Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Security Programming

Would You Tell People How To Crack Your Software? 129

An anonymous reader writes "Fed up with piracy and the availability of cracked versions of his software, Cobalt Strike developer Raphael Mudge wrote a blog post telling people how to crack his software. Some gifts are poisoned, and Raphael goes into deep detail about how to backdoor his software and use it to distribute malware. Will this increase piracy of his software, or will it discourage would-be pirates from downloading cracked versions?"
This discussion has been archived. No new comments can be posted.

Would You Tell People How To Crack Your Software?

Comments Filter:
  • by amicusNYCL ( 1538833 ) on Friday September 06, 2013 @02:55PM (#44778479)

    There are also several .sl files. These are Sleep files. Sleep is a simple scripting language I’ve worked on since 2002. I write in Sleep because I’m very efficient with it.

    For the aspiring cracker, Sleep is a welcome sight. Its files do not ship in a compiled form. They’re available as plaintext inside of the application archive. A plaintext file requires a special tool, called a text editor, to change its content. I recommend notepad.exe or pico. Linux hackers may use WINE to run notepad.exe. Type:

    wine notepad.exe

    Well done, sir.

    • It's obvious why he is giving these directions - he is showing people how to add malware to his software so that any cracked software of his is suspect.

      • Re: (Score:2, Interesting)

        by sexconker ( 1179573 )

        It's obvious why he is giving these directions - he is showing people how to add malware to his software so that any cracked software of his is suspect.

        Anyone who could crack the software without his help would be fully capable of injecting malware into it.
        His instructions have no effect on the odds of malware being in the cracked copy you download. You'll still download from the first place that has a working release, and that'll still be from one of the "scene" groups, and it'll still be clean.

      • Re:Tongue in cheek (Score:4, Insightful)

        by girlintraining ( 1395911 ) on Friday September 06, 2013 @03:11PM (#44778679)

        All cracked software is suspect. But then, so's the unmodified software.

        But here's the thing... it's usually less risky than the DRM, phone home, internet activation required, now with extra advertisements hardcoded to a server... using internet explorer in a window with 'trusted' site permissions able to handout javascript-laden malware. Please. I'll take the pirate stuff any day of the week, because the groups that do it are small enough that reputation matters; It's their only currency.

        A large corporation can just claim "oh noes! piracy destroyed my business!" and get a fat handout and a pile of FBI agents with orders to beat people in their homes until money falls out. Reputation is not a concern for them. Ergo, neither is quality. Pirates on the other hand... release a single malware-infested item and the forums fill up with complaints, and that group never gets any respect again.

        Bittorrent also ensures, at the protocol level, that everything downloaded matches what was uploaded. http downloads are less secure. And digital signatures on executables, like what Microsoft does? It's been proven, many times over, that the only thing that means is you paid them a stipend to get a key. They don't check to see if what you made and signed is legit or not... and many antivirus/antimalware solutions, including Microsoft's own... will skip heuristic matching if the executable is signed.

        So really... you're less likely to get malware from a piece of pirated software off some torrent site than you are just browsing for porn. It's a grossly exaggerated threat. Just like what this guy is saying; "Here, hack my software!"

        Okay. Nice publicity stunt. Even Bill Gates said if you're gonna pirate, he hopes you'll pirate Microsoft... it's a sign of a software's usefulness.

        • Re:Tongue in cheek (Score:5, Insightful)

          by brit74 ( 831798 ) on Friday September 06, 2013 @03:37PM (#44778909)

          I'll take the pirate stuff any day of the week, because the groups that do it are small enough that reputation matters; It's their only currency.

          Yeah, because the *reputation* of the software companies doesn't matter at all. (roll eyes)

          A large corporation can just claim "oh noes! piracy destroyed my business!" and get a fat handout and a pile of FBI agents with orders to beat people in their homes until money falls out.

          What a load of crap. A fat handout? Do you have any clue at all what you're talking about? Prove it by showing some instances of the government giving money to companies because of claimed losses due to piracy. What a load of crap. I can't think of any companies that have made a bunch of money by "beating people in their homes until money falls out". You're seriously in fantasy land with this one. But, hey, whatever fantasy makes you feel good about pirating other people's hard work without paying a dime. You're a real hero. The world owes you everything for free.

