Flag: Tornado!
Hurricane!
|
|
Topic created on: May 20, 2006 20:49 CDT by bullet223  .
hey
first off im new to all this...
i need some help i have a private exe that i need recompiled to work on my pc or anyones pc.
its been unpacked and then i sought further help and im told i need to look at the libcrypt hashes and this will help me to get it to work on my pc.
i dont really get it all hehe
if anyone could add me to msn or something that would be great!
add [email protected]
i will pay you if you help me in my quest to get it working :)
dw mods its a private program with no copywright :)
thanks guys!
MSN ->>>>>>>>>>>> [email protected]
its a private program with no copywright
As a side note, in the UK (which I would guess you may be from) a program is copyrighted as soon as it is created and written on a computer. The UK patent office site has more details:
http://www.patent.gov.uk/copy/definition.htm
Not that copyright inherently prevents you from reversing a program, but I'm not familiar with UK law.
|
sounds like a "i will pay for crack" story...
...hopefully it's not
|
thanks for the information drew :D
i didnt actually know that but the prgram was created in the netherlands so im not sure if thats applicable in this case.
and no its not a "pay to crack" its just i know nothing about libcrypt or where to find the libcrypt hashes.
just need abit of help is all :D
|
As I have said before (broken record) Google should be your first line of questioning. No one nor anything can take the place of learning on your own and the repeated banging of your head against the wall until you understand.
With that said, it would be a bit immoral and potentionally illegal for almost anyone, depending on the country, to accept payment for reverse engineering a program out of the blue. This of course varies a bit, but I would personally not enter myself into such a situation without legal proof of ownership coupled with some kind of "get out of jail free" document.
|
>i didnt actually know that but the prgram was created
>in the netherlands so im not sure if thats applicable
>in this case.
You have a lot to learn...
First of all, this is not a cracking board. The only time people discuss bypassing protections is when they are attempting to analyze malware or attempting to research/validate program security. In many, possibly most, countries, malware analysis and security research work are perfectly legal regardless of who owns the copyright on the program.
Your inability to properly spell "copywright" [SIC] shows your inexperience yet also gives a few dubious hints of it's own. Your question about program modification (removal of program protection) and your statement above of not being sure if something written in the Netherlands is covered by copyright shows you have little understanding of what copyright is, how it works locally in your country or what conventions are in place to protect copyright internationally.
JCR-EDIT
Note to Self: Be sure to remember the difference between its, it's, and its' when pointing out grammar mistakes and nuances... (sigh) I'm an idiot far more often than I'd like to be.
The fact you asked about "decompiling" in the subject and expect to get source code that can be "recompiled to work on my pc or anyones pc" shows you have little understanding of compilers and you don't know much about the research that has been done in the field of decompilation.
The incorrect spelling, typing and punctuation as well as the lack of correct capitalization shows you're not really thinking about what you write or taking the effort to communicate it clearly and correctly. As you know, the above is indicative of laziness and oddly enough, it is also indicative of youth since you are probably more accustomed to communication of the cell/mobile "texting" sort.
My guess is you are young and inexperienced but still, you're also curious and clever enough to find this site. Though the above might seem a bit harsh, I'd like to encourage you to stay curious and learn. If a program is cool enough for you to want to crack it, then it should also be cool enough for you to invest your time writing something similar (and hopefully better).
As for reverse engineering, it is a field that requires intense curiosity and extreme dedication. As dubious as it might sound, learning to crack software protections was most likely the initial spark of curiosity that got many of the greatest reverse engineers going... but to become great, they quickly abandon stealing from others and try to find better uses for their talents and training.
When you get to know the people who do reverse engineering professionally (and legally), you'll find this recurring theme across the majority of them: Some supposedly evil software/malware writer/company "X" does supposedly unfair/wrong thing "Y" and a new reverse engineer "Z" is born from the idea of "correcting" the supposed problem.
Whether any of the above suppositions are true or false is irrelevant to the end result; someone new starts down the path of understanding and continuing down that path will require a lot more curiosity and dedication to learning. You figured out how to unpack the program, so your first steps have been taken. You've got the spark. Now, you came here asking for help on your mission, so haven't given up even when things are difficult and you have obviously proven some degree of dedication.
Though no one around here will help you with cracking protections for the sake of violating copyrights, most of us understand where you are...
When you start to realize how much work goes into writing software and how many individuals are hurt by it's theft, hopefully your opinions on copyrights will change (and you'll educate yourself on what copyrights are). I hope you remain curious and dedicated but more importantly, I hope you realize what you are doing to others before you do something that you will regret later.
