About the 10 basic skills of a hack

The following talk about some of the problems in the process of learning and decryption, I based on my own experience simple to talk to you. These questions for beginners often need to understand, according to my own learning experience, if you directly according to a lot of crack tutorials to learn, probably will be full of their head fog, because there are many concepts to be not very clear, you do not know what is the matter, So I hope that through the following discussion to give you a certain help:

1. Breakpoints : The so-called break point is where the program is interrupted, the word is more familiar to the decryption. So what's the interruption? Interrupts are due to special events (interrupt events), the computer pauses the current task (i.e., the program), to perform another task (Interrupt service program), and then return to the original task to continue execution. For example: You are at work, suddenly a classmate called to tell you that he came from outside the train to meet him at the railway station. Then you go to the boss on a temporary leave, to the train station to pick up the students, and then put him in a good place, then you return to the company to continue to work, this is an interruption process. Our decryption process is to wait for the program to get the registration code we entered and to compare it with the correct registration code to break it down, and then we use the analysis program to find the correct registration code. So we need to set breakpoints for the decrypted program, cut into the program at the appropriate time, and trace the registration code of the program to achieve the purpose of crack.

2. Airspace : This is a very important concept, but beginners are often not aware of the place. We can see the word airspace in all kinds of cracked articles, and if you can't figure out where the airspace of the program is, then you can't get into the crack door. Maybe you have cracked some software, but it's just a blind cat to the Dead mouse (I was such a ^_^, and now I'm embarrassed to say it!). ）。 The so-called program's airspace, is plainly the program's own place, that is, we want to crack the program's own code location. Perhaps you will immediately ask: I am in the program run when the breakpoint set, why is not in the program's own space after the interruption? Because each program is written without a fixed pattern, we have to break the program when we want to cut into the program, we must not rely on the specific program to set the breakpoint, that is, we set the breakpoint should be used by each program will be something. In the DOS era, basically all of the programs are working on interrupt programs, that is, almost all DOS programs will invoke various interrupts to complete the task. However, in the Windows era, the program does not have the power to call the interrupt directly, Windows system provides a system function call platform (API), the DOS program based on the interrupt program, the Windows program based on the API to implement and system to deal with the various functions, So the Windwos software cracked its breakpoint setting is based on the API function, that is, when the program calls an API function to interrupt its normal operation, and then to decrypt. For example, in SoftICE set the break point of the noodle: bpx getdlgitemtext (Get the dialog box text), when we want to crack the program to read the input data and call GetDlgItemText, immediately by the SoftICE Intercept, Thus the cracked program stays in the GetDlgItemText program area, and GetDlgItemText is in Windwos's own management system area, if we arbitrarily change this part of the code, then the disaster is imminent ^_^! So we have to return from the system area to the cracked program's own place (that is, the program's airspace) in order to crack the program, as to how to see the airspace of the program to see the SoftICE diagram above. Imagine: what useful things can we find from that program segment that each program calls? (How to encrypt is the program's own decision, rather than invoke the system function implementation!) ）

3. API: Application programming Interface, Chinese called Application design Development interface, is a large collection of system-defined functions, which provides a way to access the job system features. The API contains hundreds of application-called functions that perform all necessary operations related to the job system, such as memory allocation, output to the screen, and creating Windows, and the user's program works with Windows by invoking the API interface, regardless of the application, The bottom end is to implement various functions by invoking various API functions. The API usually has two basic forms: Win16 and Win32. Win16 is the original, 16-bit version of the API for Windows 3.1;win32, which is now the 32-bit version of the API for Windows 95/98/nt/me/2000. Win32 includes Win16, which is a super collection of Win16, and most functions have the same name and usage. The difference between the 16-bit API function and the 32-bit API function is the last letter, such as the breakpoints we set: Bpx GetDlgItemText, Bpx getdlgitemtexta, and Bpx Getdlgitemtextw, where GetDlgItemText is a 16-bit API function, Getdlgitemtexta and GETDLGITEMTEXTW are 32-bit API functions, and GETDLGITEMTEXTA indicates that the function uses a single byte, GETDLGITEMTEXTW indicates that the function uses two-bit tuples. Now our hack is commonly used in the Win32 single-byte API function, which is similar to the GETDLGITEMTEXTA function, the other two (Win16 API and Win32 two-bit group API function) is relatively rare. The Win32 API functions are included in the dynamic link library (dynamically link Libraries, referred to as DLLs), which is included in the Kernel32.dll, User32.dll, In Gdi32.dll and Comctl32.dll, this is why we want to import these dynamic-link libraries into SoftICE in SoftICE with command columns such as Exp=c:\windows\system\kernel32.dll. Because we don't do this, we can't intercept the System Win32 API function call.

