reverse engineering

I agree with Paul, I've also used Soft Ice since it's 16 bit release and there isn't any way that you can get your c++ source code back. The debug mode for Visual c++ is however able to display more info than a release version but when a release version is build the debug data is removed.

So Soft Ice is not capable of translating an exe back to it's source code.

As some of the people mentioned, hackers is only interested in some pattern but most of the time they look for jmp routines in assembly and they might just change the JE(jump if equal) to JNE (jump if not equal) to bypass copy protection depending of course on the copy protection that is used.

Got to agree that you cannot get the exact source code back. There is only one program I know of that will get you back c++ code from asm and even then although its accurate and gives good results, its not perfect and won't be anywhere near exact.

In Replay to:
You can, in fact, totally reverse-engineer an exectuable into its original C++ source code

who is this kbomb987?
are u a programmer??
&who told u that u can totally reverse-engineer an exectuable into its original C++ source code??

Getting back ur C/C++ code form a EXE is highly impossible thing.

I am totaly agrre with Paul McKenzie Its not JAVA

cmp xx xx
jmp xxxx

from above code nobody can tell which variable is involved or its coming due to if/else statement or for statement or switch statement

So dont worry abt guys nobody can get ur original C++ source code.

Using Soft-Ice u can put break point on system functions deep into the OS kernel.
but everything get in Soft-Ice is in Assembly code so to hack ur EXE using Soft-Ice one should very very strong in Assembly language.
so somebody is very very good in assembly, forget about protecting ur code using functions like IsSoftIce().. its lame protection he/she can esaily get rid of this function

Vinod

the people who thought it possible to get back c++ code make me laugh.
First of all i doubt the even know what the **** an exe is...it's freakin 0's and 1's people, it doesn't run from source, there is no source, the source doesn't come with the program, the source isn't encoded in the bits anywhere.
You can make the bits to assembly because there is an exact realationship between the bitwise words and assembly commands, the processor can handle assembly codes (not c/c++). There is no way of saying "oh gee, these lines of assembly code mean this, so i'll have my program say it's this function...hmmm i'll call it softice". It doesn't work that way. And in response to those who say it does, i ask, why would you BS someone who's asking for help? Show some class.

If the cracker is to crack the s/w by modifying the s/w to 'jump' past the registration code, how would that be possible with anti-virus s/w around, as anti-virus s/w will prohibit any s/w from modifying an exe file.

Anyone knows?

But this isnt an antivirus programs work to watch for cracking programs..thats not illegel activity.
Still you can do it ,but you need to know exactly how the exe modification will be done ,how many ways somebody can do it..
You need to Hook API's for debugging and Creating .opening and read ,write File.There you need to identify the operation going on.
This isnt any simple case to program..And finaly you wont be able to lock all the ways of doing it..Never..

An interesting discussion this has been, and its dragged on for quite a while. Just thought id add my piece for the why two kay and three.

Firstly, get it right.. crackers are software reverse engineers, not hackers.

Secondly.. its physically impossible to get back your original source code using a tool such as softice. It is merely a debugger, and displays, registers and memory. It will show the stepping of the app running in ASM, and allow breakpoints to be set on various API. Granted some tools will reverse engineer your pe file back into source, but alot is lost in the process including function names and variables (as they are reallocated into address spaces). Why is this tool allowed to exist?? I guarantee you can do all that you need to 'crack' an application using MSDEV itself! Ever had the 'debug' application window popup, followed by an ASM dump?

Firstly, dont blame the crackers saying they are evil people, theyre not.. they are merely 'debugging' your code. Whats so illegal about stepping through the memory of the computer that they own? Cracking isnt illegal at all.. distributing cracks is however. Secondly as a programmer you should be 'debugging' your applications aswell. They are merely software engineers with an interest in what is actually going on under the hood! Believe me the majority of the old schoolers probably couldnt write a line of c++ code in their lives, however they certainly can tell you what your program is doing to a greater level of degree than even the majority of authors could these days.

So.. if you want some advice on security.. packing can help, change your pe headers/section headers to keep out the newbies. Dont bother with softice tricks, frogsice can disable them in seconds, failing that sice will do it itself with a few interrupt changes. I wouldnt bother packing too much though, as somewhere in memory it has to be unpacked, and sice can easily dump memory allowing you to rebuild the unpacked pe. Thirdly, dont bother spending hours and hours with some mad encyption routine that even a nasa scientist couldnt follow. Crackers dont care, they wont step through your entire code.. they will dump the section of code at the correct entry point and recompile it into an ASM application to make a keygen.

Next, why not actually ask the crackers? talk to them.. find out theyre worst hates when cracking...Ive managed to recognise several of them in this forum already.

The obvious solution is in the demo version remove code.. you cant crack what isnt there, but whatever you do.. you will never be able to make it impossible.. believe me.

