How to become a solid cracker (Advices for beginners).txt

Last days I'm receiving pretty often messages and mails with the same question: "what do I have to do to be skilled reverser/cracker, what tools do you use?". Well, there is no golden rule . I suppose it's composed by three elements: WORK, WORK and... WORK. Anyway, if someone is it still wondering where she/he should begin, please read these advices.

A set of must have tools:
LordPE - PETools - PEExplorer - ProcessExplorer - Revirgin - ImportRec - Advanced Registry Tracer - SoftSnoop - ApiMonitor - FileMon - RegMon - Spy&Capture - ResourceHacker - ResourceTuner - ResourceBuilder - OllyDbg - W32Dasm - SoftIce - IDA - Dede - EnhancedDebugger (it's GREAT) - BDasm - Debuggy - HexEditor - WinHex - UltraEdit - Med - MASM (remember to update link.exe and ml.exe from VS NET) - TASM - packers/unpackers - any C++ compiler (Borland, Microsoft, DJGPP...).

Tutorials:
TKC - Fravia - +ORC - Iczelion - manual unpacking (aspack, asprotect, telock, armadillo, etc.) - dongle removing (envelope, dumping...) import table rebuilding - exceptions - adding visual functions to any program - Assembly Style - Art of Disassembly - Opcodes help - Intel Pentium Instrucions Reference - PC Assembly Language (it's GREAT) - Art of Assembly Programming (yes, it's HUGE but there's no need to read it all, 20-30% is enough) - Windows API - Codebreakers - The Assembler Environment - PE Format Explained (or other good PE tutorials).

Cryptography:
First of all, cryptography knowledge doesn't make You much stronger in cracking. It can make You more serious in reversing and protecting. I know that most of You are discouraged when hear about MD5 IDEA RC4 etc. Believe me, in the beginning You don't need it. Just try to ask any SKILLED cracker what is a "collision", what does "Floyd's cycle finding algo" do, what's faster: MD4 or MD5?, what MD5, SHA and RIPEMD have in common? These are only few principles of cryptography. Not to blame these crackers - I can bet 95% of them doesn't know the correct answer just because they don't need it at all. As a proof let's take Armadillo and ExeShield. Both of them use STRONG CRYPTOGRAPHY but in order to full crack them You need (I'm assuming the amount of time) about 3-7 hours for Arma and 1-2 hours for ExeShield. Why? Only because cryptography is less important. The real power is hidden in antidebug antidump and antitrace tricks and that's what You should have learn . Ok. let's stop it as it begins turning into a tutorial and we don't need it.
Titles: - Handbook of Applied Cryptography - Cryptography Theory and Practice.

I hear You all.... "What this jerk is talking about?! That would take 80% of my free time! I've no willingness for these stupidities! I want to become famous! NOW!... ". Well, then go and masturbate urself in some public toilet or start singing with Britney Spears. If You want to become famous then You're in a wrong place -there is no space here to explain why. If You'll read and understand the mentioned titles and provide Yourself with this software, You should become more than an average cracker -You should be ON THE TOP. Then, someday, I'll be glad to have the chance to ask You for help.

Please remember that all You've read above is only my private opinion. I hope that helped at least one solid and honest furthcoming scene member (to be truthful: I'm not scene member ). Greetings and regards to all the people visiting ExeTools forum (especially the pleasant ones: Wassim and Jay .

Well said In the end, all it really takes is a lot of READING and WORK.

-Lunar

..omg

time - that is all what you need

trust me..

Hey dynio,
why don't you prepare a 'beginner's package' in which you include all your tuorials and then upload it. Think would be nice and fun. Greetings.

[MaRKuS-DJM]

yes, time is all you need... and sometimes help from professional crackers. and of course much tutorials

Why not open a crypto thread here, where the expirienced "decrypter" would share their basic and advanced technics with the curious ones ?

