they don't think that VB has the capacity that they need, and that VB programs can't be used by anyone without the VB runtime files. Where can I get help if somethings bother me about cracking? ------------------------------------------------------------ The best way to get help is to ask a cracker ofcourse. You can find them all (almost hehe) at the EFnet IRC network on channels like #cracking4newbies, #phrozencrew, #crackaid, #asm and #ctw. Crackers are often very nice peoples who are very glad to share their knowledge. Although there are some smart-asses who thinks that they are much better than the rest of the world, don't talk to anyone of thoose, they don't remember that they once were newbies too and needed just as much help as you do. Thoose guys can be REALLY good in assembly and the art of cracking, but mostly they are just pretending. Guys who I see as my gods are +ORC (People say he's a jurk though, not said by me), tKC (Nicest cracker I've ever met) and +Fravia (The best reverse engineering site manager EVER!). I also want to tip you to buy an ASM book. This is very handy sometimes. It doesn't hafto be a big book, just that covers the registers and manipulation of hardware (Dongle). Final fucking words...phew! --------------------------- Since I not has got so very far myself with my cracking carreer I do not want to write anything more than I know about. Hopefully you has gotten alittle bit more brightened up by reading this tutorial, but if you haven't I really recommend you to find another one. There are plenty of stuff out there and finally you will get it if you put some effort into it. I hope I will, with my further studies about ASM and reverse engineering. - SvenZZon^tRiAL@dBC Feel free to mail me at zyberpro@hotmail.com (SPAM)