1296
submitted 1 year ago* (last edited 1 year ago) by airportline@lemmy.ml to c/mildlyinfuriating@lemmy.world

EDIT: The only reason why I still had it at this point was because I could use it with other apps. However, now that my Spotify Subscription is cancelled, it doesn't work with anything. It's mildly infuriating because today, I can't still use it with other apps like I was able to yesterday.

Please don't make the same mistake I made. No one should buy this.

you are viewing a single comment's thread
view the rest of the comments
[-] dzervas@lemmy.world 1 points 1 year ago* (last edited 1 year ago)

ok so first of all you need to know programming. nothing crazy but you should definitely know what a “function” “loop” or “variable” is and some basic HTTP knowledge (what is an HTTP reuest, what’s a header, etc.).

now, your target is to bypass the license check. there are many ways to go about that:

  • the web way: intercept the traffic between the app and the server. maybe the app tells the server “am i licensed” and the server responds “no” and if you just change that you’re golden. to intercept traffic the golden standard is “burp proxy”
  • the exported function way: I’m sure that you’ve seen that all the apps that you install come with various dlls. these are “libraries” which means that they’re a bunch of functions in a package. most times they also include the name of their functions and more often than not you’ll find a “is_user_licensed” that returns a 0 or a 1. hooking that to return 1 will hand you a win
  • the exe exported function way: same as the above but the function lives inside the exe. BTW exes are exactly the same as a DLL (and you can actually execute a dll or import functions from an exe!)

you can find any function that gets called and has a name (the names are called “symbols”) using frida-trace

afterwards you can write a frida script (javascript) that either replaces the entire function or append/prepend code to it. most times you want to append code that just returns a value as to not mess with the programs internals

if you have a .net app though the whole process is WAY easier as you can read all the code of the app using a decompiler - dnspyex is the gold standard

of course not all apps are that easy to crack. it’s more of a time/mind game and less of a skill one. sure, you get much more efficient and the solutions start to “smell”, but trying to crack an app that has stripped symbols (no function names) and everything is statically compiled (all the dlls are shoved into the exe to make it harder for us) can make your life much more difficult

since this is a “starter guide” i’m gonna leave anti-reverse, anti-debug and obfuscation completely out of the discussion. unless you get a moderately good grasp what the above terms mean, don’t bother

I also didn’t talk about actual reversing with a debugger/decompiler/disassembler as I think that it’s better to find out about them as-you-go. don’t start from that. it’s intimidating

Don’t get intimidated. You’ve got it. Remember that it’s not about skill (ok don’t go cracking IDA Pro or denuvo), it’s about patience and methodology As the hacker say: Try harder and happy hacking 🙂

NOTE0: ALWAYS ask chatGPT stuff. if it refuses to answer put the question in the context of “malware research” NOTE1: I think that someone somewhere may have told me that a very popular app owned by dickheads used in the 3d printing community is a very good starting point 😀 NOTE2: You’re more than welcome to ask anything - PMs or otherwise

EDIT: I forgot to mention reversing divas: since this is such a niche thing to do and you spend your life away from grass, some people involved are in the mindset of "this is not for everyone, you're stupid and you can't do it, etc". Fuckem

this post was submitted on 28 Aug 2023
1296 points (100.0% liked)

Mildly Infuriating

35513 readers
80 users here now

Home to all things "Mildly Infuriating" Not infuriating, not enraging. Mildly Infuriating. All posts should reflect that.

I want my day mildly ruined, not completely ruined. Please remember to refrain from reposting old content. If you post a post from reddit it is good practice to include a link and credit the OP. I'm not about stealing content!

It's just good to get something in this website for casual viewing whilst refreshing original content is added overtime.


Rules:

1. Be Respectful


Refrain from using harmful language pertaining to a protected characteristic: e.g. race, gender, sexuality, disability or religion.

Refrain from being argumentative when responding or commenting to posts/replies. Personal attacks are not welcome here.

...


2. No Illegal Content


Content that violates the law. Any post/comment found to be in breach of common law will be removed and given to the authorities if required.

That means: -No promoting violence/threats against any individuals

-No CSA content or Revenge Porn

-No sharing private/personal information (Doxxing)

...


3. No Spam


Posting the same post, no matter the intent is against the rules.

-If you have posted content, please refrain from re-posting said content within this community.

-Do not spam posts with intent to harass, annoy, bully, advertise, scam or harm this community.

-No posting Scams/Advertisements/Phishing Links/IP Grabbers

-No Bots, Bots will be banned from the community.

...


4. No Porn/ExplicitContent


-Do not post explicit content. Lemmy.World is not the instance for NSFW content.

-Do not post Gore or Shock Content.

...


5. No Enciting Harassment,Brigading, Doxxing or Witch Hunts


-Do not Brigade other Communities

-No calls to action against other communities/users within Lemmy or outside of Lemmy.

-No Witch Hunts against users/communities.

-No content that harasses members within or outside of the community.

...


6. NSFW should be behind NSFW tags.


-Content that is NSFW should be behind NSFW tags.

-Content that might be distressing should be kept behind NSFW tags.

...


7. Content should match the theme of this community.


-Content should be Mildly infuriating.

-At this time we permit content that is infuriating until an infuriating community is made available.

...


8. Reposting of Reddit content is permitted, try to credit the OC.


-Please consider crediting the OC when reposting content. A name of the user or a link to the original post is sufficient.

...

...


Also check out:

Partnered Communities:

1.Lemmy Review

2.Lemmy Be Wholesome

3.Lemmy Shitpost

4.No Stupid Questions

5.You Should Know

6.Credible Defense


Reach out to LillianVS for inclusion on the sidebar.

All communities included on the sidebar are to be made in compliance with the instance rules.

founded 1 year ago
MODERATORS