[ArC]

Quote:

...where the expirienced "decrypter" would share...

Experianced Decrypter?

OK guys, I'm glad to hear some of You have found it useful. About tools: I'm not sure all the tools I'm using are free to distribute but if You have strong reasons... why not?
Get ready for cryptographic intro I'll post during 1-2 days. I've chosen ExeShield as a target because it uses Rijndael, SHA and MD5. Moreover it's protected with Xtreme Protector. Yeah, I was a bit surprised too. As far as I know, Xtreme Protector is the hardest one, so prepare for a lot of fun.
I could post it today, but during writing, it has growed to more than 20kb! I must cut out the Xprotector subject because it's too big, and the way I've played with it was not so birght (I don't think You want to write a SoftIce macro which patch over 100 bytes).
What You'll get is a cryptographic intro which will show You the way the most popular algorithms are working (the principles) and how keygenrators are builded. After reading You will be able to keygenerate ExeShield without touching it's code or changing anything inside the file .

Regards.

[dj-siba]

dynio: Thanks for you time, and to all who wrote tuts...

Regrads

[ArC]

Did you break Xtreme-Protectors protection?

A about that would be nice

Isn't that strange? Someone protects his *OWN* protector
with *ANOTHER* protector by another company?


[I know I already asked this in
the Software Release forum.
Why do you think that it is protected with
Xtreme-Protector?]

Hehe, as I said: v2.8a is Xtreme protected. I'm sure because I've spend few hours dancing with this protector (over 100 patched bytes LIVE inside the code). Be ready... And I agree with You, I was a bit surprised too (protecting a protector with another competitive protector).

Regards.

[ArC]

That's strange.....

Every Xtreme-Protector app contains the
following things:

• at least one section which is named XPROT (ok..the section can be renamed easily)
• the message: "Cannot write Xprotector.vxd. Make sure that this file is not being used by another program
• you can find: Xprotector.sys XPROTECTOR \\.\XPROTECTOR \\.\Global\XPROTECTOR
• you can find some APIs for installing drivers.
• You can find the text: "Xtreme-Protector Error Xtreme-Protector Cannot open XPROTECTOR.SYS driver. Please, make sure that you have administrator's permits the first time that you are going to run this program Cannot open XPROTECTOR.VXD driver. Make sure that XPROTECTOR.VXD is not open by another program Xprotector driver has been updated, you need to restart your computer to finish the installation of the driver. Do you want to restart your computer now?"

These messages are ALWAYS put into a Xprot
app no matter what protection options you
choose.

However, I couldn't find ANY of the things
mentioned above

I also bypassed the s-ice detection
by simply loading icedump.

That's neither possible with the first release
(1.0) nor with the current version (1.05)
(of Xtreme-Protector)

Xtreme-Protector does NOT allow you to turn
off debugger detection.

Sorry..but I'm a bit confused....

[ArC]

However, I'm looking forward to your
tutorial

Sounds like a great deal, Dynio. Go on!

Arc: How often do I need to write the same words? Check this out: exeshield homepage . Download the file.
You are right about vxd/sys/envelope etc. The problem is You are playing with old version of ExeShield. And forget about any SoftIce hidding tools and tricks. THEY DOESN'T WORK WITH XTREME PROTECTOR. It was some fun for me to rip the ExeShield 2.8 code.
Bad news: I wouldn't write a solution for XProtector because I know they are reading this forum. As I've written in other previous posts: I don't want to learn them.
I've finished the tutorial, but it's explaining protection scheme (MD5) in ExeShield 2.8 - not the XProtector itself. All what I can tell You about XProtector is: it's not so hard to turn it off during work. The only problem was to find the incovex ideas (not these well known). I've found three methods to skip this protector.
As I would like to help as much as I can I'm open to help You all with certain applications protected with XProtector (dump, reverse, disassemble...). Also if You're interested in some fragments of XProtector feel free to ask me.

Regards.