Software cracking
Encyclopedia
Software cracking is the modification of software to remove or disable features which are considered undesirable by the person cracking the software, usually related to protection methods
: copy protection
, trial/demo version, serial number, hardware key, date checks, CD check or software annoyances like nag screens and adware.
The distribution and use of cracked copies is illegal in almost every developed country. There have been lawsuits over cracking software.
, Atari 800 and Comodore 64. Software publishers, particularly of gaming software, have over time resorted to increasingly complex measures to try to stop unauthorized copying of their software.
On the Apple II, unlike modern computers that use standardized device drivers to manage device communications, the operating system directly controlled the step motor that moves the floppy drive head, and also directly interpreted the raw data called nibbles read from each track to find the data sectors. This allowed complex disk-based software copy protection, by storing data on half tracks (0, 1, 2.5, 3.5, 5, 6...), quarter tracks (0, 1, 2.25, 3.75, 5, 6...), and any combination thereof. In addition, tracks did not need to be perfect rings, but could be sectioned so that sectors could be staggered across overlapping offset tracks, the most extreme version being known as spiral tracking. It was also discovered that many floppy drives did not have a fixed upper limit to head movement, and it was sometimes possible to write an additional 36th track above the normal 35 tracks. The standard Apple II copy programs could not read such protected floppy disks, since the standard DOS assumed that all disks had a uniform 35-track, 13- or 16-sector layout. Special nibble-copy programs such as Locksmith and Copy II Plus could sometimes duplicate these disks by using a reference library of known protection methods; when protected programs were cracked they would be completely stripped of the copy protection system, and transferred onto a standard format disk that any normal Apple II copy program could read.
One of the primary routes to hacking these early copy protections was to run a program that simulates the normal CPU operation. The CPU simulator provides a number of extra features to the hacker, such as the ability to single-step through each processor instruction and to examine the CPU registers and modified memory spaces as the simulation runs. The Apple II provided a built-in opcode disassembler, allowing raw memory to be decoded into CPU opcodes, and this would be utilized to examine what the copy-protection was about to do next. Generally there was little to no defense available to the copy protection system, since all its secrets are made visible through the simulation. But because the simulation itself must run on the original CPU, in addition to the software being hacked, the simulation would often run extremely slowly even at maximum speed.
On Atari 8-bit computers, the most common protection method was via "bad sectors". These were sectors on the disk that were intentionally unreadable by the disk drive. The software would look for these sectors when the program was loading and would stop loading if an error code was not returned when accessing these sectors. Special copy programs were available that would copy the disk and remember any bad sectors. The user could then use an application to spin the drive by constantly reading a single sector and display the drive RPM. With the disk drive top removed a small screwdriver could be used to slow the drive RPM below a certain point. Once the drive was slowed down the application could then go and write "bad sectors" where needed. When done the drive RPM was sped up back to normal and an uncracked copy was made. Of course cracking the software to expect good sectors made for readily copied disks without the need to meddle with the disk drive. As time went on more sophisticated methods were developed, but almost all involved some form of malformed disk data, such as a sector that might return different data on separate accesses due to bad data alignment. Products became available (from companies such as Happy Computers
) which replaced the controller BIOS in Atari's "smart" drives. These upgraded drives allowed the user to make exact copies of the original program with copy protections in place on the new disk.
On the Commodore 64, several methods were used to protect software. For software distributed on ROM cartridge
s, subroutines were included which attempted to write over the program code. If the software was on ROM, nothing would happen, but if the software had been moved to RAM
, the software would be disabled. Because of the operation of Commodore floppy drives, some write protection schemes would cause the floppy drive head to bang against the end of its rail, which could cause the drive head to become misaligned. In some cases, cracked versions of software were desirable to avoid this result.
