Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Would You Tell People How To Crack Your Software?

Soulskill posted about a year ago | from the best-defense-is-a-terrible-defense dept.

Security 129

An anonymous reader writes "Fed up with piracy and the availability of cracked versions of his software, Cobalt Strike developer Raphael Mudge wrote a blog post telling people how to crack his software. Some gifts are poisoned, and Raphael goes into deep detail about how to backdoor his software and use it to distribute malware. Will this increase piracy of his software, or will it discourage would-be pirates from downloading cracked versions?"

cancel ×

129 comments

Sorry! There are no comments related to the filter you selected.

Would I? (-1)

Anonymous Coward | about a year ago | (#44778465)

No.

You can't stop them but that doesn't mean you shouldn't make them earn it.

All Hail Lord OBAMA the lightbringer! (-1, Troll)

Anonymous Coward | about a year ago | (#44778467)

http://www.theblaze.com/stories/2013/09/06/u-s-unemployment-nuges-down-slightly/

"Latest Unemployment Numbers Reveal Something We Haven’t Seen Since ’78

“The civilian labor force participation rate edged down to 63.2 percent in August,” the report adds.

In fact, and this is worth noting, the last time the labor force participation rate was this low was in August 1978:"

Aren't you douchebags proud of your socialist masters, they have their BEST MEN on this whole economy thing you know.

Now get back in line for your unemployment checks drones.

It's all BOOSHES FAULT you know.

Tongue in cheek (5, Funny)

amicusNYCL (1538833) | about a year ago | (#44778479)

There are also several .sl files. These are Sleep files. Sleep is a simple scripting language I’ve worked on since 2002. I write in Sleep because I’m very efficient with it.

For the aspiring cracker, Sleep is a welcome sight. Its files do not ship in a compiled form. They’re available as plaintext inside of the application archive. A plaintext file requires a special tool, called a text editor, to change its content. I recommend notepad.exe or pico. Linux hackers may use WINE to run notepad.exe. Type:

wine notepad.exe

Well done, sir.

Re:Tongue in cheek (2)

amicusNYCL (1538833) | about a year ago | (#44778499)

It's obvious why he is giving these directions - he is showing people how to add malware to his software so that any cracked software of his is suspect.

Re:Tongue in cheek (2, Interesting)

sexconker (1179573) | about a year ago | (#44778591)

It's obvious why he is giving these directions - he is showing people how to add malware to his software so that any cracked software of his is suspect.

Anyone who could crack the software without his help would be fully capable of injecting malware into it.
His instructions have no effect on the odds of malware being in the cracked copy you download. You'll still download from the first place that has a working release, and that'll still be from one of the "scene" groups, and it'll still be clean.

Re:Tongue in cheek (4, Insightful)

retchdog (1319261) | about a year ago | (#44779607)

Yes, obviously.

The point is to make that possibility crystal clear to end-users to influence them to use the legit version. As such, this is basically a humorously self-deprecating form of FUD.

Re:Tongue in cheek (0)

Anonymous Coward | about a year ago | (#44778631)

That's just a waste of time. I consider all cracked software suspect, but that doesn't prevent me from taking various precautions and then perhaps downloading.

Re:Tongue in cheek (4, Insightful)

girlintraining (1395911) | about a year ago | (#44778679)

All cracked software is suspect. But then, so's the unmodified software.

But here's the thing... it's usually less risky than the DRM, phone home, internet activation required, now with extra advertisements hardcoded to a server... using internet explorer in a window with 'trusted' site permissions able to handout javascript-laden malware. Please. I'll take the pirate stuff any day of the week, because the groups that do it are small enough that reputation matters; It's their only currency.

A large corporation can just claim "oh noes! piracy destroyed my business!" and get a fat handout and a pile of FBI agents with orders to beat people in their homes until money falls out. Reputation is not a concern for them. Ergo, neither is quality. Pirates on the other hand... release a single malware-infested item and the forums fill up with complaints, and that group never gets any respect again.

Bittorrent also ensures, at the protocol level, that everything downloaded matches what was uploaded. http downloads are less secure. And digital signatures on executables, like what Microsoft does? It's been proven, many times over, that the only thing that means is you paid them a stipend to get a key. They don't check to see if what you made and signed is legit or not... and many antivirus/antimalware solutions, including Microsoft's own... will skip heuristic matching if the executable is signed.

So really... you're less likely to get malware from a piece of pirated software off some torrent site than you are just browsing for porn. It's a grossly exaggerated threat. Just like what this guy is saying; "Here, hack my software!"

Okay. Nice publicity stunt. Even Bill Gates said if you're gonna pirate, he hopes you'll pirate Microsoft... it's a sign of a software's usefulness.

Re:Tongue in cheek (0, Offtopic)

Mitchell314 (1576581) | about a year ago | (#44778817)

Yes, let's do what we can to justify bad behavior.

Re:Tongue in cheek (1)

Anonymous Coward | about a year ago | (#44778835)

What was that post trying to justify? Where is the bad behavior?

Re:Tongue in cheek (5, Insightful)

brit74 (831798) | about a year ago | (#44778909)

I'll take the pirate stuff any day of the week, because the groups that do it are small enough that reputation matters; It's their only currency.

