Next

Introduction
There are many kinds of cracks, but most of them involve a change to
part of the code of the app. This is indicated by the cracker explaining
the part of the code that has to be modified and the required
modifications to the original hexadecimal chain to crack the app.

This is usually indicated by the cracker in this way:

/nameoftheapp.app/Contents/MacOS/nameoftheapp
md5: <A 32 characters (letters and numbers) block>

•••• •••• •••• •••• <-- original chain of hex values

--> <-- change to
•••• •••• •••• •••• <-- new chain of hex values

md5: <A different 32 characters (letters and numbers) block>

Or the cracker can write the chains of hex values in this way (pairs
instead of groups of 4 characters):
•• •• •• •• •• •• •• •• <-- original chain of hex values
--> <-- change to
•• •• •• •• •• •• •• •• <-- new chain of hex values
Or in this way (without blank spaces):
•••••••••••••••• <-- original chain of hex values
--> <-- change to
•••••••••••••••• <-- new chain of hex values
To crack the app you should follow the next three steps:

1. Find the file to modify

2. 
 /nameoftheapp.app/Contents/MacOS/nameoftheapp indicates the path
to the file that you have to modify (usually the main
executable).

3. Check the MD5

4. 
 md5 is the resulting "number" of a checksum of the file.
 You
can check the MD5 of your apps using Terminal or some drag
and drop utilities, like:

◦ md5app (free): http://www.enigmarelle.com/sw/md5app/

◦ md5drop (free): http://www.h4-
engineering.de/e_TECHNIK.html
◦ MD5shot (free): http://www.softyards.com/md5shot.html
5. Usually you'll have to check the MD5 of the main executable,
which you can find in: Control-click the app/show package
contents -> Contents/MacOS/nameoftheapp 
 If you want to use
Terminal to check the MD5:
◦ Launch Terminal and write:
◦ md5<blank space>
◦ Drop the file over the Terminal window
◦ Hit Enter
◦ Terminal will output the MD5 sum
6. If you want to use any of the available MD5 checking utilities,
just drag and drop the file on the utility icon, or launch the app
and drag and drop the file on the window's app.
 If the MD5 of
the file that you are trying to crack is identical to the first MD5
indicated by the cracker proceed to Step 3. If the MD5 is not
identical, the developer has modified the application. If the
application has been modified the crack will most likely not work
because the chains of hex values to modify would be different to
the ones stated by the cracker.
 The purpose of last MD5,
indicated by the cracker, is for you to check if the crack was
applied correctly. If you did it correctly, the resulting MD5 of the
cracked app will be identical to the one stated by the cracker.

7. Apply the crack

8. To apply a crack you have to change all the original chains of
hex values to the new chains of hex values stated by the
cracker. To accomplish this, you can choose between several
different hex-editing applications shown below:
◦ HexEdit (free): http://hexedit.sourceforge.net
◦ PeekIt (free):
http://ravenware.com/sware/index.html#development
◦ HexEditor (free): http://www.ex-cinder.com/hexeditor.html)
◦ Resorcerer:
http://www.mathemaesthetics.com/Res24Info.html
9. All of the hex-editing applications work in a similar way so
choose that application that fits you the best. While in the hex-
editing application, (1) open the app you are going to crack, (2)
search for the original chain of hex values and then (3) change it
to the new chain of hex values. Repeat this process until you
have found and changed all the hex values indicated by the
cracker in his/her guidelines. Once the changes are saved the
app is cracked.

Prev.
Let's Go
We are going to apply the three explained steps to a real application:
Acquisition 112.3, an app developed from a stolen code.

The cracker wrote:

Acquisition 112.3 [k]

/Acquisition.app/Contents/MacOS/Acquisition

md5: feb943956a60081aad0214e39a508794

7c 08 02 a6 bd a1 ff b4 42 9f 00 05
->
38 60 00 01 4e 80 00 20 42 9f 00 05

7c 08 02 a6 bd a1 ff b4 42 9f 00 05
->
38 60 00 01 4e 80 00 20 42 9f 00 05

48 02 3d 91
->
38 60 00 01

48 02 16 d9
->
38 60 00 01

48 01 fa cd
->
38 60 00 01

7c 08 02 a6 bd a1 ff b4 42 9f 00 05
->
38 60 00 01 4e 80 00 20 42 9f 00 05

md5: 614751bb63336d2a8a47b5cf68fb03c1
First of all, get a copy of Acquisition 112.3, and then:

10. Find the file to modify

11. The cracker wrote:

 /Acquisition.app/Contents/MacOS/Acquisition
 This means:
Control-click Acquisition/Show package contents and then go to
Contents/MacOS/Acquisition. This Acquisition file is the main
executable, and you'll have to apply the changes to that file (you
don't need to take this file out of the application package to
crack it). But first, you'll need that file to drag and drop it over
the Terminal window in the step 2. b). Read below.

