The Monkey's Lair
BM's Guide To Approaches


       Some people say that the hardest part of cracking is finding the right approach. These people are wrong, but for newbies, finding the protection seems to be the hardest bit. The only reason people say this is because they do not reverse anything difficult enough for them to say otherwise. This is a brief introduction to the only really useful method of finding the protection, quaintly dubbed "zen cracking" by some of its practitioners. If this essay is above you, then you are not true cracker material, sorry.

       This essay is going to be extremely short and to the point, because there is not really much to this. When you get a program that you really want to crack, you have to probe at it. Explore it, monitor its registry and file accesses (or attempted accesses) to find out everything about the program that you can. Disassemble it, if possible, to see what API calls it uses. Use an API reference to find out what functions you can use to achieve the desired result (ie, getting text from a text box) and compare to the program's export list. Finding the protection can ultimately be summed up in like this:

1)   If a program can be registered, if a cryptosystem can be broken, it must have information to do it. Protections need user information, cryptosystems need keys, plaintext/ciphertext.

2)   This information can only be retrieved in a finite number of ways. (Actually, finite and small)

3)   You can intercept all information that passes through/within your computer.

4)   This information eventually must get to the protection. If you follow it, you will inevitably find the protection.

       That is all that there is too it. Sooner or later, you'll find the work of a programmer that understands that obscurity is not security, and you'll be in for a challenge.

- Bomber Monkey


Main Page -- The Cracking Section -- Email Bomber Monkey ee some of tKc's earlier tuts), we gotts enter a letter in the ascii box, then two zeros in the hex box, then another letter in the ascii box etc. This is how we do it.