Through an unforeseen series of events, I have ended up corresponding with a cracker known only to me by a Hotmail address and the  pseudonym “CrackZ”. It quickly became clear that he knew what he was talking about, but was motivated by curiosity rather than criminality. Obviously crackers are a more diverse group than the criminal masterminds and script kiddies of popular imagination. To my surprise he agreed to be interviewed for this blog and I jumped at the chance to find out a bit more about the shadowy world of cracking.

*** I realize this is an emotive subject, but please read the whole interview before posting anything in the comments. ***

What is your background? How did you get into cracking software?

I graduated in software engineering about 10 years ago and started out seriously cracking software in my first year at University. It was the first time I’d had access to a fast, unmetered Internet connection and my interest became collecting software and then breaking it; most of my associates never proceeded much beyond the downloading lots of free software stage. Prior to this I’d really only ever had a casual knowledge of the piracy scene from owning a Spectrum, Commodore 64 and then an Amiga. Think tapes and copy disks being swapped in the playground and you wouldn’t be far wrong ;-). The first PC experiences I can recall were studying some very early Phrozen Crew cracks and the Quox virus that someone gave to me on a disk.

Do you also write software? Is your day job in the IT industry?

Yes and yes.

What is the motivation for cracking software?

Motivation for cracking really seems to vary. For me I think its always been mainly about the intellectual challenge, studying code, or ‘breaking the minds of protection authors’ as one correspondent so eloquently put it. For many there is also the ‘social aspect’ of being amongst a like-minded group of individuals (see some of the interviews with former members of famous groups e.g. PWA, DOD if you want to understand how powerful a *pull* the social element can be). Then there are also those who simply enjoy getting software for free or those who do it simply for ‘kicks’. Contrary to the various anti-piracy associations propaganda, very few of those I’ve ever been associated with have been motivated financially. That’s not a justification of course, but it might help if most authors realised that the person who cracked their software is more likely a bored 16 year old Chinese male than a future terrorist.

Is cracking an individual activity or is it organized?

The answer is both, but that is an oversimplification. Most of my cracking has been pretty much a lone-wolf occupation, although there have been times I have worked with others on group projects, expensive CAD/CAM applications for example. One only has to look at the scene to see that there are plenty of organized groups out there and some of the group infrastructures I’ve seen would rival small corporations in their sophistication. A lot of authors are often quite surprised to find their software on the cracking scene radar.

What is your attitude to intellectual property? Do you release cracks and keygens ‘into the wild’? What do you think of those that do?

I’ve actually gone full circle here; in my early years IP literally meant absolutely nothing to me, the value of the software didn’t matter and authors were inconsequential. I would happily release cracks and key generators under a variety of nicknames and scene groups and I didn’t lie awake at night thinking about the damage I might be causing to someone’s livelihood. Currently, I’m 100% in the ethical category (you can debate that). I haven’t been able to curb my interest in protection code, but have managed to channel my interest towards simply contacting the authors when I have broken their code. Sometimes I’ll even offer a little helpful advice; though I’m afraid that’s probably the ‘moral best’ I’m ever going to be. I don’t support those who release cracks and key generators. I’ve heard enough from authors to know how damaging it can be, but anyone who has ever experienced the scene can probably understand why it still happens and will continue.

I can understand the attraction of cracking as an intellectual challenge. But why do some crackers then release the cracks? What do they gain?

Respect amongst their peers and the ‘scene’ at large and dubious notoriety. I’ve known some who did so in order to get a job.

When people release cracks do they think about the effect they are having on the livelihoods of the people who write the software? Do they care?

My guess would be ‘probably not’ on both counts. I think this changes with age though and many get more considerate as they get older.

What is your opinion of people that add trojan horses and other malware to cracks?

I suppose I might be accused of some degree of hypocrisy ;-), but these really are the bottom-feeders and low-lifes of the world.

What types of software do you target?

Myself it has been pretty much exclusively Windows, with the occasional bit of *nix, but there is plenty of interest in virtually every platform out there, even groups dedicated solely to them. Nothing escapes attention these days.

What tools and techniques do you use for cracking?

My tools of choice are IDAPro (the best disassembler which also includes a debugger) and also a mixture of other debuggers depending on the target (e.g. OllyDbg, SoftICE, Syser and even WinDbg). And then there are other associated tools like a decent Hex Editor (Hiew, UltraEdit) and more specific utilities covering the various cracking fields. There are quite a few books out there on the subject of reverse engineering that list virtually all of the tools in most crackers toolsets.

