home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Freaks Macintosh Archive
/
Freaks Macintosh Archive.bin
/
Freaks Macintosh Archives
/
Textfiles
/
zines
/
DNA
/
DNAV1I8.sit
/
DNAV1I8
/
DNA108.006
< prev
next >
Wrap
Text File
|
1994-03-01
|
10KB
|
182 lines
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-=-=-=-=-/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\-=-=-=-=-
=-=-=-=-=\ How To Crack Software [Part 1] /=-=-=-=-=
-=-=-=-=-/ By Z-N0TE -/- President, Founder & Crackist -\- SiAC '94 \-=-=-=-=-
=-=-=-=-=\ February 7th 1994 /=-=-=-=-=
-=-=-=-=-/ -(c) 1994 All Rights Reversed SiAC International Corp.- \-=-=-=-=-
=-=-=-=-=\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/=-=-=-=-=
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
/--------------------------------------------------------------------------\
-[ You dont know how long it took to get this exactly 10,000 bytes long !!! ]-
\--------------------------------------------------------------------------/
Hello.
"So you want to crack some programs huh ? ... Well f**k you, LAMER !!!" --
If you asked how to crack something on a warez BBS the chances are that some
knowledgable fellow would turn around and repeat something similar to the
above. Now I dont want to say that every WaReZ board is like this, most are
not (now!) ... Let me tell you a story ...
I started on the PC scene in May 1991, I was given alone of an XT, VGA 20mb
Hard drive and 720k floppy drive, this was 1991 so most games ran fine, but
I got bored with that ... I started learning MSDOS commands, then when I had
learned them I started looking for a programming language to learn, I had never
liked BASIC as I had used it on my Commodore a few year previously ... So I
called a few shareware companies and found a program called PowerBATCH. This
was quite good, it was like the batch lanuage I had learned before and also
had variables and other commands similar to pascal ... I started on PowerBATCH
... Then in July 1992 I started up a shareware BBS system, this ran until
December of the same year when I started programming in Turbo Pascal (I also
changed the BBS into a HPAVCT board then as well) I programmed in Pascal until
February of 93 then started on assembler. I didnt buy any books, I only used
the A86 DOC files and a DOS Reference file by Dave Williams ... I learned what
commands did what by DEBUGGING small .COM file utilities under DEBUG ... I
then wrote a file encrypter, a checksum program various other things then in
July 93 I got a modem and started phreaking calls to the USA ... I started to
get intersted in cracking, although noone told me how to do it ... I read a
few text files by Buckaroo Banzai which helped a little but were quite
outdated ... I then got rid of my modem in August 20th 1993 and started virus
writting, for a month I wrote viruses, shitty simple COM file appenders but
they are still unscannable and undetectable with TBScan ... In September 93 I
started cracking full-on ... I cracked games I had in my collection that were
uncracked ... Super Tetirs, Stunt Island, Bart v Space Mutants, Golden Axe,
F117a, F19, The Incredible Machine and lots more, once I finished cracking my
games I started removing nagware screens and delays from shareware programs
... I cracked about 175 programs and games from September > December 1993, the
volume was because I had a lot of time on my hands and I didnt have a amodem
to distract me ... In December (27th) I got another modem, this one is for
good ... I released a library of cracks called the Z-N0TE Hack Library, the
filename was ZHLIB11.ZIP ... I then thought about starting a PC shareware
cracking crew ... So SiAC was born ... SiAC stands for Superior Intelligent
Advanced Crackists/Coders, I had a look around for other crackists and found
Dark Avenger (not the virus guy) but he didnt reply, so I called MiSS and
found a few cracks by some guy called Virogen ... I invited him to join SiAC
and he accepted ... He was the dude who wrote the viruses Offspring and
ASeXuAL ... So we started cracking, myself using Soft-ICE and Virogen using
Turbo Debugger, in January of 1994 we released 75 cracks and patches ... SiAC
is going strong ! ... Anyway back to the tutor ... The reason I included the
above is because people ask how I started cracking and assembling ...
How to crack ...
~~~~~~~~~~~~~~~~
To crack you basically need the following :
o Patience
o A good understanding of assembler
o A decent debugger
If you havnt got any of the above you cant start cracking ... If you have
continue ...
Basically to crack a program you have to search for the right part of the
program to hack into ... Say you were trying to crack a program with an
annoying beg screen ... You would proceed down the program until you came
across a CALL that would display the nag screen or whatever and write down the
offset and segment ... You would then check around that area to see if there
were any CMP [xxxx],xx commands, if there were, run the program again up to
the CMP command and instead of going to way it SHOULD go, take the other route.
