cracking and patching by chetan soni

SECUGENIUS SECURITY SOLUTIONS

Cracking and Patching

[Winrar 3.80]

BY

CHETAN SONI

(C|EH, RHCE)

Social Links & Websites

http://facebook.com/er.chetansoni

http://chetansoni.com/officialchetan

http://twitter.com/justdohackers

http://chetansoni.com

http://chetansoni.net

http://chetansoni.org

http://thechetansoni.com

http://justdohackers.in

Sr. Security Specialist

at

SECUEGNIUS SECURITY SOLUTIONS

Cracking & Patching

About The Paper

“Cracking & Patching” covers the concepts that how a software be cracked by

using some debugger & dissembling tools & also how to create a patch of that

cracked software.

About Me

I am a 23 year old one of the Sr. Security Specialist at Secugenius Security Solutions. The young and dynamic personality has not only assisted in solving complex cases but has also played an instrumental role in creating awareness about Information Security and Cyber crimes.

Chetan Soni

Sr. Security Specialist @ Secugenius Security Solutions

Email ID:- Chetan.soni@secugenius.com

http://chetansoni.com

http://chetansoni.net

http://chetansoni.org

_____________________________________

Founder/Admin of Just Do Hackers (JDH)

http://justdohackers.in

Connect with Facebook:

http://facebook.com/er.chetansoni

http://facebook.com/officialchetan

http://facebook.com/connectchetan

Follow me on Twitter:

http://twitter.com/justdohackers

Email ID:

chetansoni@live.com

chetan.soni@secugenius.com

Cracking & Patching

[CraCking & PatChing]

First of all what is cracking and what is patching?

Cracking is the modification of software to remove or disable features

Of Limited Restrictions. Cracking is a fancy name for basically

guessing a password or Crack Email Accounts, etc.....

Patching is the technique which fixes the Program Bugs. A patch is a

piece of software designed to fix problems.

The Tools Required:

1. De-assembler (I Preferred [Hackers Disassembler] and [Hview])

2. Resource Hacker

3. A patch Creator (Use [Universal Patch Creator] or [Code fusion])

4. Winrar

Cracking & Patching

First of all Download these tools from Google and Install Winrar.

Now make two Folders on Desktop named as Cracked and Original.

Now Copy winrar.exe (From Program Files) and Paste in both Folders

i.e. Cracked and Original.

Now Open Hackers Disasembler Software.

Cracking & Patching

Open Winrar.exe from Cracked Folder in Hackers Disasembler

Software.

The Disassembler will disassemble the executable in assembly code.

Cracking & Patching

Now you need to search for strings that are used in Winrar program.

Cracking & Patching

Press Ctrl + F and type “evaluation” without quotes and search in the

assembly code.

Cracking & Patching

Reach this block of code using search function

After you have reached this block of code by searching, just look at

the block of code above it.

There you will find that some assembly values are being compared

and then code is jumped to some other function.

Cracking & Patching

Now see carefully, the “evaluation copy” function must be invoked

after some specific condition is met.

Now Note the Memory Address (00444B71)

In the above code you can see this code -

===================================

00444B6A: 803DF4B84B0000 cmp byte ptr [004BB8F4], 00

00444B71: 0F859B000000 JNE 00444C12

===================================

Cracking & Patching

Note: For any Winrar version, this code and memory address might

be different, but the JNE will be same.

Now you need to search for the code that brings that ugly screen

“Please purchase Winrar license” after your trial period of 40 days is

over.

For this, look over your toolbar and click on “D” which stands for

looking for Dialog references.

Hit the D in toolbar

Now in the dialog box that opens, search for “purchase” and you will

get the reference as -

Cracking & Patching

It Shows

============================================

ID-REMINDER, “Please purchase Winrar license”

============================================

Double click on it and you will reach the subsequent code.

Note down the location of REMINDER dialog code.