Yeah, because the *reputation* of the software companies doesn't matter at all. (roll eyes)

A large corporation can just claim "oh noes! piracy destroyed my business!" and get a fat handout and a pile of FBI agents with orders to beat people in their homes until money falls out.

What a load of crap. A fat handout? Do you have any clue at all what you're talking about? Prove it by showing some instances of the government giving money to companies because of claimed losses due to piracy. What a load of crap. I can't think of any companies that have made a bunch of money by "beating people in their homes until money falls out". You're seriously in fantasy land with this one. But, hey, whatever fantasy makes you feel good about pirating other people's hard work without paying a dime. You're a real hero. The world owes you everything for free.

Pirates on the other hand... release a single malware-infested item and the forums fill up with complaints, and that group never gets any respect again.

Yeah, because real companies can release a malware-infested piece of software and suffer no consequences. Give me a break.

Bittorrent also ensures, at the protocol level, that everything downloaded matches what was uploaded.

Oh, so if a malware infested piece of software is uploaded, Bittorrent will make sure you're downloading the same malware-infested software that someone uploaded? That's reassuring.

Even Bill Gates said if you're gonna pirate, he hopes you'll pirate Microsoft... it's a sign of a software's usefulness.

Bill Gates prefers you pirate his software over someone elses because it helps block other people out of the market. If you're trained on Microsoft software, you're more likely to buy it in the future than if you learned some other piece of software. It's good for blocking other people out of the market (and it's most useful if you're a monopoly or nearly a monopoly) because if helps prevent other companies from getting a foot in the door.

Re:Tongue in cheek (1, Troll)

girlintraining (1395911) | about a year ago | (#44779143)

Yeah, because the *reputation* of the software companies doesn't matter at all. (roll eyes)

Not when you can just buy it with a marketing campaign it doesn't. Or do you think they spend tens of millions because they like hearing the sound of their voice?

What a load of crap. A fat handout? Do you have any clue at all what you're talking about?

Living under a rock and missed the Too big to fail [wikipedia.org] fiasco that landed our economy in the longest recession in US history?

rove it by showing some instances of the government giving money to companies because of claimed losses due to piracy.

Check [wikipedia.org] .

I can't think of any companies that have made a bunch of money by "beating people in their homes until money falls out".

You need to think harder [publicserviceeurope.com] . But snark aside... There was that raid in Guatemala [businessinsider.com] , and this one in George Town [thestar.com.my] , and oh hey look... here's an article in Business Week [businessweek.com] offering advice because it happens so often CEOs need to be aware of it. But if you don't believe them, ask Kim Dotcom how things are working out for him.

You're seriously in fantasy land with this one. But, hey, whatever fantasy makes you feel good about pirating other people's hard work without paying a dime. You're a real hero. The world owes you everything for free.

I'm no hero. I'm just the girl with all the facts on her side.

Oh, so if a malware infested piece of software is uploaded, Bittorrent will make sure you're downloading the same malware-infested software that someone uploaded? That's reassuring.

As opposed to a malware infested piece of software downloaded from the company's official website? Because if you think that's never happened, Google for 'Sony' and 'root kit'.

Bill Gates prefers you pirate his software over someone elses because it helps block other people out of the market.

The one thing you actually got right. Here's a cookie.

Re:Tongue in cheek (2)

PhxBlue (562201) | about a year ago | (#44779275)

Yeah, because the *reputation* of the software companies doesn't matter at all. (roll eyes)

Sometimes the pirate group's reputation is better than the software company's.

Re:Tongue in cheek (-1)

Anonymous Coward | about a year ago | (#44779301)

Yeah, because the *reputation* of the software companies doesn't matter at all. (roll eyes) You can roll your eyes all you want, but it has been proven again and again that a reputation of a company can be bought back by pumping enough money into marketing/bribing.
So fuck you, cunt.

Re: Tongue in cheek (0)

Anonymous Coward | about a year ago | (#44779383)

Snowden is claiming that MOST software has embedded malware. The government could never entice or strongarm a corporation though.

You need to stop rolling your eyes and open them... unless you are a sockpuppet. In which case: "USA! USA! USA!"

Reputation (1)

fox171171 (1425329) | about a year ago | (#44780661)

I'll take the pirate stuff any day of the week, because the groups that do it are small enough that reputation matters; It's their only currency.

Yeah, because the *reputation* of the software companies doesn't matter at all. (roll eyes)

Obviously you aren't familiar with EA.

Re:Tongue in cheek (0)

Anonymous Coward | about a year ago | (#44780941)

>Prove it by showing some instances of the government giving money to companies because of claimed losses due to piracy.

Okay:

http://en.wikipedia.org/wiki/Private_copying_levy

Now, please post back your admission you were wrong and that insulting people for speaking the truth is rude and just plain FUD.

Re:Tongue in cheek (0)

Anonymous Coward | about a year ago | (#44781007)

Yeah, because the *reputation* of the software companies doesn't matter at all. (roll eyes)

Apparently it matters less than doing their part for fascism. There's no evidence RLD (or other major groups) ever put backdoors for the NSA. The same can't be said of certain software companies.

If they give you no access to the source it's a safe bet they have something to hide.

