This challenge is for all crackers who love cracking or hacking software. The software attached is a simple program having a label. All you have to do is change the text of that label. It will only be considered a crack:
1) If you altered the original exe and didn't create your own copy of the software
2) It runs on my machine and u dont send me screwed up MS DOS exe like Dinz sent me last time
I would really appreciate if you would just attach the cracked version with a description on how u did it. This is really uncrackable and last time, no one had cracked it. Dinz claimed to have cracked it but it showed up as an MS Dos program on my machine! i bet no one can crack it this time... its a challenge and lets see who does
For your information, the program zipped up is a calculator program that has been protected by a software i made. this software makes dissassembling it, hexediting it or changing its structure in anyway impossible. Hope to sell this product but before that, want to remove the possibility that it can be cracked
192.168.0.1 Preferred Animal: Penguin Reason for errors: Line#38
Posts
3,051
Re: Software Cracker Challenge #2
Originally posted by Yash_Kumar i bet no one can crack it this time... its a challenge and lets see who does
Is it me, or is that a bit of a contradiction?
Quotes:
"I am getting better then you guys.." NoteMe, on his leet english skills.
"And I am going to meat her again later on tonight." NoteMe "I think you should change your name to QuoteMe" Shaggy Hiker, regarding NoteMe
"my sweet lord jesus. I've decided never to have breast implants" Tom Gibbons
Not sure what happened to the last thread - when I checked on my home PC this evening it seems to have disappeared - Guess it must have upset the Moderators.
Yash_Kumar,
Looking back at your previous posts, and your activity at rentacoder it's fairly easy to work out how you are protecting the program. Your program is probably fairly secure, but I suggest it's foolish to say it is 100% crack proof. You don't appear to be doing anything different to plenty of other exe encryption routines out there. Saying that I wish you luck in getting it off the ground. If other people can make money out of doing it then why not you.
I don't know whats wrong with everyone. If u think this can be cracked, try i for yourself. And yeah, won't work on 98/95 for the time being so u will get that internal error thing. That happens when some API is missing or something. It will work fine on XP/2000/NT. If u think it can be cracked then why dont u do it... its easier to say then do.
Lol, and my activity on RentACoder is always to get new ideas. Not everyone is best at good ideas and why not take the opinion of other people. The protection is probably the best I and a lot of other people could have put together. If u think it's just fair protection, then try cracking it!!!
So how does this work? I mean, not how the algorithm works, but what happens when you open the file in a hex editor or something? Does it not open at all, or does it ruin the whole file or what?
Ok I think I figured out a key piece to it. The program is not really in calc.exe, but rather in a.a file that is produced when the previous is ran.
I renamed a.a to have a .exe extention, and sure enough, it is 48K in size, and has the icon that matches the icon in the titlebar of the "calc" program. However I get an error when I run it, which makes mention of some hex and says the program failed to initialize properly (0xc0000005).
Essentialy, the way I figure this program works, is that the original CALC program creates some sort of temporary registry entery, as i see this suspicous entry:
Then, the program is unpacked, as a.a file, so that no one executes it on its own.
Next, the calc.exe (orignial executable) passes some sort of argument onto a.a while executing it to make sure that its not being run standalone (hence why the runtime error occurs when I renamed the file and ran it by itself).
In essence, the "copy protection" is basically a file that will extract the real executable from itself, run it using command line arguments to make sure that it is being run from a legit source. The real executable, not calc.exe is possibly even encrypted using some cheap algorithm to make sure its not altered while its being held in calc.exe. This way it is impossible to edit the label that he asks us to, unless we edit the "a.a" file (the real executable) and then we somehow find out what arguments or registry codes IT needs to run properly.
Am I at least partially right on all this?
I know at least some of my analasys is bound to be correct, but I am not sure about the registry thing. How I found that was I searched for "calc" in the regsitry and found that, and thought that because it says LocalCopyHelper it looked like it might be from this program.
So the registry im not sure, but on the rest, did I do ok?
I don't know whats wrong with everyone. If u think this can be cracked, try i for yourself.
Thats kinda contradictory isn't it? If YOU think it can't be cracked, then why offer this challenge? The reason you are offering this challenge is that IT CAN BE CRACKED and you want to see how it was done so that you can close the hole. Am I correct?
- If at first you dont succeed, then give up, cause you will never will!
Actually I think that the author of this program (or 2 programs if u ask me, given the fact that one is nested in the other) basically thinks it cant be cracked, but offers this challenge just to make sure.
