|
|
|
jump if zero to jump always
Monday, February 11 2002
[REDACTED]
Back in the early 1990s, before there was a World Wide Web, I used to be something of a Macintosh software collector. I would go to computer labs at random colleges and universities and copy whatever I could find on the local networks. Sometimes when I'd find a particularly rich deposit of applications, the task of copying and compressing it all would take me hours of work.
While in the early days of my software harvests I used to travel around with a stack of floppy disks, later I equipped a SCSI hard drive with a handy carrying case and power supply and used that as faster, simpler method of scooping files from servers. That hard drive was a pretty suspicious-looking piece of hardware back then, but no one seemed to care. I was never confronted about it and no one ever suspected I was performing illegal activities (even though I was). Mind you, I wasn't trying to cause anyone harm; most college networks were wide open in those days and my only interest was getting copies of the software. In those days, a really big program like the glacial Microsoft Word 6.0 took up about fifteen megabytes of space. But most applications were smaller, and in compressed form could easily fit on a single high-density floppy disk.
At home later after one of my harvests, I used to spend hours trying out my new software toys. Often, though, my Christmas-morning-style revelry would be interrupted by disappointments: bad floppy disks, incomplete archives, and most horrible of all - being asked for a serial number or a password. What could I do? Guessing the password seemed impossible, and yet, the only thing keeping me away from my fun was some unseen algorithm. There had to be a way to defeat the system!
Later I learned that there were people who cracked such programs by looking at the code and switching commands such as "jump if zero" to "jump always," effectively eliminating copy protection with the alteration of a single byte. I didn't know how this was done, but I suspected ResEdit played a role. The Macintosh operating system has changed a lot since OS 7, and ResEdit probably isn't even used anymore, but back then it was the ultimate file editor. It could be equipped with hundreds of user-templates and plugins allowing the editing of all manner of data structures. It could also edit code resources, the place where the actual 680X0 opcodes were stored.
One day in January 1993, I decided that I was going to crack a program, by golly, and I wasn't going to stop until I'd succeeded. I can't remember what the first program was - either it was CompactPro (an old file compression utility) or it was PipeDream (a game where you try to lay pipe in advance of a flowing fluid; play an excellent online version of it here), but I was amazed at how easily it succumbed to the editing of a single opcode. Soon, cracking became an obsession for me, and I wasn't happy unless I had something really challenging to work on. Mathematica, a huge application for modeling mathematical formulæ, was my all-time favorite crack, although there were others that were even more remarkable, including one application whose code had to first be unencrypted before it could be cracked. I had to use a memory dump on that one to figure out the encryption scheme - I remember it being a simple ROL or ROR. There was also the case of the twin biochemistry applications that depended on a hardware "dongle" plugged into the serial port in order to function. Though the hardware requirement was a little intimidating, these programs turned out to be as easy to crack as the applications that simply required a password.
These days, of course, I no longer trawl university intranets for software, and I've long since stopped using Macintoshes. Meanwhile, the rise of file sharing and the Web have greatly simplified the finding of warez and cracks. Consequently, I never bothered to learn how to reverse-engineer and crack Windows applications. Until today. I guess if you're around long enough, it's possible to find yourself in a field either so new or so specialized that no one has gone down the path in front of you, and it's up to you to break out the machete and blaze a trail. Happily for me, Windows cracking seems no more difficult than Macintosh cracking, circa 1993.
Interested in cracking Windows applications? Here are some helpful links.
Krobar - tools, tutorials, etc.
Application-specific decompilers - more tools.
Interactive Disassembler (IDA) - the best disassembler for reverse engineering windows applications. Too bad it is so expensive, though the demo is somewhat useful. Being a hacker's tool, the demo is unfortunately built in a way that renders it particularly difficult to crack.
For linking purposes this article's URL is:
http://asecular.com/blog.php?020211 feedback
previous | next |