Re:Tongue in cheek (0)

Anonymous Coward | about a year ago | (#44781547)

The "real companies can release a malware infested piece of software and suffer no consequences" bit?

https://en.wikipedia.org/wiki/Sony_rootkit

The cashed settlements were less than 10% of sales volume for the affected titles, and punitive damages weren't even imposed. There's no financial incentive for them to not do this again in the future, other than the possibility of sanctions if they did.

For that matter, companies get away with murder (sometimes literally) with penalty costs nowhere near what they profited nearly constantly. I'll let other slashdot readers enlighten you (probably with Microsoft references) if you don't believe it.

Re:Tongue in cheek (4, Insightful)

amicusNYCL (1538833) | about a year ago | (#44779747)

So really... you're less likely to get malware from a piece of pirated software off some torrent site than you are just browsing for porn. It's a grossly exaggerated threat.

I'm not so sure about that. I watch a lot of porn.

Even so, regardless of how likely it is, when you're downloading pirated software you are basically executing unknown code from an unknown source. Porn infections at least require a vulnerability to exploit. Hell, the very nature of pirated software means that it has been modified with unknown code by someone with no accountability who is demonstrably willing to break the law. There are plenty of shady actors who see warez as a legitimate infection vector and wouldn't think twice about wrapping a popular application up with a nice payload and distributing it across their botnet to make it look like it has 100 different seeders.

Re:Tongue in cheek (3, Insightful)

girlintraining (1395911) | about a year ago | (#44780043)

Even so, regardless of how likely it is, when you're downloading pirated software you are basically executing unknown code from an unknown source.

The same can be said of any compiled, closed-source code. And corporations in the past have intentionally placed malware onto their official distributions; Such as the sony rootkit fiasco. Trusting someone just because they wear a suit and say they're your friend isn't much of a guarantee.

...been modified with unknown code by someone with no accountability who is demonstrably willing to break the law.

There's very little accountability to corporations anymore these days. Class action lawsuits were thrown away. The average person doesn't have any real access to the courts -- it's a David v. Goliath situation. And new laws are passed limiting liability all the time. Massive oil spill? We'll fine you a day's wages. Banks too big to fail? Too big to jail too. And saying that someone's untrustworthy because they break the law is a questionable stance to take at best;

You ever speed in your car? Ever j-walk? The laws are so terribly complex that you can rest assured you're a criminal. The only person who didn't commit a felony this week is the guy in a coma in the hospital. There are laws on the book that say that eating a salmon that's too long is a felony. There's laws saying you can't violate the laws "of any other country". Even the crazy ones. Even the ones we're currently bombing. And just in IT, there's the computer fraud and abuse act, that is so vaguely worded that basically touching a computer could constitute 'unauthorized access'. People have gone to jail... for providing a URL to a website under that. So if you want to say "willing to break the law" means anything... okay then, but it doesn't count for anything to me or for most people. We're all criminals... it's just not all of us have been caught yet. And if that's not enough evidence for you... consider that we have the highest rate of incarceration of any country on Earth, we lead by almost double per capita, and that margin is growing. And it disproportionately affects the poor and non-whites.

here are plenty of shady actors who see warez as a legitimate infection vector and wouldn't think twice about wrapping a popular application up with a nice payload and distributing it across their botnet to make it look like it has 100 different seeders.

Perhaps. But many bittorrent sites have reputation services; And people talk to each other. Read the comments. Watch the forums. Yes, it requires a little more work -- and that doesn't mean someone can't still pull one over on you. But I've never downloaded a piece of software from a torrent site that ever turned a positive; and I scan everything. I go back and scan it months later... and I have a variety of IDS systems, firewalls, etc., to monitor for rogue traffic. If they ever did put a bot dropper into a package I downloaded... it's never talked to anything on the internet. Or tried.

I can't say the same for a default install of Windows XP or Windows 7.

Re:Tongue in cheek (1)

amicusNYCL (1538833) | about a year ago | (#44780331)

The same can be said of any compiled, closed-source code. And corporations in the past have intentionally placed malware onto their official distributions; Such as the sony rootkit fiasco. Trusting someone just because they wear a suit and say they're your friend isn't much of a guarantee.

It's not because of what they wear or how they act, it's because of accountability. I know who they are, and I can point at them and lay the blame and responsibility at their feet. Not that that ever stopped a corporation, but you get my point.

The laws are so terribly complex that you can rest assured you're a criminal.

I know that I'm a criminal. I know that because I have been charged and convicted of a crime, and have seen the inside of a jail. I can't charge or convict someone whose name I don't know who deliberately made an attempt to damage my computer or data. If a company like Sony does it, they can and will (or should) be at least slapped for it. I doubt the punishment will fit the crime, but there is at least the possibility of punishment. That possibility doesn't exist when you don't even know what or who produced the code that you're running.

But your whole paragraph about criminality isn't even relevant to this discussion. I'm not talking about someone who ate an oversized fish, I'm talking about someone who has a specific goal and the means to try and infect or damage as many computers as possible. The software that those people write is not released by corporations (excluding certain Russian business networks, of course).

Perhaps. But many bittorrent sites have reputation services; And people talk to each other. Read the comments. Watch the forums.

