Ok, I need some insight before I go back into Torrenting. I need a piece of software from a less than reputable company (Wondershare). Now I know Keygens can be run through Sandboxie or a VM to get the key but how do Patches and Cracks work?

One of TorrentGalaxy’s most trusted uploaders & software patchers keeps the software updated and uploaded & includes in the download listing the www.virustotal.com report for the installation files which shows a clean listing; however the Patch shows a listing for multiple AV/Malware software which shows the Patch being a virus. So, how do I use the software if the Patch is “infected”. Am I missing something? Thanks!

  • Dem Bosain@midwest.social
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    1 year ago

    Do NOT run a crack or patch of any kind. They may pass a Malwarebytes scan, or test clean on virustotal, but one I just ran across tried downloading a bunch of data when I ran it in a VM. Don’t risk it, I’ve been burned in the past. And now with online banking, Paypal, Venmo, cryptocurrency, it’s just not worth it.

    You might try installing the software in a VM, running the patch in the VM, and then moving the software over to your primary, but I would still be worried about that.

    The other people here say you’ll probably be fine, but you need to ask yourself if it’s worth giving up any of your passwords to an attacker. At best you’re looking at a completely benign patch, and a working installation of the software. At worst…it can be pretty bad.

    Wait for a keygen, or go without the software. Or, and I do this a lot lately, look around for a free, open source equivalent.

    • Apollo2323@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      I mean he says it comes from a very reputable source so he will be fine. If he finds something he should reported and make everyone know about it. And of course never sign in into your bank account on the same machine you use to pirate software.

  • PM_Your_Nudes_Please@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    You’ve got a few questions here, so let me break it down…

    What is a crack?

    A crack is simply a way of defeating DRM. In the old days, games would often require the game disc to be inserted before they would boot. It was a very easy way of preventing people from simply sharing the files. Because even though the game was installed and didn’t need the disc, the game would simply refuse to launch without the CD in the tray. It was a sort of physical DRM, because disc burners weren’t super common yet so copying a game disc wasn’t super easy.

    So the crack simply edited the part of the game that checked for a CD. Sometimes it was as simple as removing the few lines of code that told the game to check for a CD. Sometimes it was simply a matter of telling the game that the disc was always inserted. But that’s just an early example of a crack; It was modifying a game file (or files) in some way, to make them boot even when DRM would normally prevent it.

    Modern cracks are much more complicated, but the end goal is the same. Crackers are simply trying to defeat the DRM, so the program will boot. It usually modifies a few files, to get the program to boot when it normally wouldn’t. The cracks are usually fairly small in size, because the actual program .exe and a few .dll files are usually all that gets changed. So patching the program is usually as easy as moving the cracked files into the respective folder, and overwriting the legitimate files.

    Why does a crack show up as a virus?

    Lots of modern cracks need to do some pretty fucky things to defeat modern DRM. It often requires intercepting network traffic that the launcher would use to “phone home” to a company server. For instance, maybe the launcher checks in with a company server to verify that your program is legit. If the server responds that it is, then the program boots. So the crack would potentially need to intercept that network traffic, then spoof a response from the server. But you know what else does something like that? A virus, attempting to hide itself.

    And modern antivirus softwares don’t rely on “hard” virus definitions to identify viruses. The traditional way of scanning for viruses was to just keep a massive database of known threats, then compare files against that. But that’s slow and new threats constantly need to be added in order to keep your virus scans accurate. And if a hacker is able to change their virus slightly, you’ll need to add a whole new item to the database just to target the change.

    So instead, they use something called heuristics, which basically means they look at how a program operates, then guess whether or not it’s actually a virus. It uses common virus behaviors and pattern recognition to try to identify a virus. This increases the chances of a false positive, but means scans are much quicker and will catch new threats in the wild even when they haven’t been officially documented yet. But since different companies use different virus definitions for their heuristics, different antivirus programs will give false positives to different cracks.

    If it’s only a few flags on VirusTotal, you’re likely going to be fine. It’s most likely a false positive from those antivirus programs.