Editing Software cracking (section)

==Methods==
The most common software crack is the modification of an application's binary to cause or prevent a specific key branch in the program's execution. This is accomplished by [[reverse engineering]] the compiled program code using a [[debugger]] such as [[x64dbg]], [[SoftICE]],<ref>{{cite journal|last1=Ankit|first1=Jain|last2=Jason|first2=Kuo|last3=Jordan|first3=Soet|last4=Brian|first4=Tse|title=Software Cracking (April 2007)|date=April 2007|url=https://courses.ece.ubc.ca/cpen442/previous_years/2007_1_spring/modules/term_project/reports/2007/software_cracking.pdf|access-date=27 January 2018|publisher=The University of British Columbia - Electrical and Computer Engineering|archive-date=March 19, 2018|archive-url=https://web.archive.org/web/20180319101416/http://courses.ece.ubc.ca/cpen442/previous_years/2007_1_spring/modules/term_project/reports/2007/software_cracking.pdf|url-status=live}}</ref> [[OllyDbg]], [[GDB]], or [[MacsBug]] until the software cracker reaches the [[subroutine]] that contains the primary method of protecting the software (or by [[disassembler|disassembling]] an executable file with a program such as [[Interactive Disassembler|IDA]]).<ref>{{cite book |last=Cerven |first=Pavol |date=2002 |isbn=1-886411-79-4 |title=Crackproof Your Software: Protect Your Software Against Crackers|publisher=No Starch Press }}</ref> The binary is then modified using the [[debugger]] or a [[hex editor]] such as [[HIEW]]<ref>{{cite web| url = https://www.cerias.purdue.edu/assets/pdf/bibtex_archive/bibtex_archive/2001-49.pdf| title = Protecting Software Codes By Guards| publisher = Hoi Chang, Mikhail J. Atallah, CERIAS, Purdue University (2001)| access-date = June 6, 2022| archive-date = March 10, 2023| archive-url = https://web.archive.org/web/20230310072122/https://www.cerias.purdue.edu/assets/pdf/bibtex_archive/bibtex_archive/2001-49.pdf| url-status = live}}</ref> or [[Machine code monitor|monitor]] in a manner that replaces a prior branching [[opcode]] with its complement or a [[NOP (code)|NOP]] [[opcode]] so the key branch will either always execute a specific [[subroutine]] or skip over it. Almost all common software cracks are a variation of this type. A region of code that must not be entered is often called a "bad boy" while one that should be followed is a "good boy".<ref name="Megabeets 2018 z717">{{cite web | title=Reversing a Self-Modifying Binary with radare2 | website=Megabeets | date=2018-01-14 | url=https://www.megabeets.net/reversing-a-self-modifying-binary-with-radare2/ | access-date=2023-06-29}}</ref>

[[Proprietary software]] developers are constantly developing techniques such as [[code obfuscation]], [[encryption]], and [[self-modifying code]] to make binary modification increasingly difficult.<ref>{{Cite book |url=https://www.worldcat.org/oclc/272383172 |title=Reverse engineering code with IDA Pro |date=2008 |publisher=Syngress Pub |first1=Justin |last1=Ferguson |first2=Dan |last2=Kaminsky |isbn=978-0-08-055879-0 |location=Burlington, MA |oclc=272383172 |access-date=June 8, 2022 |archive-date=March 10, 2023 |archive-url=https://web.archive.org/web/20230310072141/https://www.worldcat.org/title/272383172 |url-status=live }}</ref> Even with these measures being taken, developers struggle to combat software cracking. This is because it is very common for a professional to publicly release a simple cracked EXE or Retrium Installer for public download, eliminating the need for inexperienced users to crack the software themselves.