I've watched "regular" people download off Bittorrent, they don't do that. Warnings against Bittorrent or porn malware in general are not aimed at people like you and I, and it's not us who typically suffer the consequences. That doesn't mean it isn't out there though.

Re:Tongue in cheek (1)

amicusNYCL (1538833) | about a year ago | (#44780375)

To add to that, here's the difference between people like us, and other people. I ran Windows XP for many years. I did so without any sort of malware protection software or scanner, and I didn't get infected (I know what you're thinking, and hold that thought). The one infection I had to clean up on that computer happened when my roommate decided to use IE on it to browse for porn. Cleaning up that infection revealed that it was in fact the only infection on the machine, and the only way it got there was because of a vulnerability in IE and a shady porn site or ad network (presumably). Other than that one circumstance involving my roommate, I could do whatever I wanted on that computer (including porn porn porn) and I didn't get infected. That's the difference between people like you and I and people like my roommate. You might not get infected by anything you download off Bittorrent, but you're an outlier.

Re:Tongue in cheek (1)

HiThere (15173) | about a year ago | (#44780451)

I think you overstate a basically correct case. I doubt that commercial software is, on the average, less reliable that pirated software. Less useful seems more frequently to be the correct statement, if I judge things correctly.

OTOH, as I use FOSS software almost entirely, this is a judgement formed by reading posts on places like Slashdot. So YMMV.

Re:Tongue in cheek (1)

johanw (1001493) | about a year ago | (#44778845)

And even better, his instructions are sufficient to make people crack the trial version themselves. Then they can be sure there are no additional backdoors in it than those that might already be in there.

Considering the probable userbase of the software (penetration testers), this shoudn't be too difficult for most users.

Re:Tongue in cheek (0)

Anonymous Coward | about a year ago | (#44778985)

True that. That's why I will *never* buy anything Sony or Apple again. Ever!

Re:Tongue in cheek (1)

amicusNYCL (1538833) | about a year ago | (#44779701)

Considering the probable userbase of the software (penetration testers), this shoudn't be too difficult for most users.

You would think, but never underestimate stupidity or laziness. He posted a comment on his article with an email that he received from someone with broken English who was asking him how to extract an archive that contained a space in the filename (cobaltstrike-Cracked-For BackTrack.tgz). Why ask the author of the software he's pirating instead of searching for the syntax online? Because that's how smart he is.

Re:Tongue in cheek (0)

Anonymous Coward | about a year ago | (#44778613)

I prefer installing Xen in order to use a VM with cracked Windows ME so I can hack those strange plaintext files with Microsoft Word 97.
Vi and Emacs are just no match, sadly.

sorry to reply to a troll, but... (-1)

Anonymous Coward | about a year ago | (#44778497)

This troll has no memories of anything before January 20, 2009

Re:sorry to reply to a troll, but... (-1)

Anonymous Coward | about a year ago | (#44778673)

Are you perhaps responding to me, because you hit the wrong button. Anyway I am asking becuase if you are you failed to make your point, because, well, I don't know what your fucking point is.

Try again.

Re:sorry to reply to a troll, but... (-1)

Anonymous Coward | about a year ago | (#44778753)

So let's guess you are replying to me... then answer me this.

Do you believe the economy is better off now than it was in 2009 under Bush? If so why? If not why not?

Gwan, what do you really think?

Absolutely! (0)

Anonymous Coward | about a year ago | (#44778515)

Welcome to the world of software QA! Information on how to break software is our currency!

users are the new Unpaid QA and we will cover any (1)

Joe_Dragon (2206452) | about a year ago | (#44778609)

users are the new Unpaid QA and we will cover any loss of data or time if our POS software messes up.

Re:users are the new Unpaid QA and we will cover a (1)

LinuxIsGarbage (1658307) | about a year ago | (#44778979)

Do you work for NCR? [wikipedia.org]

Re:users are the new Unpaid QA and we will cover a (1)

sethstorm (512897) | about a year ago | (#44779631)

Before or after the State of Georgia decided to use government intervention to rip them out of Ohio? Before or after their merger with AT&T?

Hopefully NCR hasnt fallen that far despite being reduced to a Dell/Gateway rebrander - after AT&T nearly sucked the life out of the company. That doesnt seem like something NCR would do to its customers, even in their current state of things.

He's clearly joking around... (4, Funny)

Assmasher (456699) | about a year ago | (#44778533)

...and laughing at the technically clueless who think he's being serious.

Well done by the way.

Re:He's clearly joking around... (3, Insightful)

Jane Q. Public (1010737) | about a year ago | (#44778809)

"He's clearly joking around... and laughing at the technically clueless who think he's being serious."

True. But even if you ignore that, I think the Slashdotters here who thought he was serious have missed the big point.

If you sell your software for $2500 for limited-time use, your software is going to get cracked. Period.

Study after study after study, for at least the last 13 years, have shown that if users think your software is is both useful and reasonably priced, it will sell. End of story. Yes, there will be downloading but that would happen anyway.

Bottom line: downloading (Not "piracy". Downloading is not piracy.) is simply not a real, significant problem. It is BLAMED for problems, by copyright trolls and programmers who overvalue their product. But it has never proven to really, significantly, affect the bottom line for what the market thinks is useful, reasonably priced software. If anything, it has shown to lead to more sales.

