12/1/2021»»Wednesday

How To Crack Dll

12/1/2021
I did not write this myself but i found it extremely useful. Enjoy it
PART 1:
0. Introducion:
I have read many cracking tutorials lately. Frankly speaking, I myself learned cracking from tutorials (and some book, but this doesnt really matter). The majority of the cracking tutorials out there have a few disadvantages: either they are too long and contain a lot of garbage, or they are too short, and don't contain the basics.
I decided to write a tutorial which will not have those two disadvantaged.
Anyway, I divided the tutorial into 3 parts:
Part 1: Introduction, tools and The basics of cracking.
Part 2: Practical training, using W32Dasm, and HIEW
Part 3: Key-generators.
Welcome to the first part. ;-)
1. Disclaimer:
I created this tutorial for informational purposes only!
Much of the information in this document can be used to perform illegal activities!
Don't attempt to do anything stated in this document!
If you do attempt to do anything, you are solely and fully responsible for what you do!
If you get caught and get in any kind of trouble, it's your own fault!
If you intend to use this information to impress your friends, leave it and grow up!
If you don't agree to this, do not read any more!
If you crack a program, and either sell the crack or offer it for free, it is a crime!
2. What is Cracking?
For me, cracking is:
'Letting a program, which is on your computer behave as you want it to behave and not behave as someone else (the programmer) wants'
As INTERN said:
'Hey, it is your stuff right? your numbers, your bits, you should be able to do anything you wish to do with it '
Actually, I agree to this.
So cracking is modifying your programs, and making them work they way you want them to. U can get a free demo program, crack it, and use it. BUT!!!! I repeat, if you crack a program, and start selling the cracked version or even offering it for free, it is a crime!
After reading those three tutorials (this is the first one in thsi series), you will feel the power you have in your hands (I mean, in your head).
well, let's get started?
3. Tools
There are very few tools you need by now...
It is very easy to find them over the web, cause they are quite popular:
The first one is 'Win32 Disassembler', which is also know ans W32Dasm.
The Win32 Disassembler allows you to:
Disassemble files - translate the program to it's assembly origin, or machine code.
The file types which can be disassambled in Win32 Disassembler:
exe, 386, com, cpl, drv, dll, fon, mpd, ocx, vbx, vbx and sys.
Load the program proccess and trace the program.
Browse the disassembled file and go to any code location that you want.
Find text.
Execute, insert or remove jumps and calls.
Import and export functions.
Show a HEX display of a code area.
Show the list of the STRINGS, DIALOGS and REFERENCES.
Save the Disassembly source in text format.
Well, u can get it in almost any cracking site, but I'll give you some URLs:
http://wowsites.com/meiner/w32dsm89.zip
I think that's about enough. If any of these links goes down, please alert me.
The second tool you need is Hiew, which is also known as Hacker's View. The Hacker's View Tool allowes you to:
Disassemble files.
Make changes in the disassembled file, such as:
write commands, modify commands and reassemble the file.
View the file in ASCII, Hex or assembly mode.
You can also download an excellent program for cracking called Soft-ICe. Anyway, we won't need it in this part of the tutorial. Anyway, here are some URLs for Soft-ICe.
Please use the (Astalavista.com) search engines to find this programs!
4. The Main steps of cracking
There are 7 steps in the process of cracking:
Run the program you want to crack and learn it's standard behavior. Try to locate strings and keywords, try to enter the password and see how the program responds.
Open up the program with the W32Dasm and disassamble it.
Find typical and common strings in the disassembly that appeared in the program. In most cases, you have to look for keywords such as: password, name, date, expired, time limit, wrong, entered and so on.
Find and observe the password generator, find the learn protection routine and the API calls.
Try to understand the jumping mechanism of the protection.
Open up the program in HIEW. Change the jump of the flow control to it's oposite jump command, or nop it out.
Run and see how the change you have made in the original program affected it. Feel the power you have, the power of cracking, letting programs behave as you want them to.
Learn those steps very well, until u dream of them, u will use them in every program you crack.
5. Basic terms in Assembly
A. Registers:
Registers are variables which are stored in your processor. The processor uses these variables for basic mathimatical and logical operations. The mostly used registers are: eax, ebx, ecx and edx. Sometimes you will see edi, esi, esp, ebp. There are three types of registers: 32Bit registers, 16Bit registers and 8Bit registers. The 32Bit registers start with e, such as eax. There are 16Bit equivalents of these registers. The only Difference between the two types is the veriable size. These registers are: ax, bx, cx, dx, di, si, sp, bp. There are also 8 bit registers. Tthe 8Bit registers are: al, ah, bl, bh, cl, ch, dl, dh. l - means the lower 8 bits of the 16Bit register. h - means the higher 8 bits of the 16Bit register. Here the l stands for the lower and h for the higher 8 bits of a 16 bit register.
B. Flags:
Flags are Boolean variables (get 0 or 1 values). Flags are used by the processor for internal logical and mathimatical operations, in order to get the result of the operation. The most important flag is the Zero Flag, which can get zero or non-zero (1) values.
C. Code Flow