          Pirates on the other hand... release a single malware-infested item and the forums fill up with complaints, and that group never gets any respect again.

          Yeah, because real companies can release a malware-infested piece of software and suffer no consequences. Give me a break.

          Bittorrent also ensures, at the protocol level, that everything downloaded matches what was uploaded.

          Oh, so if a malware infested piece of software is uploaded, Bittorrent will make sure you're downloading the same malware-infested software that someone uploaded? That's reassuring.

          Even Bill Gates said if you're gonna pirate, he hopes you'll pirate Microsoft... it's a sign of a software's usefulness.

          Bill Gates prefers you pirate his software over someone elses because it helps block other people out of the market. If you're trained on Microsoft software, you're more likely to buy it in the future than if you learned some other piece of software. It's good for blocking other people out of the market (and it's most useful if you're a monopoly or nearly a monopoly) because if helps prevent other companies from getting a foot in the door.

          • Re: (Score:1, Troll)

            Yeah, because the *reputation* of the software companies doesn't matter at all. (roll eyes)

            Not when you can just buy it with a marketing campaign it doesn't. Or do you think they spend tens of millions because they like hearing the sound of their voice?

            What a load of crap. A fat handout? Do you have any clue at all what you're talking about?

            Living under a rock and missed the Too big to fail [wikipedia.org] fiasco that landed our economy in the longest recession in US history?

            rove it by showing some instances of the government giving money to companies because of claimed losses due to piracy.

            Check [wikipedia.org].

            I can't think of any companies that have made a bunch of money by "beating people in their homes until money falls out".

            You need to think harder [publicserviceeurope.com]. But snark aside... There was that raid in Guatemala [businessinsider.com], and this one in George Town [thestar.com.my], and oh hey look... here's an article in Business Week [businessweek.com] offering advice because it happens so often CEOs need to be

          • by PhxBlue ( 562201 )

            Yeah, because the *reputation* of the software companies doesn't matter at all. (roll eyes)

            Sometimes the pirate group's reputation is better than the software company's.

          • I'll take the pirate stuff any day of the week, because the groups that do it are small enough that reputation matters; It's their only currency.

            Yeah, because the *reputation* of the software companies doesn't matter at all. (roll eyes)

            Obviously you aren't familiar with EA.

          • "Yeah, because real companies can release a malware-infested piece of software and suffer no consequences. Give me a break."

            Sony rootkit. You are wrong.
          • I'll take the pirate stuff any day of the week, because the groups that do it are small enough that reputation matters; It's their only currency.

            Yeah, because the *reputation* of the software companies doesn't matter at all. (roll eyes)

            Why do you roll your eyes? Do you not understand what critical mass is? If you're a large publishing house you end up making money regardless of what your reputation is by buying out others and screwing the users, who somehow happily give you more money. Here's a challenge, find someone with something positive to say about EA games, then look at the profit they are making from epic fails like SimCity.

            Now compare that to a small group of crackers. If Skidrow suddenly became a name associated with malware tha

        • Re:Tongue in cheek (Score:5, Insightful)

          by amicusNYCL ( 1538833 ) on Friday September 06, 2013 @05:38PM (#44779747)

          So really... you're less likely to get malware from a piece of pirated software off some torrent site than you are just browsing for porn. It's a grossly exaggerated threat.

          I'm not so sure about that. I watch a lot of porn.

          Even so, regardless of how likely it is, when you're downloading pirated software you are basically executing unknown code from an unknown source. Porn infections at least require a vulnerability to exploit. Hell, the very nature of pirated software means that it has been modified with unknown code by someone with no accountability who is demonstrably willing to break the law. There are plenty of shady actors who see warez as a legitimate infection vector and wouldn't think twice about wrapping a popular application up with a nice payload and distributing it across their botnet to make it look like it has 100 different seeders.

