this post was submitted on 18 Nov 2023
39 points (89.8% liked)

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

54500 readers
655 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others



Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):


💰 Please help cover server costs.

Ko-Fi Liberapay
Ko-fi Liberapay

founded 1 year ago
MODERATORS
 

Ok, I need some insight before I go back into Torrenting. I need a piece of software from a less than reputable company (Wondershare). Now I know Keygens can be run through Sandboxie or a VM to get the key but how do Patches and Cracks work?

One of TorrentGalaxy's most trusted uploaders & software patchers keeps the software updated and uploaded & includes in the download listing the www.virustotal.com report for the installation files which shows a clean listing; however the Patch shows a listing for multiple AV/Malware software which shows the Patch being a virus. So, how do I use the software if the Patch is "infected". Am I missing something? Thanks!

you are viewing a single comment's thread
view the rest of the comments
[–] PM_Your_Nudes_Please@lemmy.world 22 points 11 months ago (3 children)

You’ve got a few questions here, so let me break it down…

What is a crack?

A crack is simply a way of defeating DRM. In the old days, games would often require the game disc to be inserted before they would boot. It was a very easy way of preventing people from simply sharing the files. Because even though the game was installed and didn’t need the disc, the game would simply refuse to launch without the CD in the tray. It was a sort of physical DRM, because disc burners weren’t super common yet so copying a game disc wasn’t super easy.

So the crack simply edited the part of the game that checked for a CD. Sometimes it was as simple as removing the few lines of code that told the game to check for a CD. Sometimes it was simply a matter of telling the game that the disc was always inserted. But that’s just an early example of a crack; It was modifying a game file (or files) in some way, to make them boot even when DRM would normally prevent it.

Modern cracks are much more complicated, but the end goal is the same. Crackers are simply trying to defeat the DRM, so the program will boot. It usually modifies a few files, to get the program to boot when it normally wouldn’t. The cracks are usually fairly small in size, because the actual program .exe and a few .dll files are usually all that gets changed. So patching the program is usually as easy as moving the cracked files into the respective folder, and overwriting the legitimate files.

Why does a crack show up as a virus?

Lots of modern cracks need to do some pretty fucky things to defeat modern DRM. It often requires intercepting network traffic that the launcher would use to “phone home” to a company server. For instance, maybe the launcher checks in with a company server to verify that your program is legit. If the server responds that it is, then the program boots. So the crack would potentially need to intercept that network traffic, then spoof a response from the server. But you know what else does something like that? A virus, attempting to hide itself.

And modern antivirus softwares don’t rely on “hard” virus definitions to identify viruses. The traditional way of scanning for viruses was to just keep a massive database of known threats, then compare files against that. But that’s slow and new threats constantly need to be added in order to keep your virus scans accurate. And if a hacker is able to change their virus slightly, you’ll need to add a whole new item to the database just to target the change.

So instead, they use something called heuristics, which basically means they look at how a program operates, then guess whether or not it’s actually a virus. It uses common virus behaviors and pattern recognition to try to identify a virus. This increases the chances of a false positive, but means scans are much quicker and will catch new threats in the wild even when they haven’t been officially documented yet. But since different companies use different virus definitions for their heuristics, different antivirus programs will give false positives to different cracks.

If it’s only a few flags on VirusTotal, you’re likely going to be fine. It’s most likely a false positive from those antivirus programs.

[–] dzervas@lemmy.world 12 points 11 months ago

what I want to stress out at this point is that due to the techniques required to crack a game (dll injection, ssl pinning bypass, syscall hooking and more) are used by malware

that though leaves you completely unaware if the crack is benign or not. It could be or it could be not. “but it worked fine for me” is also not a good enough pointer as it’s very common practice making the malware run only under certain conditions (after a month, only when the PC is idle or the screen is locked, or make it extremely lightweight - just upload all your browser cookies once a day

if you get hit by something like this there’s no going back. you need to format. there are very, VERY weird ways that a malware can replicate/hide itself to.

software has, is and always will be a game of trust. do you trust the cracker? or even the company that makes the software? and if so, why

I always suggest to never run cracks on a machine that is used to log into personal accounts

The only crack that I actually trust is mass grave (windows & office crack). It’s a powershell script so you can just read its source code

load more comments (2 replies)