(Now go to PART II)
If there werent any then dig deeper into the CALLS and once you eventually hit
a lot of CALLS that start to display the screen you know that the program
needs to be hacked and cant be registered (Goto PART 2)
Exit the program and run it up to the part where you saw the first CALL ...
Now try nopping it out, it its a CALL xxxx:xxxx you'll have some difficulty as
when you search the EXE file you wont find the right bytes to change as the CALL
xxxx:xxxx gets edited by the relocation tables in the EXE header ... Trace into
the CALL xxxx:xxxx and then straight away put a RETF command there, run the
program and if it doesnt crash you have cracked the nag screen, you may have to
do the same to remove more nag screens throughout the program though ... To fix
the program using a hex editor search for the bytes just inside the CALL
xxxx:xxxx command, write down at least 20 bytes as most CALL xxxx:xxxx begin
with the same pile of shite ... PUSH BP - MOV BP,SP - etc etc ... Now place a
CB over the 55 you'll find (if its a normal CALL xxxx:xxxx you will have a PUSH
BP as the first command and the hex equivelant is 55, so replace the 55 with CB
(RETF) and save the file back to disk and run it, if it works fine, if it
crashes dig deeper into the CALLS and do the same kind of thing ...
(Goto PART III)
(Part II)
If the beg screen doesnt appear then you know that you have cracked it. Now
using SoftICE what I would do is place a breakpoint on the memory location
specified in the CMP [xxxx] part and rerun the program, noting down if any
other bits of the program tried to put a value inside ... Usually you will
find a piece of code that places the exact opposite of what you want inside
... Say the check was like this :
CMP WORD PTR [1234],+00
JNZ ITSREGISTERED
CALL NAGSCREEN
ITSREGISTERED:
... REST OF PROGRAM
You would set a break point on the current DS:1234 and run the program again
to find the bit that places the bum value inside ... You may find :
MOV WORD PTR [1234],0000
...
You would simply change the 0000 to 0001 and 9/10 times the program would act
registered ... This is how simple most shareware programs are ... The next
step is to try all the different features to see if it works ok ... If it does
run the program again and note down a few commands aove the MOV WORD PTR ...
Note down the hex bytes as well, now using FED (File Editor, my fave Hex
editor) search for the bytes, if the file is encrypted or compressed then try
UNP v3.15 or if that fails use TRON v1.06 Registered ... If that fails, tough
shit, its loader maker time ! Now say you searched the file and only found one
occurance of the bytes, note the offset of the bytes found and what was there
(offset : 2345h was 00 is 01), now when patching the file remember that Intel
processors use the big-endain method of storing words so if you are thinking
of changing 00-00 to 00-01 you should change it to 01-00 instead ... Now run
the program and hopefully the program will run registered ... If the program
has a CRC check or some other crap built in then you'll have to try and fix
that yourself ... BTW this method of cracking has worked on LOTS of shareware
programs, SHEZ 90,95,96, COMMO 5.52 and millions of otheres ... Have phun ...
(Part III)
[/==========================================\]
-(*)-=[<]- Z-N0TE, Crackist & Founder Of SiAC '94 -[>]=-(*)-
[\==========================================/]
If you have any questions or additions or suggestions contact me whereever you
see my handle (ZNOTE) ... Esp on MISS, Digital Decay, MalPhorMation and CoI.
Coming in part 2 and 3 ...
~~~~~~~~~~~~~~~~~~~~~~~~~~
Part 2
~~~~~~
o How to stop anti debug trix and how to avoid them !
Part 3
~~~~~~
o How to crack games, remove doc checks and key disks !
Part 4
~~~~~~
o How to write loaders for those games that use annoying CRC checks or encrypt
their main EXE files.
Part 5
~~~~~~
o How to write a trainer or games (using Pinball Fantasies for an example!)
And if there is the demand and I am not locked up I may continue the series ...
Its up to you, the readers/user ... If you think I'm full of bullshit let me
know and correct me if I make mistakes (I'm human, kinda) ... If you like what
I do send me your daughters and suggestions etc ...
This file file is a SiAC Official Document, number : 0FF - (SOD-0FF)
Hi 2 : ArcLite, SpeeD, Virogen, Urnst, Blenderhead, Spawn, Jackel, Galileo, iMP
(No hard feelings dude) ...