          • Re:Tongue in cheek (Score:4, Insightful)

            by girlintraining ( 1395911 ) on Friday September 06, 2013 @06:21PM (#44780043)

            Even so, regardless of how likely it is, when you're downloading pirated software you are basically executing unknown code from an unknown source.

            The same can be said of any compiled, closed-source code. And corporations in the past have intentionally placed malware onto their official distributions; Such as the sony rootkit fiasco. Trusting someone just because they wear a suit and say they're your friend isn't much of a guarantee.

            ...been modified with unknown code by someone with no accountability who is demonstrably willing to break the law.

            There's very little accountability to corporations anymore these days. Class action lawsuits were thrown away. The average person doesn't have any real access to the courts -- it's a David v. Goliath situation. And new laws are passed limiting liability all the time. Massive oil spill? We'll fine you a day's wages. Banks too big to fail? Too big to jail too. And saying that someone's untrustworthy because they break the law is a questionable stance to take at best;

            You ever speed in your car? Ever j-walk? The laws are so terribly complex that you can rest assured you're a criminal. The only person who didn't commit a felony this week is the guy in a coma in the hospital. There are laws on the book that say that eating a salmon that's too long is a felony. There's laws saying you can't violate the laws "of any other country". Even the crazy ones. Even the ones we're currently bombing. And just in IT, there's the computer fraud and abuse act, that is so vaguely worded that basically touching a computer could constitute 'unauthorized access'. People have gone to jail... for providing a URL to a website under that. So if you want to say "willing to break the law" means anything... okay then, but it doesn't count for anything to me or for most people. We're all criminals... it's just not all of us have been caught yet. And if that's not enough evidence for you... consider that we have the highest rate of incarceration of any country on Earth, we lead by almost double per capita, and that margin is growing. And it disproportionately affects the poor and non-whites.

            here are plenty of shady actors who see warez as a legitimate infection vector and wouldn't think twice about wrapping a popular application up with a nice payload and distributing it across their botnet to make it look like it has 100 different seeders.

            Perhaps. But many bittorrent sites have reputation services; And people talk to each other. Read the comments. Watch the forums. Yes, it requires a little more work -- and that doesn't mean someone can't still pull one over on you. But I've never downloaded a piece of software from a torrent site that ever turned a positive; and I scan everything. I go back and scan it months later... and I have a variety of IDS systems, firewalls, etc., to monitor for rogue traffic. If they ever did put a bot dropper into a package I downloaded... it's never talked to anything on the internet. Or tried.

            I can't say the same for a default install of Windows XP or Windows 7.

            • The same can be said of any compiled, closed-source code. And corporations in the past have intentionally placed malware onto their official distributions; Such as the sony rootkit fiasco. Trusting someone just because they wear a suit and say they're your friend isn't much of a guarantee.

              It's not because of what they wear or how they act, it's because of accountability. I know who they are, and I can point at them and lay the blame and responsibility at their feet. Not that that ever stopped a corporation, but you get my point.

              The laws are so terribly complex that you can rest assured you're a criminal.

              I know that I'm a criminal. I know that because I have been charged and convicted of a crime, and have seen the inside of a jail. I can't charge or convict someone whose name I don't know who deliberately made an attempt to damage my computer or data. If a compan

            • To add to that, here's the difference between people like us, and other people. I ran Windows XP for many years. I did so without any sort of malware protection software or scanner, and I didn't get infected (I know what you're thinking, and hold that thought). The one infection I had to clean up on that computer happened when my roommate decided to use IE on it to browse for porn. Cleaning up that infection revealed that it was in fact the only infection on the machine, and the only way it got there wa

              • With one or two small/inexpensive exceptions the last time I paid for software was in the 90s and I possess quite a bit of the stuff. Gotta fill up my 23 TB of hard drive space with something after all.

                If we are relying on virus scans as you do then I have only been infected with viruses maybe once in the past 15-20 years IIRC from USB keys and internet cafes. The negative results from these viruses have been exactly zero. Nothing bad happened to me. Despite what you think torrenting software does not mean

        • by HiThere ( 15173 )

          I think you overstate a basically correct case. I doubt that commercial software is, on the average, less reliable that pirated software. Less useful seems more frequently to be the correct statement, if I judge things correctly.

