How to crack my software and add a back door (opens in new tab)

Correct. Tongue was planted firmly in cheek of the authour when he wrote this. It's great.

I think this would be considered satire:

Jar files are complex. So complex, a major conference carried a talk on how to reverse engineer them in early 2012.

My startup creates software for use in penetration tests and red team assessments. I distribute backdoors and I'm quite aware of it. :)

I wrote this post to show how to use my software to backdoor a pirated copy of my software.

The downside for him may be that users don't really care whether they got a cracked version or a legitimate version when their computer gets infested with malware; they're going to write angry posts about it online and say his software is broken or broke their computer. So it may be in his brand's best interest to keep users from using malware versions, even if those users may deserve what they get.

Nope... If his target audience was supposed to be average consumer then may be this will be an interesting move. But looks like his target audience is sufficiently sophisticated users. Those people will now realize that it is actually much easier to crack the trial software by themselves instead of getting from elsewhere. BTW, this software cost couple of grands PER user PER year. However I remain to be skeptical who wants this thing because (1) it requires social engineering and (2) there are much better and powerful and safer open source alternatives to run exploits.

But now we can all crack it safely from the trial version.

Or, download the trial, and crack it from there? No malicious backdoors there.

Or "The cracked versions are backdoored! Use the official trial and crack it using the method I supplied to be safe", if you can't afford the hefty $2500 price tag due to not being a professional hacker/pentester.

Why bother with applications when you can have the OS?

This DRM just turns things into an arms race, and eventually makes your software seem more and more like malware.

A non-game example off the top of my head is Milkshape 3d, a basic modelling software that was popular in the early 00s because it had importers and exporters for the games that were wildly popular then such as Counter-Strike.

The teenagers using it had no money to pay for the full version, so cracking of it was rife. Eventually the "anti-piracy" mechanisms built into it by the author got crazy enough that the program was essentially broken.

I can't really remember specifics, except that it crashed your computer (!) if you tried to use a certain app-sniffing software.

I've cracked games, for lives, and so on, since I was about 14 years old. Then later I used to turn "demo" versions of PC-software into full versions and the vast majority of all the programs I attacked were trivial to defeat.

People tend to only add in the protection at the last minute; rather than making it an integral part of the code.

I only ever came up against a few programs that I couldn't hack. It genuinely became easier when people would use an off-the-shelf "protect my program" toolkit; crack one and you'd cracked all programs using that family of protection.

It was rare that I couldn't register demo/eval copies of programs. Sure I know assembly, and used SoftIce, but we're talking about a random guy in his late teens/early twenties who mostly learned by trial and error with random hints from +fravia.

(ObRandom: I know it must be a pain as a developer, but the best way to stop people cracking your demo is literally to have two binaries. Genuinely don't compile "file:save" or whatever feature you're keeping for paid users, into your demo version. Sure this will stop instant registration, and it won't stop somebody from leaking a full version, but it will absolutely stop the majority of attacks.)

That's completely pointless. If a cracker is able to remove the license check he will also be able to remove your checksum verification.

Putting yourself in a difficult legal position on top of it helps no one.

Ok, to be clear, the uploading of the hard drive content is a joke. I would not suggest you actually do it for legal and ethical reasons. As for DRM, I think Total Commander is a good example of good software protection in action. When I was a kid and could not afford to buy it, I tried to crack it a few times, with no luck. Nowadays, I own a copy, but just for fun I tried to crack it a few times, for educational purposes :), and still could not. If you are interested, take a look at it, I think TC has a very non intrusive DRM that works well but is not draconian. Of course, you can still grab a stollen key for it from any torrent site, but to my knowledge at least no one has cracked it yet.

Please do not follow this advice.

He writes software to demonstrate security flaws to a fairly niche market. I'd say his actions are justified - he's just showing that it isn't safe at all to download a cracked version of a pentesting software package.

I think it's quite obvious that the author is very well aware of how to implement DRM in such a way that it can't be circumvented, but it easily enters the territory of whether or not he would actually gain users from it.

Cobalt Strike isn't exactly a $100 copy of Office - potential users who are going to use it to its full extent are going to be willing to pay the steep cost of entry as it is.

In other words, while it would be possible to guard against piracy, the end result wouldn't be more sales of Cobalt Strike.

I can only speak for my observations in the gaming community and there are more or less two camps, which can be summarized as:

No back-dialing, ever. Basically they do not want the company to have a remote-switch to disable the software after they've buyed it, do not want the risk to not be able to play a game anymore just because a company decided to put down the servers and want to be able to play everywhere without an internet connection (e.g. I sit at my laptop and cannot play your singleplayer game because you decided to need dial-back? No chance.)

The other camp doesn't care about it, more or less. Sure, they would like it if there was no dial-back for the games, but it doesn't hinder them from still buying and playing at platforms/games that require this as long as their playing experience isn't dimished by it. Steam is more or less the platform of choice for the second camp and seems to be growing all the time, so most users probably would acccept an dial-back connection once, every 30 days or even at every start. Quick note: Always-On is still something which is considered off-limits. Ubisoft tried it various times with their games and fell flat on the face. They've backpaddled to activate once by now.

That kind of DRM technique was broken a half decade ago. If your software calls home, a cracker can record/simulate that behavior if needed.

The result in the end then becomes that pirates will still use the software, but people without a stable Internet connection can't use your software.

It also ads a problem for businesses. Suddenly, they need to poke holes into VPN's, and risk that the software will also become unusable if their Internet connection ever become a problem (lets hope they don't plan to draw fiber). The millions of military personal will also be unlikely customers, as their Internet connectivity in the field is not know for it up-time.

It the authors own programming language, Sleep: http://sleep.dashnine.org/manual/

Obviously he's just joking, and most of the people in this thread got it. He's not incompetent, he wrote both Armitage and Cobalt Strike, and the latter has some really incredible features that are hard to find elsewhere. I'd say he knows his way around a computer.

Snarking about why he's root when he runs unzip does not advance the discussion and despite your efforts, it does not make you look smarter than him.

I'll answer to unzip. In the post, I'm using a Linux distribution called Kali Linux. Kali is the successor to BackTrack Linux. Most people who use my software, use it with Kali Linux.

Kali is a distribution with a focus on offensive security. Most tools require root to run. It's very rare to find a Kali user who uses sudo and works from a non-root account. root for all actions is normal.

Some people may use Kali day to day, but it's built to do a job.

http://www.kali.org/

I didn't call out Kali specifically, but all of my screenshots show Kali's default window manager theme. I don't know if my audience earns the "hacker" badge by your standards... but I suspect most of them recognize Kali from a distance.