12. Check the MD5

13. Wee'll use Terminal this time (the drag and drop utilities do not
need guidance):
 The cracker wrote: md5:
feb943956a60081aad0214e39a508794
◦ Open Terminal and type: md5<blank space>:

◦
◦ Drag and drop the Acquisition main executable on the Terminal
window:

◦
◦ Hit Enter. Terminal will find out the MD5 value:

◦
14. Cool! The MD5 matches the one listed by the cracker. Acquisition
developer David Watanabe hasn't had the time to update
Acquisition yet. You can crack it!

15. Apply the crack

16. We'll do it using HexEdit first and then Resorcerer. PeekIt and
HexEditor work (for this issue) like HexEdit.
◦ Using HexEdit
Launch HexEdit, go to File/Open... and browse to find the
Acquisition main executable
(Acquisition/Contents/MacOS/Acquisition):

Select Acquisition and click Open. You'll see this window

(isn't a beauty?):
 The cracker wrote:
7c 08 02 a6 bd a1 ff b4 42 9f 00 05 <-- original chain
of hex values
-> <-- change to
38 60 00 01 4e 80 00 20 42 9f 00 05 <-- new chain of
hex values

 Note: In case where there are not blank spaces in the chain of
hex values, do not bother writing them. Do not worry; HexEdit
recognizes the chains anyway.
 Go to the menu Find/Find... The
search window will pop up. The "Matching Hex" button should
be selected; if not, click it now.
 Copy and paste the first
original chain of hex values in the "Find" box and the new chain
of hex values in the "Replace with" box.. Then click the "Find
Next" button; HexEdit will find the original chain of hex values:
Now click the "Replace" button. You'll see this:
You have changed the first original chain of hex values to
the new chain of hex values as indicated by the
cracker.
Now copy and paste the second original chain of hex
values in the "Find" box (clear it first) and the new
chain of hex values in the "Replace with" box (this
case you'll have to find and change identical chains
once more):
7c 08 02 a6 bd a1 ff b4 42 9f 00 05
->
38 60 00 01 4e 80 00 20 42 9f 00 05

 Clickthe "Find Next" button and then the "Replace"
button.
Repeat the process with the next chain of hex values
listed by the cracker until you've found and replaced
each and every chain of hex values. Once you've
made all the changes, close the Search window, save
the changes and quit HexEdit.
You should now check the new MD5 to find out if you
applied all the changes correctly:

Control-click Acquisition/Show package contents and then

go to Contents/MacOS/

This time you'll find two files, one named Acquisition~

 and other named just Acquisition

Acquisition~ is a backup of the original (untouched) file.

HexEdit has made it. You should save this file
somewhere until you have tested the cracked app. If
you have failed making the crack, you can try it
again using this file (just do not forget to delete the
~ before to use the backuped file again).

Acquisition is the modified file. You have to check the

MD5 of this file to find out if you have applied the
crack correctly. To check the MD5 of the modified
file, follow the same steps you did to check the MD5
of the original file in Step 2 above:


At the end of the instructions, the cracker wrote: md5:

614751bb63336d2a8a47b5cf68fb03c1

Cool! The final MD5 matches the one the cracker

calculated after applying the hack. You got it!
 But
no, you're not a cracker, the cracker is the one who
found and you documented which hexadecimal
values had to be changed to crack the app.

◦ Using Resorcerer
◦ You're going to crack the same app but this time using
Resorcerer. Of course, you'll need a new (untouched) copy
of Acquisition 112.3.