Most of the early software crackers were computer hobbyists who often formed groups that competed against each other in the cracking and spreading of software. Breaking a new copy protection scheme as quickly as possible was often regarded as an opportunity to demonstrate one's technical superiority rather than a possibility of money-making. Some low skilled hobbyists would take already cracked software and edit various unencrypted strings of text in it to change messages a game would tell a game player, often something not suitable for children. Then pass the altered copy along in the pirate networks, mainly for laughs among adult users. The cracker groups of the 1980s started to advertise themselves and their skills by attaching animated screens known as crack intro
s in the software programs they cracked and released. Once the technical competition had expanded from the challenges of cracking to the challenges of creating visually stunning intros, the foundations for a new subculture known as demoscene
were established. Demoscene started to separate itself from the illegal "warez scene" during the 1990s and is now regarded as a completely different subculture. Many software crackers have later grown into extremely capable software reverse engineers; the deep knowledge of assembly required in order to crack protections enables them to reverse engineer
drivers
in order to port them from binary-only drivers for Windows
to drivers with source code for Linux
and other free
operating systems.
With the rise of the Internet
, software crackers developed secretive online organizations. In the latter half of the nineties, one of the most respected sources of information about "software protection reversing" was Fravia
's website.
Most of the well-known or "elite" cracking groups make software cracks entirely for respect in the "The Scene", not profit. From there, the cracks are eventually leaked onto public Internet sites by people/crackers who use well-protected/secure FTP release archives, which are made into pirated copies and sometimes sold illegally by other parties.
The Scene today is formed of small groups of skilled people, who informally compete to have the best crackers, methods of cracking
, and reverse engineering
.
the compiled program code using a debugger
such as SoftICE
, OllyDbg
, GDB, or MacsBug
until the software cracker reaches the subroutine
that contains the primary method of protecting the software (or by disassembling
an executable file with a program such as IDA
). The binary is then modified using the debugger
or a hex editor
in a manner that replaces a prior branching opcode
with its complement or a NOP
opcode
so the key branch will either always execute a specific subroutine
or skip over it. Almost all common software cracks are a variation of this type. Proprietary software
developers are constantly developing techniques such as code obfuscation, encryption
, and self-modifying code
to make this modification increasingly difficult. Even with these measures being taken, developers struggle to combat software cracking. This is because it is very common for a professional to publicly release a simple cracked EXE or Retrium Installer for public download, eliminating the need for inexperienced users to crack the software themselves.
A specific example of this technique is a crack that removes the expiration period from a time-limited trial of an application. These cracks are usually programs that patch the program executable and sometimes the .dll or .so linked to the application. Similar cracks are available for software that requires a hardware dongle
. A company can also break the copy protection of programs that they have legally purchased but that are licensed to particular hardware, so that there is no risk of downtime due to hardware failure (and, of course, no need to restrict oneself to running the software on bought hardware only).
Another method is the use of special software such as CloneCD
to scan for the use of a commercial copy protection application. After discovering the software used to protect the application, another tool may be used to remove the copy protection from the software on the CD or DVD
. This may enable another program such as Alcohol 120%, CloneDVD
, Game Jackal
, or Daemon Tools
to copy the protected software to a user's hard disk. Popular commercial copy protection applications which may be scanned for include SafeDisc
and StarForce
.
In other cases, it might be possible to decompile a program in order to get access to the original source code
or code on a level higher than machine code
. This is often possible with scripting language
s and languages utilizing JIT
compilation. An example is cracking (or debugging) on the .NET platform where one might consider manipulating CIL
to achieve one's needs. Java's
bytecode
also works in a similar fashion in which there is an intermediate language before the program is compiled to run on the platform dependent machine code
.
Advanced reverse engineering for protections such as Securom
, Safedisc
or StarForce
requires a cracker, or many crackers to spend much time studying the protection, eventually finding every flaw within the protection code, and then coding their own tools to "unwrap" the protection automatically from executable (.EXE) and library (.DLL) files.
There are a number of sites on the Internet that let users download cracks for popular games and applications (although at the danger of acquiring malicious software that is sometimes distributed via such sites). Although these cracks are used by legal buyers of software, they can also be used by people who have downloaded or otherwise obtained pirated software (often through P2P
networks).
without any copy protection.
has begun incorporating a Trusted Platform Module
into their Apple Macintosh line of computers, and making use of it in such applications as Rosetta
. Parts of the operating system
not fully x86-native run through the Rosetta PowerPC
binary translator
, which in turn requires the Trusted Platform Module for proper operation. (This description applies to the developer preview version, but the mechanism differs in the release version.) Recently, the OSx86
project has been releasing patches to circumvent this mechanism. There are also industrial solutions available like Matrix Software License Protection System.
