How to Bypass Software Registration ( Crack

Program )
exploitlab 4 02:38:00 Hacking Sains Security Tips

If you've ever wondered how software pirates can take software and crack it time and time
again, even with security in place, this small series is for you. Even with today's most
advanced methods of defeating piracy in place, it is still relatively easy to crack almost any
program in the world. This is mainly due to computer processes' ability to be completely
manipulated by an assembly debugger. Using this, you can completely bypass the
registration process by making it skip the application's key code verification process without
using a valid key. This works because assembly allows you to speak directly to the
processor and force a skip over the registration process.
let's go over how cracking could work in practice by looking at an example program (a
program that serves no purpose other than for me to hack). I will not be walking you through
how to actually crack a legitimate program, because I can't just crack a program for
demonstration, but the techniques applied to my examples should give you the foundation
needed to create your own. At that point, it's a test of your morals if you want to use your
knowledge for good or bad.

Requirements
 Windows (for examples only, debuggers exist across platforms)
 A debugger installed: IDA, ollydbg, etc. (ollydbg will be used in examples)
Step 1 Test the Program
First, run the program that you are attempting to reverse engineer and try to activate it with a random
key to verify that you need a valid software key to proceed. This is to verify that we can come up with
the keys.

Step 2 Run the Program in a Debugger

1. Run ollydbg.
2. Open up the program you wish to bypass with ollydbg.
3. Click the play button to run the program with the debugger attached.
4. Right click the CPU window, and click Search For > All intermodular calls.
5. Search for high interest DLLs. GETDLGITEMTEXT, will be for dialog boxes, which get called
when you try to enter a software key. By stepping into the function with the debugger, we can
examine the registration specifically. SENDDLGITEM could be used as well.
6. Test to see which one works to break out of the activation loop by right clicking the DLL call and
setting a breakpoint for all instances of that call.

7. Resume the program and enter any software key you feel like. If the debugger breaks (pauses the
program's execution) after entering your key, then you know you found DLL in step 5.
8. Press F8 back in the CPU window to force the next step until you get to the TEST EAX. EAX is
the return of a value, which means that a check is being performed here. Upon examination, we
can see that the EAX is checking for a number that is not equal to a null value. This means that if
it is replaced with anything other than null, it will run.

9. Right-click the EAX and change it in hex value to 1, instead of 0.

 10. Resume the program again, and you will have successfully activated the program.

And for proof it was registered to me:

This works because you are making the process jump from one register and skip the one that verifies
the key entered. To exploit the key registration algorithm, keep an eye out for part two of this tutorial
on making the key generator. Hooray for assembly!