Hacking software

Hacking software (born software cracking ) - actions aimed at eliminating the protection of software (software), built-in developers to limit the functionality. The latter is necessary to stimulate the purchase of such proprietary software, after which the restrictions are removed.

Crack (also distorted crack and, extremely rarely, crack ) (eng. Crack ) - a program that allows hacking software. As a rule, crack is suitable for mass use. In fact, crack is the embodiment of one of the types of hacking, often it is a regular patch. For the word crack , the following euphemisms are used: “medicine”, “tabletka”, “aspirin”, etc. [1] Cracker (also distorted cracker ) (English cracker ) - a person who is engaged in the creation of cracks.

Website defacement is an attack on a website that changes the visual appearance of a website or a web page. These are typically the work of defacers, who break into a web server and replace the hosted website with one of their own. Defacement is generally meant as a kind of electronic graffiti and, as other forms of vandalism, is also used to spread messages by politically motivated "cyber protesters" or hacktivists. Methods such as a web shell may be used to aid in website defacemen

Types of hacking

Virtually any hacking comes down to using one of the following methods:

• Entering the serial number (registration code) ( jarg . Serial number ) (eng. Serial number, S / n ) - hacking the program by entering the correct registration key (or phrase) obtained by illegal means. The key can be generated on the basis of any information (the name of the owner of the software, characteristics of the hardware of the computer, etc.), or have a fixed value. To generate a registration key, the same algorithm is used as in the program.

  Note1 : The registration code can be distributed in a key file (license file) ( keyfile ), which is usually placed in a directory with an installed program.

  Note2 : For mass hacking, a key generator is often created (and later used) (jarg keygen ) (English keygen abbr. From key generator) is a program for generating registration keys (see above). This type of hacking is most in demand (especially when the program is frequently updated or the reg. Key is generated based on some information (see above)) and therefore is most appreciated. As a rule, it requires a greater hacker qualification compared to other types of hacking, but not always.

• Using the loader (jarg. Loader ) (English loader ) - a way to bypass some types of software protection, which consists in the use of external (mounted) protection systems. It consists in changing certain program fragments in RAM immediately after it is loaded into this memory, but before its launch (that is, before executing the code at the entry point).
• The use of a (binary) patch (often jarring. Crack or crack from the English crack .) ( Byte patch ) is a method similar to the “loader”, but the modification is performed statically in the program files. As a rule, this is one of the easiest and fastest ways to hack software.
• Using the hacked version of the file (s) (English cracked ) - the way is to replace the original program files with files that have already been hacked.
• Using a key emulator (English key emulator ) is a method used to defraud protections based on using an electronic key as protection (usually connected to an LPT or USB port of a computer). It consists in removing the internal memory key dump. The file with the contents of this memory is fed to the input of a special program - an emulator, which connects its driver filter to the driver stack and tricks the protected program by emulating the work with the hardware key. In cases when the program has access to the key for hardware encryption of a section of memory, this method is used in conjunction with the Binary Patch method.
• Substitution of the official website of the programs and / or a corresponding change of settings in order to bypass the key check, if it was made by developers to any Internet resource (In the absolute majority of cases, to prevent hacking, less often - to record and keep statistics, gather information). Most often performed at a primitive level by modifying the hosts file and running various emulators, sometimes using various programs (Denver) or using a real-life web resource.
• The prohibition of program access to the Internet (jarg. Backflushing ) is a set of actions aimed at enforcing a ban on program access to the Internet. It is performed in cases when the program requires activation of a license key via the Internet (as a rule, the official developer site), or in cases when the program contacts the developer server for data exchange or updating. As a rule, a special utility is installed that blocks the program's access to the Internet. This action is usually performed after the key generated by keygen is inserted.

When hacking complex protection, as well as, if necessary, to achieve the maximum effect, a combination of the above methods is used. In rare cases, this happens when the burglar is insufficiently qualified.

This list is not exhaustive, but only indicates the most common methods of hacking.

The type of hacking, in most cases, due to the type of protection. For some protections it is possible to use different types of hacking, for others it may be the only way.

Principles of hacking

As a rule, the basis of the work of the cracker is the study of the assembler code obtained from machine instructions using a specially designed for this disassembler program. Depending on the chosen hacking method, the result of the study can be used, for example, to build a key generator or to make the necessary changes to the executable file. The latter method is in most cases the easiest, since it does not require studying the key validation algorithm: often, hacking reduces to searching for several conditions (like “EnteredNumber equal to ReferenceNumber?”) And replacing this condition with an unconditional transition (goto, jmp), or less often, on the opposite (that is, for this example, “The entered Number is not equal to the Reference Number?”).

In addition, changes to the executable file (patch) can be made to disable unwanted actions on the part of the program (for example, a reminder about the need to register), to reduce the functionality of the program. In these cases, often, the corresponding instructions to the processor are replaced by bytes with a value of 90h (in hexadecimal), which corresponds to the assembler nop ( No Operation ) command, that is, an “empty command” that does not perform any actions. If there are a lot of such commands, then an unconditional jump is applied (skipping unnecessary code). It is also possible to expand the program's capabilities by writing additional code, but, as a rule, this is too time-consuming process, which does not justify the time costs.

Meanwhile, the patch is possible, as a rule, in the case when the executable file of the program is not protected by special “packers” and “protectors” - programs that hide the real code of the executable file. For the latter type of programs, the most intelligent part of reverse engineering is often used - the study of program code using a debugger and the creation of a key generator, but other solutions are possible, for example, creating a loader (see above).

Legal aspects of activity

The fact of hacking is very difficult to prove: the user agreement, as a rule, prohibits decompiling the program, and the law is the creation and dissemination of the result of such work. However, the decompiled text of the product at the end of the work is easy to destroy, and the result of the work is distributed through secure channels and put on a server hosted in a country with more liberal laws. In the distribution of crackers help and file-sharing networks, because in most of them it is extremely difficult to find the original source of the file, and to destroy all its copies is completely impossible.

see also

• Reverse engineering
• Disassembler
• Debugger
• Software Protection
• Copyright infringement
• Varez