that being good at your job doesn’t define you. it’s not a “trait”, it’s not a label. sometimes you’re good, sometimes you’re bad and sometimes you just are.

it’s just a job after all and a job should never be more than that: just a job

wait till you start the deep dives - it just gets better and better

rock and stone to the bone

it’s mainly text chat but it’s a ton of fun with friends (where i imagine you’d like voice chat)

rock and stone brother!

I’ll put my vote to Deep Rock Galactic for online. It’s a game (that you MUST check out) with one of the most wholesome communities ever. Most people are super nice in the chat and I’ve made a friend or two (for me that’s a lot - I’m extremely picky cause I feel very nice with the amount of friends I have already)

lol forgot to mention torrentio, the most crucial part of the recipe 😂

it just downloads the torrents in real time for you and gives you a single link. It removes all the torrent quirks - except of course of the fact that you need seeders and the download speed depends on them.

Why is nobody talking about stremio? The user interface and experience is very close to netflix (better at times) but it plays torrents instead.

If you pair it with a real-debrid subscription after you first try it solo it takes it to the next level.

It’s just amazing

And you don’t have to buy anything. Stremio can be installed on your firetv stick

EDIT: forgot to mention that you need the torrentio or torrrentio lite add on for stremio.

what I want to stress out at this point is that due to the techniques required to crack a game (dll injection, ssl pinning bypass, syscall hooking and more) are used by malware

that though leaves you completely unaware if the crack is benign or not. It could be or it could be not. “but it worked fine for me” is also not a good enough pointer as it’s very common practice making the malware run only under certain conditions (after a month, only when the PC is idle or the screen is locked, or make it extremely lightweight - just upload all your browser cookies once a day

if you get hit by something like this there’s no going back. you need to format. there are very, VERY weird ways that a malware can replicate/hide itself to.

software has, is and always will be a game of trust. do you trust the cracker? or even the company that makes the software? and if so, why

I always suggest to never run cracks on a machine that is used to log into personal accounts

The only crack that I actually trust is mass grave (windows & office crack). It’s a powershell script so you can just read its source code

there really is no way to know if you’ve got a virus. it doesn’t take a lot of time to develop a malware that is undetectable, especially if you target something very specific and make it be patient about it. e.g. wait a month, snatch all the browser cookies and send them to a server hosted on azure.

or every so often snatch the clipboard

there are a lot of ways to be very silent

I highly suggest you don’t use the pc you run the pirated games on for anything critical

background: I crack stuff as a hobby (never published anything), used to be a security engineer, programmer by hobby

to me too please

I don’t know if the graphic refers to the current floods in Greece, Libya and Morocco but it’s almost too relevant

I live in Greece and I’ve been cut off from the rest of the country because the roads (and the villages of course) are completely flooded

ok so first of all you need to know programming. nothing crazy but you should definitely know what a “function” “loop” or “variable” is and some basic HTTP knowledge (what is an HTTP reuest, what’s a header, etc.).

now, your target is to bypass the license check. there are many ways to go about that:

• the web way: intercept the traffic between the app and the server. maybe the app tells the server “am i licensed” and the server responds “no” and if you just change that you’re golden. to intercept traffic the golden standard is “burp proxy”
• the exported function way: I’m sure that you’ve seen that all the apps that you install come with various dlls. these are “libraries” which means that they’re a bunch of functions in a package. most times they also include the name of their functions and more often than not you’ll find a “is_user_licensed” that returns a 0 or a 1. hooking that to return 1 will hand you a win
• the exe exported function way: same as the above but the function lives inside the exe. BTW exes are exactly the same as a DLL (and you can actually execute a dll or import functions from an exe!)

you can find any function that gets called and has a name (the names are called “symbols”) using frida-trace

afterwards you can write a frida script (javascript) that either replaces the entire function or append/prepend code to it. most times you want to append code that just returns a value as to not mess with the programs internals

if you have a .net app though the whole process is WAY easier as you can read all the code of the app using a decompiler - dnspyex is the gold standard

of course not all apps are that easy to crack. it’s more of a time/mind game and less of a skill one. sure, you get much more efficient and the solutions start to “smell”, but trying to crack an app that has stripped symbols (no function names) and everything is statically compiled (all the dlls are shoved into the exe to make it harder for us) can make your life much more difficult

since this is a “starter guide” i’m gonna leave anti-reverse, anti-debug and obfuscation completely out of the discussion. unless you get a moderately good grasp what the above terms mean, don’t bother

