Software cracking

Last updated
Software crack illustration Software crack illustration 20170116.jpg
Software crack illustration

Software cracking (known as "breaking" mostly in the 1980s [1] ) is an act of removing copy protection from a software. [2] Copy protection can be removed by applying a specific crack. A crack can mean any tool that enables breaking software protection, a stolen product key, or guessed password. Cracking software generally involves circumventing licensing and usage restrictions on commercial software by illegal methods. These methods can include modifying code directly through disassembling and bit editing, sharing stolen product keys, or developing software to generate activation keys. [3] Examples of cracks are: applying a patch or by creating reverse-engineered serial number generators known as keygens , thus bypassing software registration and payments or converting a trial/demo version of the software into fully-functioning software without paying for it. [4] Software cracking contributes to the rise of online piracy where pirated software is distributed to end-users [2] through filesharing sites like BitTorrent, One click hosting (OCH), or via Usenet downloads, or by downloading bundles of the original software with cracks or keygens. [4]

Contents

Some of these tools are called keygen, patch, loader, or no-disc crack. A keygen is a handmade product serial number generator that often offers the ability to generate working serial numbers in your own name. A patch is a small computer program that modifies the machine code of another program. This has the advantage for a cracker to not include a large executable in a release when only a few bytes are changed. [5] A loader modifies the startup flow of a program and does not remove the protection but circumvents it. [6] [7] A well-known example of a loader is a trainer used to cheat in games. [8] Fairlight pointed out in one of their .nfo files that these type of cracks are not allowed for warez scene game releases. [9] [6] [10] A nukewar has shown that the protection may not kick in at any point for it to be a valid crack. [11]

Software cracking is closely related to reverse engineering because the process of attacking a copy protection technology, is similar to the process of reverse engineering. [12] The distribution of cracked copies is illegal in most countries. There have been lawsuits over cracking software. [13] It might be legal to use cracked software in certain circumstances. [14] Educational resources for reverse engineering and software cracking are, however, legal and available in the form of Crackme programs.

History

Software are inherently expensive to produce but cheap to duplicate and distribute. Therefore, software producers generally tried to implement some form of copy protection before releasing it to the market. In 1984, Laind Huntsman, the head of software development for Formaster, a software protection company, commented that "no protection system has remained uncracked by enterprising programmers for more than a few months". [2] In 2001, Dan S. Wallach, a professor from Rice University, argued that "those determined to bypass copy-protection have always found ways to do so – and always will". [15]

Most of the early software crackers were computer hobbyists who often formed groups that competed against each other in the cracking and spreading of software. Breaking a new copy protection scheme as quickly as possible was often regarded as an opportunity to demonstrate one's technical superiority rather than a possibility of money-making. Software crackers usually did not benefit materially from their actions and their motivation was the challenge itself of removing the protection. [2] Some low skilled hobbyists would take already cracked software and edit various unencrypted strings of text in it to change messages a game would tell a game player, often something considered vulgar. Uploading the altered copies on file sharing networks provided a source of laughs for adult users. The cracker groups of the 1980s started to advertise themselves and their skills by attaching animated screens known as crack intros in the software programs they cracked and released. [16] Once the technical competition had expanded from the challenges of cracking to the challenges of creating visually stunning intros, the foundations for a new subculture known as demoscene were established. Demoscene started to separate itself from the illegal "warez scene" during the 1990s and is now regarded as a completely different subculture. Many software crackers have later grown into extremely capable software reverse engineers; the deep knowledge of assembly required in order to crack protections enables them to reverse engineer drivers in order to port them from binary-only drivers for Windows to drivers with source code for Linux and other free operating systems. Also because music and game intro was such an integral part of gaming the music format and graphics became very popular when hardware became affordable for the home user.

With the rise of the Internet, software crackers developed secretive online organizations. In the latter half of the nineties, one of the most respected sources of information about "software protection reversing" was Fravia's website.