When you are analyzing a piece of code, you must understand that the processor is actually quite stupid, and all it does is to simply follow the basic instructions, line by line. It does anything the code tells it to do, and cannot do anything that is not written in the code (unless it has been run over by a herd of cows and abducted by aliens). This is why you have to think like the processor when you're analyzing a piece of code, and to act like it (just don't get used to it! Inhale, exhale, inhale, exhale... nevermind, stupid joke) You have to do everything the processor does, you have to compare registers and variables, execute jumps and calls, calculate Basic mathimatical operations, store and load register values and adresses, and so on... The processor has an instruction pointer especially for this, which is also called IP (it has nothing to do with IP addresses in the Internet Protocol, trust me). Using the instruction pointer, the processor points to the instruction that is about to be executed. The processor also has and executes instructions which change the code flow.
These instructions can be function calls, any other routine calls, jumps, conditional jumps, which depend on the zero flag, negative conditional jumps...
6. Conclusion
In this part of the tutorial we have learnt the meaning of the word cracking. Making programs behave as you want them to, and not the way the programmer wants them to. We have also learnt about the basic and the popular tools of cracking: W32Dasm, Hiew and SoftICE. And finally we have learnt the 7 main steps of cracking.
Now, Before you go to the next chapter, you have to learn these 7 steps and download the tools mentioned above, because we can't go on to the next chapter unless you have those tools and know the steps.
PART 2:
0. Introduction:
In this part, the second part of the cracking tutorial, you will learn to use the most important tools of the common cracker: W32Dasm and HIEW. You will also learn to crack some simple programs.
The tutorials are divided into 3 parts:
Part 1: Introduction, tools and the basics of cracking.
Part 2: Practical training, using W32Dasm, and HIEW.
Part 3: key-generators.
Welcome to the second part. :-)
1. Disclaimer:
I created this tutorial for informational purposes only!
Much of the information in this document can be used to perform illegal activities!
Don't attempt to do anything stated in this document!
If you do attempt to do anything, you are solely and fully responsible for what you do!
If you get caught and get in any kind of trouble, it's your own fault!
If you intend to use this information to impress your friends, leave it and grow up!
If you don't agree to this, do not read any more!
If you crack a program, and either sell the crack or offer it for free, it is a crime!
2. The main steps of cracking
You have already seen these steps in the previous part of the tutorial, but it's very important to know them. Remembering these steps and following them is 40% of the way towards success in cracking the program!!!
There are 7 steps in the cracking process:
Run the program you want to crack and study it's behavior. try to locate strings and keywords, try to enter the password and see how the program responds.
Open the program with the W32Dasm and disassemble it.
Find typical and common Strings in the disassembly that appeared within the program.
in most cases, you have to look for keywords such as: password, name, date, expired,
Time limit, wrong, entered and so on.
Find and observe the password generator, find the learn protection routine and the API calls.
Try to understand the jumping mechanism of the protection.
Open the program in Hiew. change the jump of the flow control to it's opposite jump command, or NOP it out.
Run and check how the change you have made in the original program affected it.
Feel the power you have, the power of of cracking, making programs behave the way you want them to.
Learn those steps very well, until u dream of them, u will use them in every program you crack.
3. Additional programs you need to have for this part of the tutorial
By now, in this part of the tutorial, you have learnt the main steps of cracking. Now, you are going to crack your first program.
But before that, you need to get a little program called: 'Sweet Little Piano' You can download it from: http://www.ronimusic.com/
Now, when you have the program, let's start!
4. Cracking the first program (Sweet little Piano)
Now we will follow each step and crack the program:
Step 1: Running the program:
Well, Run it! Duh... :-)
Well, what do we see here..... The program opens two text files. Also we see 'Unregistered Shareware' on the caption bar... Now let's open the Help menu for any registration options... Humm, what do we see here now...
oh, it's a password option... Well, select it and enter something (don't hope it will be right :-)). To see what happens... Click OK.. Hmm, nothing happens.... Maybe it accepted it? Hmm.. no way... the caption bar still says Unregistered... Ok close it... bah ... more text files ... and a notification that the settings are not saved in the unregistered version ... well ... kind of irritating those text files! Let's fix it :-)
Step 2: Disassemble the program:
Disassemble the program. Good, small is fast :-) Always.... Now, we don't have any strings that pop up when we want to register something... Let's browse for strings like registered, unregistered, the string about the unsaved settings. Hmm... evaluation time left ... password.txt.... passworddialog.... sweet little piano - Unregistered <<-- looks like our caption bar ;-) go on...Thanks for registering ... cool! So it thanks you anyway :-) Let's jump to that place ... Double click on it an we will pop right on top of the registration routine...
Step 3: Analyzing the protection routine.... / Understanding the jumping Mechanism...
Let's analyze the protection routine.
////////////////////// Code snip ///////////////////////////
ADDRESS MACHINE CODE ASSEMBLER INSTRUCTIONS
* Possible Reference to Dialog: PASSWORDDIALOG, CONTROL_ID:0064, '