Digital rights management
Digital rights management is a class of access control technologies that are used by hardware manufacturers, publishers, copyright holders and individuals with the intent to limit the use of digital content and devices after sale. DRM is any technology that inhibits uses of digital content that...
: copy protection
Copy protection
Copy protection, also known as content protection, copy obstruction, copy prevention and copy restriction, refer to techniques used for preventing the reproduction of software, films, music, and other media, usually for copyright reasons.- Terminology :Media corporations have always used the term...
, trial/demo version, serial number, hardware key, date checks, CD check or software annoyances like nag screens and adware.
The distribution and use of cracked copies is illegal in almost every developed country. There have been lawsuits over cracking software.
History
The first software copy protection was from Apple IIApple II
The Apple II is an 8-bit home computer, one of the first highly successful mass-produced microcomputer products, designed primarily by Steve Wozniak, manufactured by Apple Computer and introduced in 1977...
, Atari 800 and Comodore 64. Software publishers, particularly of gaming software, have over time resorted to increasingly complex measures to try to stop unauthorized copying of their software.
On the Apple II, unlike modern computers that use standardized device drivers to manage device communications, the operating system directly controlled the step motor that moves the floppy drive head, and also directly interpreted the raw data called nibbles read from each track to find the data sectors. This allowed complex disk-based software copy protection, by storing data on half tracks (0, 1, 2.5, 3.5, 5, 6...), quarter tracks (0, 1, 2.25, 3.75, 5, 6...), and any combination thereof. In addition, tracks did not need to be perfect rings, but could be sectioned so that sectors could be staggered across overlapping offset tracks, the most extreme version being known as spiral tracking. It was also discovered that many floppy drives did not have a fixed upper limit to head movement, and it was sometimes possible to write an additional 36th track above the normal 35 tracks. The standard Apple II copy programs could not read such protected floppy disks, since the standard DOS assumed that all disks had a uniform 35-track, 13- or 16-sector layout. Special nibble-copy programs such as Locksmith and Copy II Plus could sometimes duplicate these disks by using a reference library of known protection methods; when protected programs were cracked they would be completely stripped of the copy protection system, and transferred onto a standard format disk that any normal Apple II copy program could read.
One of the primary routes to hacking these early copy protections was to run a program that simulates the normal CPU operation. The CPU simulator provides a number of extra features to the hacker, such as the ability to single-step through each processor instruction and to examine the CPU registers and modified memory spaces as the simulation runs. The Apple II provided a built-in opcode disassembler, allowing raw memory to be decoded into CPU opcodes, and this would be utilized to examine what the copy-protection was about to do next. Generally there was little to no defense available to the copy protection system, since all its secrets are made visible through the simulation. But because the simulation itself must run on the original CPU, in addition to the software being hacked, the simulation would often run extremely slowly even at maximum speed.
On Atari 8-bit computers, the most common protection method was via "bad sectors". These were sectors on the disk that were intentionally unreadable by the disk drive. The software would look for these sectors when the program was loading and would stop loading if an error code was not returned when accessing these sectors. Special copy programs were available that would copy the disk and remember any bad sectors. The user could then use an application to spin the drive by constantly reading a single sector and display the drive RPM. With the disk drive top removed a small screwdriver could be used to slow the drive RPM below a certain point. Once the drive was slowed down the application could then go and write "bad sectors" where needed. When done the drive RPM was sped up back to normal and an uncracked copy was made. Of course cracking the software to expect good sectors made for readily copied disks without the need to meddle with the disk drive. As time went on more sophisticated methods were developed, but almost all involved some form of malformed disk data, such as a sector that might return different data on separate accesses due to bad data alignment. Products became available (from companies such as Happy Computers
Happy Computers
Happy Computers was a small company producing disk drive enhancements for the Atari 8-bit and Atari ST computer families. Happy Computers is most noted for the add-in boards for the Atari 810 and Atari 1050 disk drives, which achieved a tremendous speed improvement for reading and writing, and for...