In 2017, a group of software crackers started a project to preserve Apple II software by removing the copy protection. [17]

+HCU

The High Cracking University (+HCU) was founded by Old Red Cracker (+ORC), considered a genius of reverse engineering and a legendary figure in Reverse Code Engineering (RCE), to advance research into RCE. He had also taught and authored many papers on the subject, and his texts are considered classics in the field and are mandatory reading for students of RCE. [18]

The addition of the "+" sign in front of the nickname of a reverser signified membership in the +HCU. Amongst the students of +HCU were the top of the elite Windows reversers worldwide. [18] +HCU published a new reverse engineering problem annually and a small number of respondents with the best replies qualified for an undergraduate position at the university. [18]

+Fravia was a professor at +HCU. Fravia's website was known as "+Fravia's Pages of Reverse Engineering" and he used it to challenge programmers as well as the wider society to "reverse engineer" the "brainwashing of a corrupt and rampant materialism". In its heyday, his website received millions of visitors per year and its influence was "widespread". [18] On his site, +Fravia also maintained a database of the tutorials generated by +HCU students for posterity. [19]

Nowadays most of the graduates of +HCU have migrated to Linux and few have remained as Windows reversers. The information at the university has been rediscovered by a new generation of researchers and practitioners of RCE who have started new research projects in the field. [18]

Methods

The most common software crack is the modification of an application's binary to cause or prevent a specific key branch in the program's execution. This is accomplished by reverse engineering the compiled program code using a debugger such as x64dbg, SoftICE, [20] OllyDbg, GDB, or MacsBug until the software cracker reaches the subroutine that contains the primary method of protecting the software (or by disassembling an executable file with a program such as IDA). [21] The binary is then modified using the debugger or a hex editor such as HIEW [22] or monitor in a manner that replaces a prior branching opcode with its complement or a NOP opcode so the key branch will either always execute a specific subroutine or skip over it. Almost all common software cracks are a variation of this type. A region of code that must not be entered is often called a "bad boy" while one that should be followed is a "good boy". [23]

Proprietary software developers are constantly developing techniques such as code obfuscation, encryption, and self-modifying code to make binary modification increasingly difficult. [24] Even with these measures being taken, developers struggle to combat software cracking. This is because it is very common for a professional to publicly release a simple cracked EXE or Retrium Installer for public download, eliminating the need for inexperienced users to crack the software themselves.

A specific example of this technique is a crack that removes the expiration period from a time-limited trial of an application. These cracks are usually programs that alter the program executable and sometimes the .dll or .so linked to the application and the process of altering the original binary files is called patching. [12] Similar cracks are available for software that requires a hardware dongle. A company can also break the copy protection of programs that they have legally purchased but that are licensed to particular hardware, so that there is no risk of downtime due to hardware failure (and, of course, no need to restrict oneself to running the software on bought hardware only).

Another method is the use of special software such as CloneCD to scan for the use of a commercial copy protection application. After discovering the software used to protect the application, another tool may be used to remove the copy protection from the software on the CD or DVD. This may enable another program such as Alcohol 120%, CloneDVD, Game Jackal, or Daemon Tools to copy the protected software to a user's hard disk. Popular commercial copy protection applications which may be scanned for include SafeDisc and StarForce. [25]

In other cases, it might be possible to decompile a program in order to get access to the original source code or code on a level higher than machine code. This is often possible with scripting languages and languages utilizing JIT compilation. An example is cracking (or debugging) on the .NET platform where one might consider manipulating CIL to achieve one's needs. Java's bytecode also works in a similar fashion in which there is an intermediate language before the program is compiled to run on the platform dependent machine code. [26]

Advanced reverse engineering for protections such as SecuROM, SafeDisc, StarForce, or Denuvo requires a cracker, or many crackers to spend much more time studying the protection, eventually finding every flaw within the protection code, and then coding their own tools to "unwrap" the protection automatically from executable (.EXE) and library (.DLL) files.

