Would you use a Firewall that had a cracked .dll?

So there is this new version of a firewall out, but the only crack for it is a cracked .dll, (it replaces the original .dll). Plus there is another firewall, and its crack requires that you patch the exe before it can read the liscence file.

I am very reluctatant to do anything but a serial # when it comes to firewalls. Most likley the person who made the crack is playing off your false-confidence and will use your modified firewall for his own purposes.

So again when it comes to firewalls only register by serial #, don't trust anything that modifies exe or dlls.


What do you think?

[Squidge]

Where security is concerned (Eg. firewalls) I find it easier to just buy the firewall software itself. There's plenty available at a reasonable price, and non-pro versions available free. I fail to see the reason for a cracked version.

I bought Drivecrypt for the exact same reason. It was only ?25 UKP, and gives me a much better piece of mind than a crack or serial#. Yes, stolen serial#'s can work fine for the version it was issued for, but could be blacklisted (or worse) in future versions.

So in the end, I just buy all security related software. Saying that, I bought my copy of WinXP Pro, just to get piece of mind with Windows updates. We all know how many updates per month there are now, so it would be kinda stupid to try and do without them just for a free/cracked version.

[ArC]

Some programs don't check the serial
number directly. Instead they send it
to a registration server where it is checked.
In that case the only way to crack the app
(without patching) is to create a fake
response code. Since this can be very
difficult it is easier to patch the app.

This technique is mostly used by programs
which are connected to the I-Net like
servers/clients or firewalls.
A good example for this is GlobalScape Secure FTP Server.

But of course it is a security risk to download
patched exe's/dll's for network apps
like firewalls.
If you don't trust in a crack, I suggest to
crack the app on your own or to buy it.

I reckon Kerio have a terrific firewall, that is free for personal use, I use that and used its predeccessor Tiny before that, personally I wouldn't use cracked security sofware under any circumstances.

[MaRKuS-DJM]

hm... maybe you mean my cracked Outpost Pro 2.1??? (SnD TeaM, cracked .dll).
i didn't modify program code, i only unpacked it from ASProtect and modified the registration name (from "unknown" to "SnD")

I am using Zonealarm pro...guess it's one of the best...pompeyfan i'l see Kerio...actually my friend needs a free firewall...he hates piracy...thanks

It's amazing how LITTLE faith we (yes, me too) put in other peoples patches and how MUCH faith we put in other peoples Tools.

Case in point, software firewalls.

I doubt that there is a single person who posted to this thread that couldn't programaticly get around a software firewall. Anything from trapping it's kernel calls to flat out bypassing them.

I guess another thing is we all tend to be leary of patches, but call something an IAT rebuilder and you'll see 300 downloads an hour.

I'm not saying people should write their own firewalls, or that we shouldn't run IAT rebuilders without disasm'ing them first.

I'm just pointing out that this is actually part of the human condition. A patch is giving you something for free, and we are all ingrained from birth to distrust "things that are too easy or too good to be true".

A mild distrust is normal and can be very healthy to the life of your computer. Taking apart a patch and diffing what it does to the target should be 2nd nature.

But I would emphesize a little less faith in software firewalls. If the target your working on stands a chance of calling home, pull the ethernet cable OUT of the computer before launching into the debugger.

Maybe I'M the paranoid one...

Quote:

I am using Zonealarm pro...guess it's one of the best...pompeyfan i'l see Kerio...actually my friend needs a free firewall...he hates piracy...thanks

That's okay, if your friend gets it, go for version 2.1.4, not the latest beta version.

MaRKuS-DJM, yes it was you who made the cracked .dll

I'm sure your intentions are good, but I am too paranoid.


I think I will just buy Kerio, lol.

[MaRKuS-DJM]

*lol* but it's not only problem with firewalls... it is that problem with every crack-release... maybe i put my own code in it to disable your firewall / antivirus or destroy your computer ... why should i do that? if i do that, i would no longer be member of SnD TeaM. then i would be member of a virus-crew, not a crack-crew. sorry for my bad english.

[mtw]

Quote:

Originally posted by Rhodium
So there is this new version of a firewall out, but the only crack for it is a cracked .dll, (it replaces the original .dll). Plus there is another firewall, and its crack requires that you patch the exe before it can read the liscence file.

I am very reluctatant to do anything but a serial # when it comes to firewalls. Most likley the person who made the crack is playing off your false-confidence and will use your modified firewall for his own purposes.

So again when it comes to firewalls only register by serial #, don't trust anything that modifies exe or dlls.


What do you think?

Why dont you disassemble the cracked and original dll.
This way you can see what they changed.

Only get your patches from trusted sources and groups, like CORE which have facilities to verify you actually have there release unmodified. Believe me theres no way groups like CORE, or any other major scene group would do anything but crack the registration of an app or they would be banned very quickly.

Drivecrypt Plus Pack was $125USD, I suppose if I was rich I buy it, but Im satisfied with dT's keygen of it :P

Quote:

Originally posted by Rhodium
Plus there is another firewall, and its crack requires that you patch the exe before it can read the liscence file.

lol, the "other" firewall you refer to is Kerio Personal Firewall.
I know coz I made that crack and I can assure you it's just a simple byte change to read the license file and nothing else.
Enjoy

[Eleven]

It all depends on where you get the crack or patched files from that should be of most concern.

You download a patched file you find on google, theres always a higher than average possibility of it being backdoored. If you aim to get the <highest> level release, theres very little chance that there'll be anything malicious about it.

People who post things themselves on their websites don't particularly care how their reputation is affected, they can always make a new website or change their nick amongst a plethora of other things. The major warez groups have a lot to lose from releasing software that contains a backdoor, the entire chain is based on trust. If its found that a member willfully sets out to backdoor a crack, that member will be dropped from the scene, losing a lot more than they stand to gain. What, they get access to a bunch of people who will likely end up formatting anyway? Being that high in the chain gives them a lot more to try to hold onto than petty things like that. Chances are that piece of software will be found to be backdoored before it gets past the topsites, anyhow.

What I do is only look for complete software releases, not cracks, or patches, and find at least independant sources. Releases commonly have .sfv files nowadays, so download the piece of software and check it with the crc. If it fails, its either corrupt or hacked. If it doesn't fail, don't install it instantly, check it with another sfv for that release. Its easy to tamper with plaintext crc checks, its hard to replace every sfv floating around with their modified one.

I tend to only get things off ftp's or IRC (which isn't as bad as you'd expect). Multiple files on multiple independant servers makes it easy to verify the integrity of whatever you're downloading.

Quote:

Originally posted by mtw
Why dont you disassemble the cracked and original dll.
This way you can see what they changed.

Was going to be my suggestion...

-Shadz