          OTOH, as I use FOSS software almost entirely, this is a judgement formed by reading posts on places like Slashdot. So YMMV.

        • Actually, porn is not that dangerous, there was even an article on slashdot about it some months ago.

          Cracks are VERY often laden with crap though.
          Even if they aren't, they often perform dirty stuff to your system which opens up opportunities for other crap to get in.

        • by tlhIngan ( 30335 )

          I'll take the pirate stuff any day of the week, because the groups that do it are small enough that reputation matters; It's their only currency.

          And the problem is... lots of people release crap credited to "good" groups.

          Unless you've got access to the release servers, you're getting it through a third party. You can name any pirate group and I can show you malware laden versions of their stuff as third parties decided to wrap the crap in other stuff. Or better yet, fake releases claimed to be by pirate gro

      • by johanw ( 1001493 )

        And even better, his instructions are sufficient to make people crack the trial version themselves. Then they can be sure there are no additional backdoors in it than those that might already be in there.

        Considering the probable userbase of the software (penetration testers), this shoudn't be too difficult for most users.

        • Considering the probable userbase of the software (penetration testers), this shoudn't be too difficult for most users.

          You would think, but never underestimate stupidity or laziness. He posted a comment on his article with an email that he received from someone with broken English who was asking him how to extract an archive that contained a space in the filename (cobaltstrike-Cracked-For BackTrack.tgz). Why ask the author of the software he's pirating instead of searching for the syntax online? Because that's how smart he is.

          • If they are that stupid then they won't be able crack his software even with his jokey instructions about using Wine to run Notepad in Linux. He would have to provide exact instructions and he simply does not do that. When it comes to the criticial part of exactly what lines of code to modify and an example of something to modify it to he gets all vague. This is just a publicity stunt from a coward. If he had any balls he would have posted exactly how to crack the software as simply and easily as possible w

  • by Assmasher ( 456699 ) on Friday September 06, 2013 @02:59PM (#44778533) Journal

    ...and laughing at the technically clueless who think he's being serious.

    Well done by the way.

    • by Jane Q. Public ( 1010737 ) on Friday September 06, 2013 @03:27PM (#44778809)

      "He's clearly joking around... and laughing at the technically clueless who think he's being serious."

      True. But even if you ignore that, I think the Slashdotters here who thought he was serious have missed the big point.

      If you sell your software for $2500 for limited-time use, your software is going to get cracked. Period.

      Study after study after study, for at least the last 13 years, have shown that if users think your software is is both useful and reasonably priced, it will sell. End of story. Yes, there will be downloading but that would happen anyway.

      Bottom line: downloading (Not "piracy". Downloading is not piracy.) is simply not a real, significant problem. It is BLAMED for problems, by copyright trolls and programmers who overvalue their product. But it has never proven to really, significantly, affect the bottom line for what the market thinks is useful, reasonably priced software. If anything, it has shown to lead to more sales.

      • Especially something written in Java.

        A good obfuscator can make this more difficult, but a determined cracker will always find a way.

      • It only takes one technically competent user with a chip on their shoulder, or who believes they are sticking it to the man/men not living in their parents' basement at age 42, or thinks one dollar is too high, and it's out on the torrents. This is without even considering others who will crack software and install malware because a botnet actually brings in money for them. So thanks much to all the pirated software dowloaders, you're part of why the internet is a spammy sewer and sites can be held hostage

        • Considering that you don't even know what"piracy" really is (maybe look it up? hint: it's a legal term over 100 years old) should we pay attention?

          What, you thought people who know their shit don't pay attention?
        • Do you run Windows? Ever? At all? Then WAKE UP! You are also part of the botnet. Welcome. Come on in. The water's fine. There is nothing you can do about it because none of the detection software will detect the really good stuff. If' it's detectable then it's avoidable. I would guess that non-pirates make up a larger percentage of the botnet than pirates. It's that false sense of security that does you in.