A specific example of this technique is a crack that removes the expiration period from a time-limited trial of an application. These cracks are usually programs that alter the program executable and sometimes the [[Library (computing)|.dll or .so]] linked to the application and the process of altering the original binary files is called patching.<ref name=":0">{{Cite book |last=Eilam |first=Eldad |url=https://www.worldcat.org/oclc/80242141 |title=Reversing : secrets of reverse engineering |date=2005 |publisher=Wiley |others=Elliot J. Chikofsky |isbn=0-7645-9768-X |location=Indianapolis, IN |oclc=80242141}}</ref> Similar cracks are available for software that requires a hardware [[dongle]]. A company can also break the copy protection of programs that they have legally purchased but that are [[software license|licensed]] to particular hardware, so that there is no risk of downtime due to hardware failure (and, of course, no need to restrict oneself to running the software on bought hardware only).

Another method is the use of special software such as [[CloneCD]] to scan for the use of a commercial copy protection application. After discovering the software used to protect the application, another tool may be used to remove the copy protection from the software on the [[CD]] or [[DVD]]. This may enable another program such as [[Alcohol 120%]], CloneDVD, [[Game Jackal]], or [[Daemon Tools]] to copy the protected software to a user's hard disk. Popular commercial copy protection applications which may be scanned for include [[SafeDisc]] and [[StarForce]].<ref>{{cite web| url = http://m0001.gamecopyworld.com/games/gcw_cd-backup.shtml| website= GameCopyWorld |title=Backup Protected Game CD/DVDs | access-date = June 11, 2008| archive-date = June 5, 2008| archive-url = https://web.archive.org/web/20080605182827/http://m0001.gamecopyworld.com/games/gcw_cd-backup.shtml| url-status = live}}</ref>

In other cases, it might be possible to [[decompile]] a program in order to get access to the original [[source code]] or code on a [[High level programming language|level higher]] than [[machine code]]. This is often possible with [[scripting language]]s and languages utilizing [[Just-in-time compilation|JIT]] compilation. An example is cracking (or debugging) on the .NET platform where one might consider manipulating [[Common Intermediate Language|CIL]] to achieve one's needs. [[Java (programming language)|Java's]] [[bytecode]] also works in a similar fashion in which there is an intermediate language before the program is compiled to run on the platform dependent [[machine code]].<ref>{{cite web| url = https://www.cs.drexel.edu/~spiros/teaching/CS675/asmrceFINAL.pdf| title = A Survey of Reverse Engineering Tools for the 32-Bit Microsoft Windows Environment| first1= Raymond J. Jr. |last1=Canzanese |first2=Matthew |last2=Oyer |first3=Spiros |last3=Mancoridis |first4=Moshe |last4=Kam |publisher =College of EngineeringDrexel University | access-date = June 7, 2022| archive-date = March 25, 2022| archive-url = https://web.archive.org/web/20220325231523/https://www.cs.drexel.edu/~spiros/teaching/CS675/asmrceFINAL.pdf| url-status = dead }}</ref>

Advanced reverse engineering for protections such as [[SecuROM]], [[SafeDisc]], [[StarForce]], or [[Denuvo]] requires a cracker, or many crackers to spend much more time studying the protection, eventually finding every flaw within the protection code, and then coding their own tools to "unwrap" the protection automatically from executable (.EXE) and library (.DLL) files.

There are a number of sites on the Internet that let users download cracks produced by [[warez groups]] for popular games and applications (although at the danger of acquiring malicious software that is sometimes distributed via such sites).<ref>{{Cite magazine|url=https://www.wired.com/1997/04/ff-warez/|title=Warez Wars|last=McCandless|first=David|date=1997-04-01|magazine=Wired|access-date=2020-02-04|issn=1059-1028|archive-date=September 16, 2021|archive-url=https://web.archive.org/web/20210916043855/https://www.wired.com/1997/04/ff-warez/|url-status=live}}</ref> Although these cracks are used by legal buyers of software, they can also be used by people who have downloaded or otherwise obtained unauthorized copies (often through [[Peer-to-peer|P2P]] networks).