this post was submitted on 18 Nov 2023
41 points (90.2% liked)
Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ
54424 readers
373 users here now
⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.
Rules • Full Version
1. Posts must be related to the discussion of digital piracy
2. Don't request invites, trade, sell, or self-promote
3. Don't request or link to specific pirated titles, including DMs
4. Don't submit low-quality posts, be entitled, or harass others
Loot, Pillage, & Plunder
📜 c/Piracy Wiki (Community Edition):
💰 Please help cover server costs.
Ko-fi | Liberapay |
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
You’ve got a few questions here, so let me break it down…
What is a crack?
A crack is simply a way of defeating DRM. In the old days, games would often require the game disc to be inserted before they would boot. It was a very easy way of preventing people from simply sharing the files. Because even though the game was installed and didn’t need the disc, the game would simply refuse to launch without the CD in the tray. It was a sort of physical DRM, because disc burners weren’t super common yet so copying a game disc wasn’t super easy.
So the crack simply edited the part of the game that checked for a CD. Sometimes it was as simple as removing the few lines of code that told the game to check for a CD. Sometimes it was simply a matter of telling the game that the disc was always inserted. But that’s just an early example of a crack; It was modifying a game file (or files) in some way, to make them boot even when DRM would normally prevent it.
Modern cracks are much more complicated, but the end goal is the same. Crackers are simply trying to defeat the DRM, so the program will boot. It usually modifies a few files, to get the program to boot when it normally wouldn’t. The cracks are usually fairly small in size, because the actual program .exe and a few .dll files are usually all that gets changed. So patching the program is usually as easy as moving the cracked files into the respective folder, and overwriting the legitimate files.
Why does a crack show up as a virus?
Lots of modern cracks need to do some pretty fucky things to defeat modern DRM. It often requires intercepting network traffic that the launcher would use to “phone home” to a company server. For instance, maybe the launcher checks in with a company server to verify that your program is legit. If the server responds that it is, then the program boots. So the crack would potentially need to intercept that network traffic, then spoof a response from the server. But you know what else does something like that? A virus, attempting to hide itself.
And modern antivirus softwares don’t rely on “hard” virus definitions to identify viruses. The traditional way of scanning for viruses was to just keep a massive database of known threats, then compare files against that. But that’s slow and new threats constantly need to be added in order to keep your virus scans accurate. And if a hacker is able to change their virus slightly, you’ll need to add a whole new item to the database just to target the change.
So instead, they use something called heuristics, which basically means they look at how a program operates, then guess whether or not it’s actually a virus. It uses common virus behaviors and pattern recognition to try to identify a virus. This increases the chances of a false positive, but means scans are much quicker and will catch new threats in the wild even when they haven’t been officially documented yet. But since different companies use different virus definitions for their heuristics, different antivirus programs will give false positives to different cracks.
If it’s only a few flags on VirusTotal, you’re likely going to be fine. It’s most likely a false positive from those antivirus programs.
what I want to stress out at this point is that due to the techniques required to crack a game (dll injection, ssl pinning bypass, syscall hooking and more) are used by malware
that though leaves you completely unaware if the crack is benign or not. It could be or it could be not. “but it worked fine for me” is also not a good enough pointer as it’s very common practice making the malware run only under certain conditions (after a month, only when the PC is idle or the screen is locked, or make it extremely lightweight - just upload all your browser cookies once a day
if you get hit by something like this there’s no going back. you need to format. there are very, VERY weird ways that a malware can replicate/hide itself to.
software has, is and always will be a game of trust. do you trust the cracker? or even the company that makes the software? and if so, why
I always suggest to never run cracks on a machine that is used to log into personal accounts
The only crack that I actually trust is mass grave (windows & office crack). It’s a powershell script so you can just read its source code
Also is good to point out that bigger AVs do have an incentive to fight back against cracks because they are funded by these larger companies that such cracks target, so many will try to discourage DRM cracking on purpose, if you've ever seen an AV program report back as
Crack
orKeygen
this is the reason why. They want to discourage this behavior though fear or annoyance.Thank you so much for explaining all of this! So, it's not an "exact" match for a virus, it's the "behaviour" of the Patch/Crack that makes the AV/Malware software "see" or "think" it's a Virus/Malware. That makes much more sense.
I've copied the link for the software with patch below. Wondershare UniConverter
At the bottom of the link, are the references from VirusTotals. I use Avast & Malwarebytes Pro and the report says Malwarebytes would catch and quarantine it. I guess a virus/malware to me is always a risk and I've had my system crashed in the past due to that and don't want a repeat. If you don't mind, I would like your opinion on whether to try it or not. Again, thanks so much for the explanation!