4. About the existence of the registration code in the program : in the process of decoding we will find the program will enter the registration code and the correct registration code in the place, and then through the program tracking, analysis to find the correct registration code. But the correct registration code usually exists in two forms in the program: explicit and implicit, for an explicit registration code, we can see it directly in the memory of the program, for example, you can see "297500523" directly in the SoftICE data window. Such the existence of the registration code (this is free to write), the registration code for the explicit existence of software cracking is relatively easy, but some software programs do not directly compare the registration code we entered and the correct registration code, such as the possibility of converting the registration code into an integer, or the registration code to be opened up, Then each registration code is divided in different places to compare each, or the registration code we entered a certain transformation, and then a special program to verify and so on. In short, the application will take a variety of complex operations to avoid direct registration code comparison, for such programs, we usually have to carefully track, analyze each program function, find the encryption algorithm, and then to crack it, of course, this requires a certain 8086 programming design skills and great patience and energy.

5. About the software crack way : I will break the way into two categories, that is, complete crack and brute force crack. The so-called full hack is mainly for those who need to enter the registration code or password and other software, if we can track the program to find the correct registration code, through the software itself registered the function of the normal registration of the software, such a crack is called a complete crack, but if some software itself does not provide the registration function, Just provide trial (demo), or registration can not be carried out through the software itself (for example, need to obtain another dedicated registration program, through the Internet registration, etc.), or the software itself is relatively complex encryption technology, software cracker's ability, energy, limited time, can not directly get the correct registration code, At this point, we need to modify the code of the software itself, that is, artificial change

6. About the code address problem in the hack tutorial : The hack tutorial will put a subset of the code to explain how the program is parsed, such as the following code:

......

0167:00408033 PUSH 00

0167:00408035 PUSH EBX

0167:00408036 Call [user32! EndDialog]

0167:0040803c JMP 0040812C

......

In this program code address, such as 0167:00408033, the value of its code fragment (that is, 0167) may differ depending on the computer, not necessarily identical, but the offset value should be fixed (that is, 00408033 unchanged), So if you see the address value of the code in the cracked article is not the same as your own computer, do not think that the wrong place, as long as your code is correct there will be no problem.

7. Questions about how to set breakpoints: setting breakpoints correctly and properly is important for fast and efficient decryption, and a good breakpoint setting allows us to quickly find critical program segments, while inappropriate breakpoints can cause unnecessary effort to decrypt the decryption, or even prevent the program from running at all. But exactly when to use what break point is more appropriate to say, this requires their own experience to accumulate, in general bpx hmemcpy This universal break point for most of the registration code method of the software is useful, beginners may wish to try this break point (usually I also use this breakpoint settings, lazy ah ^_^, haha ...) ）。 For software that requires brute-force hacking, usually we should block dialog boxes (such as BPX dialogbox) and message blocks (such as bpx MessageBox (A)). No matter what kind of software, when we set the break point has no effect, but try Bpx Lockmytask, the role of this breakpoint is to intercept any one button action, the specific commonly used breakpoint settings refer to the "Crack Common breakpoint Settings" article. In addition, in the registration code of the crack usually need to enter the user name and registration code, in general, the user name and password can be arbitrary input, but according to my own experience, many software for the registration code will be bit-wise processing, if the input "78787878" This string of digits, Then in the tracking program, we can not know what we saw at the end of the "78" is which "78", so I prefer to use "12345678" such as the registration code input method, so that you can know the program is in the registration code of which one of the operation, The same for those who need to enter a longer serial number of the software, enter a similar "12345-67890-abcdef" such as the number is better. But one thing we need to pay special attention: The above-mentioned registration code input mode "12345678" is for the interception of WIN32 API functions, if some time directly intercept the WIN32 API function is difficult to find the breach of the program, but with the help of "S" Instructions in memory to find our input user name or registration code, it is best not to use "12345678" as a registration code, because memory is likely to have a lot of "12345678" string, so we have no way to know the bottom of the program we want to crack using which "12345678", So we should choose a not easy and memory data the same registration code, such as: 74747474 (I like to use, meaning: Die to die ...) hahaha ^_^), the corresponding search instruction is: S 30:0 L FFFFFFFF ' 74747474 '. Of course, these are just my personal habits, the specific use of what kind of input can be based on my hobbies, habits to be determined, do not have to rigidly adhere to a fixed pattern.