          Do you run an executable whitelisting application [faronics.com]? Sandboxie? Do you ever allow javascript or flash t

      • >If you sell your software for $2500 for limited-time use, your software is going to get cracked. Period.

        Especially a security software suite written by a cyber security company based out of Washington DC selling their software for 2500$ a pop. It makes you wonder who their customers are, and who they are beholden to. I wouldn't touch this software with a 10 foot pole. And jumpin' joe, that unprofessional website. I can't decide if this guy is an NSA mole that sells snake oil to corporate IT depart

        • The site is advertising more about what it can do after the machines are infected than what kind of real testing it can do. It kinda seems more oriented towards criminals.
          • Exactly, hence my distrust and survey of the maker's motives.

            No corporation in their right might would use this particular junk.

        • No dispute here, though that wan't my point.
  • by Valdrax ( 32670 ) on Friday September 06, 2013 @03:00PM (#44778553)

    Telling people how to "crack" your software and add malware is a great idea for poisoning the well on cracked copies and a wonderfully spiteful bit of snark, but he takes it a bit too far by telling people how to give themselves a free license with simple tools using clean version from his own site, at which point they are totally free to stop. (Oh, it's a violation of your license, he points out, but what pirate cares?)

    I mean, if this involved something that could more properly be termed an exploit than a simple config file change, that would raise the bar to something that only scary "hackers" can do, leaving you at their unethical mercies if you get a cracked version, but this is kind of shooting himself in the foot.

    • This is penetration testing software, isn't it? There's no way it could be that simple, could it?

      • by Zironic ( 1112127 ) on Friday September 06, 2013 @03:14PM (#44778709)

        It probably is that simple for a very simple reason. His target audience isn't really poor kids that just want to try out hacking, he's selling the licences for 2.5k a pop/year so he's obviously targeting companies, companies that would rather not crack the copies regardless of how easy it is because of legal liabilities.

      • This is penetration testing software, isn't it? There's no way it could be that simple, could it?

        Dunno, but as soon as I get home and fire up the VM, I'll find out!

    • by h4rr4r ( 612664 )

      A better idea would be to put it on pirate sites yourself. Just after X playtime break the game. Make sure your version and the real hacked one are the same size and name it something silly like GAMEZ RAZR 1912 H4)(0R cracked.

      A great idea might be to corrupt save games after some point. Let them get halfway into it then corrupt all save games. Make sure your support team knows you are doing this and corrupt all the files in some very obvious way like changing them text files about the harm piracy does to ga

      • by johanw ( 1001493 )

        Psst, this is software for penetration tests, not a game.

        • by h4rr4r ( 612664 )

          So make it show a bunch vulns that don't exist and leave out the ones that do. Only have having been used some amount of time though.

          You are not supposed to read the article, real slashdot pros don't even read the summary.

        • by Seumas ( 6865 )

          You can't blame him. At first glance, it looks like a game and it sounds like a game. Even after reading some of the text, I wasn't sure if it was an actual pentest suite or if it was meant as a "visual simulation of pentesting". That is, for a minute, I thought the guy was selling a sort of pre-packaged solution for filmmakers that wanted to have a 31337 hax0r interface tos how on a computer in their movies.

      • by Valdrax ( 32670 )

        A great idea might be to corrupt save games after some point. Let them get halfway into it then corrupt all save games. Make sure your support team knows you are doing this and corrupt all the files in some very obvious way like changing them text files about the harm piracy does to gaming.

        Oh, you mean like EarthBound did? [starmen.net] It did all that and so much more: Nag screens, unbearable enemy encounter levels, and after slogging through the whole game it freezes at the final boss and deletes your save too. Epic spite.

        Here's a few of the funnier ones. [ign.com] And then there's the supremely ironic one that Game Dev Tycoon [ign.com] added.

        • by h4rr4r ( 612664 )

          Exactly like that. If you are going to delete saves, delete all of them. I would not be above suggesting encrypting all the saves for the game and offering to unlock them for the cost of the game new.

