Amit’s lab

Cracking softwares is one of the favorite pastimes for everyone. Everyone loves to use cracked versions of games, IDEs, utilities et cetera so that they don’t have to pay for the licensing fee. Now, Licensing schemes vary from company to company and software bundling too. I definitely appreciate the efforts put by engineers in cracking the license keys so as to get the software working till eternity. Cracking license keys work till the time software is just a demo version and opens up only if the license key is provided to the system or it belongs to different licensing schemes which vary from node lock to server based licensing. But, there are still good softwares which do not put in too much of security. I don’t know the reasons. either they really don’t care about the licensing of their highly used softwares or they just don’t know about it. I believe that the former must be true as latter questions the capabilities of engineers sitting in that company.

 

To cut the long story short, If we target such softwares, we actually don’t need to crack the license keys. In turn, what we can apply is the simple reverse engineering philosophy of reading the assembly and modifying it. This works with quite a few softwares. For example: Source Insight is a very popular IDE used for coding in C/C++/Java like languages and it widely used in the world. Its license is also very costly which is about INR 10,000 or approximately $200. Now, if you go wish to use this software, then you need to buy the license otherwise it won’t work after 30 days. Changing the system clock etc are outdated techniques which are no longer valid. Moreover, changing system clocks might affect the functioning of other softwares installed on your machine.

So, For softwares like Source Insight, you can try out few basic things. Disassemble the binary of the targeted software, for example: Source Insight binary is “insight3.exe”. Once disassembled, you need to look for pop up like “trial screens/license key input screen” etc. How does this occurs? Software itself might be checking for some date of installation reading from somewhere. In most of the cases, it is registry files but then, it can vary. So, Attach a debugger (Ollydbg/IDAPro) to this software and try to trace the call looking for date of installation. Once you find it, replace it with calls of NOP instruction. Yes, this is one of the most useful redundant instructions assembly language provide. Once you suppress this call, software thinks that it is a fresh installation. After that, just suppress the function call which displays the “trial version” popup. After this, just reset the installation date by again putting NOP instructions in place of function call of date replacement. There are lot of tools available to make changes to the binary like “HexEdit” etc. Once you do this, Source Insight will never ask you for a license as it thinks itself as a fresh installation every time.

Now, This leads us to think that why a company like source dynamics keeps such a weak licensing system? Either this is their marketing strategy or mere stupidity. I still give benefit of doubt to the former.

Quote of the Day:"Too bad drinking scotch isn't a paying job or Kenny's dad would be a millionare!" -- Cartman

Related posts

• ByteCode Reverse Engineering Season 1 Episode 2 (0)
• Twitter compromised !!! Another Example Why Security is so important?? (1)
• Tainted Object Propagation (0)
• Hacking Pay TV … (1)
• Hacking Keyboards using Electro Magnetic Radiations (3)

Reading: Cracking Standalone SoftwaresTweet This: Send Page to Twitter