) which replaced the controller BIOS in Atari's "smart" drives. These upgraded drives allowed the user to make exact copies of the original program with copy protections in place on the new disk.
On the Commodore 64, several methods were used to protect software. For software distributed on ROM cartridge
ROM cartridge
A ROM cartridge, sometimes referred to as a cart, is a removable enclosure containing read-only memory devices designed to be connected to a computer or games console....
s, subroutines were included which attempted to write over the program code. If the software was on ROM, nothing would happen, but if the software had been moved to RAM
Ram
-Animals:*Ram, an uncastrated male sheep*Ram cichlid, a species of freshwater fish endemic to Colombia and Venezuela-Military:*Battering ram*Ramming, a military tactic in which one vehicle runs into another...
, the software would be disabled. Because of the operation of Commodore floppy drives, some write protection schemes would cause the floppy drive head to bang against the end of its rail, which could cause the drive head to become misaligned. In some cases, cracked versions of software were desirable to avoid this result.
Most of the early software crackers were computer hobbyists who often formed groups that competed against each other in the cracking and spreading of software. Breaking a new copy protection scheme as quickly as possible was often regarded as an opportunity to demonstrate one's technical superiority rather than a possibility of money-making. Some low skilled hobbyists would take already cracked software and edit various unencrypted strings of text in it to change messages a game would tell a game player, often something not suitable for children. Then pass the altered copy along in the pirate networks, mainly for laughs among adult users. The cracker groups of the 1980s started to advertise themselves and their skills by attaching animated screens known as crack intro
Crack intro
A crack intro, also known as a cracktro, loader, or just intro, is a small introduction sequence added to cracked software, designed to inform the user of which "cracking crew" or individual cracker was responsible for removing the software's copy protection and distributing the crack...
s in the software programs they cracked and released. Once the technical competition had expanded from the challenges of cracking to the challenges of creating visually stunning intros, the foundations for a new subculture known as demoscene
Demoscene
The demoscene is a computer art subculture that specializes in producing demos, which are non-interactive audio-visual presentations that run in real-time on a computer...
were established. Demoscene started to separate itself from the illegal "warez scene" during the 1990s and is now regarded as a completely different subculture. Many software crackers have later grown into extremely capable software reverse engineers; the deep knowledge of assembly required in order to crack protections enables them to reverse engineer
Reverse engineering
Reverse engineering is the process of discovering the technological principles of a device, object, or system through analysis of its structure, function, and operation...
drivers
Device driver
In computing, a device driver or software driver is a computer program allowing higher-level computer programs to interact with a hardware device....
in order to port them from binary-only drivers for Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
to drivers with source code for Linux
Linux
Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...
and other free
Free software
Free software, software libre or libre software is software that can be used, studied, and modified without restriction, and which can be copied and redistributed in modified or unmodified form either without restriction, or with restrictions that only ensure that further recipients can also do...
operating systems.
With the rise of the Internet
Internet
The Internet is a global system of interconnected computer networks that use the standard Internet protocol suite to serve billions of users worldwide...
, software crackers developed secretive online organizations. In the latter half of the nineties, one of the most respected sources of information about "software protection reversing" was Fravia
Fravia
Francesco Vianello , better known by his nickname Fravia, was a software reverse engineer and “seeker” known for his web archive of reverse engineering techniques and papers.-Fravia as Francesco Vianello:...
's website.
Most of the well-known or "elite" cracking groups make software cracks entirely for respect in the "The Scene", not profit. From there, the cracks are eventually leaked onto public Internet sites by people/crackers who use well-protected/secure FTP release archives, which are made into pirated copies and sometimes sold illegally by other parties.
The Scene today is formed of small groups of skilled people, who informally compete to have the best crackers, methods of cracking
Cracking
Cracking may refer to:* Cracking, the formation of a fracture or partial fracture in a solid material* Fluid catalytic cracking, a catalytic process widely used in oil refineries for cracking large hydrocarbon molecules into smaller molecules...
