Cracking java apps
One rather enjoyable activity to while away a few hours is cracking java applications. Setting aside the legality of such nefarious activities, it’s a very educational and entertaining hobby. Of course, I am sure that anyone who indulges in such activities will have the decency to at least purchase said product.
Java licensing schemes vary from the impressively convoluted with multiple points of entry, to the incredibly simple and childish.
IDEA for example is more of the former, interestingly enough, my first introduction to IDEA was through a challenge to figure out its licensing algorithms (back in the 1.1 days), I very quickly purchased a license because it was pretty clear that these guys really are rather smart.
On the other end of the spectrum, we have some novel approaches which often suffer from one fatal flaw. They have one clever bit of code that everything else assumes is uncrackable. Needless to say, a simple NOP here does wonders.
Funniest of all are apps which don’t even use public/private keys, but employ a simple built in algorithm to read in a license file. Simple reverse that section of code and you have a key generator.
Another ridiculous idea is the encrypted classloader approach. I know of two apps which use this. There’s something strangely satisfying about making the application itself do all the work for you and decrypt all the classes; using its own cleverness against it
Speaking of apps which encourage you to use their own cleverness, it really is rather surprising how many ship with the code they use to generate keys. I know of one very famous ‘must-have’ java desktop app that comes with a key generator built in, if you can find it!
In the middle we have a whole bevy of novel and interesting approaches, often combines in entertaining ways. For example, disguising public keys as something else, perhaps a class file. You could go one step further and have the classfile be actually valid and decompilable, with the key material being an offset into the bytecode. There’s always the approach of obfuscating the compiled code and transforming method names into java keywords, so you can’t simply use jad to undo it, this coupled with flow obfuscation will stop pretty much all casual poking around. However, anyone genuinely curious will of course be armed with a disassembler, and through practice have an automatic bytecode to javacode mapping built into his or her mind (or at least, enough to figure out what a particular chunk does).
Most interesting of all are those companies who for whatever reason, feel they don’t really need to enforce technical constraints on their users, and choose to simply rely on the honour system.
What is fascinating about all this is that while many people have been involved in coming up with all these schemes, nobody will talk about it (that I can see anyway). It’s understandable, of course, as this stuff is very much in the realm of ‘trade secrets’. So in many ways, it’s a solitary programming task that one can indulge in, but not really brag about, or discuss with peers. Of course for some, if you don’t get to brag about it and gain gratification through peer approval, it just ain’t worth doing.
August 22nd, 2003 at 1:14 pm
Ahh, the ancient art of cracking. I used to crack software as a hobby. Not because I wanted the software, not because I made money from it, or because I didn’t want to pay for it, but because it was fun (often some of the most-fun-to-crack software was awful and of no interest to me whatsoever).
My first program was Kings Quest III. It relied on a 5.25″ floppy with a bad sector. Nothing that a few minutes with debug.exe looking for some INT 13h calls (the MS-DOS low-level disk access call) couldn’t fix (although it was a big learning curve for me at the time).
Of course, without the protection the game was more user-friendly – no “Please insert disk 1″ on startup.
Next came software that required you to enter a word from the user manual – “Page 27, paragraph 2, word 4″. Again, a PITA and much nicer once the test was removed (especially those programs that had brown-on-purple text to prevent photocopying. Or to prevent the legitamate owner from being able to read the manual!).
Over the next couple of years the software houses realized that counter-measures were required. Things got trickier. Examples include self-decrypting code that was difficult to patch, programs that hooked the keyboard and/or debug interrupts, code that was timing-dependent, even hardware dongles that played havoc with your printer… Of course none of these techniques would slow down the determined hacker for long, and in fact discovering a new protection mechanism, and finding the associated workaround, was what kept me coming back for more.
Note that one of the overriding ‘features’ of the above protection techniques is the inconvenience for the legitimate users. Returns, support costs, disgruntled users. Do software companies still not realize the stupidity of this approach?
I don’t have a problem with non-intrusive licensing (which thankfully is far more common these days than it used to be), but I’d still prefer to see software houses expend their effort s on writing quality software rather than protecting a crap product. There will always be a proportion of the population that pirates software and nothing will change that. But in my experience high-quality software with a loyal userbase suffers far less from more casual piracy than flaky software with bad support.
No way I’d ever ‘lend’ my IDEA license to a friend or colleague, I like the product too much. In fact I actively promote it and encourage others to buy it too. ZoneAlarm however is a good example of some software I bought recently which i sorely regret (thanks to it dropping connections randomly when under load. Crap support and no fix in sight). Anyone want a ZoneAlarm serial? I consider it worthless anyway.
The sooner companies realize that a quality product with good support wins out over pointless attempts to enforce the law the better. It’s the only way they can ‘win’ the war against piracy.
August 22nd, 2003 at 8:55 pm
In 1972 I hacked a Triple-DES encrypted punch card with a vintage 1930′s vintage Remington Rand.
It might have also been in 1951. I can’t remember the exact date anymore.
August 23rd, 2003 at 9:57 am
Do a search on Google you’ll find loads of IntelliJ IDEA cracks. Nothing is un-crackable.
August 23rd, 2003 at 4:25 pm
i never cracked anything. :( i guess i am too busy being self absorbant. ;)
really, you guys, of course there has to be secrecy. after all, i get it from friends who cracked it. and if the software company finds out, somebody cracked it,they will change the code, algorithm, whatever, and i am out in the cold again..Of course, it doesn’t matter to you guys, since all you are looking for is a thrill, but it matters to me(ashamedly says) since i wanted to pirate the damn software. :O
it must be serious fun though.
August 26th, 2003 at 8:59 am
IDEA’s license protection actually falls into the ‘incredibly easy to circumvent’ category. I figured it out in a matter of minutes a year ago, and it still works with each new EAP release.
However, it’s not only the best IDE I’ve ever used but it’s also changed the way I write code, and for the better. I feel a bit of guilt for not paying for it. As soon as we start making money, I’m buying the three or four licenses I owe them.
August 26th, 2003 at 6:00 pm
IDEA’s license protection actually falls into the ‘incredibly easy to circumvent’ category. I figured it out in a matter of minutes a year ago, and it still works with each new EAP release.
However, it’s not only the best IDE I’ve ever used but it’s also changed the way I write code, and for the better. I feel a bit of guilt for not paying for it. As soon as we start making money, I’m buying the three or four licenses I owe them.
August 26th, 2003 at 6:11 pm
IDEA’s license protection actually falls into the ‘incredibly easy to circumvent’ category. I figured it out in a matter of minutes a year ago, and it still works with each new EAP release.
However, it’s not only the best IDE I’ve ever used but it’s also changed the way I write code, and for the better. I feel a bit of guilt for not paying for it. As soon as we start making money, I’m buying the three or four licenses I owe them.
August 27th, 2003 at 6:03 am
‘must-have’ java desktop app
is there such a beast ? :)
August 28th, 2003 at 7:09 pm
Precisely the other day I was talking with some java people over irc about licensing techniques. The consensus is that there’s no way to protect a piece of software from cracking. As long as you can use debuggers, decompilers, memory analyzers, etc. there will be a way to crack a program. Even DRM hardware will be eventually cracked (if it ever comes to exist). That doesn’t mean it’s legal or that should be done. Just that it will always happen.
And that’s why I don’t use IDEA. I prefer Eclipse and I don’t have to buy a license (or crack the sofware) :)