Next

Introduction
There are many kinds of cracks, but most of them involve a change to part of the code
of the app. This is indicated by the cracker explaining the part of the code that has to be
modified and the required modifications to the original hexadecimal chain to crack the
app.

This is usually indicated by the cracker in this way:

/nameoftheapp.app/Contents/MacOS/nameoftheapp
md5: <A 32 characters (letters and numbers) block>

•••• •••• •••• •••• <-- original chain of hex values

--> <-- change to
•••• •••• •••• •••• <-- new chain of hex values

md5: <A different 32 characters (letters and numbers) block>

Or the cracker can write the chains of hex values in this way (pairs instead of groups of
4 characters):
•• •• •• •• •• •• •• •• <-- original chain of hex values
--> <-- change to
•• •• •• •• •• •• •• •• <-- new chain of hex values
Or in this way (without blank spaces):
•••••••••••••••• <-- original chain of hex values
--> <-- change to
•••••••••••••••• <-- new chain of hex values
To crack the app you should follow the next three steps:

1. Find the file to modify

2. indicates the path to the file that you have to
/nameoftheapp.app/Contents/MacOS/nameoftheapp
modify (usually the main executable).

3. Check the MD5

4. md5 is the resulting "number" of a checksum of the file.You can check the MD5 of
your apps using Terminal or some drag and drop utilities, like:

◦ md5app (free): http://www.enigmarelle.com/sw/md5app/

◦ md5drop (free): http://www.h4-engineering.de/e_TECHNIK.html
◦ MD5shot (free): http://www.softyards.com/md5shot.html
5. Usually you'll have to check the MD5 of the main executable, which you can find
in: Control-click the app/show package contents ->
Contents/MacOS/nameoftheapp If you want to use Terminal to check the MD5:

◦ Launch Terminal and write:

◦ md5<blank space>
◦ Drop the file over the Terminal window
◦ Hit Enter
◦ Terminal will output the MD5 sum
6. If you want to use any of the available MD5 checking utilities, just drag and drop
the file on the utility icon, or launch the app and drag and drop the file on the
window's app.If the MD5 of the file that you are trying to crack is identical to the
 first MD5 indicated by the cracker proceed to Step 3. If the MD5 is not identical,
the developer has modified the application. If the application has been modified
the crack will most likely not work because the chains of hex values to modify
would be different to the ones stated by the cracker.The purpose of last MD5,
indicated by the cracker, is for you to check if the crack was applied correctly. If
you did it correctly, the resulting MD5 of the cracked app will be identical to the
one stated by the cracker.

7. Apply the crack

8. To apply a crack you have to change all the original chains of hex values to the
new chains of hex values stated by the cracker. To accomplish this, you can
choose between several different hex-editing applications shown below:
◦ HexEdit (free): http://hexedit.sourceforge.net
◦ PeekIt (free): http://ravenware.com/sware/index.html#development
◦ HexEditor (free): http://www.ex-cinder.com/hexeditor.html)
◦ Resorcerer: http://www.mathemaesthetics.com/Res24Info.html
9. All of the hex-editing applications work in a similar way so choose that application
that fits you the best. While in the hex-editing application, (1) open the app you
are going to crack, (2) search for the original chain of hex values and then (3)
change it to the new chain of hex values. Repeat this process until you have found
and changed all the hex values indicated by the cracker in his/her guidelines. Once
the changes are saved the app is cracked.

Prev.
Let's Go
We are going to apply the three explained steps to a real application: Acquisition 112.3,
an app developed from a stolen code.

The cracker wrote:

Acquisition 112.3 [k]

/Acquisition.app/Contents/MacOS/Acquisition

md5: feb943956a60081aad0214e39a508794

7c 08 02 a6 bd a1 ff b4 42 9f 00 05
->
38 60 00 01 4e 80 00 20 42 9f 00 05

7c 08 02 a6 bd a1 ff b4 42 9f 00 05
->
38 60 00 01 4e 80 00 20 42 9f 00 05

48 02 3d 91
->
38 60 00 01

48 02 16 d9
->
38 60 00 01

48 01 fa cd
->
38 60 00 01

7c 08 02 a6 bd a1 ff b4 42 9f 00 05
->
38 60 00 01 4e 80 00 20 42 9f 00 05

md5: 614751bb63336d2a8a47b5cf68fb03c1
First of all, get a copy of Acquisition 112.3, and then:

10. Find the file to modify

11. The cracker wrote: /Acquisition.app/Contents/MacOS/AcquisitionThis means: Control-click
Acquisition/Show package contents and then go to Contents/MacOS/Acquisition.
This Acquisition file is the main executable, and you'll have to apply the changes to
that file (you don't need to take this file out of the application package to crack it).
But first, you'll need that file to drag and drop it over the Terminal window in the
step 2. b). Read below.