Cracking & Patching

The code will be something like

================================================

* String: “REMINDER”

0048731A: 68EB5E4B00 push 004B5EEB

================================================

Just note down this memory address (0048731A)

Cracking & Patching

Now we will be patching up values of memory addresses we noted

earlier (00444B71 & 0048731A).

It will be dome by using HVIEW.

Now Open Hview.

Open the EXE in it

After you have loaded it, you will see the code is unreadable.

Cracking & Patching

It’s just like opening an EXE file in notepad.

You need to decode it.

To do that, just press F4 and you will get an option to decode it.

Hit DECODE and you will be able to see code in the form of assembly

code and memory addresses.

Cracking & Patching

After you have done that it will look like something as shown below

Cracking & Patching

Now you need to search for memory addresses you noted down

earlier.

Just hit F5 and a search box will be there.

Now you need to enter the memory address.

To do that type .444B71 in place of 00444B71 and Press Enter.

(Leave 00)

It will reach to the Assembled Code

Cracking & Patching

After you have reached the respective code, you need to make

changes to it.

Press F3 and you will be able to edit the code. Now make the

following changes -

(Replace 85 to 84)

After you have done it, save it by pressing F9.

Cracking & Patching

Now search for next memory location by pressing F5 and entering it.

Reach there and make the following changes by pressing F3 -

Cracking & Patching

Make these 5 Changes

(Replace 68-90 EB-90 5E-90 4B-90 00-90)

Now save the changes by pressing F9 and exit HVIEW by pressing

F10.

You have cracked Winrar :)

Replace the original

[Program Files/Winrar/WinRAR.exe]

with this

[Desktop/Cracked/winrar.exe]

Cracking & Patching

Now you have a 100% working version of EXE, you might want to

change your registration information in Winrar.

To do this, you can use Resource hacker.

Open Resource Hacker and load the winrar.exe (From Cracked Folder

or Original Folder (Better is Cracked Folder)) in it.

Cracking & Patching

Now go to DIALOG –> ABOUTRARDLG -> 1049 and click it.

Now Find Trial copy line and replace it with your favorite one.

Cracking & Patching

Make changes and compile them.

And click on Compile Script button.

Now save the file with any name on your desktop or any location what

so ever.

Now you have a fully patched WinRAR.exe file.

Cracking & Patching

Make a PATCH

For this I Preferred diablo2oo2's Universal Patcher (UPE) for Creating

the Patch.

Launch Patch Creator and click on new project.

Cracking & Patching

Enter project Information and click on save.

Cracking & Patching

Now Create Offset patch

For this Add -> Offset Patch.

Cracking & Patching

After you have done that, double click on offset patch and then

1. Give path of original winrar.exe (From Original Folder)

2. Give path of unmodified Winrar.exe (again From Original Folder)

3. Give path for fully patched Winrar.exe (i.e. Cracked Winrar.exe from

Cracked Folder)

4. Click on compare and it will show difference between both files.

5. Click on save.

Cracking & Patching

Now in the next window, click on Create Patch and save it.

The Patch will be created. Now copy it in Winrar installation Directory.

And Hit the Patch

Cracking & Patching

Run the patch and it will work.

And Now open any Rar File You will see that Evaluation Copy Goes

and this is now made a Fully Cracked Full version Winrar Software for

Life Time.

You can crack other software in the same way…just practice, debug

and disassemble and you will get the way.

Cracking & Patching

Contact Details

Chetan Soni

Sr. Security Specialist @ Secugenius Security Solutions

Email ID:- Chetan.soni@secugenius.com

http://chetansoni.com

http://chetansoni.net

http://chetansoni.org

http://thechetansoni.com

_____________________________________

Founder/Admin of Just Do Hackers (JDH)

http://justdohackers.in

_____________________________________

Connect with Facebook:

http://facebook.com/er.chetansoni

http://facebook.com/officialchetan

http://facebook.com/connectchetan

Follow me on Twitter:

http://twitter.com/justdohackers

Email ID:

chetansoni@live.com

chetan.soni@secugenius.com