software cracker

Software cracking is the modification of software to remove protection methods: copy prevention, trial/demo version, serial number, hardware key, CD check or software annoyances like nag screens and adware.

Legality

The distribution and use of cracked copies is illegal in almost every developed country. There have been many lawsuits over cracking software, but most have been to do with the distribution of the duplicated product rather than the process of defeating the protection, due to the difficulty of constructing legally sound proof of individual guilt in the latter instance. In the United States, the passing of the Digital Millennium Copyright Act (DMCA) legislation made software cracking, as well as the distribution of information which enables software cracking, illegal. However, the law has hardly been tested in the U.S. judiciary in cases of reverse engineering for personal use only. The European Union passed the European Union Copyright Directive in May 2001, making software copyright infringement illegal in member states once national legislation has been enacted pursuant to the directive.

Methods

The most common software crack is the modification of an application's binary to cause or prevent a specific key branch in the program's execution. This is accomplished by reverse engineering the compiled program code using a debugger such as SoftICE, OllyDbg, GDB, or MacsBug until the software cracker reaches the subroutine that contains the primary method of protecting the software (or by disassembling an executable file with a program such as IDA). The binary is then modified using the debugger or a hex editor in a manner that replaces a prior branching opcode with its complement or a NOP opcode so the key branch will either always execute a specific subroutine or skip over it. Almost all common software cracks are a variation of this type. Proprietary software developers are constantly developing techniques such as code obfuscation, encryption, and self-modifying code to make this modification increasingly difficult.

A specific example of this technique is a crack that removes the expiration period from a time-limited trial of an application. These cracks are usually programs that patch the program executable and sometimes the .dll or .so linked to the application. Similar cracks are available for software that requires a hardware dongle. A company can also break the copy preventions of programs that they have legally purchased but that are licensed to particular hardware, so that there is no risk of downtime due to hardware failure (and, of course, no need to restrict oneself to running the software on bought hardware only).

In other cases, it might be possible to decompile a program in order to get access to the original source code or code on a level higher than machine code. This is often possible with scripting languages. An example is cracking (or debugging) on the .NET platform where one might consider manipulating CIL to achieve one's needs.

There are a number of sites on the Internet that let users download cracks for popular games and applications (although at the danger of acquiring malicious software that is sometimes distributed via such sites). Although these cracks are used by legal buyers of software they can also be used by people who have downloaded or otherwise obtained pirated software (often through P2P networks).

Effects

The most visible and controversial effect of software cracking is the releasing of fully operable proprietary software without any copy protection. Software companies represented by the Business Software Alliance estimate and claim losses due to piracy.

Cracking has also been a significant factor in the domination of companies such as Adobe Systems and Microsoft, all of whom have benefited from piracy since the 1980s. Vast numbers of college and high school students adopted readily available applications from these companies. Many of these students would then go on to use them in their professional lives, purchasing legitimate licenses for business use and introducing the software to others until the programs became ubiquitous.[1]

Hazards

Due to the potential legal repercussions, many individuals who release cracks to the public for commercially available software choose to remain anonymous. This can often create confusion as the available documentation is often sparse. It is beyond the ability of most to determine the exact operations the crack will execute.

As an example, several spyware removal utilities have rules in place that regard certain cracks as having a malicious payload such as a hidden DDOS daemon.

Some forms of software protection can include subtle countermeasures against cracking that do not prevent the cracked program from running, but can eventually lead to long-term damage of data created and used with the cracked program.

An example of this could be an expensive engineering software that requires a dongle to operate. The program may be specifically designed to incorporate certain minor math errors and design flaws into all documents, but the dongle stores the particular dimensional metrics needed to cancel out these cumulative intentional data errors. Once cracked, the corrective metrics from the dongle are no longer available, and over time as documents are edited with the cracked software, object dimensions move and distort until the document is so corrupted that it is unusable. The company may provide a method to undo the damage, provided the customer pays a fee for the correction and obtains a properly licensed uncracked program.

History

The first software copy protection was on early Apple II and Commodore 64 software. Game publishers, in particular, carried on an arms race with software crackers. More recently, publishers have resorted to increasingly complex countermeasures to try to stop unauthorized copying of their software.

