im learnin since 2 weeks and i've cracked some games n stuff, but now ich want to crack winace or acdsee or microangelo, but there is so much code inside i think it'd take hours to find the right registers. So do you know some tutorials for me or maybe you can give me a gew tips. thanks for reading...

heya Zed...

Look Jumping into a Deep pool without knowing how swim seems like a drastic jump aint it ?
2 weeks wont even make ya crack the medium crackme :-)
not talking about Winace etc...
it's not that u are bad or something, u just need more and more practice....
there are allot in cracking than 2 weeks can't tell, not mention 2 years..
So keep reading Tutorials at krobar.cjb.net will be a good start..

Cya soon

Bengi

well it really depends IMO. I did jump in, but later got back out after realizing that the "normal" (if there is such a word) programs were too difficult to begin with. So i did a couple of crackme's, got the principles and the ideas correct - and then jumped in!

you can't really say that nobody can do it within 2 weeks - hey i did. You just have to have the aptitude, and the "cracker's mentality" there already... one thing good for me is that i already had working knowledge of some basic assembly already, so it helped. Plus i already had lots of experience in debugging programs (mine and others), although at a level higher than asm.

So it really depends. But you are correct to say that one should always start out with the basic tutorials first.

Hello seeker !

I suppose in this two weeks you've unpacked fourteen packers, fourteen protectors, fourteen copy protected CDs, bruteforced fourteen RSA-keys and cracked (guess how many, yes...) fourteen copy protected floppy discs.

Or is 'cracking' to you just replace 74h/75h with EBh?

I didn't post this to attack you, just to show you some aspects of 'real' cracking.
You can't learn this in two weeks, you can't learn it in two years, perhaps in twenty, but then cracking would be different because we've new operating systems, new tools and new protectors. Or do you think that in twenty years anybody will use VBox, Hardlock or TRW2K any more?

yeah? seems more like an attack (not personal, of course, but still..) to me.

lighten up man. What's your prob? I'm just basically replying to the post, which is just talking about the crackmes. Cant u move beyond crackmes? who ever said that you have to jump into "packers, protectors blah blah blah yada yada yada" straight after the crackmes?

i'm just trying to encourage somebody to stretch his limits if he feels so inclined to. That a crime?

so what's your prob???

Hello seeker !

I've no problem.

Well, I though it took you two weeks to learn cracking, which means more to me than just doing crackmes. I've never done any crackmes myself, so I can't talk with you when discussing if a crackme is good for starting cracking or not.

I didn't realize that you were just talking about 'crackmes' and not the whole 'cracking'. Sorry for missunderstanding you.

But the post looked to me as I understood it:

"normal ... programs ... too difficult ... crackmes ... then jumped in ... within 2 weeks - hey i did"

This is where a debugger comes in, or the string references in w32dasm.

For example you can look at the string references in w32dasm and notice it says "The key you entered is incorrect", that means it just checked if the serial was right, look a bit back to see where it was called from and patch it. Depending on the program this might be a bit difficult though

Or you want to crack a cd check in a game. Load the debugger, put a breakpoint on kernel32!getdrivetypea and start the game. If it breaks you know you are probably in the cd check.

After you have found where the protection is the actual cracking is no more difficult for a 10mb exe compared to a 10kb exe.

Hello f0dder !

You said WinRar? A 'not-so-well-working authenticity verification'?

Well, I'm a registered user of WinRAR, and I've seen many keygens for it claiming to be compatible with the lastest versions, but not working with any version after 2.50. They make it look registered, but AV doesn't work. The cracks are really 'lame' and of course not working.

So you can crack a program, keygen it to say 'registered', or keygen it to work the same as the registered version, which hasn't been done so far on WinRAR. I've never done any research on it, but why should I? I'm a registered user.

Respect @ DakienDX, i dont know much people, who ve bought a program

But tell me how can be differences between keygens????

oh, thx for post, im working...

Hello f0dder !

The keycheck algorithm was changed after version 2.50. The DOS version 2.50 was the last one released, so there were no limitations for the keycheck under Windows. Registered users had to write to rarsoft to get an updated key. (Or I had because they didn't have my email)



Hello zed !

Keygens can work or they can seem to work. In the example of WinRAR I compared a keygened file for my name with my registered file. Not supprising they looked different, but there were missing about 100h hex character (~120 bytes) at the end of the keyfile. I think this data is used for generating the AV, but nobody knows what data is missing (of course every user has different keys), so nobody knows what he should keygen there actually.


I once keygened a program (I won't tell it's name here, it was a security monitor). It used a main program, a DLL and a VxD.
You could enter a serial in the main program. It was a quite complex algorithm to generate valid keys. When I'd finished it I entered it and the program said "Thank you for registerering". I noticed that the program's window title showed "Unregistered". So I restarted it and came again to the "Please register" dialog. I tried it some more times and always got the same result.

I finally found out that the DLL checked the key too, but in a different way. So I coded again and the keygen seemed to work, no register dialog poping up, no window title saying unregistered. But I wasn't able to use the security options on more than two files at the same time.

Checked again, found (guessed) that the VxD also checks the key somehow. I hardcoded an "Int 3" on init (non dynamic VxD) and somehow found the check before Windows GUI was loaded. Coded again.

"Error communicating with driver" - This time a fixed value was checked from the VxD. Replaced it. Finally keygened it. It works now, but there is still a value which is checked for "0" or "1" which I don't know what it is for. If it's "0" or "1", everything is OK, else... (unregistered)

I found two keygens and a serial by well known cracking groups on the internet. The two keygens just bypassed the the first check, the serial worked with the second check too, but not with number three and four.


Next example: CDRWin. It has two checks which say registered or not, one who says "pirated" later, two who will burn damaged CDs if not correct and still four bytes with unknown function.


Conclusion:
The author has sometimes left a backdoor in his key-verifycation, which will make all available cracks useless.

A similar example is a internet-program, which accepts keygenned serials, but when going online it connects to it's homepage and refuses the 'check-key'. Because the check is made on the company's server we can't keygen it.