Freaks Macintosh Archive

home *** CD-ROM | disk | FTP | other *** search

/ Freaks Macintosh Archive / Freaks Macintosh Archive.bin / Freaks Macintosh Archives / HackAddict™ Magazine / HA 1-12 / HackAddict12.sit / HackAddict 12 ƒ / Files / CrackIt 1.0 / CrackIt Manual < prev next >

Wrap

Text File | 1998-03-18 | 16KB | 118 lines

(To be viewed in Helvetica on US Letter paper) ################################################################ ################# ******************************************* ################# ## ## ## ---=== Instruction For ===--- ## ## ---=== CrackIt 1.0 ===--- ## ## ## ## by: ProZaq ## ## ## ################# ******************************************* ################# ################################################################ ---===< Intro >===--- CrackIt 1.0 is an application I threw together in assembly language so that crackers can practice cracking without doing anything illegal! The only thing CrackIt 1.0 does is that it offers you three different types of protection schemes that you are welcome to crack. These schemes summarize in some ways the most common techniques used by software developers to protect their software. If you manage to crack all three types of protection then you'll for sure have a good idea about general techniques used in software protection! I said in the first sentence that it's not illegal! I give you my full consent to change CrackIt 1.0 in any way you desire as long as you do it for personal uses and not for commercial ones! (PLEASE READ THE SECTION "FREEWARE" FOR MORE INFORMATION!) ---===< CrackIt 1.0 User's Manual >===--- The idea behind CrackIt 1.0 is rather simple. Select one of the protection systems and try to crack it! When you launch CrackIt 1.0 you can select four things from the File menu. "Reg Type 1", "Reg Type 2", "Reg Type 3" and "Quit" (just ignore the "Save" and "Save as" commands as they are leftovers from a previous application but I couldn't be bothered to remove them ...). Quit does obviously what it's supposed to do. The three types of "Regs" allow you to choose between three different types of commonly used protection schemes to crack. Read the section "Registration Types" for detailed information of each one! Reg Type 1, is the simplest of them all to crack. It really should not be a problem for anyone. Reg Type 2, is still simple but has one trick to it. Reg Type 3, is complex! It's only weakness is that it uses a simple algorithm to derive the correct registration number. Now, if you select any of the first two commands under the File menu a dialog box will show up prompting you to enter your registration name and registration number. Your mission is to crack the protection systems! You know that you have succeeded when an alert box tells you so. And you know that you have failed to crack that particular type of protection when another alert box informs you of your failure! Because of the minor complexity of the third protection system (Reg Type 3) when you originally select it from the menu, an alert box should appear and inform you that the application is not registered. And only after this alert should the dialog box where you're supposed to enter your data into appear! And this is important! You have only succeeded in cracking Reg Type 3 if an alert box appears with the following text in it when you select Reg Type 3 from the file menu: "You've managed to crack the third type of protection. Delete the preference file to try again!" If you don't get the above message every time you select Reg Type 3 from the File menu then you haven't cracked it yet! (NOTE: this is only true for Reg Type 3!) If you do get that alert, and you want to crack Reg Type 3 again, you have to delete the preference file. You can find the pref file that CrackIt 1.0 creates in your System folder. It should be called "Crack". Delete this and you are free to try and crack Reg Type 3 again! NOTE: Because of a slight memory problem I had I made CrackIt 1.0 quit every time the alert box appears informing you whether you managed to crack it or not! This is a bitch, I know, but I couldn't be bothered to figure it out! And as long as it's working that's all that counts! This is not a bug! It's intended to quit on purpose... Or as the drummer in Van Halen once said: "If you make a mistake, make it again and then people will think you did it on purpose!" ---===< Registration Types >===--- Note: I will now discuss in detail the different types of protections used. So if you wanna practice cracking, skip this section and try to crack the schemes on your own first. If you get lost, you can refer to his section to help you out, but I think you really should try cracking 'em on yer own first! Reg Type 1 - This is EASY! Once the program returns from the routines dealing with the dialog boxes, it converts the number you entered, as a