piracy) How do i check if a crack is safe or not?

@piracy How do i check if a crack is safe or not?

I'm trying to install a cracked version of davinci resolve on my pc, but I don't know if it's safe. is there a way to check easily?

41 comments

Test strips. PSA: Everyone should test their drugs and carry narcan.
- I was gonna say "have someone else smoke it first"
- And don't use alone, pretty tricky to narcan yourself. Also gotta watch out lots of non-fentanyl tranqs getting mixed in with shit these days and narcan only works on opiods

Short answer: no, there’s not a way to check easily.
Long answer: don’t download form untrusted sources, if the crack is fully published on GitHub you can trust it more easily if the code is freely available and vetted by people who know what to look for.

If it's suss use a vm before your main OS.
- This is a good idea and a good practice in my opinion. Some malicious code detects when it’s being sandboxed and hides itself until it’s running somewhere it can do damage though.
  
  Once malware is VM aware it can also get outside a VM. Furthermore, malware can be written to seat itself comfortably in your PC and lay low for hours, days, weeks before becoming active. Installing in a VM and waiting for shit to hit the fan is not always reliable.
- And start with no network for the VM

If the installer is small enough (<650MB I believe), you can upload it to virustotal.com to have it be scanned by ~65 antivirus programs

You can't. They're never safe. But you aren't downloading a crack to be safe, are you? Use a sandbox to examine what it does, trust that it's safe, or don't use it.
Statistically though, cracks are safer than the software they're for though. Hope that helps.

first visual inspection: is there any rash or poop or anything nasty in there? then sniff.

Well, if your AV tells you there is a backdoor in it, don't open it, I would say. There can be valid reasons for cracks to be flagged, but you can usually check what it does by uploading it to a sandbox or checking the hash on virustotal.

What about a virtual machine? I have years WO doing that stuff but I used to do that years ago.

A crack changes program code and is executed. There is no easy way to check if it is safe.
Unless you inspect the source code or binary code (directly or through reverse-engineering) you can not verify it.
What's left without that is attempts at gaining confidence through analysis trust of third parties - the providers, distributors, creators - who have to be confirmed beyond a matching text label too.
The alternative to or extension of being confidently safe or accepting the risk is to sandbox the execution. Run the crack in a restricted environment with limited access in case it does things you do not want to. Optionally monitoring what it does. Which has to be put into relation of what the program does without the crack.

Back when I used cracks often the cracks were small keygens and sometimes a patched main exe/dll, so I could just generate the key in a vm/sandboxed environment and inspect the patched binary, usually they did nothing weird. Huge repacks are often very sketchy though.. Nowadays there are many great FOSS alternatives so I tend to use them more.

41 comments