Dubious question, honest intentions...

Laguna

Now before I ask this question, I'd like to clarify I have no intention of pirating software, creating keygens/cracks/serials nor do I wish to pass on the knowledge of the means of doing if that knowledge may happen to rise from this thread, I'm merely curious as an IT guy and have always wondered how they manage to appear on the net, in some cases, hours after software has been released.

How do people who create keygens/cracks/serials for software, especially the high profile applications such as Flash/Adobe/games actually do it?... How do they actually 'crack' the software?, as in, how do they ascertain the alogorithm embedded in the applications code that determines if a serial/key is genuine that allows them to make fake keys?.

For instance, Flash MX 2004 has an absolute rake of keygens out there, how did they figure out a list of acceptable (fake) keys?, do they decompile the Flash.exe (I'm presuming it's written in C++, therefore decompiled in a C++ decompiler) and look for the code (algorithm) that constitutes what makes a 'real' key?.

Or is the answer far more simple, does a disgruntled employee who's getting laid off/underpaid/whatever simply circulate the registration key algorithm amongst his net mates and then they crack away?.

Mods, feel free to delete this if you feel it necessary, it's just a question that has been on my mind since, oh, about the first time I connected to the net!...

TempestSabre

I think they can decompile the application and reverse enginneer the codes. I always wonder how they can spend time doing it.

quazzy

Not that I condone this sort of thing... but it is very interesting.

mmmMMM

CiaranC

If you have a couple of valid keys and can reverse engineer the code, then ascertaining the algorithm which creates the keys should be relatively straight forward.

A 'cracked' executable is usually created using a patching engine. First a unpatched version is taken, then a version which has been registered with a valid key. The two are compared at the bit level and a patch created to convert one to the other - similar to how ppf works. Cracks can be combined with the above to embed a new serial each time.

There are other things that need to be defeated - registry keys and the like, phone-home code that needs to be decompiled, removed and recompiled etc. The above is probably a simplistic overview of some of the techniques used, Im no cracker myself.

galwaydude18

Interesting thread going on here! I have always wondered how they did it! I will be taking a good interest in this thread!

WizZard

Search the net for examples. +ORC, Fravia and Ivanupulo are names you should search for. +ORC and Fravia have writen many, many interesting tutorials on this.
In fact it was what prompted me to get into programming! I think it was +ORC who first got into cracking by printing off bar codes for cheap items and sticking them over the barcodes of dearer items, tricking clueless checkout people
For me it was all about tricking software.

An example: (Disclaimer: This is probably no longer possible. Don't do this to software you don't already own a license for)
One way of getting a valid key without decompiling software was to use in-memory debugging techniques.
Fire up your debugger and then your susceptible program. Go to the point where you have to enter the serial key. Enter your debugger. Put a break on the windows string copy/compare command.
Enter your name and a random serial (some had to be a certain length). Hit continue/enter/whatever.

Your debugger should pop up when the string compare function is called. This will allow you to step through the calling code. You can actually see the serials being generated and compared in the memory registers.
What happens is/was, the program takes your name, then it uses the serial algorithm to generate the correct serial for that name and compares that to the serial entered. If they match, the program is registered, if not you get the "Sorry,..." message. However, by using the debugger and stepping through the code we can see the serial that the program was using to compare against. We write that down as it is our correct serial. [strike]Then use it to register the program.[/strike]

By the way, there are enough things left out in the above for it not to be used as a template :rolleyes:
That is a very simplistic approach to cracking, but it did work (bear in mind that the last time that I used this was in the mid-nineties).

These days it's all about databases of registered users and live internet checks. That's not to say they can't be bypassed, it's just much harder.

The reason certain softwares are cracked almost immediately is that they often reuse licensing systems over many generations of a program, and thus the algorithm never changes much, meaning that it is trivial to create a new keygen/crack. The popularity of a software package will often dictate how soon it is cracked.

Remember kids, if the software is useful to you. Buy it.

Khannie

All executables are just a series of codes telling the processor what to do.

These can be translated with a disassembler into reasonably understandable stuff (if you have coded some assembly). Essentially, the algorithm is there for anyone who understands assembly to see. Skilled coders can work it out very quickly. That's why encryption methods never rely on the algorithm to hide their data. The algorithm is always publicly available (because it's visible in any implementation anyway).

Interesting thread topic.

Syth

Does anyone with legal knowledge/education know how keygen's and distributing serial keys could do illegal? Copyright law does not cover the privcate use of a copyrighted work. Serial keys can't be copyrighted, could they? Has Microsoft copyrighted 'Q69TQ-7DR7H-JWXJQ-3QXCK-MRK98' as a serial key for Windows 2000 Pro? Could they?

This document (a mirror of an original that was taken off the web) describes how to create a keygen for a Mac OSX programme using a debugger to figure out what the keygen code is.

I am pro-software user rights, this is what happens when I read the essays on fsf.org...

Khannie

I'd say that the distribution of the keys is probably not illegal.....though (from what I know) in some countrys attempting to circumvent copy protection is illegal.

In fairness though, I can't see a legitimate use for keygens. If you have the software legitimately but you've lost the key, then tough. It's like losing the cd. If you don't have a backup, you're scuppered.

Syth

Khannie wrote:

I'd say that the distribution of the keys is probably not illegal

The end user licence agreement might require you not to distribute the key. Thus you would be contractally bound to not disclose the serial key. However usually you can see the key before you agree to the contract.

Khannie wrote:

.....though (from what I know) in some countrys attempting to circumvent copy protection is illegal.

Though a serial key is not needed to copy something.. Only to use it. And if you use the correct key, you are not breaking the copy protection, for example there is a difference between using a (physical) key to open a lock and picking the lock. A grey area, and I know very little about this law.

Capt'n Midnight

Older apps used to just compute a hash or checksum from the serial number so the company could generate as many serials as it wanted later on. AFAIK every non-OEM microsoft product before Windows 98 just divided by 7 so you had a 1:7 chance of guessing a serial ! (high 5 etc.)

TBH I've usually found an inverse correlation between the length of the serial number / difficulty of registration and desirability of a program. The apps you like best didn't to seem to involve as much pain and faffing about as the the others.

If you have enough valid serial numbers it might be possible to crack the algorithm but this is getting less likely as time goes on as the key space gets bigger. Also many companies are using hash sums based on the hardware you use in combination with the serial to create an unlock key. Others simply use the MAC address of your network card. Lots use the registration details you enter so warez could be traced back. Again you could step through the program looking to see what is returned when the serial was accepted, but it makes casual copying and serialz virtually impossible.

makes you wonder what could happen if you could direct all that time and energy into imporving open source apps instead..