Quote:

---

why not actually ask the crackers? talk to them.. find out theyre worst hates when cracking

---

Visual Basic =) it is 99% pure garbage :D

do you crack software Bengi ?

I would actually love to have a conversation with somebody who's into this. I once found a website in Spanish which used my application as a tutorial for cracking software. It showed step-by-step what you had to do to patch it. I was quite impressed to be honest. I had no security in place, so it was no surprise that it had been cracked, I was just impressed that somebody bothered to do it. And they used it as an example :)

I've tightened it up a lot since, but i guess you can probably still crack it ?

Let's have a chat ...

VB Program realy contain 40 % not required code. Looping via wrappers :( .

I actually enjoy messing with VB, although hated by most. Just load the app into numega smartcheck (same people who made softice), make sure your using the correct options and you step through it without any problems.

I once went into a c++ channel on irc, i was actually booted out because i was also op in a different reverse engineering channel. Their reason, because they didnt want reverse engineers hanging around and working out the methods the coders were using to protect their software. Im sorry but that is just being arrogant.. you will learn far more from a reverse enginerr IMHO than another coder... not to mention the fact the majority certainly dont need to know the coders source code as they operate at a much lower level language and can figure it out themselves, probably with a greater understanding.

My other point is.. sure i program software, sure ive reversed some software, obviously therefore i have run a crack in the past that i have written (dont get me wrong, its nothing to boast about), sure my software was used as a tutorial app by TNT and also WKT cracking groups, but do i complain? **** NO.. its the biggest free advertising campaign you can ever hope to achieve for your software. Just update it slightly afterwards and youll get thousands of hits to no effect. Not to mention like jase says.. if you were remotely professional about programming you would be interested as to what they did and how they did it.

Considered lame? Well.. whos the lame one.. the guy sitting there messing around with the internals of a pc (of which im taught todo at in my computer science degree) or the guy who downloads shareware and then uses a crack rather than paying for it. The evil ones are the 12 year old kids who use cracks, not the crackers themselves. I purchase all my software that i deem fit. If it dont, i dont use it. Simple. Make your software that good that people believe you simply deserve the money. I guarantee that you will never keep up with the reverse engineers. Just search a dupe site and you will find that on average 50+ applications are cracked A DAY!

Soo...

main:
pusha
push eax, arrogance
push ecx, coders_attitude
cmp eax, ecx
jmp bad_boi ; // Unconditional jump covers 99% of coders ;)
jmp exit

bad_boi:
push 0
push 0
push "Oh dear.. you loose"
call messsgebox

exit:
popa

It seems you are into daily bussiness of cracking !

But I think cracking any software esp. which is counting days or asking serial number are toooooooooooo easy to crack , the chalenge is to reverse engineer the logic/working of a software.

Everybody must agree , that today you will find crores of crackes , I dont include all of them in reverse engineer's cast.
Today a reverse engineer should be able to reverse engineer the program logic tooo. Setting the unconditional jmp is the thing of last era.

What do you say ?

Firstly, nope im not on a daily cracking fest... just interested in peoples views.

In terms of understanding the logic I agree entirely. That is my point... trying to find out EXACTLY what a program is doing. It should be standard as part of any coders development stages. How are you sposed to code anything if you dont understand the building blocks?

Im sure that many of you in the commercial world have had source code thrown at them written by another developer and been asked to modify it. Is that not, on a level, reverse engineering? You must first understand what it is doing, and then build on it from there. Cracking is the same form.. only its done from bytes in memory or dissasemblies on disk at a lower level.

And yep your right again with changing a jump point being a thing of the past... unless it was 'metaphorically' coded in the past, which lets face it occurs all too often.

Then like all good things in life its used and abused by the irresponsible because its deemed 'cool'.

zebbedi

Interesting views zeb, and I can't find much fault with what you say. However, when i'm given somebody elses project to maintain, after I've figured how it works and have applied the update or fix, I don't then make the application available for the rest of the world to download for free, while my company sells the software on to it's rightful client.

Reverse engineering is one thing, and something i'm completely cool about. It's publishing the resulting crack/patch that's damaging.

I have a mixed view. I firmly believe that the person who will look for a crack for your software, rather than pay for it, would most likely never had paid for it if a crack didn't exist. And these people are in the minority. The majority are happy to pay you, if your software provides them with some value and is sensibly priced. Overly high expectations on the value of your software is just an incentive for users to search for a crack.

Lastly, I would advise developers who have published software on the internet to regularly look for cracks. Regularly search for cracks in google. If you find them, you need to update your wares. Another good idea is to learn how to use irc. You'll be amazed what you can download from warez channels. And again, once you've found the crack you're in a position to do something about it.

Don't complain, take it as a complement and be proactive in addressing it.

Right , Reverse engg. has got wide defination.

According to me once we purchase a software we have total control over the assembly code, we can read the EXEutable in any way , because running a program is just reading the assmbly and executing it.