          Pirate Congrats on making to the final boss, all your saves have been encrypted. To get the key you must go buy a copy of this game and enter its activation code into our website.

          • You really think a pirate is going to pay anything to a developer that treats him like that? He's going to say, "Fuck me? Well fuck you!" and then download the genuinely cracked version that he should have known to download in the first place because it was uploaded by someone with a skull and has 2500 seeders instead of just 3.

      • A great idea might be to corrupt save games after some point. Let them get halfway into it then corrupt all save games.

        And then these people will post on forums about how buggy the game is which will put off legitimate buyers who will wait for these pseudo-bugs to be fixed. Or would you be expecting the legitimate buyers to know that you are just playing a prank that you cannot tell them about because then the crackers could remove it?

  • by stewsters ( 1406737 ) on Friday September 06, 2013 @03:01PM (#44778559)
    He's doing this to raise attention. For every 10 people who pirate it, someone will actually buy it.
    • Exactly, for every 10 IT people that crack it and use it on their own time, a hand full will be impressed by it and have their own company buy it. The rest are people that would have pirated it any way.
    • He's doing this to raise attention. For every 10 people who pirate it, someone will actually buy it.

      Anyone who would pirate it wouldn't actually buy it anyway -- this is corporation-grade penetration testing software. The ne'er do wells have already cracked it without his help, and anyone else who would have a use for it would have no incentive to crack it.

      Providing the source code so that testers can verify what it does is useful though. Looks like you don't have to "crack" anything to find the scripts though.

      So you're right -- this generates visibility with pretty much no downside to the author.

      • by Seumas ( 6865 )

        Then why not offer a free or steeply discounted personal license and then a commercial license?

      • this is corporation-grade penetration testing software.

        The website makes it look like a mild-moderate joke.

    • by Seumas ( 6865 )

      If he really wants to get more people to buy his software, he should sell it on his website.

      I know it really pisses *me* off when I want to go to a site and buy a piece of software and not only don't they give me an option for it, but they make me fill out a form, email them, and wait around for a response to even get a price. Is it any wonder there might be a chunk of people who say "fuck it, I'll just go download it and use it immediately", when you put hurdles up and can't even tell someone the price up

  • All anyone has to do is go to the pirate bay and look for a green/purple skull to ensure with 99.99999% certainty they're getting a clean version.
    I have never in my decades of downloading shit ended up with a copy of something that had malware injected into it, despite MS's constant warnings.

    • by h4rr4r ( 612664 )

      Sure, which is why what he needs to do is get a pirate version he made on those sites. Keep uploading it with slightly different names and sizes. Make it corrupt saves after X time, or crash to the desktop or if the user is running as admin uninstall itself. Nothing malicious to the machine in general just really annoying. Hell, just have the sounds randomly change to "STOP pirating my games, I need the money to eat". Stuff like that would be way better.

  • I've never heard of it, but I'm not a security guru. I think I'd take the software a little more seriously if it didn't have overly eager anime guy on the front page:

    http://www.advancedpentest.com/ [advancedpentest.com]
  • by TheP4st ( 1164315 ) on Friday September 06, 2013 @03:05PM (#44778615)
    This is what I got when I went to download the trial of Cobalt Strike:

    Due to United States export control requirements, we can not make Cobalt Strike available for download to your country yet. Please accept our apologies--we're very actively working on this.

    IIt's likely that a fair amount of those using cracked versions are doing so as they cannot get a legitimate copy without jumping through hoops and potentially end up on all kinds of watchlists in the process, that make his move of detailing on how to backdoor the software for malware distribution a bit of an asshat move.

    • by hAckz0r ( 989977 )

      IIt's likely that a fair amount of those using cracked versions are doing so as they cannot get a legitimate copy without jumping through hoops and potentially end up on all kinds of watchlists in the process, that make his move of detailing on how to backdoor the software for malware distribution a bit of an asshat move.