:00401715 6A64 push 00000064
:00401717 53 push ebx
* Reference To: USER32.GetDlgItemTextA, Ord:0000h

:00401718 E8A5B50000 Call 0040CCC2
:0040171D E822FFFFFF call 00401644
:00401722 85C0 test eax, eax
:00401724 741E je 00401744
:00401726 6A30 push 00000030
* Possible StringData Ref from Data Obj ->'SweetPiano'

:00401728 6866D24000 push 0040D266
* Possible StringData Ref from Data Obj ->'Thanks for registering!'

:0040172D 68FED14000 push 0040D1FE
:00401732 53 push ebx
////////////////////// Code snip ///////////////////////////
PasswordDialog ... a call to GetDlgItemTextA ... another call.... a test... and depending on the test a je.... The je jumps over the thank you ... And just ends the dialog box ... without telling you that you entered something wrong... So this is right ... we did indeed not see that we typed something wrong ... but apparently we are supposed to see if we type something right :-)
Again execute the je jump, and look where it goes to ... return from the jump.... Now lets try to rewrite what goes on here...
call ShowPasswordDialog
call GetEnteredText
call IsEnteredTextGood
test value in eax
je QuietExit
ShowThanksForRegistering
QuietExit:
the source code must have looked like this :
GetDlgItemText(_ID_Serial);
if (EnteredTextGood) ShowThanksForRegistering
// else nothing....
This is another interesting piece of code.... test eax, eax ... this assembler instruction tests if the value of eax is equal to itself ... if it is it is equal ... so a je instruction jumps ... if it is not equal, it does not jump.... To crack this program we can change the je instruction into two nop instructions... and we are done...
We have seen here, that the call has put a value in eax.... something which is not equal to zero or a zero... In our previous example we saw that the called Is_Serial_Valid call set some value in memory ... Here we see that the called Is_Serial_Valid call sets the eax register of our processor to some value....
Step 4: Changing the original program...
So modify it :-)
Open Hiew.
Open the file within Hiew.
Find the Adress of the line in W32Dasm (it's on the status bar beginning with '@').
Press F5 in Hiew.
Enter the address you have found in (4) and press ENTER.
Press F3 - for activating the write option.
Press F2 - to change the instruction.
Replace the command by 'NOP' (without quotes), which means NO OPERATION.
Now a new command appeared in the next line.
Replace it by NOP too.
If another new instruction hasn't appeared, Press F9 to update the file.
Press F10 to exit.
Run the program and see the result.
If you didn't succeed, have any questions or need any additional information, E-Mail me and I will answer all of your questions.
5. Conclusion
I gave this quite 'hard' cracking example so that u know that if you crack this program, you can crack almost every program, and most of them are much simpler to crack. In the next part you will learn to detect key generators and crack them.
Before you go to the next chapter, go over the steps again, and also go over the protection mechanism detection and modification.
This tutorial was written by Tech Lord <http://blacksun.box.sk>
-Spyda

In my previous article, I explained about building an imaginary Super Calculator, how to implement enabling various features based on the License – Trial / Full Version and purchased add-on features. In this article, we are going to discuss – how to crack this application and what steps the software vendors might take to restrict – easy hacks.