I also didn’t talk about actual reversing with a debugger/decompiler/disassembler as I think that it’s better to find out about them as-you-go. don’t start from that. it’s intimidating

Don’t get intimidated. You’ve got it. Remember that it’s not about skill (ok don’t go cracking IDA Pro or denuvo), it’s about patience and methodology As the hacker say: Try harder and happy hacking 🙂

NOTE0: ALWAYS ask chatGPT stuff. if it refuses to answer put the question in the context of “malware research” NOTE1: I think that someone somewhere may have told me that a very popular app owned by dickheads used in the 3d printing community is a very good starting point 😀 NOTE2: You’re more than welcome to ask anything - PMs or otherwise

EDIT: I forgot to mention reversing divas: since this is such a niche thing to do and you spend your life away from grass, some people involved are in the mindset of “this is not for everyone, you’re stupid and you can’t do it, etc”. Fuckem

same with china

unfortunately I’ve not released any crack and the reason behind it is that I develop them in a way that you can read what they do (which function they hook, what do they expect and more) using https://frida.re so the crack ends being a javascript file that is run through a power shell script. so no “copy this dll” or “disable your antivirus” - super clean and you can always see what the crack does. my base is ALWAYS that you download and install the app from the manufacturer

due to that though I “can’t” release the scripts to the public as:

1. I’ll go to jail
2. the companies will start to implement anti-cracking measures as I give them exactly the way I crack their app on a silver platter

We are in the era that other than games, the companies have not yet caught up with anti-cracking techniques. I crack shit as a hobby and everything is fun and challenging until you start to mess with games. It’s insanely difficult, a CONSTANT cat n mouse run and sooooo damn time consuming

I have the hobby of cracking stuff like that (but mainly windows apps to tell you the truth) and there are many-ish people out there with the same hobby. search around a bit and google stuff like “Spotify Car Thing github” or “Spotify Thing bypass” or jailbreak. Heavily rely on github and russian forums. Also random small blogs

If you’re so determined though and nobody else has done it and you’re fine not using it for 3+ months, there’s a very slim chance that I could find the time to bypass it

EDIT: Yeap it’s cracked and it’s easy too

what’s rd?

as more people use a software it’s not easier to find exploits but much more profitable - and you see that propagate, as in:

• More people start to use a software
• Inevitably it gets hacked - by a kid most probably
• The company starts panicking due to bad press
• They start fixing the security bugs
• (some years pass)
• Now its quite difficult to find exploit as many security bugs have been fixed
• Exploit prices skyrocket since it would affect many users and it’s difficult to develop
• Bug bounty skyrockets since the exploits are so pricey

Now the last 2 steps tend to cycle since the security of the product fluctuates

Now the above have nothing to do with “residual” products - such as custom roms. And actually, you have so many deeply specialized people around the main product that finding a bug and developing an exploit on the residual is just a matter of “who the fuck cares”.

So you’re basing your security of your phone on “care”, also known as security through obscurity (some times at least).

Another example of “who cares” security is libreoffice. When I started as a security engineer the veteran (and boss) referred to it as training material to find security bugs. I found some, but who cares? Ain’t nobody gonna pay for them as “nobody” uses the software (keep in mind that we’re referring to millions of daily users rather than thousands per month)

Sorry for sheet! ❤️ Be safe and use a password manager

hmmm depends on the phone and what you mean difficult. If you’ve managed to format a computer you’ll be fine. If you’re having trouble downloading chrome or office, maybe think about it again - I’m not saying you shouldn’t try or learn (everybody can learn), Im just saying that it will require an amount of time that I imagine would be uncomfortable to a user that don’t wanna bother downloading a program.

Not all people enjoy computers!