Crack programs through Traffic Manipulation

Norvik

Retired Staff
Contributor
Jul 18, 2015
635
588
157
Traffic Manipulation
Usually you patch the licensefunction of your program so it says "the license is valid" everytime. But there are some alternatives like the Traffic Manipulation.

Advantages:
  • Update independently
  • Sometimes very easy (depending on the build-in security)
Disadvantages:
  • Requires sometimes much reversing
  • Effectiveness is depending on effort

Method
I made a little application which gets a string from a url. Imagine that the incoming string would be the string which decides if the license is valid or not. The first step is to find out the url the program uses to get its valid/invalid license. You can use a http listener or just decompile your program. I'll decompile my program to see how it gets its values. I found the part which includes the url very fast (no license system will work like this, it's just an example).
91b01e045c.png

As we can see it requests the file from "http://ridicc.tk/R4P3/TM/license.html". The program checks if the content of this file
75c7dd77b8.png
(which is stored on my webspace) is "valid". If it's valid it will unlock the program and your license is valid. If the url returns anything other than valid, it will lock the application and just show this:
e917641dcd.png

So the only thing we have to do is
redirect ridicc.tk to our localhost, set up a file that contains "valid" and the program should think that the license is valid. So lets open our hosts file (C:\Windows\System32\drivers\etc\hosts) with a texteditor. Add 127.0.0.1 and the domain you wanna redirect to 127.0.0.1 on the bottom of this file.
f4abff25e1.png

Save your hosts file and setup a local webserver. I'm gonna use XAMPP to install an Apache2 server. If we go to the url we will get redirected to the XAMPP server. Setup the same folder structure than our url has (for me it's R4P3\TM\) and create the file your program wants to access (for me it's license.html)
4f567db87f.jpg
a6b7c599b2.png

And because our program wants to get a "valid" from the license.html we will type valid in the html file
6c8b899cf6.png

Now start your program and enjoy your awesome valid license :D
a24eddc5cf.jpg

 
Last edited:

Norvik

Retired Staff
Contributor
Jul 18, 2015
635
588
157
If the Program is not made in .NET you can also use Wireshark and just sniff the Traffic.
Yes this will be much easier in most cases

btw i realized that i wrote unvalid instead of invalid xD
 
  • Like
Reactions: L.

JustABox

VIP
Jan 4, 2016
13
1
50
You can also use Telerik Fiddler. The tool shows every http/https request from your pc and can edit the response live.
 
Top