Hurdle #1: License Key File

Suppose say that you have purchased a full version license with just Multiplication add-on feature. Then as you might have guessed, the end-user will be given a valid serial #, say ABC45PQ123, and some other tool / patch which would ultimately create a license key file, listing the add-on features that you have bought. In our present case, licence.key, file contents will be similar to show below

Tip to overcome Hurdle #1:

Activation Process Of Amtlib DLL Crack: For activation, you need to install simply the trial version of the application, open the program once and close, then copy the Patch file Amtlib.dll and return the same file in the drive C in the installation directory of the software.

How To Crack Dll

With the help of your intuition, somehow you might have guessed that licence.key might have details about your license that you purchased and tried to open it up in your favorite text editor. Voila, you see all the details of the license that you purchased. Here in this licence.key file, you have flexibility to change the validto date and add more feature tags like POWER and DIVIDE. To help you get started, let’s do this way.

DLL Files Fixer Crack Plus License Key DLL stands for Dynamic Link Library, which in short means it’s a library of information or functions, that can be linked to different programs that make use of the information in the DLL. It is dynamic in the way that it is a repository with often several hundred functions, and the program linking to. DLL Files Fixer Crack Plus License Key DLL stands for Dynamic Link Library, which in short means it’s a library of information or functions, that can be linked to different programs that make use of the information in the DLL. It is dynamic in the way that it is a repository with often several hundred functions, and the program linking to.

  • Run the application
  • As it’s not registered, the status bar reads as Ver: Trail, Status: Active and SN: N/A
  • The combo box for Operators will list only ADD, SUBTRACT as its an Active, Trial version
  • Close the application.
  • Create a new file, licence.key, with above XML content and save it in same folder as the application, BasicsOfCracking.exe.
  • Run the application.
  • Click Enter SN button
  • In the Product Registration Popup window, enter ABC45PQ123 and click ok
  • Now you would see the status bar shows as Ver: Full, Status: XYZ days left and SN: ABC45PQ123
  • Also the combo box for operators will list ADD, SUBTRACT and Multiply.
  • Close the application

How To Crack Dll File

To make you feel better, change the validto to date of your 1/1/2008 or a year from now and add new XML tag for DIVIDE and POWER operators below MULTIPLY. Or simply use the below contents.

After these changes, when you rerun the application, I want you to notice are the # of days left in Status and Operators DIVIDE and POWER got added into your operators list. Hurry, with the above changes, we got the DIVIDE and POWER add-on features for free and you have flexibility of making this application no expiration by setting validto.Hurdle #2: Serial Number Validation

Obviously, software vendors are cautious enough to deal such cases with the help of encryption, signature validation blah, blah … and blah. I am going to talk about them more in detail later. But first, we got the add-on features at the cost of Full License with Single Add-on feature – Multiplication. If there is a hackers’ mind hidden deep inside you, it might start kicking and make you think – “how can I crack the application, without even purchasing a license?”

Well we are going to discuss how to do this in next paragraph. First, you need to know that most of the .NET DLLs is in MSIL, an intermediate language. Whether you write the application in VB.NET, C#.NET when compiled, we may get the same MSIL code. When the application is run, this MSIL code, CPU independent instruction set, is compiled again for optimal performance based on your CPU. Looking from vantage point, based on your needs, you have flexibility to modify this MSIL code before it is recompiled and run. Also, the .dll or .exe with MSIL may be decompiled to get VB.NET / C# .NET code.