Re:He's clearly joking around... (1)

Assmasher (456699) | about a year ago | (#44779085)

Especially something written in Java.

A good obfuscator can make this more difficult, but a determined cracker will always find a way.

Re:He's clearly joking around... (2)

Intrepid imaginaut (1970940) | about a year ago | (#44779311)

It only takes one technically competent user with a chip on their shoulder, or who believes they are sticking it to the man/men not living in their parents' basement at age 42, or thinks one dollar is too high, and it's out on the torrents. This is without even considering others who will crack software and install malware because a botnet actually brings in money for them. So thanks much to all the pirated software dowloaders, you're part of why the internet is a spammy sewer and sites can be held hostage by DDOSes.

What, you thought all or even the majority of the zombies came from people clicking email attachments?

Re:He's clearly joking around... (1)

Zeromous (668365) | about a year ago | (#44779521)

>If you sell your software for $2500 for limited-time use, your software is going to get cracked. Period.

Especially a security software suite written by a cyber security company based out of Washington DC selling their software for 2500$ a pop. It makes you wonder who their customers are, and who they are beholden to. I wouldn't touch this software with a 10 foot pole. And jumpin' joe, that unprofessional website. I can't decide if this guy is an NSA mole that sells snake oil to corporate IT departments or script kiddy grown too big for his britches!

Re:He's clearly joking around... (1)

ttucker (2884057) | about a year ago | (#44779743)

The site is advertising more about what it can do after the machines are infected than what kind of real testing it can do. It kinda seems more oriented towards criminals.

Re:He's clearly joking around... (1)

Zeromous (668365) | about a year ago | (#44780285)

Exactly, hence my distrust and survey of the maker's motives.

No corporation in their right might would use this particular junk.

Re:He's clearly joking around... (1)

Jane Q. Public (1010737) | about a year ago | (#44780919)

No dispute here, though that wan't my point.

A little Pyrrhic there. (2)

Valdrax (32670) | about a year ago | (#44778553)

Telling people how to "crack" your software and add malware is a great idea for poisoning the well on cracked copies and a wonderfully spiteful bit of snark, but he takes it a bit too far by telling people how to give themselves a free license with simple tools using clean version from his own site, at which point they are totally free to stop. (Oh, it's a violation of your license, he points out, but what pirate cares?)

I mean, if this involved something that could more properly be termed an exploit than a simple config file change, that would raise the bar to something that only scary "hackers" can do, leaving you at their unethical mercies if you get a cracked version, but this is kind of shooting himself in the foot.

Oh, damnit... I've been trolled. (1)

Valdrax (32670) | about a year ago | (#44778587)

This is penetration testing software, isn't it? There's no way it could be that simple, could it?

Re:Oh, damnit... I've been trolled. (5, Insightful)

Zironic (1112127) | about a year ago | (#44778709)

It probably is that simple for a very simple reason. His target audience isn't really poor kids that just want to try out hacking, he's selling the licences for 2.5k a pop/year so he's obviously targeting companies, companies that would rather not crack the copies regardless of how easy it is because of legal liabilities.

Re:Oh, damnit... I've been trolled. (1)

CanHasDIY (1672858) | about a year ago | (#44779097)

This is penetration testing software, isn't it? There's no way it could be that simple, could it?

Dunno, but as soon as I get home and fire up the VM, I'll find out!

Re:A little Pyrrhic there. (1)

h4rr4r (612664) | about a year ago | (#44778701)

A better idea would be to put it on pirate sites yourself. Just after X playtime break the game. Make sure your version and the real hacked one are the same size and name it something silly like GAMEZ RAZR 1912 H4)(0R cracked.

A great idea might be to corrupt save games after some point. Let them get halfway into it then corrupt all save games. Make sure your support team knows you are doing this and corrupt all the files in some very obvious way like changing them text files about the harm piracy does to gaming.

Re:A little Pyrrhic there. (1)

johanw (1001493) | about a year ago | (#44778883)

Psst, this is software for penetration tests, not a game.

Re:A little Pyrrhic there. (1)

h4rr4r (612664) | about a year ago | (#44778965)

So make it show a bunch vulns that don't exist and leave out the ones that do. Only have having been used some amount of time though.

You are not supposed to read the article, real slashdot pros don't even read the summary.

Re:A little Pyrrhic there. (0)

Anonymous Coward | about a year ago | (#44779063)

Psst, this is software for penetration tests, not a game.

Tell the to the author. The homepage certainly looks like a game page, not some overpriced pen test.

Re:A little Pyrrhic there. (1)

Seumas (6865) | about a year ago | (#44779765)

You can't blame him. At first glance, it looks like a game and it sounds like a game. Even after reading some of the text, I wasn't sure if it was an actual pentest suite or if it was meant as a "visual simulation of pentesting". That is, for a minute, I thought the guy was selling a sort of pre-packaged solution for filmmakers that wanted to have a 31337 hax0r interface tos how on a computer in their movies.

Re:A little Pyrrhic there. (2)

Valdrax (32670) | about a year ago | (#44778949)

A great idea might be to corrupt save games after some point. Let them get halfway into it then corrupt all save games. Make sure your support team knows you are doing this and corrupt all the files in some very obvious way like changing them text files about the harm piracy does to gaming.

