but you won’t be cracking real copy protections. That would not only be ille-
gal, but also immoral. Instead, I will be demonstrating cracking techniques on
special programs called crackmes. A crackme is a program whose sole purpose
is to provide an intellectual challenge to crackers, and to teach cracking basics
to “newbies”. There are many hundreds of crackmes available online on sev-
eral different reversing Web sites.Patching
Let’s take the first steps in practical cracking. I’ll start with a very simple
crackme called KeygenMe-3 by Bengaly. When you first run KeygenMe-3 you
get a nice (albeit somewhat intimidating) screen asking for two values, with
absolutely no information on what these two values are. Figure 11.1 shows the
KeygenMe-3 dialog.
Typing random values into the two text boxes and clicking the “OK” button
produces the message box in Figure 11.2. It takes a trained eye to notice that
the message box is probably a “stock” Windows message box, probably gen-
erated by one of the standard Windows message box APIs. This is important
because if this is indeed a conventional Windows message box, you could use
a debugger to set a breakpoint on the message box APIs. From there, you could
try to reach the code in the program that’s telling you that you have a bad ser-
ial number. This is a fundamental cracking technique—find the part in the pro-
gram that’s telling you you’re unauthorized to run it. Once you’re there it
becomes much easier to find the actual logic that determines whether you’re
authorized or not.Figure 11.1 KeygenMe-3’s main screen.358 Chapter 11