That's true, but making a living from it is not everyone's end goal. If you aren't doing it as a job, you can focus on quality, not on maximizing clicks.
There's absolutely no way quality can ever compete with thousands of underpaid click farmers. Google is steadily getting smarter, but even they can't keep up.
Jeez, where's the tribute page/retro-computing documentary on this guy? I remember these pages fondly from a decade or more ago and I have looked for them from time to time in the past few years without luck. But I don't know anything about Fravia (other than what's on his "about" page. Did he actually pass away?
Even though I'd already been hacking (Spectrum) games for infinite lives from the age of around 12 or so I learned so much from him, and the various contributors.
Same experience here. I'm always shocked about the impact that small things, like coming across one of those pages when I was a teenager, can have on someone's life.
SoftICE was the tool that really got me into programming. Before that I was coding in Visual Basic, and tried and failed several times to teach myself C++. The books that I got where all talking about things like inheritance, polymorphism and Microsoft's MFC and none of that made sense to me. Then I found SoftICE and learned how to crack sharewares and eventually found an amazing tutorial on how to write Windows apps in assembly using MASM and calling the Win32 API directly. I used SoftICE as a debugger and it was amazing to see my code being run by the processor, instruction by instruction. I had a feeling of having a complete understanding of the computer. From there, I was able to work my way up the abstraction chain.
I wasn't able to grok pointers in C, until I worked to write an application in Assembly. After that pointer referencing, dereferencing, arithmetic everything looked very natural.
Wow i had forgotten about this tool. This was so cool to put at debug point at OS level. Well i mainly used this to bypass registration steps for tools which required a paid license key or passcode :P(Replacing the cmp ops to noop or jmp to success).
I just used W32DASM for most things. I learned to work backwards from an "invalid key" dialog, find the comparisons/jumps to NOP out, and use HEXVIEW to write them before I could even write my own programs. Hard to believe that was 15 years ago now...
SoftICE was one of the most amazing utilities out there both for debugging as well as reverse engineering. The Wikipedia page is spot on about WinDbg/KD, but pretty out of date re: modern tools. Ollydbg2 came out more than half a decade ago and supports all the 64 bit registers and x86-64 instruction set. Immunity Debugger took the place as the defacto standard, and most modern scripts and tooling are built around Immunity for dynamic analysis and IDA Pro for static analysis. IDA Pro adopted QT natively, so the plugin communities are extending the hell out of what was already a great tool, and there are good plugins that export annotations/symbols that Immunity can consume so the union between static and dynamic analysis has never been smaller. If you don't have an IDA license, Immunity combined with Radare (read down) is still pretty powerful to play around with. Either way, the reverse engineering stuff out there is quite simply amazing.
There are dozens of plugins I use which are just python scripts mapped to keyboard shortcuts so I don't even remember what they're called. Someone else is going to have to jump in because I'm not on my work machine and can't look it up.
You lost Ring0 with the demise of SoftICE, but the RE community is more active than ever. Just watch a few CCC talks if you're not convinced.
Just a note guys: I know you can pirate IDA but some companies just "do it right" and should be supported. I buy from Adafruit even though they're more expensive because I support them. IDA is one dude, who's responsive within the community, who goes out of his way to be nice and implement bug fixes and feature enhancements. I try not to get all preachy, but pirating IDA isn't stealing Visual Studio from Microsoft- you're ripping a dude who's contributed a lot to the community and even offers a free (granted less featureful) version.
He is also stone cold paranoid, hard to reason with, charges extra full amount for different OSes when the codebase is the same (he is using QT for fucks sake), extra for x64 (the PRO version), and has kept a stranglehold on the entire reverse engineering community because of his proprietary offering. We are worse off due to IDA, not better.
I think this is clearly a case that proves Richard Stallman right. People should be actively looking to migrate away from IDA, not strengthen it.
I don't know if it's just perception bias or something cultural, but I seem to hear a lot more about famous/advanced Russian reverse-engineers than anywhere else.
I think there is a lot of reverse-engineers from CIS you know about it's because once USSR disappear there was a lot of freedom (many would call it anarchy) in copyright area and very limited pressure on illegal activity in internet in general.
Basically anyone who had PC and interest in reverse engineering may do almost anything without consequences. There was a lot of people that did it all publicly without really hiding their identity or even making business off it (like well-known DRM-removal tools). If you would try to do anything like that in western would you'll end up in prison soon.
Also reverse engineering isn't some independent area, but it's usually linked with black hat security, virus making, carding, SEO, etc. There was a lot of CIS-based illegal and gray area communities and services that only may exist because lack of government control and many still exist.
So it's was as well one of ways to make a lot of (illegal) money, but at some point any person grow up, get married (and make a child) and don't want to take criminal risks. Many of them want move to EU/US where risks are higher. Here you go where huge part of experts has come from.
Not from Russia, but I imagine it was a similar situation over the border: another part is that you literally could not buy original versions due to lack of distributors / internet / easy connectivity. Or if you found a way, a typical game would cost you half the family spending budget for a month. So it's not always due to only lax copyright enforcement, but simply because cracking software was close to the only way to use it.
Most likely out of necessity due to the cold war than anything else.
When you couldn't import software or hardware really from the west (not that the government would want too) you had to reverse engineer pretty much everything and make it on your own.
