Hack History: crack creation

I started to learn how computers were working through ezines, some BBS and IRC when I started to have internet access…

The full concept of source code / binary was really obscure for me, so I wanted to understand how it was working. My goal was maybe not as noble as it was for some others people. I hated having to put the CD in the drive to play a videogame… yup… my cd drive was really loud and there was, for some games, no logic on when the disk was read. It was pissing me off.

I started reading a lot on cracking and how it worked. I found references to a software I have been using for years (still have it in a corner of one of my HDD), it was named W32dasm it was a disassembler meaning it transformed the binary from an executable to assembler (low-level programming language in which there is a very strong correspondence between the instructions in the language and the architecture’s machine code instructions. Thanks Wikipedia).

W32DASM program entry point

Funny thing, I started this again while writing this article, it still works fine.

So when you have the software and the result disassembled, you realize something’s wrong… Yup, didn’t know assembler as well. So my next step was to find few articles on X86 assembler. Long story short, at that time you mostly needed to know the different jump possibilities, I still remember 3 of them which where enough in 90% of the time.

JNE (jump if CMP result just before is not equal )

JE (jump if CMP result just before is equal )

JNP (jump, just jump, no condition)

NOP (No OPeration, just go to the next instruction)

Once you understand it, you can easily describe the steps.

  1. Find the text saying that the CD is not in the drive
  2. scroll up to find the previous jump landing
  3. check the condition leading to this address
  4. note the address of the condition

The next step involve a hex editor, I can’t remember which one I was using.

You can edit the executable file, go to the jump instruction as you know its address and then change the instruction by replacing the value (JE in Hexa is 74 and JNE is 75). Easily you have replaced a jump if equal by a jump if not equal… and it just works. The game was launching without the CD in the drive.

If you have done some development before or if you have understood you know that there is a glitch here. If the CD is in the drive, you will trigger the message indicating that the CD is not in the drive asking you to insert it. It is the reason why we learn about the JNP and NOP instructions as you will not be influenced by the test result…

Of course, it is only the basis and it will not work with DRM protected executables but it was not my goal, I understood better how it worked and the obscure feeling around computer was starting to disperse in my mind: it was logic and not magic!

Posted in Hack History Tagged with: , ,

Leave a Reply

Your email address will not be published. Required fields are marked *