Ok, I need some insight before I go back into Torrenting. I need a piece of software from a less than reputable company (Wondershare). Now I know Keygens can be run through Sandboxie or a VM to get the key but how do Patches and Cracks work?
One of TorrentGalaxy’s most trusted uploaders & software patchers keeps the software updated and uploaded & includes in the download listing the www.virustotal.com report for the installation files which shows a clean listing; however the Patch shows a listing for multiple AV/Malware software which shows the Patch being a virus. So, how do I use the software if the Patch is “infected”. Am I missing something? Thanks!
When the source of a crack/patch isn’t trusted, I’d do like you said and install it in a VM, then compare the patched files with their unpatched copies using diffing software (Beyond Compare’s hex compare feature is useful for this). If there are a huge amount of changes, like completely different size and content, or it is protected with a packer (typically will be a several MB larger), I would definitely steer clear of it. If it’s just a few changed bytes (and maybe the digital signature overlay is stripped off), then it’s most likely safe and you can just copy the patched files out of the VM and overwrite your main install.
Edit: Also, always prefer official installers directly from the developer’s site if they are available; “pre-cracked” installers are always a red flag to me.
This sounds like excellent advice. I happen to have a licensed version of BeyondCompare that I can install and do Hex compare. I appreciate the guidelines to follow and I agree with you on the “pre-cracked” options. I would always install from the developer’s site first and then use the patch if I use it at all. Unfortunately, this software mush have a “phone-home” features and has a “hosts file” change as well. As with the previous response, I would appreciate your input on whether you would try it or not.
Wondershare Uniconverter
Thanks for your excellent advice & input!
You’re welcome, happy to help. For host file modifications you can either run the .bat in your VM and observe the changes it makes to
C:\Windows\system32\drivers\etc\hostsor inspect the .bat and see what hosts its blocking.In this case, the .bat seems to do what it claims so it’s safe to run; it re-launches itself as admin, so that it can modify the hosts file. It also changes the ownership, security ACLs, and file attributes of the hosts file
to what I believe should be its system defaultsactually I guess the file’s owner is changed from the built in SYSTEM account to the Administrators group. Not sure why it does this since admins by default have write access to the file. Maybe their intention was to fix the file in case the user or some other software messed with these previously? Doesn’t seem malicious though.It’s also a good practice to block cracked software with your firewall, though not always necessary (or sometimes impossible because an internet connection necessary to function). Usually this will make hosts file changes unnecessary.