Top cracking software methods and piracy groups

A report by V.i. Labs revealed the top methods used for cracking software and the top piracy groups responsible. The report is the first in a series of forthcoming research and is focused on a specific sector of the software market: high-value applications with an average value of more than $4,000 USD per seat.

The findings revealed that the piracy groups and the reverse engineering talent they recruit can tamper with a variety of hardware and software based licensing systems to enable overt piracy. In addition:

• Tampering or bypassing the embedded license enforcement is a key enabler of piracy.
• Acresso (formerly Macrovision) is still the predominant system used by high value software vendors. In this sample of 83 releases, 73 percent, or 60 releases, used a version of the Acresso FLEXnet licensing system.
• The top five piracy groups (out of 212) contributed 59 percent of the cracked releases in the research sample. The top five most active groups in this sample were Lz0 (Linear Zero), NULL, Shooters, LND (Legends Never Die) and Magnitude.
• Strengthening licensing using hardware dongles or tamper resistant licensing may be useful for preventing overuse within a licensed customer environment, but it should not be viewed as a defense against overt piracy.
• When vulnerabilities or “key maker” approaches were not possible, the groups resorted to binary patches that successfully modified or bypassed the license enforcement process within the application files.

All the piracy software releases provided a valid crack mechanism or approach to tamper with license enforcement and enable illegal use. However, there was a great range in terms of how well documented the cracks were and the level of expertise required to configure the crack.

Three general approaches were visible in the application sample:

Binary patches, which accounted for 52 percent of the cracked releases. A binary patch is achieved by patching installed application files or replacing the application with modified versions provided within the crack distribution.

The Key Maker approach was used in 36 percent of the releases. A key maker approach is based on a successful reverse engineering process performed by the cracking community. The process is able to recover the vendor seed data and algorithms used by the application to verify and enforce the license.

Vulnerability, a general class of crack approaches that does not require tampering of the software, accounted for 12 percent of the cracked releases. This approach relies on vulnerabilities in the licensing system implementation to bypass enforcement.

To support this analysis, V.i. Labs identified and obtained crack releases of high-value software from piracy top sites, mid-tier piracy distribution channels and individuals advertising applications for sale.

These applications traditionally contain significant intellectual property and provide solutions and functionality in Architecture Engineering and Construction (AEC), Computer Aided Design (CAD), Computer Aided Machine (CAM), Computer Aided Engineering (CAE), Electronic Design Automation (EDA), Product Lifecycle Management (PLM), and other specialized engineering and scientific modeling and analysis.