Oh, you mean like EarthBound did? [starmen.net] It did all that and so much more: Nag screens, unbearable enemy encounter levels, and after slogging through the whole game it freezes at the final boss and deletes your save too. Epic spite.

Here's a few of the funnier ones. [ign.com] And then there's the supremely ironic one that Game Dev Tycoon [ign.com] added.

Re:A little Pyrrhic there. (1)

h4rr4r (612664) | about a year ago | (#44778987)

Exactly like that. If you are going to delete saves, delete all of them. I would not be above suggesting encrypting all the saves for the game and offering to unlock them for the cost of the game new.

Pirate Congrats on making to the final boss, all your saves have been encrypted. To get the key you must go buy a copy of this game and enter its activation code into our website.

Re: A little Pyrrhic there. (0)

Anonymous Coward | about a year ago | (#44779419)

If he provides instructions doesnt that invalidate his license claims? I mean, I was just following the directions on the official website.

Re:A little Pyrrhic there. (0)

Anonymous Coward | about a year ago | (#44779523)

Maybe he's a touch more clever than that. Maybe if you follow his instructions it will work, but phone home that it's a cracked copy.

Viral Marketing Campaign. Literally. (3, Insightful)

stewsters (1406737) | about a year ago | (#44778559)

He's doing this to raise attention. For every 10 people who pirate it, someone will actually buy it.

Re:Viral Marketing Campaign. Literally. (1)

who_stole_my_kidneys (1956012) | about a year ago | (#44778735)

Exactly, for every 10 IT people that crack it and use it on their own time, a hand full will be impressed by it and have their own company buy it. The rest are people that would have pirated it any way.

Re:Viral Marketing Campaign. Literally. (1)

Em Adespoton (792954) | about a year ago | (#44778791)

He's doing this to raise attention. For every 10 people who pirate it, someone will actually buy it.

Anyone who would pirate it wouldn't actually buy it anyway -- this is corporation-grade penetration testing software. The ne'er do wells have already cracked it without his help, and anyone else who would have a use for it would have no incentive to crack it.

Providing the source code so that testers can verify what it does is useful though. Looks like you don't have to "crack" anything to find the scripts though.

So you're right -- this generates visibility with pretty much no downside to the author.

Re:Viral Marketing Campaign. Literally. (1)

Seumas (6865) | about a year ago | (#44779753)

Then why not offer a free or steeply discounted personal license and then a commercial license?

Re:Viral Marketing Campaign. Literally. (1)

ttucker (2884057) | about a year ago | (#44779755)

this is corporation-grade penetration testing software.

The website makes it look like a mild-moderate joke.

Re:Viral Marketing Campaign. Literally. (2)

Seumas (6865) | about a year ago | (#44779741)

If he really wants to get more people to buy his software, he should sell it on his website.

I know it really pisses *me* off when I want to go to a site and buy a piece of software and not only don't they give me an option for it, but they make me fill out a form, email them, and wait around for a response to even get a price. Is it any wonder there might be a chunk of people who say "fuck it, I'll just go download it and use it immediately", when you put hurdles up and can't even tell someone the price up front? (I suspect people then assume the price will be too high for them to even remotely pay for -- kind of like Photoshop).

Not saying it is justified or that changing that would solve everything, but it sure would likely help a bit.

Re:Viral Marketing Campaign. Literally. (0)

Anonymous Coward | about a year ago | (#44780119)

Where did the number 10 come from? Yeah, that's what I thought.

Malware Boogey Man (1)

sexconker (1179573) | about a year ago | (#44778561)

All anyone has to do is go to the pirate bay and look for a green/purple skull to ensure with 99.99999% certainty they're getting a clean version.
I have never in my decades of downloading shit ended up with a copy of something that had malware injected into it, despite MS's constant warnings.

Re:Malware Boogey Man (1)

h4rr4r (612664) | about a year ago | (#44778731)

Sure, which is why what he needs to do is get a pirate version he made on those sites. Keep uploading it with slightly different names and sizes. Make it corrupt saves after X time, or crash to the desktop or if the user is running as admin uninstall itself. Nothing malicious to the machine in general just really annoying. Hell, just have the sounds randomly change to "STOP pirating my games, I need the money to eat". Stuff like that would be way better.

Re:Malware Boogey Man (0)

Anonymous Coward | about a year ago | (#44779031)

None of those would have the green or purple skull, so nobody even half sensible would download them.

Re:Malware Boogey Man (1)

h4rr4r (612664) | about a year ago | (#44779055)

Sure they would. Most people don't play any game even pirated all the way to the end. So long as you make the bad stuff happen more than an hour or two in you will get lots of positive votes. Lots of people who pirate are just digital hoarders and never use most of what they collect.

Re:Malware Boogey Man (0)

Anonymous Coward | about a year ago | (#44778773)

I needed an emergency copy of VS2005 once, so I got it from a torrent I found on TPB. It was infected with some kind of stupid trojan. (This is not a "M$ makes malware!!1!1one!" joke.) By "emergency copy", I mean download it at home and work all night until the project is done, then get a legit copy from work the next day to make it "right".

Needless to say, that "emergency copy" only made things worse, but we ended up telling that client to FOADIAF because she was a total pain in the ass anyway.