There are a number of sites on the Internet that let users download cracks produced by warez groups for popular games and applications (although at the danger of acquiring malicious software that is sometimes distributed via such sites). [27] Although these cracks are used by legal buyers of software, they can also be used by people who have downloaded or otherwise obtained unauthorized copies (often through P2P networks).

Software piracy

Software cracking led to the distribution of pirated software around the world (software piracy). It was estimated that the United States lost US$2.3 billion in business application software in 1996. Software piracy rates were especially prevalent in African, Asian, Eastern European, and Latin American countries. In certain countries such as Indonesia, Pakistan, Kuwait, China, and El Salvador, [28] 90% of the software used was pirated. [29]

See also

Related Research Articles

<span class="mw-page-title-main">Warez</span> Movies, software or music distributed in violation of copyright

Warez is a common computing and broader cultural term referring to pirated software that is distributed via the Internet. Warez is used most commonly as a noun, a plural form of ware, and is intended to be pronounced like the word wares. The circumvention of copy protection (cracking) is an essential step in generating warez, and based on this common mechanism, the software-focused definition has been extended to include other copyright-protected materials, including movies and games. The global array of warez groups has been referred to as "The Scene", deriving from its earlier description as "the warez scene". Distribution and trade of copyrighted works without payment of fees or royalties generally violates national and international copyright laws and agreements. The term warez covers supported as well as unsupported (abandonware) items, and legal prohibitions governing creation and distribution of warez cover both profit-driven and "enthusiast" generators and distributors of such items.

<span class="mw-page-title-main">Crack intro</span> Credit sequence added to cracked software

A crack intro, also known as a cracktro, loader, or just intro, is a small introduction sequence added to cracked software. It aims to inform the user which "cracking crew" or individual cracker removed the software's copy protection and distributed the crack.

A key generator (key-gen) is a computer program that generates a product licensing key, such as a serial number, necessary to activate for use of a software application. Keygens may be legitimately distributed by software manufacturers for licensing software in commercial environments where software has been licensed in bulk for an entire site or enterprise, or they may be developed and distributed illegitimately in circumstances of copyright infringement or software piracy.

<span class="mw-page-title-main">Fravia</span> Software reverse engineer (1952–2009)

Francesco Vianello, better known by his nickname Fravia, was a software reverse engineer, who maintained a web archive of reverse engineering techniques and papers. He also worked on steganography. He taught on subjects such as data mining, anonymity and stalking.

Copy protection, also known as content protection, copy prevention and copy restriction, is any measure to enforce copyright by preventing the reproduction of software, films, music, and other media.

<span class="mw-page-title-main">.nfo</span> File format

.nfo is a filename extension for text files that accompany warez scene releases of pirated software or media.

<span class="mw-page-title-main">Fairlight (group)</span> Swedish demo group

FairLight (FLT) is a warez and demo group initially involved in the Commodore demoscene, and in cracking to illegally release games for free, since 1987. In addition to the C64, FairLight has also migrated towards the Amiga, Super NES and later the PC. FairLight was founded during the Easter holiday in 1987 by Strider and Black Shadow, both ex-members of West Coast Crackers (WCC). This "West Coast" was the west coast of Sweden, so FairLight was initially a Swedish group, which later became internationalized. The name was taken from the Fairlight CMI synthesizer which Strider saw Jean-Michel Jarre use on some of his records.

A warez group is a tightly organised group of people involved in creating and/or distributing warez such as movies, music or software ("warez") in The Scene. There are different types of these groups in the Scene: release groups and courier groups. Groups often compete, as being the first to bring out a new quality release can bring status and respect – a type of "vanity contest". The warez groups care about the image others have of them.

The Humble Guys (THG) were a cracking group for the IBM PC during the late 1980s founded by two friends known by the pseudonyms Candyman and Fabulous Furlough. The group was also noticed in the demoscene for some of their cracktros.