registration number, to hex and compares it to the number "1685025389". Why 1685025389? Uhm... isn't that 646f726b in hex? And isn't those the ASCII values of the letters "dork"? hm.... Drop into MacsBug and find out! Notice that it does not matter what you enter as reg name! Reg Type 2 - A bit more tricky. This one adds up the ASCII values of the letters in the reg name. Then negates the hex number and multiplies it by the ASCII value of the last letter in the reg name. Then it converts the reg number entered to it's hex equivalent, and compares it to the valid value. If it's equal, it branches to subroutine "reg_2_b" where it puts zero into d7. It then jumps back to the main subroutine and tests the byte in d7. It jumps into another subroutine to make it hard for you to keep track of what's going on. If d7 was not zero it branches to the "wrong reg numb" dialog and if it was it branches to the "good reg number" dialog. So the trick here is to observe the fact that it is d7 that is responsible factor! Reg Type 3 - Now this is a bitch! Although I did not include all the shit I wanted (I was too lazy) it might still take some time to figure this one out! First of all it creates a preference file in the active System folder or opens one if it already exists. Then it adds up the first two bites in the data fork of the pref file. If these add up to equal two then someone already tried to register the program, so it runs the registration name (also stored in the pref file) through the registration algorithm and compares the result to the hex value of the reg number (also stored here)! Off course if the two values do not match then someone's been trying to crack the program and it informs you of this! (this might make more sense if you read the source code!) And if the values match, it will inform you that this application is registered and that you have to delete the pref file if you want to crack it again! Note that only once this dialog appears when you select "Reg Type 3" from the File menu have you truly cracked this type of protection! Now, if those first two bytes don't add up to 2 that's when the real fun begins! First of all, a dialog informs you that the program is not registered yet. Then the registration dialog appears. The info is taken from the dialog and the dialog closed. Then the easiest and most common check occurs. CrackIt checks the number of letters used in the reg name. If this is bigger than ten then the "wrong number" dialog will appear. Then the reg number is converted into hex and it branches to the algorithm subroutine. Now here's what happens in this routine: First it adds up the ASCII values in the reg name (in subroutine reg_2). Then it multiplies each ASCII value by the sum of the previous additions and adds these together (in routine "multiply"). Then CrackIt compares the entered reg number to the valid reg number and if it is not correct it puts up a dialog, if it's correct it puts 1 into d0 and 1 into pirate_flag1. "pirate_flag1" is a variable. The program will double check that this flag is set later on! If it's not set then a cracker's at work!! (tricky huh?) And since I decided to be a bitch I included a second check, just in case you thought you were done by this time ;-) First of all, this routine checks that pirate flag I was talking about before. If it does not equal 1 then I know that a cracker is at work so the proper alert is displayed! Then that reg name is run through the protection algorithm and is checked again. If the values do not match then a routine is initiated. This is a funky little routine. It writes your reg name to the pref file. This routine is initiated every time the program notices that it's being hacked! The idea behind it was that the next time you're trying to use this type of registration then CrackIt will compare your current reg name to one that has already been used to try and crack this protection. And it won't let you go on if your reg name matches any one stored in the pref file. But since I'm a lazy sod, I didn't implement this fully. I left the checking part out totally. But it still writes the current reg name to the pref file if yer caught cracking! Now if everything is OK 'till here, the second pirate flag is set as well! The two pirate flags are added up, and if they equal 2 then it branches to the routine that writes the info to disk! There is still a trick here though! CrackIt saves the values in the pirate flags as the first two bites of the pref file. And remember that if these do not add up to two (when CrackIt first opens up the pref file) then it knows that you're trying to crack it! Also it saves what you entered as a reg name and a reg number, and if these don't add up in the beginning then it's obvious that someone's been trying to crack this type of protection! And that's it! Now! If you think you succeeded in cracking