How to bypass HWID-Protected Application
Hii! It's been a while since my last post (Probs almost a year as I'm somewhat busy developing my startup for now)
In this post, I will show how I usually crack Premium Cheat, which uses HWID-Protection; of course, I intend to use this premium cheat for free HAHA.
HWID stands for Hardware Identification so that the Application will fetch your unique-id from your hard disk drives, then send it to their server to check if your unique-id is registered. If your unique-id is in their database, you can execute the program, but if it's not there, the program will usually pop up an error msg / open a browser and redirect you to their site.
First thing first, we need to follow the flow of the program because I'm not an expert in reversing applications with the assembly things, so I'm just going to use a web debugging proxy to follow all their HTTP requests flow. Fiddler is my favorite.
I'm just going to show how I crack Point-Blank cheat (pls don't insult me, this is the easiest one to play with), AND please note that I'm not going to crack anything upon request only for educational purposes.
First, set up your fiddler to intercept all requests from your transport layer — the application layer. This is crucial because the Application will send a direct HTTP Request with out browser help.
Then, open your target application, and let the fiddler catch-all request the Application made.
Here we go; we got all the requests. After I inspected all the requests, I found out that there are only two types of return values.
And second is
After seeing this for the first time, the only thing pop into my head is "Hosts File."
So basically hosts file in your C:\Windows\System32\drivers\etc function is to manually map a domain name to a specified IP Address and prevent the external domain name involved in resolving the process.
So now I'm just going to run my localhost and create the same folder name and file name. Then I manually print any result I want there.
Then I'm just going to do the final touch in my host's file. And save it!
Then afterward, I tried to reissue the request in the fiddler
Boom, now the return value is 1, and after I give it a go:
Update 7 July 2020
I've received some e-mails, comments, and responses regarding the local server that won't work. Here is a tip for you!
You can use an autoresponder
This feature works similar to man-in-the-middle, which can modify server-response to anything you want!
For example, if the apps require an "active" response, you can simply save "active" in text and use it as a response. Cheers!