Of course, this was back in about 2007, so things have changed a bit since then.

On the up side, that machine got "hosed down" and turned into an Ubuntu machine for a few years after that.

Re:Malware Boogey Man (0)

Anonymous Coward | about a year ago | (#44779415)

You're just incompetent, then.

I don't know... (1)

dyingtolive (1393037) | about a year ago | (#44778575)

I've never heard of it, but I'm not a security guru. I think I'd take the software a little more seriously if it didn't have overly eager anime guy on the front page:

http://www.advancedpentest.com/ [advancedpentest.com]

Re:I don't know... (0)

Anonymous Coward | about a year ago | (#44778813)

I would be pretty surprised to meet a (U.S. born) security guru that didn't remember or at least hear of the L0pht, unless his/her "guru" status was strictly confined to a paper certificate of some sort.

Re:I don't know... (1)

Zeromous (668365) | about a year ago | (#44779545)

He has nothing to do with L0pht.

clearly (0)

Anonymous Coward | about a year ago | (#44778597)

This is just a publicity stunt in a pathetic attempt to draw attention to some software no one has ever heard of.

Re:clearly (0)

Anonymous Coward | about a year ago | (#44778853)

Sure. Wasn't like the author wasn't a member of a well-known hacking collective [wikipedia.org] .

Fucks sake, Slashdot, were you all born yesterday?

Different Mudge (2)

langelgjm (860756) | about a year ago | (#44778935)

The author's name is Raphael Mudge, but Mudge from L0pht is a different person named Peiter Zatko [wikipedia.org] .

Re:Different Mudge (0)

Anonymous Coward | about a year ago | (#44779179)

Huh, interesting. Guess I'm the asshole, here.

Sorry for my mistake everybody. :)

Export restrictions (2, Insightful)

TheP4st (1164315) | about a year ago | (#44778615)

This is what I got when I went to download the trial of Cobalt Strike:

Due to United States export control requirements, we can not make Cobalt Strike available for download to your country yet. Please accept our apologies--we're very actively working on this.

IIt's likely that a fair amount of those using cracked versions are doing so as they cannot get a legitimate copy without jumping through hoops and potentially end up on all kinds of watchlists in the process, that make his move of detailing on how to backdoor the software for malware distribution a bit of an asshat move.

Re:Export restrictions (1)

hAckz0r (989977) | about a year ago | (#44779323)

IIt's likely that a fair amount of those using cracked versions are doing so as they cannot get a legitimate copy without jumping through hoops and potentially end up on all kinds of watchlists in the process, that make his move of detailing on how to backdoor the software for malware distribution a bit of an asshat move.

<tin-foil-hat>
Then perhaps it just the NSA trying to disguise their exported flavour of software in a form that foreigners actually want?
Oh, who's that knocking...
</tin-foil-hat>

Re:Export restrictions (0)

Anonymous Coward | about a year ago | (#44779875)

l2proxy/vpn

It would be something to consider... (4, Insightful)

mlts (1038732) | about a year ago | (#44778635)

I believe in having a relatively small speed bump and keeping DRM to a minimum. For an application, just enough to make keygens [1] useless and require the app's executable to be patched, even if it is just a simple item that gets commented out. This breaks the signature of the program, and anyone pirating it will be at obvious risk of an added payload.

For games, I'd just have a multiplayer mode/library for easily downloaded levels/maps/etc. To access it, a valid key is needed and if two keys (assuming each key is one license) are used, the newer one will not be allowed on. Since this is handled by the server, modified clients are not an issue. Yes, one can always mirror/emulate the server's functionality, but it is a big enough barrier to get people to consider buying a key. Closest game to this was Neverwinter 1 which ditched the CD protection fairly early on.

[1]: Embed a public key in the program, and the key would include the licensing info with a netpgp signature.

Re:It would be something to consider... (0)

Anonymous Coward | about a year ago | (#44778923)

Who cares about PKI, you have the binaries. Stick in a few no-ops and you're all set. Using PKI doesn't help one bit when you're giving away the cleartext binaries.

Re:It would be something to consider... (0)

Anonymous Coward | about a year ago | (#44779403)

Here's how to reduce piracy:

Set a reasonable initial price for your software / music / video, then make it available through a distributor that can do this:

1. First x people buy the product pay the initial price.

2. After x purchases, the price is reduced by a step and the initial customers are refunded the difference.

3. After y purchases (y being greater than x), the prices is reduced again and all previous customers are refunded the difference.

4. Repeat step 3 until the price reaches a bottom limit. The bottom limit should make the producer a reasonable profit but not a gazillionaire, any further purchases will be pure profit.

Result: since the initial purchasers will stand to get money back from future sales, they will have the incentive to encourage others to buy the same product and not pirate it. This has the side-effect of giving you free crowd marketing.

You're welcome.

Balassa-Samuelson (1)

tepples (727027) | about a year ago | (#44781299)

Set a reasonable initial price for your software / music / video

Reasonable in what country? One of the excuses for region coding is that "a reasonable initial price" varies based on the market and its currency's exchange rate with the euro or U.S. dollar. The Balassa-Samuelson model [wikipedia.org] shows how economies without a history of exporting goods to rich countries will tend to have undervalued currencies.