Kinda like a beta test. Or When Microsoft opened up a Windows 2000 server and invited hackers to hack it cause they thought it was some neat code they just made.
BTW, Another thing I noticed is that the calc.exe file is exactly 100Kb big. That might play a role in this somehow.
Basically, as my previous analasys states, i believe that the calc.exe program is programmed to extract from itself the real program then executes it using arguments passed to it either by the registry or by other means, so that the real program cant run without them. Essentially this "tool" for copy-preventing programs or "crack-preventing" them is essentially just an app that creates self-extracting ZIP files with a twist.
I'm just curious as to how you "look" at an exe to tell what it is doing. If I wanted to tinker around just for the sake of learning, what software (freebie) would you recommend?
I guess the real challenge is can you break the code and run the program on its own. You did good to figure out what you did, but if you still can't get around the security, then it sounds pretty successful to me.
I'm not taking the challenge cuz I know jack about cracking. But I do think the whole thing is interesting.
Waiting for a final outcome. This is almost as good as Jason and the Astronauts.
Good work Conscript... now thats what i call constructive analysis... hope people will catch up with him or use his work for for a start. Conscript, you are partially right but a.a is not a normal exe. a.a is still encrypted.. and doesn't accept any parameters as u pointed... in fact.. it is dependent on another process to execute... enough of a hint.. lets see what else u discover.
Actually I wasnt sure what it was really doing, but I took an educated guess this way:
I opened the file from Windows explorer, and immediatly after it ran, i saw a new file create itself in that folder. This is how I determined that the original program created a file.
Then I opened the MS-DOS command prompt (im in XP btw), and renamed the file it had just created to have a .exe extention. This is only possible with the command prompt, as Windows explorer now hides the extentions.
After I renamed the file to .exe I saw that this had to be the real program, as it had the same icon as was used in the program. When I ran it though, it gave me an initialization error, which to me meant that something happened at startup.
The only obvious conclusion I got from that is that some sort of startup variable needs to be present in order for it to execute properly. Since I am a programmer, I know that some programs dont work unless they are passed command-line arguments (like when you run a program and set switches). For example for a command line Unzipping program to work you have to type:
unzip [filename_to_unzip] [destination_folder]
The things you type after the file name are called command line arguments. In Windows programs however, since they are GUI based, you dont type those arguments. But you CAN still pass them if you execute the program from a command line instead of a GUI.
A progarm like calc.exe may call the windows shell to execute the "a.a" program and can pass arguments to it this way, because the C/C++/VB code that calc.exe was made with is actually calling the shell (essentially the ms-dos prompt).
So to be honest I didnt use any special utilities to find all that out, just common Windows utilities and knowledge I picked up as a programmer. There are hex editors out there though that will open and let you edit EXE's but you have to be familiar with Hex of course. Try searching for them on google or something, or even on download.com or one of those sites. Im sure they are widley available.
You can show the extensions in windows explorer in xp. Just go to the options menu and look at the list. I have mine set up to view everything on my system. I hate hidden files and such.
Well I dont have any advanced tools for monitoring stuff, except built-in Windows tools, so I don't know what else I can discover.
If the a.a is still encrypted, my guess is its not done in any advanced way given the fact that the program executes quickly when done through calc.exe
Can you just tell me one thing? What language did you use for the programs, are they both VB?
i think i revealed enough... the reason why i put it up here is so to find out if someone is able to bypass the encryption and crack it. If someone is still working on another method... would like to know
if it comes down just to encryption... we will make the enyption 100000% secure. So I'm just waiting to see if some smart cracker can bypass all our encryption and work out a crack.
We will eventually be selling this product at very low unimaginable prices so it could be accessible to all developers. We should be ready as soon as we finish our optimization (by the way.... we have optimized it by 3 seconds and thus our new version starts up immediately) and get it to run on all Windows. If anyone is interested in joining our BETA testing or development team, you could contact me at [email protected].
o yeah... for the curious, it will be selling for $39.99... how does that sound?? Now thats why i call cheap
our final release will be able to run on all windows including 95 and 98. Currently it only will work on 2000/XP/NT and we have isolated why it doesn't work on 98/95 and should have a fix within a week. Till then, consider upgrading to XP.. Anyone else trying to crack it??
thats good thinking but not exactly what it does... i cant believe no cracker has been able to crack this yet! Come on... there has to be someone that could crack it!! And yeah, I had received a crack from someone that had modified the memory to change the label's caption. I would like to repeat that I expect a crack that changes the label from its source and not from its allocated memory as after all my PE Encryptor was designed to protect an exe and not the memory
Reply With Quote
)
