

How to crack my software and add a back door - raffi
http://blog.strategiccyber.com/2013/09/05/how-to-crack-cobalt-strike-and-backdoor-it/

======
readme
This is satire, right?

"A plaintext file requires a special tool, called a text editor, to change its
content."

"I recommend notepad.exe or pico. Linux hackers may use WINE to run
notepad.exe." [rofl]

EDIT: I think it's just the author's sense of humor, not actually satire.

~~~
NamTaf
Correct. Tongue was planted firmly in cheek of the authour when he wrote this.
It's great.

~~~
laurent123456
lol, not just wrote it but did it. The screenshot at the end is Notepad in
Linux.

------
dmayle
That's an interesting anti-pirating technique... Demonstrate how to crack your
own licensing, while at the same time adding a backdoor to make users conflate
the two. Obviously, all cracked versions of his software have backdoors in
them...

Except his attack is valid against all unsigned binaries... even his own. He
could be distributing a backdoor and not even be aware of it...

~~~
raffi
My startup creates software for use in penetration tests and red team
assessments. I distribute backdoors and I'm quite aware of it. :)

I wrote this post to show how to use my software to backdoor a pirated copy of
my software.

------
mcherm
That's brilliant. Make it as easy as possible for "cracked" versions of your
product to contain malicious back doors, thus encouraging people to avoid the
cracked copies and pay for a properly licensed one.

~~~
sytelus
Nope... If his target audience was supposed to be average consumer then may be
this will be an interesting move. But looks like his target audience is
sufficiently sophisticated users. Those people will now realize that it is
actually much easier to crack the trial software by themselves instead of
getting from elsewhere. BTW, this software cost couple of grands PER user PER
year. However I remain to be skeptical who wants this thing because (1) it
requires social engineering and (2) there are much better and powerful and
safer open source alternatives to run exploits.

~~~
raffi
(1) Social engineering is a key component of several high profile intrusions
that happen today. The best way to help an organization understand their
ability to detect, mitigate, and/or contain this type of attack is to do it.

[https://www.google.com/#q=phishing&tbm=nws](https://www.google.com/#q=phishing&tbm=nws)

(1a) Statements, such as "it requires social engineering" [it's not a valid
vector] represent a dated understanding of hacker tactics and part of my work
is to help folks with your view move their understanding forward. Usually the
conversation is not a response to an adversarial comment like yours.

Here are a few talks/papers that I recommend:

[http://blog.strategiccyber.com/2012/12/19/hacking-like-
apt/](http://blog.strategiccyber.com/2012/12/19/hacking-like-apt/)

(2) Cobalt Strike builds on something called the Metasploit Framework. The
Metasploit Framework is the largest open source collection of safe exploits.
My product addresses gaps in this kit for executing attacks that mimic those
high profile intrusions mentioned a moment ago. A successful operation
requires more than an email with something bad attached.

[http://blog.strategiccyber.com/2013/01/14/tactics-to-hack-
an...](http://blog.strategiccyber.com/2013/01/14/tactics-to-hack-an-
enterprise-network/)

(2a) Cobalt Strike's open source little sister is Armitage. A popular user
interface and collaboration tool for the aforementioned "better and powerful
and safer open source alternative to run exploits". I'm the developer of
Armitage as well.

[http://www.fastandeasyhacking.com/](http://www.fastandeasyhacking.com/)

------
ssafejava
This is really funny - but the content shows the author's dedication to
teaching (and learning) penetration techniques, even when it involves his own
software. I would imagine that losing potential customers isn't a concern
because the kind of people buying this software (generally) wouldn't run
pirated versions. So instead, it makes a cool demo. Very cool, raffi.

------
D9u
Good means of exercising damage control...

"The cracked versions are backdoored! Use official release to be safe."

~~~
kristofferR
Or "The cracked versions are backdoored! Use the official trial and crack it
using the method I supplied to be safe", if you can't afford the hefty $2500
price tag due to not being a professional hacker/pentester.

------
crazygringo
I've actually wondered if the cracked versions of Photoshop tend to have
backdoors... and with the recent articles on the NSA, if the NSA itself is
trying to put out the most popular cracked versions. I mean, if there's a
single piece of software that is more pirated, I don't know what it is. They
probably have more sophisticated ways, but you never know.

~~~
sixothree
Why bother with applications when you can have the OS?

------
x0054
That's why I am of a firm belief that if you are going to pirate software, at
least have the common decency to crack it your self and NOT REDISTRIBUTE.

On a side note I am amazed that more developers do not sign their own code
with checksums and alteration verification routines. Sign your software, then
do a runtime check if the code has been altered. If so, after few hours of
use, present the user with a nice message:

"Congratulations, you have a cracked copy of our software. We find it sad that
you did not want to buy it from us. It's possible that we may starve as a
result. In any case, we would like you to stop using this copy. To encourage
you to do so we are going to begin now uploading the contents of your hard
drive to our servers. You may stop this process at any time by closing the
program and removing it from your computer. Thank you."