12. Check the MD5

13. Wee'll use Terminal this time (the drag and drop utilities do not need guidance):
The cracker wrote: md5: feb943956a60081aad0214e39a508794

◦ Open Terminal and type: md5<blank space>:

◦
◦
◦ Drag and drop the Acquisition main executable on the Terminal window:

◦
◦
◦ Hit Enter. Terminal will find out the MD5 value:
◦
◦
14. Cool! The MD5 matches the one listed by the cracker. Acquisition developer David
Watanabe hasn't had the time to update Acquisition yet. You can crack it!

15. Apply the crack

16. We'll do it using HexEdit first and then Resorcerer. PeekIt and HexEditor work (for
this issue) like HexEdit.

◦ Using HexEdit
Launch HexEdit, go to File/Open... and browse to find the Acquisition main executable
(Acquisition/Contents/MacOS/Acquisition):

Select Acquisition and click Open. You'll see this window (isn't a beauty?):
 The cracker wrote:
7c 08 02 a6 bd a1 ff b4 42 9f 00 05 <-- original chain of hex values
-> <-- change to
38 60 00 01 4e 80 00 20 42 9f 00 05 <-- new chain of hex values
: In case where there are not blank spaces in the chain of hex values, do not bother writing
them. Do not worry; HexEdit recognizes the chains anyway.Go to the menu
Find/Find... The search window will pop up. The "Matching Hex" button should be
selected; if not, click it now.Copy and paste the first original chain of hex values
in the "Find" box and the new chain of hex values in the "Replace with" box..
Then click the "Find Next" button; HexEdit will find the original chain of hex
 values:

Now click the "Replace" button. You'll see this:

You have changed the first original chain of hex values to the new chain of hex values as
indicated by the cracker.
Now copy and paste the second original chain of hex values in the "Find" box (clear it
first) and the new chain of hex values in the "Replace with" box (this
 case you'll have to find and change identical chains once more):
7c 08 02 a6 bd a1 ff b4 42 9f 00 05
->
38 60 00 01 4e 80 00 20 42 9f 00 05
Click the "Find Next" button and then the "Replace" button.
Repeat the process with the next chain of hex values listed by the cracker until you've
found and replaced each and every chain of hex values. Once you've
made all the changes, close the Search window, save the changes and
quit HexEdit.
You should now check the new MD5 to find out if you applied all the changes correctly:

Control-click Acquisition/Show package contents and then go to Contents/MacOS/

This time you'll find two files, one named Acquisition~ and other named just Acquisition

Acquisition~ is a backup of the original (untouched) file. HexEdit has made it. You should
save this file somewhere until you have tested the cracked app. If you
have failed making the crack, you can try it again using this file (just
do not forget to delete the ~ before to use the backuped file again).

Acquisition is the modified file. You have to check the MD5 of this file to find out if you have
applied the crack correctly. To check the MD5 of the modified file,
follow the same steps you did to check the MD5 of the original file in
Step 2 above:

nd of the instructions, the cracker wrote: md5: 614751bb63336d2a8a47b5cf68fb03c1

Cool! The final MD5 matches the one the cracker calculated after applying the hack. You
got it!But no, you're not a cracker, the cracker is the one who found
and you documented which hexadecimal values had to be changed to
crack the app.

◦ Using Resorcerer
◦ You're going to crack the same app but this time using Resorcerer. Of course,
you'll need a new (untouched) copy of Acquisition 112.3.

