OSDev.org

Hey, recently I've been getting back into some of my old passtimes (cracking software, exploiting, etc...). I was wondering if anyone had any homebrew software that has any sort of protection that (with permission) I could keep practicing on? I don't want to practice on commercial software quite yet as I'm rusty and alot of them have call-back features that are dangerous to mess with.

Thanks. Also, If your OS has password-protected security, I'd love to take a crack at that as well.

Perhaps you should join a forum that encourages such illegal activity, last time I checked, this isn't one of them.

A: Cracking software with permission is no different than vulnerability testing with permission, very legal and very helpful in most situations.

B: I would need the permission to make it legal, and I would also agree to not distribute the software in any form (modified or not).

C: I'm sure some people would actually like to have their software 'put to the test' in a real environment instead of just hope that it is bug-free and that their buffers hold up and such.

why even make such a claim? if I was to just download some software from the internet with no talks with the author, and just crack and redistribute, that is indeed illegal, but that is not what I'm talking about.

Brynet-Inc wrote:Perhaps you should join a forum that encourages such illegal activity, last time I checked, this isn't one of them.

this is very closed minded and wrong.

To 01000101:
If you are worried about callbacks what you should do is run the application inside a vmware guest machine that has its networking disabled and after each session revert the image to right after a fresh installation of the application so nothing is hanging around next time you boot.

If you want some applications to break and lots of them I would check crackmes.de

@blound: wow, thanks for the link, that has ALOT of good stuff, and is even filtered by difficulty lol, thats awesome. Thanks for the info about callbacks as well, I will be installing a VM soon to start working with more advanced software soon.

Another reason I am getting back into cracking is it genuinely does improve my coding skills as it makes me more aware of certain things to avoid that can lead to exploitation.

blound wrote:this is very closed minded and wrong.

http://www.osdev.org/phpBB2/viewtopic.p ... 359#125359

I have a feeling he's not one that actively seeks out permission for such things, regardless, legitimate testing with approval from the author sounds semi-reasonable.

Brynet-Inc wrote:

blound wrote:this is very closed minded and wrong.

http://www.osdev.org/phpBB2/viewtopic.php?p=125359

I have a feeling he's not one that actively seeks out permission for such things, regardless, legitimate testing with approval from the author sounds semi-reasonable.

I'm not sure of your intentions with that statement, but you know nothing about me therefore do not jump to such extreme conclusions so quickly. I am seeking permissions as I stated that in my origional post, if you would have read it you would have known that.

Also, in the link posted, I was speaking in a general aspect, not from a personal one. I used to make viruses and experiment with such things, but this is a different case and in a different time. Now I am curious about how to make my programs better and less buggy , and if I can help someone else out with finding a bug before someone truely maliscious does, then I don't see an issue with this.

The problem with this is that the line is blurry. Yes he can practice if someone gives him permission. Yes it is justifiable to say that someone should not be given the chance of getting cracking experience for "it leads to the Dark Side".

Since the OP specifically asked for this permission at the start of this thread, he hasn't crossed the legal line. It is free for you to give him that permission or not.

But since the current line of arguments is steering towards a flamewar, I suggest everybody to stay on topic. If you want the discussion, create a new thread and talk about Mr. X rather than making your judgement on one specific person.

Thank you, I too do not wish to engage in a text-war over this. my intention with this post was not to get your opinions on the subject; if you don't wish to participate, then don't reply.

just search google with a string like: "crackmes" "keygenme" or simular

Also, you can find many of the crack teams that are usually associated with pirating put out crackmes, i remembering doing the revengecrew ones for fun.

Cracking is a pretty fun thing to do and very useful sometimes. Above just being able to learn a little about software security it's also nice to know how to just patch say a game you own so that it doesn't require the CD in the tray to run it(which is an incredibly stupid form of security in the first place).

But back to the software security. This is an incredibly useful idea that some AV venders don't get. You have to understand how modifying binaries works or else you cant combat things like polymorphic viruses efficiently.

I'm curious 01000101, what tools do you use? I never got the hang of SoftICE, prefer ollydbg.

softICE breaks my computer hardcore, it causes bluescreens lol. I perfer OllyDBG as well, i find it very easy to look at the interface. I also like IDA, but sometimes it is a little overkill for what I do; the decompilation features are second to none though.

I am definitely going to want to have big pieces of my OS crack-tested. However, I'm not nearly at that stage yet. It's very important to me to know if my sandboxing technique is going to be effective/useful.

A while back when I was doing research on how software is cracked, I came across this site. It may be helpful.

A while back when I was doing research on how software is cracked, I came across this site. It may be helpful.

popular site? lol, already referenced above by blound. Thanks, I've been cracking away at alot of their sample software, very cool site. The video tutorials are priceless as well.