<span class="mw-page-title-main">Warez scene</span> Organized network of pirate groups

The Warez scene, often referred to as The Scene, is an underground network of piracy groups specialized in obtaining and illegally releasing digital media before their official release date. The Scene distributes all forms of digital media, including computer games, movies, TV shows, music, and pornography. This network is meant to be hidden from the public, with the files shared only with members of the community. However, as files became commonly leaked outside the community and their popularity grew, some individuals from The Scene began leaking files and uploading them to file-hosts, torrents and EDonkey Networks.

StarForce Technologies is a Russian software developer with headquarters in Moscow. Its main activities are information security, protection against unauthorized copying, modification, and analysis (decompilation).

<span class="mw-page-title-main">Paradox (warez)</span> Warez–demogroup

PARADOX (PDX) is a warez–demogroup; an anonymous group of software engineers that devise ways to defeat software and video game licensing protections, a process known as cracking, which is illegal in most jurisdictions. They distribute cracks, keygens, and pre-cracked versions of entire programs. Over the years, distribution methods have changed, starting out with physically transported floppy disks and BBS distribution. Today most of their files reach the public over various peer-to-peer file networks.

Myth was a warez group, focused on cracking and ripping PC games. Besides ripped games, the group also released trainers and cracked updates for games. Myth's slogan, "Myth, always ahead of the Class", was referring to the rival group Class that existed from 1997 to 2004.

Video game piracy is the unauthorized copying and distributing of video game software, and is a form of copyright infringement. It is often cited as a major problem that video game publishers face when distributing their products, due to the ease of being able to distribute games for free, via torrenting or websites offering direct download links. Right holders generally attempt to counter piracy of their products by enforcing the Digital Millennium Copyright Act, though this has never been totally successful. Digital distribution of pirated games has historically occurred on bulletin board systems (BBS), and more recently via decentralized peer-to-peer torrenting. In terms of physical distribution, China, Indonesia and Vietnam are known for major manufacturing and distribution centers for pirated game copies, while Hong Kong and Singapore are major importers.

Reloaded is a warez group founded in June 2004 from the ex-members of DEViANCE. They released and cracked Spore 4 days before its release date and a beta version of The Sims 3 15 days before its release date. On February 29, 2008, Reloaded released a cracked version of Assassin's Creed, a month before its release on March 28. However, this release was later nuked for not being the final retail version as well as having crashing issues. The retail version was released by them more than a month later.

<span class="mw-page-title-main">Arxan Technologies</span> US technology security company

Digital Ai is an American technology company specializing in anti-tamper and digital rights management (DRM) for Internet of Things (IoT), mobile, and other applications. Arxan's security products are used to prevent tampering or reverse engineering of software, thus preventing access or modifications to said software that are deemed undesirable by its developer. The company reports that applications secured by it are running on over 500 million devices. Its products are used across a range of industries, including mobile payments & banking, automotive, healthcare and gaming.

<span class="mw-page-title-main">Razor 1911</span> Norwegian warez and demogroup

Razor 1911 (RZR) is a warez and demogroup founded in Norway, 1985. It was the first ever such group to be initially founded exclusively as a demogroup, before moving into warez in 1987. According to the US Justice Department, Razor 1911 is the oldest software cracking group that is still active on the internet. Razor 1911 ran the diskmag 'Propaganda' until 1995.

Old Red Cracker is an anonymous reverser. He was one of the pioneers of publishing cracking lessons on the Internet. While his identity is unknown, reverse engineer Fravia had email correspondence with him and spread his tutorials.

<span class="mw-page-title-main">Denuvo</span> Anti-tamper software

Denuvo Anti-Tamper is an anti-tamper and digital rights management (DRM) system developed by the Austrian company Denuvo Software Solutions GmbH. The company was formed from a management buyout of DigitalWorks, the developer of SecuROM, and began developing the software in 2014. It was introduced with FIFA 15 in September. In addition to Denuvo Anti-Tamper, Denuvo Software Solutions has developed the anti-cheat system Denuvo Anti-Cheat and Nintendo Switch Emulator Protection, which attempts to prevent Nintendo Switch games from being emulated. The company was acquired by Irdeto in January 2018.