If you really have a desire to understand that program, buy it and contact the author. Let him know you plan to do a low level analysis of the application (within your legal rights) and wanted to know if he would like to see/discuss your results. If you do figure out how to crack the protection, discuss it with no one but the author and give him suggestions on making the protection better.
It comes down to one question; What are you all about?
Taking or Giving?
Kind Regards,
JCR
|
Sigh, more moralizing.
I,for one, will help RE code which may be part of software protection if it is a sufficiently interesting problem. And yes, I probably would have been one of the guys who helped develop atomic technology to make the bomb, even if the outcome was unsatisfactory.
Now this OP hasn't presented a problem at all, let alone an interesting one, so I ain't gonna help him, and he certainly couldn't afford my rates for an uninteresting problem (for really unintersting ones, like tracking down hashes, the cost approaches infinity).
Not all of us here share the same moral code, nor do we all share the same view of the the relationship between information and usage of that information. Why morals always have to come up, I don't understand. Just don't help the guy. Or, if you want, have some fun and lead him astray. I suppose by the same token, I could just not comment on these ... hmm. Doh.
As an aside, my very first RE some 20+ years ago was indeed breaking protection on some Atari floppies (zee ol bad sectors trick), and grew bored of that task pretty quick. And, of course JC you are right that real RE requires intense dedication and this OP shows no indication of it so far.
|
Bullet,
I apologize for all the harsh, but accurate, replies from this board. However the short answer is to read a few books on the subject. There is a great list of RE-related books here:
https://www.openrce.org/reference_library/bookstore
As you work through the books and have specific questions, pelase feel free to ask the forums for help. By the power vested in me by the State, I now pronounce this horse dead.
|
If you really have a desire to understand that program, buy it and contact the author. Let him know you plan to do a low level analysis of the application (within your legal rights) and wanted to know if he would like to see/discuss your results. If you do figure out how to crack the protection, discuss it with no one but the author and give him suggestions on making the protection better.
huh , all generalizations are dangerous ( including this one ! ) .
JC , we really cannot be sure about people's business and duties , you told the young guy contact the author and let him know , and i ask you what if he find out the author is a bastard from al-qaedeh and the software is "private" without any "copywright" ?
your statements are totally correct , all about moral things and respects to rights , but i tell you this is not a good idea to tell "go away" to everybody we dont like , neither when we think he is not a professional RCE fella with a related job and salary , i think this is "Open RCE" , and while we dont break any law we shouldnt gudge people or make some guess about their mission then analyze their character and personality !
and regardless of this topic , we both know that everybody in this forum experienced some cracking privately ( excuse me , is there any virgin here ? )
i am agree with you , we should care about peoples right and we respect copyright and this is not a cracking board ( there are lotza them out there , i learned a lot from these forums , more than i learned from openrce until now , you know what i am talking about ) so please lets stick to technical matters .
Regards
-Mh
|
Let me run over the horse again.
Perhaps the best way to approach this would be profesionalism. If someone comes off as "conversing like a child" they shall be treated as such, right or wrong it is a fact of reality. Wanting to flat out pay someone for "help" somewhat concerns me, personally, but to other it may be an opportunity. I will not apologize for letting morals "get in my way" not now, nor ever.
Now with that I do not think anyone is wanting to mitigate learning here, only covering their proverbial posteriors and that of OpenRCE. But, I still stand by my original point -- listen, then speak when you understand or understand enough to phrase a question appropriately (and I am not talking grammatically correct, as all of us have dealt with the situation of an extremely knowledgable person lacking a particular language skill to communicate perfectly). This was the path I walked and I personally will always endorse it.
Now, shall we let the poor horsey lie?
Aaron
|
Well, we're officially beating a dead horse but hopefully Bullet has decided to stick around and keep reading.
There are few problems with my post. The first is pointing out the grammar and spelling issues Bullet made. This was wrong. His email address and his use of English merely suggested two things to me:
(1) He knows the English language and it's probably is native language.
(2) He is probably fairly young.
My reasoning for these assumptions are in my original post, yet they were presented poorly.
The other, and more serious, problem with my post is a moralistic tone. In some situations such a tone works well as persuasion but in this instance, I did a rather poor job of it. Yes, I intentionally used a rhetoical device for a persuasive appeal and yes, I do know there are a few logical fallacies stuffed in there. And again yes, I know how to be a real bastard in a debate.
As Mohammad suggests, let's get back to the technical side.
I said, "no one around here will help you with cracking protections for the sake of violating copyrights."
