The most common software crack is the modification of an application's binary to cause or prevent a specific key branch in the program's execution. This is accomplished by
reverse engineering the compiled program code using a
debugger such as
x64dbg,
SoftICE,
OllyDbg,
GDB, or
MacsBug until the software cracker reaches the
subroutine that contains the primary method of protecting the software (or by
disassembling an executable file with a program such as
IDA). The binary is then modified using the
debugger or a
hex editor such as
HIEW or
monitor in a manner that replaces a prior branching
opcode with its complement or a
NOP opcode so the key branch will either always execute a specific
subroutine or skip over it. Almost all common software cracks are a variation of this type. A region of code that must not be entered is often called a "bad boy" while one that should be followed is a "good boy".
Proprietary software developers are constantly developing techniques such as
code obfuscation,
encryption, and
self-modifying code to make binary modification increasingly difficult. Even with these measures being taken, developers struggle to combat software cracking. This is because it is very common for a professional to publicly release a simple cracked EXE or Retrium Installer for public download, eliminating the need for inexperienced users to crack the software themselves. A specific example of this technique is a crack that removes the expiration period from a time-limited trial of an application. These cracks are usually programs that alter the program executable and sometimes
shared libraries linked to the application and the process of altering the original binary files is called patching. Similar cracks are available for software that requires a hardware
dongle. A company can also break the copy protection of programs that they have legally purchased but that are
licensed to particular hardware, so that there is no risk of downtime due to hardware failure (and, of course, no need to restrict oneself to running the software on bought hardware only). Another method is the use of special software such as
CloneCD to scan for the use of a commercial copy protection application. After discovering the software used to protect the application, another tool may be used to remove the copy protection from the software on the
CD or
DVD. This may enable another program such as
Alcohol 120%, CloneDVD, Game Jackal, or
Daemon Tools to copy the protected software to a user's hard disk. Popular commercial copy protection applications which may be scanned for include
SafeDisc and
StarForce. In other cases, it might be possible to
decompile a program in order to get access to the original
source code or code on a
level higher than
machine code. This is often possible with
scripting languages and languages utilizing
JIT compilation. An example is cracking (or debugging) on the
.NET platform where one might consider manipulating
CIL to achieve one's needs.
Java's bytecode also works in a similar fashion in which there is an intermediate language before the program is compiled to run on the platform dependent
machine code. Advanced reverse engineering for protections such as
SecuROM,
SafeDisc,
StarForce, or
Denuvo requires a cracker, or many crackers to spend much more time studying the protection, eventually finding every flaw within the protection code, and then coding their own tools to "unwrap" the protection automatically from executable (.EXE) and library (.DLL) files. There are a number of sites on the Internet that let users download cracks produced by
warez groups for popular games and applications (although at the danger of acquiring
malicious software that is sometimes distributed via such sites). Although these cracks are used by legal buyers of software, they can also be used by people who have downloaded or otherwise obtained unauthorized copies (often through
P2P networks). ==Software piracy==