it, run "Reg Type 3" again and if the dialog that greets you says that you have registered the application and that you should delete the prefs file, then you did it! But if it doesn't say that then you haven't cracked it fully! I can recommend you to go through the source code! It'll make things a lot clearer if you manage to follow through exactly what's going on! And a short note of the preference file. The first two bites are the pirate flags. If they don't add up to 2 then yer fucked. The next four bytes (one long) is the hex value of the registration number you entered before. The next eleven bytes is the space where the ASCII values of the registration name is stored. And after that there is free space, where the current reg names are stored if you are caught cracking. Altogether the pref file is 200 bytes long! ---===< Dialog Boxes >===--- I have sorta used the terms dialog boxes and alerts a bit loosely in this file. In reality the only dialog box is the one where you enter you registration information. All the others are alert boxes. Anyway, here are all the different types of alert boxes you may run across. Alert ID 111 - "Sorry! No text editing is available!" - This will appear if you press any key (other than in the registration dialog box) while CrackIt is active. Alert ID 112 - This is the "About CrackIt..." alert box (activated from the apple menu). Alert ID 113 - "You entered the wrong registration number! (I guess you ain't as good of a cracker as you thought you were!)" - This will appear as long as you haven't succeeded in cracking a particular type of registration. Alert ID 114 - "This program is not registered yet!" - This alert shows up when you select "Reg Type 3" from the File menu, and you haven't managed to crack it yet. Alert ID 115 - "You've managed to crack the third type of protection. Delete the preference file to try again!" - This is what you are looking for when you're cracking Reg Type 3! If this alert shows when you select this option from the File menu then you've cracked it, if Alert ID 114 shows up then you haven't succeeded! Alert ID 116 - "Congrats! - You've managed to crack this type of registration protection!" - This alert informs you of just that! Alert ID 129 - "An error occurred!" - This shows up if there an error occurred during any of the following events: while creating the pref file, while reading the pref file, while writing to the pref file, there wasn't enough memory. Alert ID 130 - "Got ya! You're trying to crack this program! " - You're caught! This alert is only used in Reg Type 3. ---===< Freeware >===--- CrackIt 1.0 is freeware. This means that you can feel free to distribute it to anyone as long as the Manual file is included as well! As this program was intended for people to be able to practice cracking, it is logical that people will change the code! So please, feel free to do so!! However, you may only distribute it in it's original form! So if you wanna pass this program on to someone else, you CANNOT pass on a file that has been modified in any way! You may also not use this file for any commercial uses. --==< Disclaimer >==-- I take NO responsibility to whatever happens to anybody's computer because of the use of CrackIt 1.0 or any related use. I have tested CrackIt 1.0 extensively not only in it's final state of existence, but also as I was developing it. I have tested CrackIt 1.0 on a PowerBook 5300 running under OS 8.0, as well as on a Performa 400 running under System 7.1 without any problems. The coding (as I released this software originally) did NOT contain any "destructive" traps nor purposes (nor was it virus infected to the best of my knowledge!). So if anything goes wrong because of CrackIt 1.0 I WILL NOT take responsibility for it! If you use CrackIt 1.0 it's under YOUR OWN responsibility! ---===< The End >===--- If you have any comments on CrackIt 1.0 please e-mail me! You can reach me at prozaq@usa.net If you have any suggestions on how to make CrackIt better, or have a protection scheme of your own that you want to use for educative purposes please let me know. If there is any demand or enough suggestions, and I feel up to it, then CrackIt might be upgraded in the future. Oh yeah! If you find a spelling mistake... Gimme a break! This was not intended for English teachers, you know! ProZaq **************************************************** “So the people turned to their God and asked: -Oh Lord, will you take away pain and misery? And he replied: -No, but I’ll give you ProZaq” **************************************************** Do me a favor and if you wanna spread this file around, don’t change anything in it!!! You can reach me at ProZaq@usa.net. You can send me attached files to prozaq@hotmail.com Also, I would not like some punk’s name instead of mine on the end of the file, if you know what I mean!!!!