, and reverse engineering
Reverse engineering
Reverse engineering is the process of discovering the technological principles of a device, object, or system through analysis of its structure, function, and operation...
.
Methods
The most common software crack is the modification of an application's binary to cause or prevent a specific key branch in the program's execution. This is accomplished by reverse engineeringReverse engineering
Reverse engineering is the process of discovering the technological principles of a device, object, or system through analysis of its structure, function, and operation...
the compiled program code using a debugger
Debugger
A debugger or debugging tool is a computer program that is used to test and debug other programs . The code to be examined might alternatively be running on an instruction set simulator , a technique that allows great power in its ability to halt when specific conditions are encountered but which...
such as SoftICE
SoftICE
SoftICE is a kernel mode debugger for Microsoft Windows. Crucially, it is designed to run underneath Windows such that the operating system is unaware of its presence. Unlike an application debugger, SoftICE is capable of suspending all operations in Windows when instructed...
, OllyDbg
OllyDbg
OllyDbg is an x86 debugger that emphasizes binary code analysis, which is useful when source code is not available. It traces registers, recognizes procedures, API calls, switches, tables, constants and strings, as well as locates routines from object files and libraries. Version 1.10 is the final...
, GDB, or MacsBug
MacsBug
MacsBug is a low-level debugger for pre-Mac OS X Macintosh operating systems. MacsBug is an acronym for Motorola Advanced Computer Systems Debugger, as opposed to Macintosh debugger...
until the software cracker reaches the subroutine
Subroutine
In computer science, a subroutine is a portion of code within a larger program that performs a specific task and is relatively independent of the remaining code....
that contains the primary method of protecting the software (or by disassembling
Disassembler
A disassembler is a computer program that translates machine language into assembly language—the inverse operation to that of an assembler. A disassembler differs from a decompiler, which targets a high-level language rather than an assembly language...
an executable file with a program such as IDA
Interactive Disassembler
The Interactive Disassembler, more commonly known as simply IDA, is a disassembler for computer software which generates assembly language source code from machine-executable code. It supports a variety of executable formats for different processors and operating systems. It also can be used as a...
). The binary is then modified using the debugger
Debugger
A debugger or debugging tool is a computer program that is used to test and debug other programs . The code to be examined might alternatively be running on an instruction set simulator , a technique that allows great power in its ability to halt when specific conditions are encountered but which...
or a hex editor
Hex editor
A hex editor is a type of computer program that allows a user to manipulate the fundamental binary data that makes up computer files. Note that computer files can be very small to very large...
in a manner that replaces a prior branching opcode
Opcode
In computer science engineering, an opcode is the portion of a machine language instruction that specifies the operation to be performed. Their specification and format are laid out in the instruction set architecture of the processor in question...
with its complement or a NOP
NOP
In computer science, NOP or NOOP is an assembly language instruction, sequence of programming language statements, or computer protocol command that effectively does nothing at all....
opcode
Opcode
In computer science engineering, an opcode is the portion of a machine language instruction that specifies the operation to be performed. Their specification and format are laid out in the instruction set architecture of the processor in question...
so the key branch will either always execute a specific subroutine
Subroutine
In computer science, a subroutine is a portion of code within a larger program that performs a specific task and is relatively independent of the remaining code....
or skip over it. Almost all common software cracks are a variation of this type. Proprietary software
Proprietary software
Proprietary software is computer software licensed under exclusive legal right of the copyright holder. The licensee is given the right to use the software under certain conditions, while restricted from other uses, such as modification, further distribution, or reverse engineering.Complementary...
developers are constantly developing techniques such as code obfuscation, encryption
Encryption
In cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...
, and self-modifying code
Self-modifying code
In computer science, self-modifying code is code that alters its own instructions while it is executing - usually to reduce the instruction path length and improve performance or simply to reduce otherwise repetitively similar code, thus simplifying maintenance...
to make this modification increasingly difficult. Even with these measures being taken, developers struggle to combat software cracking. This is because it is very common for a professional to publicly release a simple cracked EXE or Retrium Installer for public download, eliminating the need for inexperienced users to crack the software themselves.