Unlike modern computers that use standardized drivers to manage device communications, the Apple II DOS directly controlled the step motor that moves the floppy drive head, and also directly interpreted the raw data (known as nibbles) read from each track to find the data sectors. This allowed complex disk-based software copy protection, by storing data on half tracks (0 1 2.5 3.5 5 6...), quarter tracks (0 1 2.25 3.75 5 6...), and any combination thereof. In addition tracks did not need to be perfect rings, but could be sectioned so that sectors could be staggered across overlapping offset tracks, the most extreme version being known as spiral tracking. It was also discovered that many floppy drives do not have a fixed upper limit to head movement, and it was sometimes possible to write an additional 36th track above the normal 35 tracks. The standard Apple II DOS copy programs could not read such protected floppy disks, since the standard DOS assumed all disks had a uniform 35 track, 13 or 16 sector layout. Special nibble-copy programs such as Locksmith and Copy II Plus could sometimes duplicate these disks by using a reference library of known protection methods, but when protected programs were cracked they would be completely stripped of the copy protection system, and transferred onto a standard DOS disk that any normal Apple II DOS copy program could read.

One of the primary routes to hacking these early copy protections, was to run a program that simulates the normal CPU operation. The CPU simulator provides a number of extra features to the hacker, such as the ability to single-step through each processor instruction, and to examine the CPU registers and modified memory spaces as the simulation runs. The Apple II provided a built-in opcode disassembler, allowing raw memory to be decoded into CPU opcodes, and this would be utilized to examine what the copy-protection is about to do next. Generally there was little to no defense available to the copy protection system, since all its secrets are made visible through the simulation. But because the simulation itself must run on the original CPU, in addition to the software being hacked, the simulation would often run extremely slowly even at maximum speed.

Most of the early software crackers were computer hobbyists who often formed groups that competed against each other in the cracking and spreading of software. Breaking a new copy protection scheme as quickly as possible was often regarded as an opportunity to demonstrate one's technical superiority rather than a possibility of money-making. The cracker groups of the 1980's started to advertise themselves and their skills by attaching animated screens known as crack intros in the software programs they cracked and released. Once the technical competition had expanded from the challenges of cracking to the challenges of creating visually stunning intros, the foundations for a new subculture known as demoscene were established. Demoscene started to separate itself from the illegal "warez scene" during the 1990's and is now regarded as a completely different subculture. Many software crackers have later grown into (extremely) capable software reverse engineers; The deep knowledge of assembly required in order to crack protections enables them - inter alia - to reverse engineer drivers in order to port them from binary-only drivers for Windows to drivers with source code for Linux and other Free operating systems.

Software crackers have their secretive organizations on the Internet. Similar to other "gray area" Internet activities, there are also various detector, legal and other specialists on the subject.

Industry Response

Apple Computer has begun incorporating a Trusted Platform Module into their Apple Macintosh line of computers, and making use of it in such applications as Rosetta. Parts of the operating system not fully x86-native run through the Rosetta PowerPC binary translator, which in turn requires the Trusted Platform Module for proper operation. (This description applies to the developer preview version, but the mechanism differs in the release version.) Recently, the OSx86 project has been releasing patches to circumvent this mechanism.

Microsoft is planning to reduce common Windows based software cracking with the release of the NGSCB initiative in future versions of their operating system.

References

Computer software is a general term used to describe a collection of computer programs, procedures and documentation that perform some task on a computer system. [1]
..... Click the link for more information.
Copy protection, also known as copy prevention or copy restriction, is a kind of hardware or storage media oriented method for technologically preventing unauthorized reproduction of copyrighted software, movies, music, and other media1.
..... Click the link for more information.
Economic development is the development of economic wealth of countries or regions for the well-being of their inhabitants. From a policy perspective, economic development can be defined as efforts that seek to improve the economic well-being and quality of life for a community by
..... Click the link for more information.
lawsuit is a civil action brought before a court in which the party commencing the action, the plaintiff, seeks a legal remedy. One or more defendants are required to respond to the plaintiff's complaint.
..... Click the link for more information.
Motto
"In God We Trust"   (since 1956)
"E Pluribus Unum"   ("From Many, One"; Latin, traditional)
Anthem
..... Click the link for more information.
Introduced in the House of Representatives as H.R. 2281 by Rep. Howard Coble (R-NC) on July 29, 1997
  • Committee consideration by: House Judiciary Committee (Subcommittee on Courts and Intellectual Property); House Commerce Committee (Subcommittee on
    ..... Click the link for more information.
  • In the law, the judiciary or judicial system is the system of courts which administer justice in the name of the sovereign or state, a mechanism for the resolution of disputes.
    ..... Click the link for more information.
    Reverse engineering (RE) is the process of discovering the technological principles of a device or object or system through analysis of its structure, function and operation. It often involves taking something (e.g.
    ..... Click the link for more information.