8. Questions about how to track the program : Beginners often do not know how to follow the program when they start to learn how to track the code, how to find a place to compare the registry, when faced with a long heap of code when it seems overwhelmed. Usually the software inside the program using a subroutine (that is, call ********) to verify that we entered the correct registration code, for the registration code explicit existence of the program, generally will enter the registration code and the correct registration into the register, and then invoke the verification of the program to judge, the results returned, The application determines whether the registration succeeds based on the results returned by the sub-program, which often has the following form:

:* ******* MOV eax,[********] (or PUSH EAX form)

:* ******* MOV edx,[********] (or PUSH EDX form)

:* ******* Call ********

:* ******* test Eax,eax (or test al,al, or no such sentence)

:* ******* jnz ******** (or JZ ******** form)

where EAX and edx point to the memory area is the registration code we entered and the correct registration code, where the register eax and edx is free to write, can also be ecx,ebx,edi,esi and so on. The registration code implicitly exists in the program, although it is not possible to directly see the correct registration code, but usually the input of the registration code address is placed in a register, and then call the sub-program to verify that the hack need to enter the sub-program to analyze the registration algorithm. In short, we should be more vigilant when we see the ******** followed by the jump command (jnz ******** or JZ ********), with D-EAX (or EBX, ECX, EDX, EDI, ESI ...). And so on) to see what is hidden in the memory area that the register points to. One thing to remind everyone: see the program using the following function is to note that getdlgitenint, the role of this API function is to convert the input text into an integer, so there is no registration code to show the existence of the program, because the registration code is converted to integers, the program will usually use CMP Ecx,edx This type of instruction to verify the correctness of the registration code, which is stored in ECX and EDX is the input registration code and the correct registration code integer form, at this time can be used? EdX and? ECX see its decimal form, which is the form we enter.

9. About the software anti-installation problem : Often we use some software will encounter a problem, that is, when the common software expires even after the deletion of the original program reinstall, the program is still not available, or the same as remind you that the trial period has been registered, or you have cracked a software, But also want to continue to study it, but because the software has been registered, there is no registration option, you even delete the program and then reinstall the software, the results of the program is registered after the run. In this case, in fact, the reason is very simple, because the program will register or expire information in the system login, so simple reinstallation software is useless. The solution is to delete the information in the registry, but because the registry is the basis of the work of the Windows system, if you are not careful it is likely to damage it and cause system anomalies, so if you are not very familiar with the registry, you should back up the registry before you modify it. Either modify or back up the registry can be done using the Registry management tool "Regedit" under WINDOWS, one way is to start it by typing "regedit" under "Start-to-run", or simply click "C:\WINDOWS\regedit.exe" To run. Most applications will have their own information in the following path: HKEY_LOCAL_MACHINE\Software, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft, Hkey_current_user\ Software, HKEY_CURRENT_USER\Software\Microsoft, or hkey_users\. Under the Default\software, the specific place depending on the program and different, as long as in the order of the above will be able to find the key to the application, and then the user name and the registration code related to the key value of the deletion will be done.

10. On the problem of crack practice : Learning to crack requires a lot of practice, for the choice of cracking goals, beginners should not be large, well-known software as the goal, because these software is usually more complex encryption, crack difficult, should choose some less famous, Small and early-time shared software to practice, because the relatively simple encryption of software facilitates beginners to quickly grasp the cracked ideas and skills. As for the problem, the source of the exercises is very extensive, which can be downloaded from the Internet or purchased on the market for some common software CDs.

Spring trade | software Customization | hack | Marketing Software | website design | SOFTWARE Services | data acquisition | Software Design | Research and development | Software Studio | MOBILE Development | protocol Analysis | Android iOS

=========================================================

Spring Trade Software Studio

To undertake small and medium-sized Windows desktop software development, software cracking and reverse. Kernel software development. offline, protocol analysis. Languages used: C + +, C.

To undertake a variety of outsourcing projects, interface development projects. Development of various framework platforms for JAVA, C # language.

Provide solutions to various problems of the system, solve the system crash problem, provide the installation plan.

Official website: www.svch0st.com Contact Q1483187 191968212 Tel 18810615383

=========================================================

About the 10 basic skills of a hack