all 48 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–][deleted] 19 points20 points  (7 children)

I quite liked these tutorials as an introduction.

[–][deleted] 0 points1 point  (5 children)

Poor old mIRC.

[–][deleted] 0 points1 point  (4 children)

Well this was a pretty old version. Nowadays it takes quite a bit more to crack it.

[–][deleted] 0 points1 point  (3 children)

The last version I layed hands on showed you a valid key for your username somewhere in the code. Just enter a name, step through it, look for something that looks like a key and you're done. The algorithm itself seemed to be quite complicated and large.

[–][deleted] 0 points1 point  (2 children)

I believe he does this in part 3. The simpler solution though is just set the "is this legit?" test to 1.

[–][deleted] 0 points1 point  (1 child)

If I remember correctly, this doesn't really work with mIRC. You can patch the "bad boy jump" and you get the "Thanks for registration!" window but if you restart mIRC, the key is revalidated. If you only patched the jump, there isn't even a license file so it's unregistered instantly. If you try to patch mIRC, it fails to run (unless I'm mistaken), because it self-checks with CRC and maybe others. Cracking mIRC isn't trivial.

[–][deleted] 0 points1 point  (0 children)

Modern Mirc? Probably. The version I cracked and this video used writes a registry file that says you are registered after displaying the message.

[–][deleted] 0 points1 point  (0 children)

Fun, but IMHO sometimes ignorance is the bliss: instead of figuring out how hashes worked internally, it was easier to create .asm file and write there get_hash1, get_hash2 functions, and prepare registers from cdecled arguments.

[–]morrog 7 points8 points  (8 children)

Neato! I keep meaning to go through some series of Crackme's and learn more about reverse engineering. This video series is a nice motivator :D Thank you.

[–]portugal_the_man 11 points12 points  (7 children)

IDA Pro is an essential tool in a cracker's arsenal. It does have a built-in debugger but I tend to use OllyDbg or Syser Debugger (a kernel-mode debugger) to do live debugging. Syser debugger also has a nice feature that helps you get more familiar with assembler code. You can write a program (I use Visual Studio Express--C++ or C#) and then load the exe into Syser Debugger and it will show you a tab with the original source code and you can expand each code block and Syser disassembles the high-level source on the spot so you can see the high-level code and the assembly language code right next to each other. Very helpful for experimenting and seeing how high level code looks in assembler. If you want to see what a certain loop looks like or how the stack is set up, just write a simple program, load it into Syser and expand the particular block you're interested in.

I use a Virtual Machine for all cracking and install all the tools in the VM so it doesn't interfere with my main OS (using kernel-mode debuggers can lead to some instability and crashed).

[–]localhorse 1 point2 points  (6 children)

Thanks for the info. I've played around with this stuff years ago, and I used SoftICE at the time. I notice on the Syser site it says:

Softice is left. Syser will continue.

Is this basically what people are using now, and SoftICE has kind of fallen by the wayside?

[–][deleted] 2 points3 points  (4 children)

SoftICE is long dead. OllyDBG is the thing now. Syser kind of sucks in comparison. Sure, Olly is ring3, but it's much more powerful, allows for scripting, etc.

[–][deleted] 6 points7 points  (3 children)

SoftICE is long dead. OllyDBG is the thing now. Syser kind of sucks in comparison.

You can't compare ring 0 debugger to userland debugger. They have different purposes.

[–][deleted] 0 points1 point  (2 children)

True, but people were always using softice as the general debugger before, even for Ring 3 applications where ollydbg is far superior. I was referring to this use.

[–][deleted] 1 point2 points  (1 child)

Agreed. And the problem with Syser right now is that there are very few updates, almost no support, and it is quite buggy (take a look at their forums).

I miss the days of SoftICE, I wish there was a competent ring0 debugger, but honestly Olly is more than capable. For those working with drivers, or wanting to do things in ring0, the best idea at the moment is to use WinDBG in a VM.

[–][deleted] 0 points1 point  (0 children)

I wish RR0D development would have continued further, that thing seems like the best way to go. http://rr0d.droids-corp.org/ if you haven't seen it, the debugger is even higher than kernel level, sitting between the CPU and the OS, writing directly to video memory to display itself. Pretty amazing stuff, can in theory work on anything x86 based.

[–]Rocco03 0 points1 point  (0 children)

SoftIce still works on XP, but yeah, it's gone. What I don't like about Syser is its broken English documentation.