North Korea used to be quite good in reverse engineering also, now all they do is pretty much hack it the easy way by reskining OSS.
Availability was always a big driving force behind many RE efforts, allot of the good reverse engineering examples from the west (EU/US) that you can see especially in the 80's/90's were all about reversing Japanese games and game consoles (including arcade machines), some of them took 10-20 years to break especially those with the more advanced CAPCOM DRM modules.
I recall that there was a plugin for SoftICE called FrogsICE, which would block programs from detecting whether SoftICE was loaded. But, FrogsICE was itself able to detect whether it was already loaded (to prevent loading multiple instances).
SoftICE holds a fond place in my heart even though I was never more than passingly capable with it.
I worked at Numega from 1999 through 2001 in the technical support department. When I started, I provided support for another product, but over time became familiar with all of the tools and eventually managed the technical support team.
We would frequently get support requests from companies asking for ways to detect and/or prevent SoftICE, and we had some nice reply templates trying to break it gently to them how there was no practical way for software loaded after SoftICE to reliably stop a determined user from debugging and/or tampering with it.
The SoftICE tech support issues were always the tough ones. We had a small team of elites who would slog through those issues while the other team members could only wonder what they were talking about sometimes. :) Some companies even resorted to shipping hardware to the team to help reproduce and resolve tough issues.
My favorite memory though is when I was learning SoftICE and I grabbed one of the guys and asked them if they could help me figure out a weird issue with it. As we walked over, I shared with them that every time I broke into SoftICE, my CRT monitor would shut off, and it wouldn't come back on until I closed SoftICE. I asked them if it could be some sort of new countermeasure.
They looked at me with that disbelieving look one shares with a mere novice, and sat down at my computer and pressed Ctrl-D. Click! Off went the monitor. Their eyes bugged just a bit and they tentatively toggled the power switch just to make sure. Dead. With hesitation, they typed the command to close the SoftICE window and blinked as the monitor hummed back to life.
As I said though, these guys were good. After hitting Ctrl-D a few more times and watching the monitor switch off and on, this person didn't let the mystery send them down any rabbit holes. They immediately went fishing for the monitor power cable and traced it to the plug where they found a suspicious looking box it was plugged into. As they looked back at me with a glare, I guiltily held up the remote control for the power switch and fessed up.
During the early 90's we used to reverse-engineer computer viruses (DOS) at the Peter Norton group using SoftICE. All in the name of creating repro's and fixes of course.
Before SoftICE was ICE: In-Circuit Emulator. Originally developed by Intel, it was one of their crappy Blue Boxes with a special cable. You plugged the cable into your processor socket. From the blue box you could set breakpoints on bus conditions, step and disassemble. You could even break on I/O or writing to a location.
It was awful. The huge noisy blue box ran on floppies; it booted like molasses; it's fullspeed emulation was nowhere near fullspeed. It had an arcane debugger and an arcane file system. The cable was fragile (1-inch pins! that would crimp and break when inserting into the socket).
When Intel asked us "What do you want in the next generation of processor chips?" I knew exactly what to say. I requested special registers where I could set bus conditions and masks, that created an NMI (non-maskable interrupt) on a match. With that I could do data breakpoints, I/o traps, pretty much anything that a hardware ICE could do.
The next spec had my register(s)! It was one of the happiest days of my life. And the rest is history.
SoftICE was a classic reverse engineering tool. I remember that I taught myself assembler for the sole purpose of cracking Microprose's F1GP, as I'd thrown the manual away, which was needed to play the game. It took me months to do it, but the sense of achievement afterwards was totally worth it.
A hardware ICE or a copy of this was pretty much all I wanted when I was doing C++ back in the early 90's. All I had was Bounds Checker and Turbo Debugger.
I used it when hopelessly trying to RE some applications (either Aspack, Securom or Safedisk). Dat self modifying code :3
Got to learn a couple of things thanks to RE. Never became an expert, with college becoming more demanding and then lack of interest, but got to work around some shareware and crackmes. My most "notable work" was dumping an UPX packed executable and rebuilding the PE tables.
A shoutout to all the +RE and Cracking4Newbies and REA people for all the help and tutorials.
fake edit: my first introduction to crypto was from REA... Vigenère cipher comes to mind.
Ah yes! I remember way back in the day (1989 or so) you could tell who the _real_ Windows programmers were because they had a second monochrome monitor (and old Hercules card) in their computer so SoftIce could display on that screen while the main EGA screen had Windows.)
From a technical perspective I doubt I will be able to bring a whole lot more to the table than the Fravia articles already linked to. We were just a couple of guys trying to code demos, and cracking for the fun of it. We never releasing anything - all of the games were already cracked by others, and our demos were not very impressive :)
But a common technique when bypassing "auth-code barriers" was to enter some text in the "textbox", that you were certain wasn't in RAM already (think profanities), break to the debugger before submitting the input, search entire mem for the text you entered, set a read-breakpoint on the found mem location so that when the game starts to validate your input, the breakpoint is triggered and you can single step through the disassembled validate logic of the game.
The remote debugging was needed as switching between the graphics mode of the game and text mode of the debugger was totally unstable - Now that I think of it, it might actually have been a "anti-debugging" measure of some games, as I vividly recall a Bards Tale cracking session on a single machine.
his softice essays: http://71.6.196.237/fravia/project2.htm