A specific example of this technique is a crack that removes the expiration period from a time-limited trial of an application. These cracks are usually programs that patch the program executable and sometimes the .dll or .so linked to the application. Similar cracks are available for software that requires a hardware dongle
Dongle
A software protection dongle is a small piece of hardware that plugs into an electrical connector on a computer and serves as an electronic "key" for a piece of software; the program will only run when the dongle is plugged in...
. A company can also break the copy protection of programs that they have legally purchased but that are licensed to particular hardware, so that there is no risk of downtime due to hardware failure (and, of course, no need to restrict oneself to running the software on bought hardware only).
Another method is the use of special software such as CloneCD
CloneCD
CloneCD is proprietary optical disc authoring software that makes exact, 1:1 copies of music and data CDs and DVDs, regardless of any Digital Rights Management restrictions. It was originally written by Oliver Kastl and offered by Swiss company Elaborate Bytes, but due to changes in European...
to scan for the use of a commercial copy protection application. After discovering the software used to protect the application, another tool may be used to remove the copy protection from the software on the CD or DVD
DVD
A DVD is an optical disc storage media format, invented and developed by Philips, Sony, Toshiba, and Panasonic in 1995. DVDs offer higher storage capacity than Compact Discs while having the same dimensions....
. This may enable another program such as Alcohol 120%, CloneDVD
CloneDVD
CloneDVD is a proprietary DVD cloning software, developed by Elaborate Bytes, that can be used to make backup copies of any DVD movie not copy-protected . The program is able to transcode a dual layer DVD movie to fit it onto a DVD-R, DVD+R or DVD+R DL disc...
, Game Jackal
Game Jackal
Game Jackal is a PC application developed by Antiguan-based company SlySoft that allows users to play PC game titles without the need for the game's media to be in the CD-ROM or DVD-ROM drive...
, or Daemon Tools
Daemon Tools
Daemon Tools is a disk image emulator and optical disc authoring program for Microsoft Windows. Daemon Tools was originally a furtherance in the development of another program, Generic SafeDisc emulator, and incorporated all of its features. The program claims to be able to defeat most copy...
to copy the protected software to a user's hard disk. Popular commercial copy protection applications which may be scanned for include SafeDisc
SafeDisc
SafeDisc is a CD/DVD copy protection and digital rights management program for Windows applications and games. Created by Macrovision Corporation, it aims to prevent the copying of discs for casual or commercial use....
and StarForce
StarForce
StarForce is a software copy protection mechanism developed by Protection Technology, which claims that products protected with StarForce are difficult to reverse engineer.- Product families :Currently known official versions of StarForce include:...
.
In other cases, it might be possible to decompile a program in order to get access to the original source code
Source code
In computer science, source code is text written using the format and syntax of the programming language that it is being written in. Such a language is specially designed to facilitate the work of computer programmers, who specify the actions to be performed by a computer mostly by writing source...
or code on a level higher than machine code
Machine code
Machine code or machine language is a system of impartible instructions executed directly by a computer's central processing unit. Each instruction performs a very specific task, typically either an operation on a unit of data Machine code or machine language is a system of impartible instructions...
. This is often possible with scripting language
Scripting language
A scripting language, script language, or extension language is a programming language that allows control of one or more applications. "Scripts" are distinct from the core code of the application, as they are usually written in a different language and are often created or at least modified by the...
s and languages utilizing JIT
Just-in-time compilation
In computing, just-in-time compilation , also known as dynamic translation, is a method to improve the runtime performance of computer programs. Historically, computer programs had two modes of runtime operation, either interpreted or static compilation...
compilation. An example is cracking (or debugging) on the .NET platform where one might consider manipulating CIL
Common Intermediate Language
Common Intermediate Language is the lowest-level human-readable programming language defined by the Common Language Infrastructure specification and is used by the .NET Framework and Mono...
