Software Registration Bypass

Got something to share about your favorite games? Strategies? Game codes? Discuss gaming topics here!

Software Registration Bypass

Post by Baiken1 on Fri Aug 11, 2017 5:17 am
([msg=94081]see Software Registration Bypass[/msg])

Hey everyone,

First of let me start by saying I already know there are countless of video's on youtube on how to do this.
The problem is I'm never able to get the same result as them.

I'm trying to bypass the software registration of a hack made for a game but after running play, I keep getting Acces violation into exceptions into acces violation again. Seeing im fairly new to this I have no clue on how to fix this. (it bassicly loops into new exceptions and acces violations).

Now I'm quite sure, anyone with experience could crack this thing within 10 minutes. So if anyone could help me out here that would be great. I could upload the file here (if thats allowed) or send it to you in a number of ways. :geek: :ugeek:

Thanks in advance!

PS- using Ollydbg
Baiken1
New User
New User
 
Posts: 2
Joined: Fri Aug 11, 2017 5:10 am
Blog: View Blog (0)


Re: Software Registration Bypass

Post by Baiken1 on Fri Aug 11, 2017 6:21 am
([msg=94092]see Re: Software Registration Bypass[/msg])

I dont own ICQ, any other way to reach?
Baiken1
New User
New User
 
Posts: 2
Joined: Fri Aug 11, 2017 5:10 am
Blog: View Blog (0)


Re: Software Registration Bypass

Post by ghost107 on Sun Aug 13, 2017 5:53 am
([msg=94096]see Re: Software Registration Bypass[/msg])

Depending on the type of software, if it s a game and the game is online, you will have a lot of work, since you have to emulate the server, if it is offline, you will first need to investigate the software in like
- In what language it was written
- What tools you would need to decompress/decompile/disassemble it to analyze it.
- What tools you will need to edit(like editing memory info, pretty useful for packed binaries, or files)

Since you said "access violation" c0000005 means your software accessed parts of memory that it does not have access, like memory that is not allocated or code that does not exist, and assuming the application is a windows exe, because linux elf files usually return segmentation fault.

I am assuming the software is written into a software that compiles into a intel executable, as for what you need
- for language I assume is C/C++(if you use IDA to decompile the code it will decompile into C, it will require for analyses), and assembly language(useful for reading disassembled code and editing code)
- For tools: IDA disassembler, OllyDbg and various OllyDbg/IDA Scripts
- Tools to edit IDA and OllyDbg, Lord PE(I have my own PE tool to edit the PE header, for beginer this tool is useful), Hex editor, a programming language to write patches directly into the software memory

As for doing it, it depending on what software it is, if the software is a software that communicates with the server, you would need to emulate the server.
Tools for this would be:
- wireshark for dumping network packets, or using winpcap and make your own custom packet sniffer
- Would require basic reverse engineering to find the encryption of the network packets, or basic engineering to dump the packets before send and receive(this, would not require previous step)
- And a programming language for you to write a server to respond to the client software actions.

As for cracking a simple software, is like the crack me examples(this works if they use window api messageboxes for error and warnings);
- You just run the application till you get to the registration window
- Attach the debugger (like IDA or OllyDBG) to the application, and run
- Complete the fields and register with wrong data so a message will appear
- After the message box appears open the debugger and pause the process
- In the debugger just backtrace the code and check conditional jumps
-- JE = Jump if Equal, JNE = Jump not equal, JZ = Jump if Zero, JNZ = Jump if not zero
-- JG = Jump if Grater, JGE = JUMP if greater or equal, JL = jump if lower, JLE = jump if lower or equal, etc
-- JMP = jump
There are a lot of conditional jumps, if you find the conditional jump that leads to your message box, change it to the opposite of it.

if for example there is no message box and appears a red label you should look into the windows API on MSDN for the messages and message queue:
https://msdn.microsoft.com/en-us/library/windows/desktop/ms632590(v=vs.85).aspx

For instance ofter in the software to register you have to press a button
You just run the application till you get to the registration window
- Attach the debugger (like IDA or OllyDBG) to the application, and run
- Attach a conditional breakpoint into Dispatch Message function and the message will be WM_LBUTTONDOWN
https://msdn.microsoft.com/en-us/library/windows/desktop/ms644934(v=vs.85).aspx
- Complete the fields and register with wrong data so a message will appear
- After the code hits the breakpoint, continue the code and check all conditional jumps till you exit dispatch message

If a software is protected with counters and other measures of protection(like verifications for successful registration, anti debugger measures, anti hooking measures, executablecode checksum, etc) the examples above are just the beginning.
User avatar
ghost107
Poster
Poster
 
Posts: 316
Joined: Wed Jul 02, 2008 7:57 am
Blog: View Blog (0)



Return to Gaming

Who is online

Users browsing this forum: No registered users and 0 guests