It is an generalization but in general the statement is true. There are two primary reasons why, on average, the statement is true:
(1) A lot of the people on this board do reverse engineering work professionally and are not willing to risk the legal trouble caused by busting copy protection since it could result in the loss of our jobs, homes and so forth. In other words we have either a fiduciary responsibility or enough survival instincts to protect ourselves, our families, and our employers.
(2) A lot of the people on this board take a moral stance on copyright infringement.
There is also a third important reason which BillyBoBob somewhat mentioned:
(3) Cracking is, more often than not, a mundane and boring exercise. Only on rare occasions does cracking take significant skill and prove to be an interesting problem for an experienced reverse engineer.
I am absolutely convinced every single half decent reverse engineer on the planet has cracked software protections for the purpose of trying to learn something new and enjoying an interesting problem.
The first time you looked at ASProtect, it may have been interesting but when you realized it only took a mundane memory dump, PE fixup and 1 bit patch to defeat, I'm sure you lost interest in a hurry. None the less, you learned something from the experience. If Bullet has the dedication, he will most likely learn something from his new experience.
Now, let's say some bastard uses ASProtect (a commercially sold protection scheme) to secure their new piece of malware. Suddenly, your knowledge and experience in "cracking" ASProtect can be put to a beneficial use. In other words, if a person plans on working in security auditing, malware analysis or related fields, they *MUST* know how to break various kinds of protection in order to do their jobs effectively and obviously, there's really only one way to learn it.
Those with a more "moralistic" view of the world regard the need to know how to break stuff as being a "necessary evil" for performing a number of much needed an beneficial jobs. Personally, I think the "necessary evil" clause is a bit too harsh. I look at it like chess; while learning to play the white pieces very well, I also learned how to play the black ones. Unlike chess, which set of peices I choose to play is always my choice but learning and knowing how to play both sides is not only an advantage but it is also unavoidable.
It's a known fact that I have a personal grudge against dongles. In fact, there is an unwritten rule at my place that states, "All Dongles Belong In My Desk Drawer." Surprisingly enough, by some bit or two of magic all of the dongles I own reside where they belong in my desk drawer. When queried about my practice, I tell them I'm using EOA for the communication with the dongles. When pressed for further information, I tell them EOA stands for Ethernet Over Atmosphere. If they miss the joke and persist, I point them to a nonexistent RFC number to do further research. If they get the joke and request access to my EOA code, I tell them my code is, unfortunately, not portable due to transient signal propagation but it would very easy for them write their own code and then I point them to a nonexistent RFC number to do further research...
There's a big difference between buying software and cracking it versus cracking software so you don't have to buy it. The more important point is, what you choose to do with your resulting research and knowledge of the protections is definitive of both your intents and your character.
For me, it's not about perfect, exacting and mindless dedication to upholding every stupid clause or condition some idiot puts in their license. Instead, it's simply about being fair; people getting paid for the work they do. Just as BillyBoBob deserve his rates for his analysis efforts, the guys writing shareware also deserve to get paid their asking price for their efforts. As tough as it might be to stomach the price, even the companies selling insanely over priced software deserve to get paid their asking price for their efforts; after all it's their effort, their software and their choice to sell it for what they want.
The term "fair" is like the term "quality" in the sense that they are both extremely difficult to define with other words. Of course we all know what the words mean but our internal definitions are somehow intrinsic as well as innate, subective and even transient.
Though some may attribute a sense of fairness and attempts to achive fairness as a moral issue, I don't. Of course, I or anyone can easily twist fairness into a rhetorical moral appeal, but for me, fairness is actually a means to an end; the easiest way to be happy is to be fair to others. In essence, it's a matter of understanding cause and effect as well as risks, rewards and consequences. It might seem a bit cold and morally vacant at first but when you look for the reason why you a a particular moral value, you'll see my process is quite similar to your own.
BillyBoBob brought up another very pertinent point when he said he's the kind of person who would work on the Bomb if it presented an interesting problem. I've actually worked on gov/mil projects and I have a hunch some of them don't qualify as benevolent. Though I lack the security clearance necessary to be told all the facts on what stuff really does, the most I can hope for is that they are only used with as much wisdom, consideration and discretion as humanity can afford. My "morality" or more accurately, opinion, on reverse engineering is really no different.
Though I'll never help Bullet with understand RFC1149, I hope he does continue on his own, figures things out, learns something in the process and then uses all of the wisdom, consideration and discretion he has with his resulting knowledge.
Kind Regards,
JCR
|
Note: Registration is required to post to the forums.
|
|
|
|
There are 31,328 total registered users.
|
|
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}