to achieve one's needs. Java's
Java (programming language)
Java is a programming language originally developed by James Gosling at Sun Microsystems and released in 1995 as a core component of Sun Microsystems' Java platform. The language derives much of its syntax from C and C++ but has a simpler object model and fewer low-level facilities...
bytecode
Bytecode
Bytecode, also known as p-code , is a term which has been used to denote various forms of instruction sets designed for efficient execution by a software interpreter as well as being suitable for further compilation into machine code...
also works in a similar fashion in which there is an intermediate language before the program is compiled to run on the platform dependent machine code
Machine code
Machine code or machine language is a system of impartible instructions executed directly by a computer's central processing unit. Each instruction performs a very specific task, typically either an operation on a unit of data Machine code or machine language is a system of impartible instructions...
.
Advanced reverse engineering for protections such as Securom
SecuROM
SecuROM is a CD/DVD copy protection and digital rights management product developed by Sony DADC. SecuROM aims to resist home media duplication devices, professional duplicators, and attempts at reverse engineering software. It is most often used for commercial computer games running under the...
, Safedisc
SafeDisc
SafeDisc is a CD/DVD copy protection and digital rights management program for Windows applications and games. Created by Macrovision Corporation, it aims to prevent the copying of discs for casual or commercial use....
or StarForce
StarForce
StarForce is a software copy protection mechanism developed by Protection Technology, which claims that products protected with StarForce are difficult to reverse engineer.- Product families :Currently known official versions of StarForce include:...
requires a cracker, or many crackers to spend much time studying the protection, eventually finding every flaw within the protection code, and then coding their own tools to "unwrap" the protection automatically from executable (.EXE) and library (.DLL) files.
There are a number of sites on the Internet that let users download cracks for popular games and applications (although at the danger of acquiring malicious software that is sometimes distributed via such sites). Although these cracks are used by legal buyers of software, they can also be used by people who have downloaded or otherwise obtained pirated software (often through P2P
Peer-to-peer
Peer-to-peer computing or networking is a distributed application architecture that partitions tasks or workloads among peers. Peers are equally privileged, equipotent participants in the application...
networks).
Effects
The most visible and controversial effect of software cracking is the releasing of fully operable proprietary softwareProprietary software
Proprietary software is computer software licensed under exclusive legal right of the copyright holder. The licensee is given the right to use the software under certain conditions, while restricted from other uses, such as modification, further distribution, or reverse engineering.Complementary...
without any copy protection.
Industry response
Apple ComputerApple Computer
Apple Inc. is an American multinational corporation that designs and markets consumer electronics, computer software, and personal computers. The company's best-known hardware products include the Macintosh line of computers, the iPod, the iPhone and the iPad...
has begun incorporating a Trusted Platform Module
Trusted Platform Module
In computing, Trusted Platform Module is both the name of a published specification detailing a secure cryptoprocessor that can store cryptographic keys that protect information, as well as the general name of implementations of that specification, often called the "TPM chip" or "TPM Security...
into their Apple Macintosh line of computers, and making use of it in such applications as Rosetta
Rosetta (software)
Rosetta was a lightweight and dynamic binary translator for Mac OS X which Apple released in 2006 when it transitioned the Macintosh from PowerPC to Intel processors. It allowed pre-existing software to run on the new systems without modification....
. Parts of the operating system
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
not fully x86-native run through the Rosetta PowerPC
PowerPC
PowerPC is a RISC architecture created by the 1991 Apple–IBM–Motorola alliance, known as AIM...
binary translator
Binary translation
In computing, binary translation is the emulation of one instruction set by another through translation of code. Sequences of instructions are translated from the source to the target instruction set...
, which in turn requires the Trusted Platform Module for proper operation. (This description applies to the developer preview version, but the mechanism differs in the release version.) Recently, the OSx86
OSx86
OSx86 is a collaborative hacking project to run the Mac OS X computer operating system on non-Apple personal computers with x86 architecture and x86-64 compatible processors...
project has been releasing patches to circumvent this mechanism. There are also industrial solutions available like Matrix Software License Protection System.
External links
- Anti Cracking FAQ
- TOP10 ошибок защитников программ (in Russian, by Kris Kaspersky)