◦
◦ The first thing you have to do is to delete all the blank spaces
in the original chains of hex values and the new chains of
hex values the cracker wrote (if he/she did it), because
Resorcerer does not accept the blank spaces. After that,
 you'll have these instructions: Acquisition 112.3 [k]
◦
◦ /Acquisition.app/Contents/MacOS/Acquisition
◦
◦ md5:feb943956a60081aad0214e39a508794
◦
◦ 7c0802a6bda1ffb4429f0005
◦ ->
◦ 386000014e800020429f0005
◦
◦ 7c0802a6bda1ffb4429f0005
◦ ->
◦ 386000014e800020429f0005
◦
◦ 48023d91
◦ ->
◦ 38600001
◦
◦ 480216d9
◦ ->
◦ 38600001
◦
◦ 4801facd
◦ ->
◦ 38600001
◦
◦ 7c0802a6bda1ffb4429f0005
◦ ->
◦ 386000014e800020429f0005
◦
◦ md5:614751bb63336d2a8a47b5cf68fb03c1
◦ 
 We'renot going to repeat the MD5 checking procedure again.
We'll skip that step now, but you should always check it to
avoid wasting your time trying to apply a crack to the
wrong file.
Launch Resorcerer, choose File/Open... and browse to
find the Acquisition main executable, as indicated by
the cracker (Acquisition/Contents/MacOS/Acquisition):
Click Open. You'll see this window.
Select the "<Data Fork>" line and click the Open button.
A new window will appear.
In the new window, click the grey triangle in the upper
left corner, just to the left of the "Insertion Offset: 0"
text.
 You'll now see the "Find", "Replace with" and
"Replace & Find" boxes, and the "Go to Offset" box.
The "Hex" checkbox in the upper left corner should
be checked; if not, check it now.

The cracker wrote:

7c0802a6bda1ffb4429f0005 <-- original chain of hex

values
-> <-- change to
386000014e800020429f0005 <-- new chain of hex values

Copy and paste the first original chain of hex values in

the "Find" box and the new chain of hex values in
the "Replace with" box and click the "Find" button;
Resorcerer will find the original chain of hex values.
Then click the "Replace with" button:
You have changed the first original chain of hex values to
the new chain of hex values indicated by the cracker.
Now copy and paste the second original chain of hex
values in the "Find" box (clear it first) and the new
chain of hex values in the "Replace with" box (this
case you'll have to find and change identical chains
once more):
7c0802a6bda1ffb4429f0005
->
386000014e800020429f0005

 Click
the "Find" button and then the "Replace with"
button.
Repeat the process with the next set of hex values listed
by the cracker until you've found and replaced all of
the chains of hex values indicated by the cracker.
Then close the Search window. You'll be prompted to
Save changes or not:
Click the "Save" button. You'll now be in the main Resorcerer window
again. Close it, and you'll be prompted to save changes or n

Click the "Save" button and quit Resorcerer. You're done.

You should check now the new MD5 to find out if you
 have applied all changes in the right way (see the
"how to" above).

Appendix. The non-hex cracking

Developers usually check Serial Box releases and public boards like
MacSerialJunkie to find the new numbers published for their apps so
they can ban them in their next updates. Then, if you try to use that
number, a window will pop up with a message like this one (or
similar):

"You Are Using A Stolen Serial Number, Shame On You!"

Some developers just ban the fake numbers in a way that's very easy
to hack. They include a list of banned numbers inside the application
code. But, because they do not encrypt these banned numbers, you
can simply change a single letter or number in the banned registration
and then register the app using the banned number!

To make this type of change you can use the app of your choice. Just
check the "ASCII" matching button if you use HexEdit or uncheck the
"Hex" checkbox if you use Resorcerer. Then simply search for find the
banned username, e-mail or number and replace it with something
else the same length.

We'll check this using HexEdit only, but it is the same if you use
Resorcerer (just uncheck the "Hex" checkbox).

For this example we have chosen ImageBuddy 3.1.3:

http://www.imagebuddy.com/

This registration data was published in Serial Box for ImageBuddy 1.6:
Name: PHREKBBS
Code: 5123-9826-3615-9834
The developer banned that registration, but he didn't encrypt the
banned registration so it's very easy to find:

17. Launch HexEdit and go to the menu Find/Find... The search

window will appear. Check the "Matching ASCII" button and
write PHREKBBS in the "Find" box. Then click the "Find Next"
button. You'll see this:
18.

19.
20. You can replace the PHREKBBS name changing any character of
the name, or you can simply write another name with the same
number of characters. For example you can write KCN-CREW in
the "Replace with" box and then click the "Replace" button. You'll
see this:
21.

22.
23. Now the banned name is KCN-CREW while PHREKBBS is free
again.

24. Close the search window, save changes and quit HexEdit. Now
you can launch the modified app and register it using again:
25. Name: PHREKBBS
26. Code: 5123-9826-3615-9834
27.
Prev.