LodeRunner: how they cracked it - what you could learn

Aaron Ardiri Thu, 10 Jun 1999 00:43:07 -0700
hi!

  ok.. i have the "patch" for LodeRunner right here in front
  of me.. and these guys are NOT as smart as they all seem.. 
  :))

  here is the "dissasembled" code for my checkRegistration()
  routine that i prototyped as follows:

   extern Boolean checkRegistration(Word);  

  the .prc file contains the following (on a normal basis).

lodeRunner.prc - dissassembled.
---
00007f80   4e560000                     L639    LINK    A6,#0
00007f84   2f03                                 MOVE.L  D3,-(A7)
00007f86   362e0008                             MOVE.W  8(A6),D3
00007f8a   6100ffc2                             BSR     L637
00007f8e   2f08                                 MOVE.L  A0,-(A7)
00007f90   6100ff88                             BSR     L634
00007f94   b640                                 CMP.W   D0,D3
00007f96   57c0                                 SEQ     D0
00007f98   4880                                 EXT.W   D0
00007f9a   4440                                 NEG.W   D0
00007f9c   262efffc                             MOVE.L  -4(A6),D3
00007fa0   4e5e                                 UNLK    A6
00007fa2   4e75                                 RTS
---

  they changed the data at offset "0x7f9a" from 0x4440 to 0x7001
  what this does is as follows:

---
00007f9a   7001                                 MOVEQ   #1,D0
---

  so.. instead of "negating" D0 (which is what the normal check
  would do), they are placing 0x01 (TRUE) into the register D0.

  this means that the function ALWAYS returns TRUE.

  easy trick.. this is how they are basing a LOT of their cracks
  on. do yourself a favour.. dont let it happen to you.

  -------------------------------------------------------------
       DO NOT USE A BOOLEAN FUNCTION FOR REGISTRATIONS!!!
  -------------------------------------------------------------

  i admire these crackers.. but now i check for registration 
  in many places.. hence they need to do more than just 
  "patch" one area of the code.. 

  getting rid of this "ease" from the hackers can be a good 
  step for most of us.. now since they cannot do this, they
  need to go through a LOT more of the code and find out where
  i am doing the checking.. :)

  you could also make these small functions "inline".. hence
  they have a few places to patch.. :)) that annoys them.

  most importantly, if you do have a regCode function, protect
  it.. dont let them just dissassemble, then cut and paste your
  code into a windows version.. :)

  we cannot stop them.. but we want to limit ONLY the ego 
  guys to be the crackers.. :)

  cheers.

az.
--
Aaron Ardiri 
Lecturer                       http://www.hig.se/~ardiri/
University-College i G�vle     mailto:[EMAIL PROTECTED]
SE 801 76 G�vle SWEDEN       
Tel: +46 26 64 87 38           Fax: +46 26 64 87 88
Mob: +46 70 352 8192           A/H: +46 26 10 16 11
LodeRunner: how they cracked it - what you could learn

Reply via email to
