 |
Founded by +ORC in April 1996 |  |
Advanced cracking series
Advanced Cracking
| Updated October 1999 |
A very important attempt to systematise our essays! I hope you'll all work a little on this!
+HCU's taxonomy - Advanced Cracking - started in October 1997
Please note that MANY essays that have been already published (I mean, before this section started) would indeed have deserved to be listed here. I still don't know if I'll have the time to do it, I hope so. Anyway: any reader can email me a COMPLETE LIST pointing out which ones (among the hundreds of essays published until now) deserve in his (humble :-) opinion to be listed here. Hope he has really read them before opening his mouth, hope he understands what we are talking about (not all do, in fact). We'll see.
Here you have THE BEST (recent) essays IMHO.
PHASE 1 by Quine:
Cracking THE tool
of the trade (bye bye Wdasm), 19 October
1997(Interactive Disassembler Pro v3.7)
Well, this is SERIOUS ADVANCED CRACKING. You better read and UNDERSTAND each point of this beautiful essay by Quine, which shines methodologically and has a relevance that encompasses almost all fields of our trade. There are things inside here, like patching pointers and Boundchecker API-intercepting, which clearly are NOT FOR NEWBYES, and the whole essay is GOLD worth for all serious reverse engineers. This essay has been added to the +HCU didactic material (pending Quine's authorisation) and will from now on be distributed to all +HCUkers that begin the courses together with the other main files.
I'm proud and happy to host such a well written and interesting essay, I like VERY MUCH the approach that Quine utilises, and hope that he will be so kind to send us MANY MORE essays.
Enjoy!
You may find interesting to read
ZeeZee's
comments to Quine's PHASE 1
PHASE 2 by Frog's Print:
SOURCER 7,
29 October
1997(efficiency of a well positioned BPINT under DOS)
Well, back to DOS! Was about time! Contrarly to what some still choose to believe, dos reversing is far from being an obsolete activity: many very important programs are working under DOS, because Windoze simply does not give enough power, and as +ORC told us long ago in his tut, many of the older DOS protections are much more tougher and interesting than the banal cmp eax, 1 tricks inside "compiled" windoze targets...
There is another very nice lesson teached here by Frog's Pint: let's not be lazy! Almost anyone uses a "ready cracked" (read "stolen") Sourcer 7 version which comes with a pirated serial number inside it: the whole Web is polluted with all pirated versions of this important tool, and noone seems to care about the only thing that is really fascinating in our opinion: how to reverse this reverser program 'par excellence'. And Frog's Print does exactly this, and he writes:
As we are crackers, let's throw away this serial number and crack Sourcer 7.0
Right! And if you add to these 'strategic' thoughts the whole cursor bpinting, you'll agree with me that this essay deserves to be posistioned among the prestigious "Advanced cracking series". Enjoy!
PHASE 3 by Quine:
Interactive
Disassembler Pro v3.7 Demo (II), 30 October
1997(How to load the previous databases)
Well, this is SERIOUS ADVANCED CRACKING once more. Once more a fundamental tool of the trade (IDA). Once more a function reenabling work (the loading of the previous databases, i.e. one of the most important crippled functions of the crippled version: you do not want to start everything anew every time you use IDA, do you?). Once more something we all need: new knowledge that you can at once apply to other targets and reverse engineering endeavours.
Quine is getting us used to this kind of well-crafted essays. I'm afraid newbyes will not understand much here, please read the 'basic' essays first, and peruse the other +HCU page (where you'll find a lot of help for newbyes) before delving in this.
This said, here you have a real reverse engineering essay in all its glory... enjoy!
PHASE 4 by chown:
Cracking OpenNT
2.0 - object oriented cracking, 1 November 1997(The temporary DLL trick)
Well, a VERY interesting Unix-school essay, that I'm happy to host on my site. Object oriented cracking! A very nice definition indeed! I have included this essay in the advanced section because I believe it well deserves a place there. You'll notice that there is a lot to learn for any reverser inside this... even if this (good) author seems to be only at his 'first steps' in windows programming... yet, this notwithstanding, this is NOT for newbyes. Newbyes should pheraphs have first a look at +gthorne's OTHER +HCU page first.