References

  1. Kevelson, Morton (October 1985). "Isepic". Ahoy!. pp. 71–73. Retrieved June 27, 2014. The origin of the term probably lies in the activity burglars in the still of the night.
  2. 1 2 3 4 "What Motivates Software Crackers?" (PDF). Sigi Goode and Sam Cruise, Australian National University, Journal of Business Ethics (2006). Archived (PDF) from the original on October 21, 2022. Retrieved April 30, 2022.
  3. Tulloch, Mitch (2003). Microsoft Encyclopedia of Security (PDF). Redmond, Washington: Microsoft Press. p. 68. ISBN   0735618771. Archived from the original (PDF) on August 10, 2014. Retrieved July 20, 2014.
  4. 1 2 Kammerstetter, Markus; Platzer, Christian; Wondracek, Gilbert (October 16, 2012). "Vanity, cracks and malware". Proceedings of the 2012 ACM conference on Computer and communications security. Raleigh North Carolina USA: ACM. pp. 809–820. doi:10.1145/2382196.2382282. ISBN   978-1-4503-1651-4. S2CID   3423843.
  5. Craig, Paul; Ron, Mark (April 2005). "Chapter 4: Crackers". In Burnett, Mark (ed.). Software Piracy Exposed - Secrets from the Dark Side Revealed. Publisher: Andrew Williams, Page Layout and Art: Patricia Lupien, Acquisitions Editor: Jaime Quigley, Copy Editor: Judy Eby, Technical Editor: Mark Burnett, Indexer: Nara Wood, Cover Designer: Michael Kavish. United States of America: Syngress Publishing. pp.  75–76. doi:10.1016/B978-193226698-6/50029-5. ISBN   1-932266-98-4.
  6. 1 2 FLT (January 22, 2013). "The_Sims_3_70s_80s_and_90s_Stuff-FLT". Archived from the original on September 14, 2014. Retrieved September 13, 2014. This can be the only reason you have come to the conclusion that a modified startup flow is the same like the imitated behavior of a protection, like an EMU does it.
  7. Shub-Nigurrath [ARTeam]; ThunderPwr [ARTeam] (January 2006). "Cracking with Loaders: Theory, General Approach, and a Framework". CodeBreakers Magazine. 1 (1). Universitas-Virtualis Research Project. A loader is a program able to load in memory and running another program.
  8. Nigurrath, Shub (May 2006). "Guide on how to play with processes memory, writing loaders, and Oraculumns". CodeBreakers Magazine. 1 (2). Universitas-Virtualis Research Project.
  9. FLT (September 29, 2013). "Test_Drive_Ferrari_Legends_PROPER-FLT". Archived from the original on September 14, 2014. Retrieved September 13, 2014. Test.Drive.Ferrari.Racing.Legends-SKIDROW was released with a "Loader" and not a cracked exe. This is why you see the original exe renamed to "TDFerrari_o.exe". As this is not allowed and in this case considerably slows down the game with Xlive messages while starting and playing the game, you can see why we have included a proper cracked.
  10. SKIDROW (January 21, 2013). "Test.Drive.Ferrari.Racing.Legends.Read.Nfo-SKIDROW". Archived from the original on September 14, 2014. Retrieved September 13, 2014. Yes our "method" is a loader and our competitors have used the same method for "cracking" xlive games like this.
  11. "Batman.Arkham.City-FiGHTCLUB nukewar". December 2, 2011. Archived from the original on September 13, 2014. UNNUKED: game.plays.full no.issues crack.is.fine no.single.byte.patch.used protection.bypass.means.not.active.means.removed protection.does.not.kick.in.at.any.point this.or.removal.makes.no.difference [ZoNeNET]