      <tin-foil-hat>
      Then perhaps it just the NSA trying to disguise their exported flavour of software in a form that foreigners actually want?
      Oh, who's that knocking...
      </tin-foil-

  • by mlts ( 1038732 ) * on Friday September 06, 2013 @03:06PM (#44778635)

    I believe in having a relatively small speed bump and keeping DRM to a minimum. For an application, just enough to make keygens [1] useless and require the app's executable to be patched, even if it is just a simple item that gets commented out. This breaks the signature of the program, and anyone pirating it will be at obvious risk of an added payload.

    For games, I'd just have a multiplayer mode/library for easily downloaded levels/maps/etc. To access it, a valid key is needed and if two keys (assuming each key is one license) are used, the newer one will not be allowed on. Since this is handled by the server, modified clients are not an issue. Yes, one can always mirror/emulate the server's functionality, but it is a big enough barrier to get people to consider buying a key. Closest game to this was Neverwinter 1 which ditched the CD protection fairly early on.

    [1]: Embed a public key in the program, and the key would include the licensing info with a netpgp signature.

    • For games, I'd just have a multiplayer mode

      I don't see how that'd help. People would just plug two to four USB gamepads into an Internet-disconnected PC and play on one screen, like in puzzle games, fighting games, and puzzle fighting games. Windows has supported USB HID gamepads since Windows 98 and Xbox 360 controllers since a Windows XP service pack.

      To access it, a valid key is needed and if two keys (assuming each key is one license) are used, the newer one will not be allowed on.

      Which breaks with multiple gamers in one household [cracked.com].

  • Nice to meet again. My name is XKeyscore.
  • Patching the software's backdoor would be lots easier than cracking it.
  • For money? sure
    For honor? Are you kidding?

    • by tepples ( 727027 )

      For money? sure

      For enough money, hell, I'd release the software under a copyleft license. Then people can hack and crack on it to their heart's content. Compare to how the Free version of Blender was crowdfunded.

  • The top button is buttoned, but the other two are loose and yet... the buttons are still in there. What's up with that? I don't read anime/manga. Is it a common visual metaphor or something?

  • Telling would-be crackers to use notepad.exe with WINE under Linux?

    OK, I get the joke now.

  • by Anonymous Coward

    He's describing how to do two things in this blog post:

    1. "crack" the Cobalt Strike software using sophisticated tools like "unzip" and "notepad". Or "wine notepad" for the elite Linux hackers.

    2. Insert malware into the package, malware generated by Cobalt Strike

    This is a joke (and advertisement for the product), and a clever one at that. Leave it to the /. editors to completely miss the point.

  • Comment removed based on user account deletion
  • by Anonymous Coward

    This reminds me of something a few authors were doing back in the day before ebooks and readers were popular and cheap. (And maybe still are doing, for all I know.) To discourage the proliferation of unauthorized e-copies, they'd seed sites with their own, modified copies. The books would read fine for the first couple of chapters then slowly disintegrate into meaningless noise by the end. The assumption was that a thus-frustrated reader would go to a legitimate site to buy a clean copy, rather than r

  • Will this increase piracy of his software, or will it discourage would-be pirates from downloading cracked versions?"

    You're not using that word correctly.

  • ...about writing software, that is. Or it's either people write very bad software, that it could be broken. When I put up one, i do not expect it to be broken.

  • Won't these backdoors and malware exploits hurt his paying customers too?

    • Oh, never mind, these instructions are intended to demonstrate how easy it is to make pirated versions with malware in them, thus discouraging people from downloading them.

      Yeah, that's not going to work. The average user of cracked software is less security-conscious than a chipmunk. Appealing to their paranoia is a hopeless endeavor.

  • "Please don't rob us at gunpoint"; Someone might have planted die packs in the money stash.

    Here's how you can sneak into our safe and plant some die packs: the combination is 9642 to the left; 2209 to the right; 822 to the left; 4991 to the right; 6133 to the left; 1273 to the right; 4155 to the left; 3701 to the right; 9812 to the left; 422 to the right; then turn left back to 7111, and open the door

  • Raphael Mudge demonstrates the time-honored Lucrezia Borgia school of business management.

Don't tell me how hard you work. Tell me how much you get done. -- James J. Ling

Working...