I find the part where chown describes is first programming experiences with windows programming particularly amusing... in fact I believe that any good cracker can indeed often program better than a 'real' programmer because he can CRACK the compiler into doing whatever he fancies if needs be! Enjoy!
PHASE 5 by NaTzGUL:
InstallSHIELD
Script Cracking, 22 November 1997(Object oriented cracking: INSTALL WIZARDS CRACKING)
Well, a very interesting essay. Here we have a very "sound" approach to Installshield cracking. Read and enjoy!
PHASE 6 by +ReZiDeNt:
Cracking the
Corel/Elan commercial protection scheme, 24
November 1997(A 'brute force' parameter interception approach :-)
This essay describes an interesting "parameter interception" method: As +ReZiDeNt writes: "So we can simply locate these pushes and 'hardwire' our own dates into the push instructions instead"... yet so simple all this was not... a good reason to insert this essay among our "advanced cracking series" selection! Enjoy!
PHASE 7 by Uncle Van:
Encoded
selfmodifying targets, 01 January 1998(bypassing the WriteProcessMemory - creating our tools)
you'll find a lot more inside this VERY GOOD essay by Uncle Van: self-correcting, real code hiding, how to adjust the PE header, Uncle Van's 'precracking', bypassing the WriteProcessMemory and a lot of other goodies... you'll have a couple of days work just to understand what Uncle Van is explaining you... and that's the nice part of our trade! To learn! Enjoy!
PHASE 8 by Hackmore Readrite:
How To Crack A
Ferret, 07 January 1998(a clever, beautiful protection: wars between keys and the FFFFFFF8 monster)
An incredibly clever and 'sturdy' reversing of a difficult and intelligent protection. I don't use this kind of programs, and I hate people that throw me advertisement rubbish without asking, yet after having seen this, I admit that I respect the programmer that devised this protection, he deserves recognition! As sign of respect we will never again reverse (publicly) his future protection schemes (yet we'll seek and await them eagerly for our private cracking sessions: they are delicious!), I anyway wont publish any more on my sites any essay about Ferret's clever protection schemes, this one is the first and the last, yet what for an essay! Read, head and enjoy this BEAUTIFUL essay by Hackmore. My congratulations, Hackmore, Good work! I love your style: not much code and a lot of explanations! And your image of the FFFFFFF8 Monster lying in ambush is really great!
PHASE 9 by Quine:
Pushing the
Envelope with HASP, 20 January 1998(De-Hasping and other marvels)
I'm not going to comment this essay: Quine is a Master Cracker, and this essay is not even advanced, it's expert. I have not only learned a lot myself (this I do every time I get a good essay from all +friends) but I have learned things I did not ever suppose!
For sure I understand now the curiosity that +ORC himself has repeatedly manifested for Quine (after having read Quine's first essay on IDA +he ordered me to pass +him at once all emails from Quine).
This is definitely NOT FOR BEGINNERS! You better leave this alone if you're not an advanced cracker yourself (or a very 'steady' beginner cracker, prepared to invest A LOT of time and fatigue on your own advancing)... anyway, whoever you are... you better read (and follow) this essay MORE than a couple of times, believe me it is worth any minute you'll invest on it: you'll gain a WEALTH of incredible information!
My respects and unconditional admiration to +Quine!
PHASE A by Quine:
Extending the
IDA Script Language, 27 January 1998(A First Stab)
This present essay by Quine is -once more- the kind of work anyone is expecting from us: ameliorating and exstending the functionalities of our targets... just reversing protected proggies is getting dull, if we don't add anything.
Life is development, and development is progress (based on history and sound knowledge of the past... else it would be frills instead of progress :-) and progress is building for free on each others shoulders, out of the commercial dead ends where "they" want to push us.
You'll find here an ADDITION to the already incredible IDA disassembler (and if you are still just cracking with wdasm -believe me- you don't know what you are loosing) addition that will work immediatly if you have IDA's 'Quined' version, will require some fumbling if you -instead- have stolen the full regged one from the Web. Which suites us, since we want you to reverse engineer targets, not to steal them... man, it should be obvious!
