For school we are now required to use a program called Cisco Packet Tracer to learn the fundamentals of networking. First I was happy since they supported Linux, until I saw they only provided .deb packages. Looking in the AUR, there was a script to install it on Arch, but the executable was not provided. So I had to sign up to Netacad in order to download the package. Now, this is already annoying, but it gets even worse when you notice that Packet Tracer does not allow you to use it without an account. Of course I created an account already so that was not an issue, but the fact that it refuses to launch without an account was.
The only logical thing to do is to crack it :p
For this post I will be demonstrating the Windows version as I already had an account for the Linux one and thus didn't feel the need to decompile and tinker with that one too. So we start by loading the main binary named "PacketTracer.exe" into Ida Pro. You can use any decent Disassembler for this, I just chose Ida because it is what I am most used to. Nothing should stop you from using Ghidra or Radare2.
When we try to skip the Netacad login on Windows
It will just return an error, forcing Packet Tracer to shutdown. The error message is "Login Failed. Packet Tracer is shutting down." so to begin, we will try and search for "Login Failed." as a string in Ida.
We can see which function references this string.
Here you can see the function that controls the login validation. It has two JNZ instructions, changing these to JZ makes Packet Tracer unable to shutdown when you do not login. Simply patch the values in a hex editor or in Ida, not sure if Ghidra or Radare2 support Patching. Alternatively, you can use this script I adapted from Github to work for the current release of Packet Tracer which at the time of writing is 8.2.2.0400 on Windows.
import sys, os
# replace jnz check with jz
FIRST_JNZ_CHECK = 0x2F6BDD4
SECOND_JNZ_CHECK = 0x2F6BDE4
if len(sys.argv) == 2:
# file must exists
fild = os.open(sys.argv[1], os.O_WRONLY)
assert fild != -1
# open file from file descriptor
cisco_binary = os.fdopen(fild, 'wb')
# write first jz byte
cisco_binary.seek(FIRST_JNZ_CHECK)
cisco_binary.write(b"\x84")
# write second jz byte
cisco_binary.seek(SECOND_JNZ_CHECK)
cisco_binary.write(b"\x84")
# binary patched lets close it.
cisco_binary.close()
When we patch these two jump statements and launch the program, skipping the login screen now gives us a new message.
Yay! We did it, no more annoying login prompts and less data that is being collected on you. The program is completely free to download and use, so I don't get the point of locking it behind a free account. Only explanation I have is that they collect usage metrics and other kinds of telemetry.
This is not piracy, calling the login "DRM" is a huge stretch and there is no component we are gaining access to that is not already available for free.