  12. 1 2 Eilam, Eldad (2005). Reversing : secrets of reverse engineering. Elliot J. Chikofsky. Indianapolis, IN: Wiley. ISBN   0-7645-9768-X. OCLC   80242141.
  13. Cheng, Jacqui (September 27, 2006). "Microsoft files lawsuit over DRM crack". Ars Technica . Archived from the original on July 15, 2014. Retrieved June 15, 2017.
  14. Fravia (November 1998). "Is reverse engineering legal?". Archived from the original on March 5, 2022.
  15. Wallach, D.S. (October 2001). "Copy protection technology is doomed". Computer. 34 (10): 48–49. doi:10.1109/2.955098. Archived from the original on January 21, 2022. Retrieved March 10, 2023.
  16. Reunanen, Markku; Wasiak, Patryk; Botz, Daniel (March 26, 2015). "Crack Intros: Piracy, Creativity and Communication". International Journal of Communication. 9: 20. ISSN   1932-8036. Archived from the original on June 17, 2022. Retrieved June 17, 2022.
  17. Pearson, Jordan (July 24, 2017). "Programmers Are Racing to Save Apple II Software Before It Goes Extinct". Motherboard. Archived from the original on September 27, 2017. Retrieved January 27, 2018.
  18. 1 2 3 4 5 Cyrus Peikari; Anton Chuvakin (January 12, 2004). Security Warrior . "O'Reilly Media, Inc.". p.  31. ISBN   978-0-596-55239-8.
  19. Vianello, Francesco. "Academy Home Page". Fravia's archive pages of reverse engineering. Archived from the original on September 26, 2022. Retrieved May 17, 2022.
  20. Ankit, Jain; Jason, Kuo; Jordan, Soet; Brian, Tse (April 2007). "Software Cracking (April 2007)" (PDF). The University of British Columbia - Electrical and Computer Engineering. Archived (PDF) from the original on March 19, 2018. Retrieved January 27, 2018.{{cite journal}}: Cite journal requires |journal= (help)
  21. Cerven, Pavol (2002). Crackproof Your Software: Protect Your Software Against Crackers. No Starch Press. ISBN   1-886411-79-4.
  22. "Protecting Software Codes By Guards" (PDF). Hoi Chang, Mikhail J. Atallah, CERIAS, Purdue University (2001). Archived (PDF) from the original on March 10, 2023. Retrieved June 6, 2022.
  23. "Reversing a Self-Modifying Binary with radare2". Megabeets. January 14, 2018. Retrieved June 29, 2023.
  24. Ferguson, Justin; Kaminsky, Dan (2008). Reverse engineering code with IDA Pro. Burlington, MA: Syngress Pub. ISBN   978-0-08-055879-0. OCLC   272383172. Archived from the original on March 10, 2023. Retrieved June 8, 2022.
  25. "Backup Protected Game CD/DVDs". GameCopyWorld. Archived from the original on June 5, 2008. Retrieved June 11, 2008.
  26. Canzanese, Raymond J. Jr.; Oyer, Matthew; Mancoridis, Spiros; Kam, Moshe. "A Survey of Reverse Engineering Tools for the 32-Bit Microsoft Windows Environment" (PDF). College of EngineeringDrexel University. Archived from the original (PDF) on March 25, 2022. Retrieved June 7, 2022.
  27. McCandless, David (April 1, 1997). "Warez Wars". Wired. ISSN   1059-1028. Archived from the original on September 16, 2021. Retrieved February 4, 2020.
  28. Gopal, Ram D.; Sanders, G. Lawrence (September 2000). "Global software piracy: you can't get blood out of a turnip". Communications of the ACM. 43 (9): 82–89. doi: 10.1145/348941.349002 . ISSN   0001-0782. S2CID   6706490.
  29. Gopal, Ram D.; Sanders, G. Lawrence (1998). "International Software Piracy: Analysis of Key Issues and Impacts". Information Systems Research. 9 (4): 380–397. doi:10.1287/isre.9.4.380. ISSN   1047-7047. JSTOR   23011033.