How long does it take you to crack the protection on an average piece of software?

On average shareware protections I’d usually be able to break them in a matter of hours, although understanding their intricacies might take a good deal longer. I’ve had some fall in minutes and others take full days of analysis. Perhaps as a small comfort, I’d say that each year the average protection seems to be getting a little more difficult to crack.

How long are you prepared to spend to try to crack a piece of software? Do you ever come across software you can’t crack?

In the past I’d be prepared to invest most of the hours in a day in one piece of software. I’d make literally pages of notes on paper and in the disassembler, naming functions, variables, structures, commenting fields etc. For many crackers time is a commodity they have in spades. I’ve met several targets that I couldn’t crack and several I simply didn’t bother completing because others had beaten me to it. Of the few I couldn’t break I did understand the reasons why (some need specific server-side responses). In some cases, several years later, users sent me the necessary hardware / information to enable me to break those targets.

Are applications protected by commercial anti-piracy software harder to crack than applications with home grown protection?

This is a tricky one; commercial anti-piracy software is pretty much exclusively written by ex-members of the cracking community and by default is protected better than many authors own creations. However, once a protector gains what I’d best term as a ‘critical usage mass’, its attractiveness as a target becomes that much greater. Experienced crackers are drawn to it almost like moths to a flame, since breaking an entire ‘protector’ can yield a lot of targets. Some of the very best and worst of the protections I’ve seen have been of the home grown variety. A lot of authors (IMHO rightly) conclude that improving the attractiveness of their software to potential customers is a much more productive use of their time than writing the ultimate copy protection.

Is software that phones home harder to crack?

Software that simply ‘phones home’ presents more of a nuisance than any real barrier to cracking. I’ve seen some that implement server license checking (mIRC is a widely available example) and it hasn’t stopped the cracks appearing. Several other targets have required decryption keys to be fetched from the server and these also haven’t presented any real problem. Its worth remembering that a cracker will often have access to a legitimate license with which to perform his study. At some stage a true client/server protection model over the internet will be a real possibility (MS has some stuff already like this), where all of the code is actually executing on a server. This will most likely simply move the goalposts, but seeing as a lot of the software I have been asked to look into was leaked to me by company employees the server model might not be as secure as it suggests.

Do hardware solutions (e.g. dongles) make software significantly harder to crack?

Hardware keys and, more recently, smart cards do make software harder to crack, largely due to the fact there is usually an element of hardware encryption these devices perform that can’t be easily replicated without access to the original device. However, over the years, I’ve met literally hundreds of disgruntled end-users of these devices, many of whom have sent me their keys and risked their jobs just to be free of them. A few eastern European contacts of mine sell ‘dongle emulating’ solutions and have archives of probably more than 10,000 individual dongles.

Is any method of securing software 100% secure?

Absolutely not, and anyone who tells you otherwise is lying.

What are the commonest mistakes software developers make related to security?

In no particular order:

1. Depending on commercial protection schemes for security.
2. Directly comparing the license string entered with the correct one.
3. Not using some sort of encryption/obfuscation (XOR isn’t *good* encryption).
4. Using a single simplistic registration function that is easy to isolate.
5. Displaying message boxes with helpful strings sending the cracker straight to the protection code.
6. Not integrity checking against patching.
7. Not updating the software once a crack is discovered in the wild.

Do you think software vendors should spend more time making their software harder to crack?

I’m pragmatic; I’d advise all software authors to invest time in a *reasonable* copy protection and keep abreast of whether cracks are out there, educating your potential customers can be worthwhile. Make your protection something custom and use some imagination by all means, but make it proportional to what you are protecting. There isn’t much point having a £million lock on a £100 product, you simply can’t defeat every single cracker out there.

Can you expand on “educating your customers can be worthwhile”?

‘Educating’ might be the wrong word, but appealing to peoples conscience can be quite effective. A few software authors have ‘crack catcher pages’ for the search engines that say things like “I work 60hrs per day on my software, please support me if you want me to continue adding features” etc. Its also worth pointing out that there are plenty of con-merchants and dodgy sites out there selling cracks that often do contain trojans/viruses. One could also appeal to the fact that ‘time is money’ for a lot of potential software buyers, so why invest several hours of their life looking for a crack if it’s more cost effective to buy?

Can you recommend any online resources for authors wanting to know how they can protect their software better?

There are several books and web resources on anti-debugging & protection advice, Google will find them ;-). There are also several mainstream books, Pavol Cerven’s springs to mind.