Software Re-engineering for Dummies : An Overview
=================================================
by romeo [d4c/97]
Before I started "software re-engineering", these questions
often popped up in my mind :
1. How the heck can someone figure out the serial numbers?
2. What changes do you make to a program so that it's registered?
-------------------------------------------------------------------
INTRODUCTION
------------
I think it's reasonable to believe that the most widely used
debugger by all "software re-engineers" or "software reverse-engineers"
is SoftIce from Numega. The word "debugger" should tell you what
the program does. It debugs bugs. Well, people are often very
creative. If it can be used to debug bugs, it can also be used
to take a peek at how the software is programmed.
The debugger has to be loaded before Windows is loaded. The reason
is so that any programs that run under Windows can be stopped at any
time (by pressing Ctrl-D) and have it's codes (in Assembly language)
revealed to the user. (i don't want to get too complicated)
The ironic thing is that SoftIce is a shareware, and being the
best debugger is not any good to itself, because it is used by
"engineers" to find out what it's serial number is.
-------------------------------------------------------------------
INTO THE PROCESS :
Starting Point
==============
A software is often huge and therefore full of codes. It would be
impractical to go down each line of codes and figure out what
each line does. Therefore, it's up to the "engineer's" creativity
and experience to select a starting point. "Where should I start
decipher the codes?" There are lots of techniques, which might just
sound greek to you if you're a dummy to this area. So, I'll leave
that part out.
When a starting point is decided, the "engineer" will pay more
attention to "weird, interesting or out of the ordinary" codes.
Probing Techniques Simplified
=============================
1. Serial Numbers
If you have downloaded a shareware once or twice in your lifetime,
you might have come across a "Register" command which resides in
the Help|About ... dialog box most of the time. When you click on
it, you may be prompted with a box which require you to enter
your name and then a serial number that matches your name.
Now, this means that somewhere among the codes in the program, there
may most probably be lines that says :
A compare the serial number that has been entered with the correct
serial number that matches the name and goto B
B if it is incorrect, goto D
C show a thankyou message because the number is correct and goto D
D close the box and return to the program
As long as the "engineer" can find these lines, it is very likely
that (s)he can just write down the number from the screen (it is
just that simple! - sometimes ...). This is sometimes referred as
to a "soft" approach.
2. Changing Bytes
Well, it can be very tricky sometimes that the "engineer" has to
resort to "hard/brutal re-engineering". This involves changing
certain bytes of the original program so that it works the way
the engineer wants it to work. This would most likely involve
"time-limited sharewares". These sharewares do not offer the option of
registering the program by entering a name and a number. Worse,
after certain days, they will cease to work.
To make your life easier, let us use the previous example :
(pretend these are the initial codes)
A compare the serial number that has been entered with the correct
serial number that matches the name and goto B
B if it is incorrect, goto D
C show a thankyou message because the number is correct and goto D
D close the box and return to the program
I'll show you some techniques which have been used :
Technique 1 - Reverse the conditions
====================================
Often, there's only one number that matches your name. And you don't
get it right 99.9% of the time.
So, an "engineer" can change the codes to this :
A compare the serial number that has been entered with the correct
serial number that matches the name and goto B
B if it is incorrect, DON'T goto D
C show a thankyou message because the number is correct and goto D
D close the box and return to the program
Since you know that you'll be incorrect, by reversing the conditions,
you'll end up registering the program.
Technique 2 - One way conditions
================================
What if you happen to guess the right number? Hmm .. this means technique
1 will not work. So, this can be done :
A compare the serial number that has been entered with the correct
serial number that matches the name and goto B
B if it is incorrect, goto C
C show a thankyou message because the number is correct and goto D
D close the box and return to the program
Now, it doesn't matter whether you're right or wrong, you'll end up
registering the program
Technique 3 - Tricky conditions
===============================
This is an alternative to technique 2 :
A compare the serial number that has been entered with the
serial number that has been entered
B if it is incorrect, goto D
C show a thankyou message because the number is correct and goto D
D close the box and return to the program
hehe .. this sounds funny but it works.
Sometimes, due to the complexity of software programming, only
one of the described techniques can be used, or only a mixture of 2 or
more will work.
-------------------------------------------------------------------
[ The only reason why I indulge in "software re-engineering" is
because I get pleasure out of it. The first time when I
managed to figure out a serial number for a shareware, I was
so overwhelmed; I shouted out loud with triumph and I felt so
good about myself. All boiled down to the "ummmph" that I get
- it's addictive and I wanted more each time. ]
- anonymous "engineer" -
-------------------------------------------------------------------
-=THE END=-