◦
◦ The first thing you have to do is to delete all the blank spaces in the original
chains of hex values and the new chains of hex values the cracker wrote (if
he/she did it), because Resorcerer does not accept the blank spaces. After
 that, you'll have these instructions: Acquisition 112.3 [k]
◦
◦ /Acquisition.app/Contents/MacOS/Acquisition
◦
◦ md5:feb943956a60081aad0214e39a508794
◦
◦ 7c0802a6bda1ffb4429f0005
◦ ->
◦ 386000014e800020429f0005
◦
◦ 7c0802a6bda1ffb4429f0005
◦ ->
◦ 386000014e800020429f0005
◦
◦ 48023d91
◦ ->
◦ 38600001
◦
◦ 480216d9
◦ ->
◦ 38600001
◦
◦ 4801facd
◦ ->
◦ 38600001
◦
◦ 7c0802a6bda1ffb4429f0005
◦ ->
◦ 386000014e800020429f0005
◦
◦ md5:614751bb63336d2a8a47b5cf68fb03c1
◦ We're not going to repeat the MD5 checking procedure again. We'll skip that step
now, but you should always check it to avoid wasting your time trying to
apply a crack to the wrong file.
Launch Resorcerer, choose File/Open... and browse to find the Acquisition main
executable, as indicated by the cracker (Acquisition/Contents/MacOS/Acquisition):
Click Open. You'll see this window.

Select the "<Data Fork>" line and click the Open button. A new window will appear.
In the new window, click the grey triangle in the upper left corner, just to the left of the
"Insertion Offset: 0" text.You'll now see the "Find", "Replace with" and
"Replace & Find" boxes, and the "Go to Offset" box. The "Hex"
checkbox in the upper left corner should be checked; if not, check it
now.
The cracker wrote:

7c0802a6bda1ffb4429f0005 <-- original chain of hex values

-> <-- change to
386000014e800020429f0005 <-- new chain of hex values

Copy and paste the first original chain of hex values in the "Find" box and the new chain
of hex values in the "Replace with" box and click the "Find" button;
Resorcerer will find the original chain of hex values. Then click the
"Replace with" button:

You have changed the first original chain of hex values to the new chain of hex values
indicated by the cracker.
Now copy and paste the second original chain of hex values in the "Find" box (clear it
first) and the new chain of hex values in the "Replace with" box (this
case you'll have to find and change identical chains once more):
7c0802a6bda1ffb4429f0005
->
386000014e800020429f0005
Click the "Find" button and then the "Replace with" button.
Repeat the process with the next set of hex values listed by the cracker until you've
found and replaced all of the chains of hex values indicated by the
cracker. Then close the Search window. You'll be prompted to Save
changes or not:

Click the "Save" button. You'll now be in the main Resorcerer window again. Close it,
and you'll be prompted to save changes or n
Click the "Save" button and quit Resorcerer. You're done.

You should check now the new MD5 to find out if you have applied all changes in the
right way (see the "how to" above).

Appendix. The non-hex cracking

Developers usually check Serial Box releases and public boards like MacSerialJunkie to
find the new numbers published for their apps so they can ban them in their next
updates. Then, if you try to use that number, a window will pop up with a message like
this one (or similar):

"You Are Using A Stolen Serial Number, Shame On You!"

Some developers just ban the fake numbers in a way that's very easy to hack. They
include a list of banned numbers inside the application code. But, because they do not
encrypt these banned numbers, you can simply change a single letter or number in the
banned registration and then register the app using the banned number!

To make this type of change you can use the app of your choice. Just check the "ASCII"
matching button if you use HexEdit or uncheck the "Hex" checkbox if you use
Resorcerer. Then simply search for find the banned username, e-mail or number and
replace it with something else the same length.

We'll check this using HexEdit only, but it is the same if you use Resorcerer (just
uncheck the "Hex" checkbox).

For this example we have chosen ImageBuddy 3.1.3: http://www.imagebuddy.com/

This registration data was published in Serial Box for ImageBuddy 1.6:
Name: PHREKBBS
Code: 5123-9826-3615-9834
The developer banned that registration, but he didn't encrypt the banned registration so
it's very easy to find:

17. Launch HexEdit and go to the menu Find/Find... The search window will appear.
Check the "Matching ASCII" button and write PHREKBBS in the "Find" box. Then
click the "Find Next" button. You'll see this:
18.
19.
20. You can replace the PHREKBBS name changing any character of the name, or you
can simply write another name with the same number of characters. For example
you can write KCN-CREW in the "Replace with" box and then click the "Replace"
button. You'll see this:

21.
22.
23. Now the banned name is KCN-CREW while PHREKBBS is free again.

24. Close the search window, save changes and quit HexEdit. Now you can launch the
modified app and register it using again:
25. Name: PHREKBBS
26. Code: 5123-9826-3615-9834
27.
Prev.