TORN@DO presents: cRACKER's n0TES
Tips & Tricks for cracking Key File Protections


Key Files (+Aesculapius)
1. The best tool to analyze a Key File is a Hex Editor. Text Editors are not suitable for this task.
2. A Key File is nothing more than a continuous array of bytes inside a small file. These bytes reflect the personal user information (encrypted), checksums of the key file integrity, encrypted dates, names, addresses, encrypted flags (for instance: a flag for multi-user license), etc.
3. To defeat a Key File Based protection scheme, you should create a little program to code a small bogus Key File. This generic program should be able to create files under different names and sizes. The content of this bogus file (against most believes) must be readable information. In my case, the bogus key file generator, cuts a large chapter from my favorite literature novel and paste it in the bogus file, adjusting the file size and name according to my necessities. Why readable information inside the bogus file? Because the target program will read strategic offset locations of the key file. A readable text inside it will warn about the precise location being read at any time. It will also mark the locations where certain checksums must be added to the final key file.
4. The Key File name is in most cases, the target program's main executable file name with the extension '*.key'. A very old stupidity flag still available these days. Other strategies to figure out the Key File name, are the use of a string searching utility, reading the user's manual (sometimes the author will include instructions on the Key File installation, revealing its name), at debugging level, BPINT 21 if ah==3d (DOS), when the break occurs, execute: D (E)DX at the SoftICE command screen, in Windows Environment, BPX CreatFile, ReadFile, GetFileAttributesA, etc., will perform the same task. Once you have figured out the Key File name, create the bogus file and copy it to the same path as the main target executable. Start the program and see what happens. If you receive an 'Invalid Key File' or 'Corrupted Key File' message (another stupidity flag), your cracking work have been greatly reduced; the next logical step is to search the location of the code where this message is triggered.
5. The Key File has to be read. There is no other alternative, the program must read the Key File to test its validity. According to this, appropriate breakpoints on file reading interrupts (DOS) or API's (Windows) should be set.




The cRACKER's n0tES are divided into 10 main parts:
 00. INDEX
 01. Assembly for Crackers (CoRN2)
 02. SoftICE (Boot Menu, Setup, Commands)
 03. Breakpoints & Win API Details
 04. Jump Instructions
 05. SET Instructions
 06. Tips & Tricks for Cracking
        1 Crippled Programs
        2 Dongles
        3 General
        4 InstallSHIELD Setups
        5 Key File Protections
        6 NAG Screens
        7 Runtime Limits
        8 Serials
        9 Time Limits
       10 Visual Basic 'Programs'
 07. Window Messages For Crackers
 08. Identifying Functions, Arguments, and Variables (Rhayader)
 09. Commerical Protection Systems
 10. Bitmanipulation (Cruehead)
 11. General Cracking Theory
 12. FAQ
 +A. How to contact me
 +B. What's New?

The cRACKER's n0TES are Copyright © 1998-2000 by TORN@DO of ID. All Rights Reserved. Archived and Re-hosted by Werdstaff