~~~
rangibaby
This DRM just turns things into an arms race, and eventually makes your
software seem more and more like malware.

A non-game example off the top of my head is Milkshape 3d, a basic modelling
software that was popular in the early 00s because it had importers and
exporters for the games that were wildly popular then such as Counter-Strike.

The teenagers using it had no money to pay for the full version, so cracking
of it was rife. Eventually the "anti-piracy" mechanisms built into it by the
author got crazy enough that the program was essentially broken.

I can't really remember specifics, except that it crashed your computer (!) if
you tried to use a certain app-sniffing software.

~~~
anonymous
For a game example, google "starforce breaking dvd drives". The irony(?) here
being that an on-disc copy protection mechanism breaks your disc reader and
makes it impossible to play the game you bought.

------
rheide
This would seem like the perfect tactic if the software also has a quiet
phone-home system built in that contacts the author if the file checksums
don't match. I bet you could get interesting statistics on how many people
would try this method after publishing such an article.

------
shadowOfShadow
That entitled attitude of the complainer is so familiar. Hate that shit.

~~~
Shank
He writes software to demonstrate security flaws to a fairly niche market. I'd
say his actions are justified - he's just showing that it isn't safe at all to
download a cracked version of a pentesting software package.

~~~
jethro_tell
shadowOfShadow's wording is a little unclear, but I suspect he was talking
about the email exchange with a non customer complaining about lack of
support.

~~~
raffi
I read shadowOfShadow's comment the same way you do. (for others reading
this): in the comments section, I reproduce an exchange (anonymized, of
course) I had with someone complaining about my support--when they were trying
to install a cracked version of my software. This exchange is what led to the
blog post linked here.

~~~
valleyer
That user appears to claim he has a valid license to your software (third
e-mail). Is that wrong?

~~~
annnnd
He only has the license for a trial version.

------
enscr
What if the software requires an internet connection to dial back home &
verify the software authenticity .. say once every 30 days? Is that too
annoying for users?

~~~
Shank
I think it's quite obvious that the author is very well aware of how to
implement DRM in such a way that it can't be circumvented, but it easily
enters the territory of whether or not he would actually gain users from it.

Cobalt Strike isn't exactly a $100 copy of Office - potential users who are
going to use it to its full extent are going to be willing to pay the steep
cost of entry as it is.

In other words, while it would be possible to guard against piracy, the end
result wouldn't be more sales of Cobalt Strike.

~~~
enscr
Oh, I was asking that for my knowledge. Since you can easily patch all
licensing methods on a binary (I guess including checksums), the only way to
verify integrity is to compare it with a trusted copy at the authors home.

~~~
eru
Why don't you patch away that check?

------
nathell
shell.sl? Is this a dialect of Smalltalk?

~~~
VMG
It the authors own programming language, Sleep:
[http://sleep.dashnine.org/manual/](http://sleep.dashnine.org/manual/)

------
antocv
Why is he root on his own machine when he uses unzip?

I hope this is satire. "The unzip tool uses a sophisticated algorithm based on
LZ77 and Huffman coding". Oh wow. Who would have thought. " These files do not
represent the socio-economic status of the code." Oh.

Lame humor.

~~~
ssafejava
Obviously he's just joking, and most of the people in this thread got it. He's
not incompetent, he wrote both Armitage and Cobalt Strike, and the latter has
some really incredible features that are hard to find elsewhere. I'd say he
knows his way around a computer.

Snarking about why he's root when he runs unzip does not advance the
discussion and despite your efforts, it does not make you look smarter than
him.

~~~
antocv
It is just too lame humor, I wasnt criticizing or questioning the smarts of
the author.

If anything, Im critizing his writing style, the blog article is not fun to
read as it comes from a presumptions and arrogant/entitled position.

Or maybe its just me I dont see anything funny in that article, I just dont
find the poking at virtual Linux users and people interested in cracking from
a position of authority funny.

Effectively the entire article is making fun of hackers, people who are
curious how to break software and make it do unspecified things, people who
dare poke and dare crack. But its his software, so it is ok for him to make
fun of others right?

The cracking culture is many peoples first step into hacking and programming,
we wouldnt be here if all of us really payed for the stuff we used as kids.

~~~
ohashi
He's walking through how to crack his own software and you are complaining
that he is anti cracking culture? If this is your attempt at humor, it's
really failing.

