Rate different types in reversing ?
 

Hi guys as we know there are different types of cracking method for software, lets rate it

0. UNPACKING

1. KEYGENNING
2. PATCHING
3. CRACKING
4. HOOKING USING DLL/or javaagent etc any hooking/ loader
5. SERIAL

According to me; Unpacking is different but its on top, but letsvtalk about only general cracking methods, dont take unpacking/cryptog. Inside, you might have your own personal love for something, yes its not always available to do keygenning and other various factors like hardware lock/server check, but simple scenarios

Keyegnning > hook > serial > patching > cracking

I know cracking is only limited to one version most of the time and sometimes it's not possible to keygen or anything due to online or server checks or packing and we left with it.

This is actually the correct order:
Keyegnning > serial > patching > cracking > hook

Keygenning = many serials
Serial = 1 serial
hook = loader that does not work on some or many recent Windows OS
cracking/patching are almost same.

Classic approach?
 

At first you should understand your target and type of protection it uses.

What if:
- your target is not packed
- your target doesn't use serials
- your target doesn't use registration keys
- your target is virtualised
- your target is using remote computations and remote resources
- your target is using distributed nodes and micro-services
- your target is using specific dedicated hardware
- your target is using remote authentication and authorisation

So, it looks like you're targeting only 'classic' desktop applications using classic approaches.

• No packing → no unpacking
• No serials and no keys → no key generation
• Virtualised code → de-virtualisation
• Specific hardware → hardware emulation
• Remote services → replacement services
• etc

I will put dongles in the first place. Because those sticks might turn brick(I mean rubbish) and become useless. Then you need to call the c[o]mpany and ask for a replacement because dongle stick is not working anymore. So, of course, they will ask "hey what happened?" And you will answer "Hey we were working and the stick is not working anymore, we do not know what happened ¯\_(ツ)_/¯"

Of course, for this question we assume that all the mentioned ways to crack it like keygen, crack are available and we want to rate which is better or worse...

@blu devil Hardware based protection is sometimes not possible to crack at all, if done correct. So I agree with you.

I second that, thats really crazy,

@Jasi2169
how about
- BF (bruteforcing) -looking for some password/etc for your target
- RSA priv key replacement + following kg-ing

This is a good summary. All other forms of cracking fall under patching (either in memory or on disk) or keygen.

Decryption is at the top of this as cryptography is based upon hard mathematical problems and has closer to theoretical soundness than all other methods. The rest, even hardware are security by obscurity in various forms.

Don't forget crippleware where code is literally absent from the target and must be painstakingly hand built back. That's also at the top of the list.

So that original list looks more like the common methods used but is incredibly lacking. A taxonomy of cracking would be a 50 page thesis if done properly.

I agree the first is UNPACKING.

I agree. The list is a little incomplete.
Sometimes it's better to remain a little silent... :D

This is not 50 pages and is rather lame, but a good start. See this paper here:
Much more coming soon! ;)