    ..... Click the link for more information.
    Reverse engineering (RE) is the process of discovering the technological principles of a device or object or system through analysis of its structure, function and operation. It often involves taking something (e.g.
    ..... Click the link for more information.
    A debugger is a computer program that is used to test and debug other programs. The code to be examined might alternatively be running on an instruction set simulator
    ..... Click the link for more information.
    SoftICE is a kernel mode debugger for Microsoft Windows. Crucially, it is designed to run underneath Windows such that the operating system is unaware of its presence. Unlike an application debugger, SoftICE is capable of suspending all operations in Windows when instructed.
    ..... Click the link for more information.
    OllyDbg is a debugger that emphasizes binary code analysis, which is useful when source code is not available. It traces registers, recognizes procedures, API calls, switches, tables, constants and strings, as well as locates routines from object files and libraries.
    ..... Click the link for more information.
    GNU Debugger, usually called just GDB, is the standard debugger for the GNU software system. It is a portable debugger that runs on many Unix-like systems and works for many programming languages, including Ada, C, C++, FreeBASIC, and Fortran.
    ..... Click the link for more information.
    MacsBug is a low-level (assembly language/machine-level) debugger for pre-Mac OS X Apple Macintosh computers. MacsBug is an acronym for Motorola Advanced Computer Systems Debugger, as opposed to Macintosh debugger
    ..... Click the link for more information.
    In computer science, a subroutine (function, method, procedure, or subprogram) is a portion of code within a larger program, which performs a specific task and can be relatively independent of the remaining code.
    ..... Click the link for more information.
    A disassembler is a computer program that translates machine language into assembly language — the inverse operation to that of an assembler. A disassembler differs from a decompiler, which targets a high-level language rather than an assembly language.
    ..... Click the link for more information.
    The Interactive Disassembler, more commonly known as simply IDA, is a commercial disassembler widely used for reverse engineering. It supports a variety of executable formats for different processors and operating systems.
    ..... Click the link for more information.
    A debugger is a computer program that is used to test and debug other programs. The code to be examined might alternatively be running on an instruction set simulator
    ..... Click the link for more information.
    A hex editor (or binary file editor or byte editor) is a type of computer program that allows a user to manipulate binary (normally non-plain text) computer files.
    ..... Click the link for more information.
    In computer science, an opcode (Operation Code) is the portion of a machine language instruction that specifies the operation to be performed. Their specification and format will be laid out in the instruction set architecture (ISA) of the computer hardware component
    ..... Click the link for more information.
    In computer science NOP or NOOP (short for No OPeration) is an assembly language instruction, sequence of programming language statements, or computer protocol command that does nothing at all (besides wasting cpu clock cycles).
    ..... Click the link for more information.
    In computer science, an opcode (Operation Code) is the portion of a machine language instruction that specifies the operation to be performed. Their specification and format will be laid out in the instruction set architecture (ISA) of the computer hardware component
    ..... Click the link for more information.
    In computer science, a subroutine (function, method, procedure, or subprogram) is a portion of code within a larger program, which performs a specific task and can be relatively independent of the remaining code.
    ..... Click the link for more information.
    Proprietary software (also called non-free software or closed-source software) is software with restrictions on using, copying and modifying as enforced by the proprietor.
    ..... Click the link for more information.
    Obfuscated code is source code that is (usually intentionally) very hard to read and understand. Some languages are more prone to obfuscation than others. C, C++ and Perl are most often cited as easily obfuscatable languages.
    ..... Click the link for more information.
    encryption is the process of transforming information (referred to as plaintext) to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key.
    ..... Click the link for more information.
    In computer science, self-modifying code is code that alters its own instructions, whether or not it is on purpose, while it is executing.

    Self-modifying code is quite straightforward to write when using assembly language (taking into account the CPU cache).
    ..... Click the link for more information.
    library is a collection of subprograms used to develop software. Libraries contain "helper" code and data, which provide services to independent programs. This allows code and data to be shared and changed in a modular fashion.
    ..... Click the link for more information.
    dongle is a small hardware device that connects to a computer to authenticate a piece of software. When the dongle is not present, the software runs in a restricted mode or refuses to run.
    ..... Click the link for more information.


    This article is copied from an article on Wikipedia.org - the free encyclopedia created and edited by online user community. The text was not checked or edited by anyone on our staff. Although the vast majority of the wikipedia encyclopedia articles provide accurate and timely information please do not assume the accuracy of any particular article. This article is distributed under the terms of GNU Free Documentation License.