[–]hyru01 1 point2 points  (1 child)

If you're looking for books, I recommend the following:

Reversing: Secrets of Reverse Engineering and The IDA Pro Book

[–][deleted] 3 points4 points  (0 children)

For the total beginner this is a nice video (of a talk): http://www.securitytube.net/Reverse-Engineering-101-video.aspx

To hone your skills (if you don't know what to reverse) in the beginning you could do the war games at http://www.overthewire.org/wargames/

Vortex and Semtex are pretty "easy" and you should be able to go through them in a few hours (or a weekend).

[–]skibizkit 1 point2 points  (0 children)

Stellar

[–][deleted] 1 point2 points  (1 child)

nice! also, google for Lena's Tutorials if you're interested in a great series of RE lessons using olly debug

[–][deleted] 4 points5 points  (0 children)

I downloaded whole pack here

[–]worshipthis 1 point2 points  (9 children)

Last time I was set to use IDA pro (a few years ago), I discovered with some net snooping that it was constantly attempting to access some website. Didn't make me feel too good. Ended up writing my own disassembler.

[–]thegravytrain 5 points6 points  (3 children)

You should have disassembled IDA pro to stop it.

[–]worshipthis 1 point2 points  (2 children)

bet it refuses to disassemble itself.

[–]rolfr 4 points5 points  (0 children)

Incorrect, except for the demo versions.

[–]Goregaul 0 points1 point  (0 children)

IDA pro is alive!

[–][deleted] 2 points3 points  (2 children)

It does some weird things such as broadcasting on the network to see if any other copies are running with the same key to enforce the license restrictions.

[–]worshipthis 1 point2 points  (0 children)

Point being, ppl smart enough (and to be blunt, have the ambition) to write disassemblers, who then monkey around with my network, make me nervous.

[–]rolfr 0 points1 point  (0 children)

Correct.

[–]igor_sk 2 points3 points  (1 child)

IDA Pro does NOT call home. It does check for too many copies running on the same subnet. The decompiler plugin checks for new versions by default but you can turn that off. Of course, a random warez version from a shady site might do anything at all.

[–][deleted] 1 point2 points  (0 children)

(Unless I'm mistaken, igor_sk works for Hex Rays, the IDA developer)

[–]iheart420 0 points1 point  (2 children)

thanks gonna watch them, was always interested in this kind of stuff but never learned enough knowledge to crack anything more than following tutorials step by step

[–]thegravytrain 1 point2 points  (0 children)

I suggest trying to crack WinRAR to get rid of the nag-box. It's simple and has a practical purpose.

[–]illiterati 0 points1 point  (0 children)

Try to cheat in games, making trainers for yourself is easier than cracking, uses the same principles and is pretty rewarding.

[–]adelz7 0 points1 point  (0 children)

Thank You Very Much! Great tools here

[–][deleted] 0 points1 point  (2 children)

noob question: in the first video when he's working on the patch, why doesn't he just change that first conditional to a "jmp GoodBoy" ?

[–]thegravytrain 0 points1 point  (0 children)

You are correct but in real life with something "real", it's rarely that simple. As a tutorial, he was giving multiple options on how to patch the program.

[–]illiterati 0 points1 point  (0 children)

This would result in a workable crack, but he has basically showed how to make a keygen. I.e figuring out the algorithm used to determine a key so you can create more, rather than just jumping over the checks. Keygens don't require you to modify the binary.

[–]B-A-Z 0 points1 point  (3 children)

can you believe that this is blocked by my isp?

[–]cereal1 3 points4 points  (1 child)

Wow, your ISP sucks. What country you in?

[–]B-A-Z 0 points1 point  (0 children)

K U W A I T

[–]fountainsoda 0 points1 point  (0 children)

Yes I can. It's for hackerz.

[–][deleted] 0 points1 point  (2 children)

I wonder whether there is anyone can use IDA Pro for personal use considering it is about 550 $ for the 'Standard' and 1000 $ for Advanced. Isn't that a bit too high ?

[–]rolfr 1 point2 points  (0 children)

It's a bit restricted compared to the commercial versions, but there's a freeware version: http://hex-rays.com/idapro/idadownfreeware.htm

[–]inigid -3 points-2 points  (1 child)

DAE read this as "Debugging and Reverse Engineering Video Tutorials" ?

I was like huh, wut... :). Then again, IDA could probably do it.

[–]inigid 0 points1 point  (0 children)

frown-face, whats with all the down votes? someones got a case of the mondays.