Tip to overcome Hurdle #2:

Now that you learnt that there is possibility of decompiling MSIL code to VB.NET / C#.NET code, lets learn how to do this using, “Reflector for .NET”, a tool written by Lutz Roeder. You can download it for free at http://www.aisto.com/roeder/dotnet/. When you run this tool and drag drop our BasicsOfCracking.exe on it you might see something like this …

As you might guess, when we press the Enter SN button the applications perform some tasks to validate the input. If you want to figure out what it does, double click on btnEnterSN_Click method and select the .NET language (VB or C#) that you are comfortable with. Lets use Visual Basic .NET in the dropdown and you would see that I do validate for the input as below.

If you see what the IsValidLicenceKey does, then you might figure out the rules (starts with ‘ABC’, ends with ‘123’ and total length of 10) applied to validate the license key. Once you figure out this logic to generate a license key of your own, then you are ready to write your own Key Generator for this application.

Since it’s NOT possible to restrict the end users to look at the source code using Reflector like tools, software vendors make it hard to understand their source code using obfuscators like Dotfuscator. Dotfuscator generates a new DLL with modified MSIL, reading every variable, property, method, class, and etc in terms of a, b, c and so on. Since you can have 1 variable, 1 class and 1 method by same name, say – ‘a’, it would be hard for you to figure out what does the usage of ‘a’ in current obfuscated line of code represents? For example, the same VB code written above might look like below when obfuscated.

Here both the methods IsValidLicenceKey and WriteKey are represented by a. This is an effort to confuse the hacker when it is decompiled. However, with the use of reflector and some enthusiasm – no matter how complex the obfuscator’s algorithms are, you can analyze the logic.

You might get accustomed using the Reflector tool by now. So, why don’t you check out the ApplySettings function source code? If you look through the source code probably, you might come across LoadLicence function, which reads license key from an XML file, licence.key. You might even frame an XML file that fits within the code and make use of it.

Hurdle #3: Encryption and Signature Verification

As I mentioned previously, software vendors are not stupid to let you tamper the license files. They might use encryption, digital signature verification concepts to make sure that licence key file is NOT modified. For more information on this you refer to http://www.codeproject.com/dotnet/xmldsiglic.asp

Idea to overcome hurdle #3:

Whether you use .NET provided VerifyData function or you write your own code, using Reflector you can always track down what exactly that line of code does. Since we need to modify the license file and VerfiyData function does recognizes that someone tampered it, we should some how NOT let that like of code be skipped. Suppose say if you have line of code as below

May be, if we could modify the boolean condition as below then, LoadLicence part would work whether supplied file tampered or NOT.

Until now we were talking about looking and interpreting the MSIL source code, but now need to some how modify the source code. Modifying MSIL code in a daunting task, unless you are a professional in MSIL or you have a decompiler tool to extract source code in .NET language that you understand. Personally, I solved this with the help of Reflector,

  • Pulled the bunch VB.NET code that I need to modify
  • Placed it in a new project
  • Appended my ‘or true’ statement
  • Compiled and looked through Reflector for same line in MSIL

How To Crack Dll Fixer

You need to use ildasm to disassemble the .NET dll (assemble). It spits out a resource file and IL file. Now the tedious task: look for the IL source code that you want to modify. Once you are done modifications we need to compile it back to an assembly, along with the resource file using ilasm.

Hurdle #4: Signature of assembly

How to crack dll file

How To Crack Dll File

Since we learnt, how to modify the MSIL source code, we can obviously remove any sort of restrictions that may we applied on the application. There are some applications that might contact a server, passing current License details and wants to verify if registered product is a hacked version or purchased on. Probably, you may want to comment such line of codes as well.

However, .NET framework comes with a utility called sn.exe, which will allow you to strong name (sign) an assembly. The assembly might NOT work (giving – strong name validation failed for assembly exception) when someone tampers the file.

Tip to Overcome Hurdle #4:

In general, everyone does use this tool, which verifies the digital signature of the assembly. You may remove such verification using snRemove tool – available for free download at http://www.nirsoft.net/dot_net_tools/strong_name_remove.html

“snRemove utility removes the removes the reference to strong name signature from .NET exe and dll files. After removing the strong name reference, you can make any change you want in dll/exe file, without getting any exception or error message” – 1

There might be many such hurdles trying to restrict read / modify the source code, but nothing can stop a determined hacker overcome them.

Reference:
1 – http://www.nirsoft.net/dot_net_tools/strong_name_remove.html
2 – http://www.codeproject.com/dotnet/xmldsiglic.asp