PHASE B by Frog's Print:
Dongle Bashing:
end of the dongle old aera ~ Dongles bye bye, 29
January 1998(How a single +HCU reverser can easily blow a whole commercial sector out of history)
Oh my... the dongle old aera is finished. Out.
That's it, nothing more to add... let's hope we get a new dongle aera to work on.
Awesome essay. Frog's Print's incredible work should be printed and sipped slowly, it's 'cracking for conoisseurs', fravia's vintage 1998 "grand reserve"!
Bye bye to all the idiots that wanted to do quick bucks selling hardware protections that were NOT protections at all. This is good, nobody will mourn the disappearing of smoke-sellers and bogus protectors. Bye bye to all those that never studied assembly. This is good. Bye bye to all the creations of the poor programmers that blindly trusted commercial (and THEREFORE bogus) dongle protections to defend their valuable software instead of writing their own much more solide protections. Tsch Tsch.
You had better read +ORC's students essays first next time. And learn. And now don't come to the idea to blame Frog's Print... blame those dilettante that have sold you smoke
PHASE C by NaTzGUL:
InstallSHIELD
Script Cracking, A tutorial, 12 February 1998(Zen cracking and other reversing beauties)
Well, NaTzGUL is a GREAT cracker, as anybody that has read is previous essay: InstallSHIELD Script Cracking, from 22 November 1997, can testify. He now 'deepens' his previous essay and with this tutorial shows us the 'guts' of Installshield protection... it's a great and beautiful reversing reading!
PHASE D by NaTzGUL:
How to access
the memory of a process, a Tutorial, 17 February
1998(Deep into windows)
NaTzGUL: a great cracker (as Quine pointed out long ago). This essay-tutorial is a valuable contribution to the "Our tools" section, since what you'll learn here will be of paramount importance when working in the 'guts' of this awful operating system the world is compelled to live with. Yes, dear reader, you'll slowly learn how to program (in the most REAL sense of the word) in windows... in order to bend this overbloated operating system to your twisted purposes :-) Enjoy! It's fundamental 'required' reading... read it twice (at least) and then work on this... you'll be a much more powerful wizard when you are finished with this...
(May be a little less help files next time, NaTzGUL? :-)
PHASE E by -bajunny:
Undocumented HASP
- Part I, 26 February 1998(what d'you think of all the hype about HASP?)
Well, whoever -bajunny, this great reverser is, here you have a funny, well written, astonishing, great anti-hasp tutorial... when I receive this kind of good contributions I "feel" the might of Internet... we are nothing alone, but once we send a snowball rolling downhill... neither Bill himself nor all King's horses will ever be able to stop it! :-) Yes, dear -bajunny, by all means! Send your next essays! Send whatever your cleverness will put together for us...
I have NOT edited your work, because it's a great reading as it is... your text is humorous, interesting and refreshing... I even left your somewhat 'private' post header on the essay, because of the (very sound) Lanaki's tip... avec espoir et sans regret, dear -bayunny, I have always thought (especially after having seen IDA) that Russian reversers are a race apart!
PHASE F by Jack of Shadows:
Reversing
+Aesculapius, 28 February 1998(A complete explanation of a very good assembler protection)
Oh my, we have awakened a 'dormient' mighty cracker as it seems! :-)
Judging from this work I can only hope that Jack of Shadows' re-awakened passion for reversing will produce MANY more capable works like this one!
I hope to receive soon Aesculapius' observations about this... and I have to confess that I myself was playing with this crack, yet I was still inside the 'convolute' xorings when Jack's solution came... and now, with hindsight, everything seems easy... THEREFORE AN ADVICE TO MY MOST CAPABLE READERS: DO NOT READ THIS if you have not already started working on Aesculapius' protection! You would spoil a very nice learning chance if you do...
Once you have already had a couple of cracking sessions on Aesculapius' protection, on the countrary, you'll sip this beautiful essay as it should be done: chill, refreshing, at the correct mind 'temperature'
PHASE 10 by The Owl:
beta release 3
of the winice dumper, 28 February 1998This material is not for newbyes. If you are a beginner come back later. Real reverser will immediately understand how important this is... (and let's hope we'll get the relevant essay soon :-) here what The Owl wrote me: