Hi folks, its been a long time since I have posted some thing technical, so I will be writing about the challenge I got at NIT KU, where I cracked WinRAR 3.80 using a disassembler and will tell you the same here. You can crack any version of WinRAR using this method and need not to pay for the registration fee and you can do this all by your self, easily. Furthermore, major software are cracked using the same way,but just get a bit complex in the methodology. This tutorial is intended for those who are new to cracking and disassembling.
Disclaimer – By Reading this tutorial You agree that this tutorial is intended for educational purposes only and the author can not be held liable for any kind of damages done whatsoever to your machine, or damages caused by some other, creative application of this tutorial.
In any case you disagree with the above statement, stop here.
The Tools
To perform this hack you will be needing –
- Any De-assembler (I use Hackers Disassembler and Hview )
- Resource Hacker
- A patch Creator ( Use Universal Patch Creator or Code fusion)
You will be able to get them by googling or you can download my set of tools provided.
How to Crack ?
You need to have a bit knowledge of assembly language,and in case you don’t have it,just cram the steps and it will work anytime,every time. Download the latest version of WinRAR from their website and install it.
I will be cracking Winrar 3.80 here (cuz I already have it:P ). This is basically a 2 step process ( 4 step ,if you want to do things with a professional touch,period) .
Now copy the WinRAR.exe file to desktop. Make a copy of it there.
Step 1 – Hunting for Memory Address
Now load Hackers Disasembler and load the copy in it.
The Disassembler will disassemble the executable in assembly code. Now you need to search for strings that are used in WinRAR program. Press Ctrl + F and type “evaluation” without quotes and search in the assembly code. Hit enter…
After you have reached this block of code by searching, just look at the block of code above it. There you will find that some assembly values are being compared and then code is jumped to some other function. Now see carefully, the “evaluation copy” function must be invoked after some specific condition is met. We need to look for it at the code and the make certain changes to the condition so that the program doesn’t checks for the condition.
In the above code you can see this code –
00444B6A: 803DF4B84B0000 cmp byte ptr [004BB8F4], 00 00444B71: 0F859B000000 JNE 00444C12
This is the code responsible for validating you as a legal user :) . Just note down the memory address that leads to jump (JNE) at some memory location. In this case, note down 00444B71.
Note : For any WinRAR version, this code and memory address might be different,but the JNE will be same. Just note down the respective memory address that checks.
Now you need to search for the code that brings that ugly nag screen “Please purchase WinRAR license” after your trial period of 40 days is over. For this,look over your toolbar and click on “D” which stands for looking for Dialog references.
Now in the dialog box that opens,search for “please” and you will get the reference as –
ID-REMINDER, “Please purchase WinRAR license”
Double click on it and you will reach the subsequent code.
The code will be something like
* String: “REMINDER” 0048731A: 68EB5E4B00 push 004B5EEB
Just note the memory address that invokes the REMINDER dialog. In this case its 0048731A. Note it down.
Note : For any WinRAR version, this code and memory address might be different.But the Reminder Memory address code will always PUSH something. Just note down the respective memory address that PUSH ‘s.
Step 2 – Fixing and Patching
Now in this step we will be patching up values of memory addresses we noted earlier. I will be doing this using HVIEW.
Now load the copy you disassembled in Hacker’s Disassembler in Hview.
After you have loaded it, you will see the code is unreadable. Its just like opening an EXE file in notepad. You need to decode it. To do that, just press F4 and yoiu will get an option to decode it. Hit DECODE and you will be able to see code in the form of assembly code and memory addresses.
After you have done that, you need to search for memory addresses you noted down earlier. Just hit F5 and a search box will be there. Now you need to enter the memory address. To do that, enter a “.” and the type memory address neglecting the earlier “00” . The “.” will suffice for “00”. ie –
Type .444B71 in place of 00444B71
and search in the code.
After you have reached the respective code, you need to make changes to it. Press F3 and you will be able to edit the code.Now make the following changes –
After you have done it, save it by pressing F9.
Now search for next memory location by pressing F5 and entering it. Reach there and make the following changes by pressing F3 –
Save the changes by pressing F9 and exit HVIEW by pressing F10.
Congrats…You have cracked WinRAR :) Replace the original WinRAR.exe with this copyofwinrar.exe by renaming it. It will work 100% fine :P
Step 3 – Spicing up the EXE
Now U have a 100% working version of EXE, you might want to change your registration information in WinRAR. TO do this, you can use Resource hacker.
Launch Resource Hacker, load the copyofwinrar.exe in it
Now go to DIALOG –> Expand tree –> ABOUTRARDLG and click it. Now Find Trial copy line and replace it with your favorite one :P
and click on Compile Script button.
Now save the file with any name on your desktop or any location what so ever.
Now you have a fully patched WinRAR.exe file :)) you can either use it, or also can distribute it like a real cracker. If you want to learn that, move on to next step.
Step 4 – Creating a working Patch (or giving Professional touch :P )
I will be using diablo2oo2’s Universal Patcher (UPE) for creating the patch. The patch will work like any authentic one for that WinRAR version. Just like the one U downloaded at anytime of your life from any Crack and Keygen website.
Launch Patch Creator and click on add new project. Enter project Information and click on save.
Click on Add – > Offset patch
After you have done that, double click on offset patch and then
- Give path of original winrar.exe
- Give path of unmodified Winrar.exe (again)
- Give path for fully patched Winrar.exe (ie Cracked Winrar.exe in this case)
- Click on compare and it will show difference between both files
- Click on save.
Now in the next window, click on Create Patch and save it. The Patch will be created. Now copy it in WinRAR installation directory and hit on patch, it WILL
Congrats you have created a patch of your own and have learned to crack WinRAR :)
You can crack other software in the same way…just practice, debug and disassemble and you will get the way :)
[PS: The above is the long way to do it, I will be telling you the shortest way to crack WinRAR in just 1 step, the main aim of this tutorial was to introduce you to disassemblers and tools, and do some dirty work with your hand. ]
Cheers
Hello Dangwal,
I am regular reader of your articles. I am bit disappointed by this post. Please don’t encourage software piracy by publishing even educational crack tutorials.
Thanks,
Umakanth
I was wondering why “85” needs to be changed in “84”, “68” to “90” and “push” to “nop”. These parts of your explanation are well… not explained ;-) (except then by just saying: replace this by this, but without more in depth technical reason). Is it always like this, that you need to replace 85 with 84?
hi Wim
Sorry bro, I seriously assumed that everybody will be knowing assembly language. Actually we changed the code in a away that it stopped checking for any kind of conditions.
In ASM, JNE checks for 2 variables like a or b.
If a is not equal to b
then JNE will jump to specified location in code.
We changed 085 to 084 so that the JNE was changed into JE. JE means
if a=b
what ever the condition (signed or unsigned)
jump to specified code in section which is the validated code and allows us to remove “evaluation copy” from the title bar.
In the same way we changed the push 0048731A′, if you go to the 0048731Aaddress in the file (with a hex editor) you will see that all the hex bytes [up until the hex 00 (null termination)] spell out ‘REMINDER’ in ascii. And remember that this is an ID for the trial reminder dialog box. on the second to next instruction you will see a call to USER32.DialogBoxParamA external library to show and execute the functions of the trial reminder box that was pushed to the stack for one of the arguments. So in the end it will display the nag screen. We just typed 90 five times to replace ‘push 0048731A′ with ‘nop {newline} nop {newline} nop {newline} nop {newline} nop’, nop means No Operation it will perform no instruction; it’s just a byte to take up file space.
I hope it was cleared :)
Cheers..
Rishabh Dangwal
PROHACK | INDIA
@Umakanth
Hi Sir
Thanks for your constructive criticism, I see you are an open source fan like me and thanks to netizens like you the FSF community is thriving today. The intention of this tutorial was to teach Indian youth who want an insight in the world of hacking and cracking but are unaware of the means, to show them that it can be done, whatever the software, whatever the protection and to introduce the concept of software cracking to them. To show them it only needs more of common sense mingled with a bit of computer skills to do the job. I was inspired by a team of Indian crackers in the scene – team T3 to do the same, i chose the right path and I m glad i m not a cracker but a rightful person. Right or wrong, moral-immoral , legal-illegal,ethical-unethical is in our own hands, but its our duty to share what we possess. I m encouraging them to learn to use the tools, not to spread the cracks.
I take your words in quite high regard and will not publish any tutorial on cracking on any professional software here, but will continue to spread the word in basic freeware or in the form of code or by some other means.
Stay Gold.
————————-
Rishabh Dangwal
Btech CSE . CISE
PROHACK | INDIA
@Rishabh
I totally agree that you can’t stop piracy/cracking. But at least by creating awareness of opensource softwares and freewares to the readers would really guide them in a good way.
Thanks for your responsible action & I really appreciate that.
Keep it up good work :)
~Umakanth
Nice job!!! Simple, clear, clever and pedagogical! Congratulation and thanks for sharing knowledge!
Deco
Awesome tutorial. I used to use olydbg before I tried this. This tool seems to be better for assembly coding n00bs like me :P
One thing, can’t get a HVIEW for free( demo can’t open a exe more than 150000 bytes). Can anyone suggest me a free alternative for this hex editor??
Your tut is awesome!! But could have used olly :) But any way, thanks for the awesome tutorial.
I will have to disagree with Umakanth. If any reader doesn’t like a post he can always skip that post, instead of ranting. Also this is not piracy! Selling / using something cracked IS. If I would want to pirate Winrar, I know better places that this blog and those tools generate the original key file itself, doesn’t need any patching!
But if Umakanth had meant, reverse engineering is illegal, then he is perfectly correct. But that’s how one can learn about buffer overflow exploit and other security attacks!
@Tricky life
You could try hex editor neo with 14 days trial :) or … ;)
Excusme,,I can’t edit value to 84. B’cause it’s read only mode. How to change it..?
Thank’s before…
Who do i Crack the Registry Mechanic any version
plz Help
And Thanks For Winrar
heya
i was trying this on winrar version 4.0 and i couldnt even find the “reminder” as shown. any idea why?
dude!!!! you are awesome!!!!
Get in the team of Indian Reverse Engineering Club if you guys are interested.
Home: http://irec.isgreat.org/
Forum: http://teamirec.forumotion.in/
You guys can freely register over the forum. But to become an official member u need to solve the official keygenMe. To get the trial membership u need to show some of your reversing skills. Our cracking releases are available at places over the web including astalavista and all our official cracks since 2008 can be downloaded. Note the forum is not meant for any crack request instead you can discuss over certain protection strategy not over a specific target. If you are interested in cracking then we can accept u as a trial member and u can hv ur crack released officially and can be available for download via various cracking search engines over the web.
hi guys, newbie here, thanks for the tuts it really works, but how can i be a member of the IREC? im not an INDIAN ^_^ i think its really hard to crack the keygen test to be a member but im trying to hard to crack it……
Thank you man, That was a real Crack worked Pretty Fine with Me. Am trying it on Other Softwares.
hello sir, koi kab apne aap ko hacker kah sakta h . means ki use kin kin cheson ki knowlegde honi chahiye ek hacker kahlane k liye.
This doesn’t seem to work with v4.20. Some of the coding has changed and there are no dialogue references to the Please Register etc stuff that can be found.
Please add software to download
tnx
hi
in hiew my copy winrar is not .exe its .Ink any idea why??
help pls
Its the same problem with me..have you found the solution??
Thanks
Can you give me a link on the HVIEW Download
Hello Rishabh,
I want a step-by-step procedure to crack the password of a rar file
please mail me @ [email protected] at your leisure time.
Thanking you,.
Hai Rishabh,
Hearty Thanks for your Guide.
I got every tools except HVIEW, please reply the Link to make me a download
You See, The Author has made a small mistake actually it is not HView it Is hiew you can download from hiew.ru !!!
it doesn’t work with winrar 5.0. b8
Hello
Could you please help me to crack a android-sync program, I have an older version of Android-sync that allows me to sync my outlook contacts and calender to my android phone, I can only use the program if I go to local area connection and disconnect my internet or else it tells me there is a newer version available and it closes on me, I already tried blocking the program by using my firewall but in that case it gives a different error saying my phone is not connected, I am trying to find a way to fully crack this program so I don’t have to disable my internet connection all the time,
I tried your example by this is completely different and it does not work. , if you send me my email , I will email the program to you.
This video actually works http://www.youtube.com/watch?v=M7n-K1VKNyA
Sir, well ok but can u tell me where can i learn assembly language???
And a moment more earlier this method was working but i think now my pc is understanding that this is a crack not only for winrar other softwares too, but whenever i format and reinstall windows it works again but stops again any cause can u tell me?? Its urgent please…
Thanx in advance….
Hello Rishabh,
When I tried loading RAR file into ‘ Disassembler’ , I got an error of ‘EAccess Voilation’ when I clicked the ‘ Disassemble’ button. Please help me, Looking forward to a kind feedback.
Thanks
Hi sir
I did exactly as you posted in your blog. But when I searched the word evaluation it says that it could not find the word. This possessed a hindrance to my further advancement. Kindly help me.
Hey,
How to get value from RAM.
Like I have a variable in exe password=”123″
@runtime I want to get 123 by using tool.
Thanks
Can u help usremove the password protected winrar
Very good beginners tutorial for Resource Hacker
Sir can you help me to crack VB6 software if yes I will send you details of it please revert me ASAP.
Thanking yous