Advanced Topics

Contact Me : dheeraj_np@usa.net or gl_force@usa.net
             www.glcrackforce.50megs.com
Main

Advanced Topics

Software companies are really trying hard to protect their software from
pirates and crackers,but always there will be a loop hole.
Most common methods used to protect their application are :

1  Serial number check
2  Encrypting program file
3  Hardware locks

Each techniques have its own importance.It depends on the knowledge of the
programmer who implement these protections.


Encrypting program file : This method is used commonly.By packing a file we
can't disassemble it and also can't use hex editor to change its values.
Because when we run the protected program it first unpacks itself in memory
of computer and control is passed to original program.To defeat this we can
follow two techniques :


1  Use runtime patching - In this we implement patch which will change the
   code inside the file at runtime after the packer has done its job i.e
   unpacking main program.Suppose we want to patch address 0x4045A4 with
   NOP.So we will find a place inside the loader after the unpack routine
   and write ...

   MOV [0x4045A4],90 ==> NOP

   So we have used runtime patching to patch memory.

2  Unpacking - This method is only for gurus.You need to know every thing
   about PE File format ,about import table...
   Attacking point is where the loader is transfering control to main
   program in memory.The trick is that we dump the memory at this point
   to a file and change it program entry point by using PE Editor.
   If unpacker is playing with idata [ import table ] section we will have
   to find real idata setion  and glue it all together.
                        I have seen that end of unpacking routine can be
   found out by instruction : Example

   0x79329F POPAD
   0x7932A0 JMP [REAL PROGRAM ENTRY POINT]


   Now most of unpackers use hardcore techniques : example 
   VBOX - Cracking into VBOX protected programs is very simple but implementing
   a patch is realy realy tough.It uses CRC checking ,memory checking,debugger
   checking.


   I will like to discuss about three of the most important packers :

   1 VBOX
   2 ASPack
   3 ASProtect