The Art of the Reverse Engineering

Pope Kim Nov 22, 2008

Although I have been keen on technologies, more precisely all the naughty programming behind any software, I have never tried to reverse engineer, or crack, a program. It's not because of my ethics: just cracking other people's software have never interested me.

But yesterday, I downloaded a trial version of a small Windows application, and it said I can only execute it only a certain number of times. Oh boy, that really got me curious: I have seen many "trywares", which allows you to use them for a certain period, but not for certain number of executions. I always thought time-limited software can easily check current time against first install time, or something similar to that, to determine whether the trial period is expired or not. But to make software with limited number of executions, it should keep the execution count somewhere, I figured. And the information should not be easily visible. Otherwise, anyone can easily delete or modify the information to unlock the full featureset. So, I decided to find out what smart things this program is doing with the info. (By the way, I won't reveal the name of application here since I don't want promote anyone to crack this program, which is not just illegal, but also making the creator unhappy, or out of business)

First, I kept executing and exiting the program, and it really stopped working after the specified numbers! OMG!

Second, I tried to look for any new file, which was written during my crazy launch-and-kill session. I was not able to find any suspicious files.

Third, I tried to find some registry entries which the software might have written There were some registry entries associated with this application, but didn't see anything that can be deciphered as a count number.

So, I was stuck, but i was still curious. And I'm always a curiosity-driven programmer. I like to find out answer when it can be found with logical thinking. That's when I finally decided to reverse engineer the application. And after 4-hour wrestling training with disassemblers, I was managed to find the answer I was looking for, how to store the count securely, and I was not really looking for, all the thousands of valid licence keys the creator encrypted and embedded in the executable file. And again, I'm not gonna disclose any license key here because that was not my intention.

Through this reverse engineering, I learned these things:

  • how to set usage limit on sharewares, which might become useful if I ever decide to release a shareware utility.
  • embedding valid licence keys as encrypted string might not be a really good idea, but I'm not sure if there is any better way without using Internet validation.
  • reverse engineering is pretty darn easy if you know how to read all the low-level programming languages.

And thanks god! Bill C-61 has not been passed yet. I heard this kind of activity is also copyright breach under that bill, which is one of the biggest jokes I have ever heard of. Although I don't think I would do it again, this kind of practice should not be illegalized when the intention is purely on learning.

Hmmm, but I'm not sure if what I heard from other people is really valid because often people without legal education tend to overreact. Maybe I should start to read the bill to figure out what exactly the bill wants to achieve. Oh, did I tell you I also have a LL.B degree?