Multiple gamers in one household (1)

tepples (727027) | about a year ago | (#44781321)

For games, I'd just have a multiplayer mode

I don't see how that'd help. People would just plug two to four USB gamepads into an Internet-disconnected PC and play on one screen, like in puzzle games, fighting games, and puzzle fighting games. Windows has supported USB HID gamepads since Windows 98 and Xbox 360 controllers since a Windows XP service pack.

To access it, a valid key is needed and if two keys (assuming each key is one license) are used, the newer one will not be allowed on.

Which breaks with multiple gamers in one household [cracked.com] .

It's written in Java (0)

Anonymous Coward | about a year ago | (#44778683)

nuff said.

Would I tell people how to crack my software? (0)

Anonymous Coward | about a year ago | (#44778785)

That depends, are they from the NSA or GCHQ?

Stupid motherfucker (0)

oldhack (1037484) | about a year ago | (#44778795)

He'd get sued to bankruptcy.

Some will crack anyway (-1)

Anonymous Coward | about a year ago | (#44778803)

Crack pots, crack computers or even kill former girl-friends because the issus told them to.

Hyon Song Wol was the girlfriend of the short fat pig from North Korea

http://www.usatoday.com/story/news/world/2013/08/29/newser-kim-jong-un-girlfriend

http://www.mirror.co.uk/news/world-news/sex-tape-kim-jong-uns-ex-girlfriend-2255822

That Kim is an idiot, and married to an ugly warty ass, both uglier than Raphael Mudge ever could hope to be.

I don't need to (1)

XKeyscore (3046555) | about a year ago | (#44778829)

Nice to meet again. My name is XKeyscore.

Easier (1)

Leon Malinofsky (2916259) | about a year ago | (#44778839)

Patching the software's backdoor would be lots easier than cracking it.

If there is an upside (1)

goffster (1104287) | about a year ago | (#44778961)

For money? sure
For honor? Are you kidding?

Re:If there is an upside (1)

tepples (727027) | about a year ago | (#44781327)

For money? sure

For enough money, hell, I'd release the software under a copyleft license. Then people can hack and crack on it to their heart's content. Compare to how the Free version of Blender was crowdfunded.

That cartoon on his web site (1, Insightful)

istartedi (132515) | about a year ago | (#44778993)

The top button is buttoned, but the other two are loose and yet... the buttons are still in there. What's up with that? I don't read anime/manga. Is it a common visual metaphor or something?

wine notepad.exe (1)

hduff (570443) | about a year ago | (#44779115)

Telling would-be crackers to use notepad.exe with WINE under Linux?

OK, I get the joke now.

I don't think the /. editors got the point (1)

Anonymous Coward | about a year ago | (#44779153)

He's describing how to do two things in this blog post:

1. "crack" the Cobalt Strike software using sophisticated tools like "unzip" and "notepad". Or "wine notepad" for the elite Linux hackers.

2. Insert malware into the package, malware generated by Cobalt Strike

This is a joke (and advertisement for the product), and a clever one at that. Leave it to the /. editors to completely miss the point.

Would I? Yes I would. (0)

houghi (78078) | about a year ago | (#44779373)

I just tell them to read the code I provide.

Ebook parallel (1)

Anonymous Coward | about a year ago | (#44779393)

This reminds me of something a few authors were doing back in the day before ebooks and readers were popular and cheap. (And maybe still are doing, for all I know.) To discourage the proliferation of unauthorized e-copies, they'd seed sites with their own, modified copies. The books would read fine for the first couple of chapters then slowly disintegrate into meaningless noise by the end. The assumption was that a thus-frustrated reader would go to a legitimate site to buy a clean copy, rather than risk downloading another bad one.

Strikes me as more trouble than it is worth. Personally, if someone wants to read one of my ebooks and can't afford the less-than-a-cup-of-coffee price, they can have it free. I just care about getting a percentage if somebody else is making money off of my books.

THAT ISN'T A PIRATE (1)

Seumas (6865) | about a year ago | (#44779697)

Will this increase piracy of his software, or will it discourage would-be pirates from downloading cracked versions?"

You're not using that word correctly.

windows7keysonlineshop (0)

Anonymous Coward | about a year ago | (#44781361)

    windoes 7 key , microsoft office project standard 2007 product key free download , windows anytime upgrade windows 7 home premium ultimate keygen , window 7 home premium key product key free , windows 7 activation key sale [validcdkey.com] , windows 7 license key sale [ecomkeys.com] , windows storage server 2008 standard , xqOSTFMp
        windows 8 anytime upgrade key [windowspro...nalkey.com]

        windows 7 ultimate product key online [window7keys.com]

        windows 7 home premium product key buy [win7productkeys.org]

        windows product key online [yumzup.com]

        windows 7 activation key sale [validcdkey.com]

        windows 7 license key sale [ecomkeys.com]

        windows 7 home premium key sale [hdsn.org]

        cheap windows 7 ultimate product key sale [bouas.com]

        windows 7 ultimate product key [rmaol.com]

There must be something that I don't understand (1)

SluttyButt (264722) | about a year ago | (#44781533)

...about writing software, that is. Or it's either people write very bad software, that it could be broken. When I put up one, i do not expect it to be broken.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>