I'd first like to say this is purely for educational purposes. When I was learning assembly, I was tinkering with apps, and found a debugger to debug the programs, it was called as OllyDbg.
I accidentally learned that I could crack apps using it, and to test my idea I did crack an AntiVirus program, and it worked. This is only one of the techniques and here is how it's done.
- The app that I cracked came with two modules, files called as avEngine.dll and activation.dll
- I opened the activation module in OllyDbg to find the assembly code like this in the .text section.
- section .text
- :checkActivation
- push ebp
- mov ebp, esp
- ...
- ...
- call validateCode
- cmp eax, #1
- jne activationFail
- ...
- ... ; Code on successful validation
- ...
- jmp endCheckActivation
- :activationFail
- ...
- ... ; Code to show error message
- ...
- :endCheckActivation
- pop ebp
- ret
- As you see, there is a command after comparing, called as jne which stands for jump if not equals. What should I do if I don't have the real activation code?
- I just modified the instruction, from jne to je saying that I wanted to execute the failed code when it succeeded. I saved the assembly and replaced the original file, and opened the app. I entered a random shit and it turned to Pro version.
Things however might not be this simple always. There will be a ton of other checks. You might not get these labels to understand what is what. I got them because I was trying a debug build. This is also a single technique, there are a lots of them real crackers use.