Some time ago I was looking at buying Aurora HDR as the latest version I noticed contained a batch feature, which I could use to process my Urban Exploration content.
I was unashamedly using a cracked version I got from somewhere on the internet but this older version lacked the batch feature I wanted.
At one point I considered buying the product but as the price was over $100, knocked that on the head quite quickly. The article is not about the ethics of software piracy, but it’s safe to say, if it was cheap enough I would have purchased it.
Instead, I contacted my old friend and THG (The Humble Guys) cracker, Fabulous Furlough (@fabulousfurlough), who you may note does now have a HIVE account (courtesy of ME) and asked him if he would crack Aurora HDR for me.
He may never use it but on my suggestion lazily said, ‘Yeah, if you want’, when I asked him if he would like an account.
Within 24 hours the software was cracked and with just one substitute DLL file no longer hassles me about being a trial version and works perfectly.
Fabulous Furlough then sent me his cracking notes on Aurora HDR which is the whole point of this post. He goes into great detail about what he uses and the specific pieces of code he manipulates to get around the protection.
I asked him if I could post these notes on HIVE as others may find them as fascinating as I do. The inside mind of a software cracker is not something we are often privy too.
The response, ‘I don't mind at all. Go for it!’. The 'friend' mentioned in the below article is ME!
So here we go, the software cracking notes for Aurora HDR reproduced with permission courtesy of Fabulous Furlough, EX leader of the notorious cracking group, The Humble Guys (circa 1990).
WARNING: The content below is very low level, extremely geeky and trying to fathom out or understand it could well blow your internal fuses.
For the last(??) time, .NET code isn't safe!
Recently a friend asked me to have a look at an application that he uses. So I downloaded and installed it, and set about having a look. A quick glance at the file listing shows a likely candidate, "Common.Licensing.dll". Could you be any more obvious? and the filesize? 30kb. (closes eyes, shakes head).
I toss it into IDA Pro, and discover that it's a .NET assembly. So, I exit IDA, and toss it into dnspy. (If you've not yet seen the power of dnspy, I HIGHLY recommend it.
This applies not only to us reversers, but to anyone who ships a protected product using .NET. Have a look at what I can see about your product!)
For instance, if you have a licensing object, and associated fields, I might see something like this:
This means that I can simply replace the accessor functions to always say that this ISN'T a trial by returning FALSE on the get, and just ignoring what happens in the set.
Or, if I'm feeling especially funny, I'll change the TrialDays get to return "69", or "420" or some other funny number.
Or if you store the code that the user enters when trying to register your application in an obvious place, I might see something like this:
So now I can just look through the rest of the code for references to ActivationCode, and find all sorts of things.
Like, I could find out that you compute this activation code via MD5:
But, you think that's OK because you encrypt it before you store it, right? Like this:
I heard that! You said "Big deal, you know it's MD5, but you don't know the hash key! Ahem:
But, it's not all bad news! (I lied, it's all bad). Even your idea that "it's OK to include the code to compute the activation code locally, as you plan to VALIDATE it online, and THAT will certainly stop me" is a bad one. As you included all of THAT code in the same file, so it became this:
And that's just not very useful, is it? You also started some threads that should, in theory, validate the activation from time to time right?
Well, I see from this that you return an enum. And, you include that in the source, so this whole function becomes:
And you included, as strings! The server URLs that you plan to try to contact, have all been changed. This is what they look like now:
So, good luck getting any data out that way either. And last but not least, all those other "background tasks" that you run that will validate things, and update member variables of the class should something not look right? Yeah, they don't do much anymore:
And, as the cherry on this sundae of fail, I couldn't resist a little graffiti.
This shows up when you do Help|About.
So, in closing, be aware of your surroundings. If you plan to write an app in .NET be aware that there are some KICKASS tools out there for decompiling your code, and in the case of dnspy, it even allowed me to make all those changes you see above in a "Visual Studio feeling" editor, and one-click later, it had compiled all my changes, and had written them to MY version of Common.Licensing.dll. So, no hex-editing required.
I have sent him the keys to the account, I can only hope that one day he might log on and have a look around at this blogging platform for anarchists, free-speech and zero censoring we have.
On my insistence, I will send the majority of the rewards of this post to the @fabulousfurlough HIVE account, and if and when HIVE reaches $1 per token, I will sell the tokens and send the dollar value to my old friend of almost 30 years.
That might be around $25, the value that I would have been willing to pay for this software.
Source for this article: https://fabulousfurlough.blogspot.com/2020/01/for-last-time-net-code-isnt-safe.html
If you found this article so invigorating that you are now a positively googly-eyed, drooling lunatic with dripping saliva or even if you liked it just a bit, then please upvote, comment, resteem, engage me or all of these things.