Log in

View Full Version : How Can you remove it's CRC?


Peter
September 11th, 2001, 00:57
I tring to remove Cachex for Internet Explorer 4.0 CRC,but it is very hard. Who can help me? If you how to remove it's CRC?
Thanks!
softwrae down address:http://www.mwso.com
Have some for it tutor?
Please tell me ok?

Tech
September 11th, 2001, 11:03
I know this sounds dumb but I'm only starting out: whats crc ? some kind of protection ?

Clandestiny
September 11th, 2001, 20:56
Hi Tech,

CRC = "cyclic redundancy check". The CRC is an algorithm used to detect changes in a file. It is not a protection scheme per se, though it may be used as such. When not applied to a software protection, the CRC may serve as a form of error checking (ie. to detect data corruption). When applied to a protection, it will be used to deter casual patching of an .exe or .dll. The algorithm may be as simple as summing up all the bytes in the file and comparing it to a correct value, or it may be substantially more complex, being performed only on critical portions of the file. The vulnerability of the CRC is that the program must typically open and read itself using an API like CreateFileA or MapViewOfFile. These API's along with the other win32 file I/O functions (ie. OpenFile, ReadFile, _hread, _lseek...ect) are the attack points when seeking to disable a CRC. Obviously an API monitor will be invaluable in this type of situation. BTW, +Spath has an excellent article describing the CRC algorithm...Should be easy to locate on +Tsehp's site with a quick search.

Hope this answers your question.

Cheers
Clandestiny

tsehp
September 12th, 2001, 08:59
an easy trick to locate where the crc check is :
make sice break before the crc occurs, just do a single bpmb on your patched instruction. When the protection needs to check the bytes, it will trigger sice just at this address. then you have to reverse the crc to see where the final value is compared.

lots of tutorials for this, I remember in some old asprotect ones.

Tech
September 12th, 2001, 11:50
thanks Clandestiny, i've actually come across crc before without knowing it. I think it was in Regview(http://www.regview.com/) but whenever I patched the exe it said it was corrupt after I ran it. I got it working in the end tho...