Anti-cracking protection for my PureBasic EXE application?

[agb2008]

Just to add my 5¢ to the subject. I've done quite substantial checking on available software protection
systems available on the market for Windows platform (and as well considering multiplatform solutions)
and the most reasonable choice (for me) was WinLicense + CodeVirtualizer (from Oreans Technology)
together with hardware protection (in my case I am using USB hardware keys from Guardant) combination
of these tools could make your software quite secure. I would not say that it would guarantee 100% protection
- but for sure it would make it very very very difficult to crack.

With respect of comments that Oreans Technology could be easily cracked - I would strongly disagree.
It could be the case only if person, who tried to apply protection got very little knowledge on that subject
and as a results very basic level of protection was used.

P.S. I've got no relation to Oreans Technology company. Just happy commercial user of the software protection
solutions that they provide.

P.P.S. Another solution that I could recommend to consider is: Obsidium software protection system.

[Dude]

With respect of comments that Oreans Technology could be easily cracked - I would strongly disagree.

I've been in this game for over 30 years and I've seen a million people say things just like you did above. I've also seen the apps they defend have working cracks for them. Trust me, NOTHING is uncrackable. Crackers are just as smart as the people writing the protection. Give me the name of an app protected by Oreans Technology and I bet I can find either a crack for it or a hacked version with the protection removed.

[agb2008]

Dude:

I never said that it would make ones application totally unbreakable. I said that protection level it provide is way above average.
Also I've mention that it's a good idea to combine different protection methods. Code Virtualizer provide powerful code obfuscation
system, Themida technology provide software protection solution... After that one have to decide what license system to use: one
that provided by WinLicense or select different one (like hardware usb dongle one, quite a number of options exist here) to increase
security... In addition one could add some "personal" protection. In my case I had to protect application that perform different
mathematical calculations. And I add some additional code that would check status of application and if other protection was breached
- application would work - but would provide wrong results. So... There are different ways to protect application.

[Keya]

hello i just had a thought but i have no idea if its viable or useless or whatever. Anyway how about using a _signed_ kernel driver (.sys)? a talented Russian forum member made some tweaks to Purebasic so that it can compile drivers lol, was amazing package to have a quick play with! But if im not mistaken Windows only loads a driver if it's digitally signed, so if you had your custom licensing code in a driver wouldnt that essentially stop a cracker being able to modify it? i mean I guess after they crack your driver they could replace the digital signature with their own signature, but then they'd need a fraudulently-obtained certificate etc to do that without risking their identity? and itd be easy to report and have their certificate revoked? but then i guess a talented cracker could simply try to copy the code from the driver back to usermode exe and nop the driver calls? Anyway just a probably useless thought lol but couldn't help but wonder

[Dude]

I said that protection level it provide is way above average.

Yes, but that's what everyone's been saying for over 30 years, which is my point. It's nothing new to hear, and it's not true anyway. Any "above average" protection is just cracked by an "above average" cracker.

In fact, there was a guy in these very forums who used to boast how "Thinstall" (now "ThinApp") programs couldn't be cracked because they run the app in their own virtual environment, and that the Thinstall creator was a master visionary and highly-skilled coder and nobody can crack a Thinstall app, blah blah blah. Fast forward to today and cracked Thinstall apps are found everywhere.

When all versions of Windows can be cracked, and iPhones can be jailbroken, what hope do any of us stand, when massive companies like Microsoft and Apple can't stop it?

[Thorium]

Don't bother with protection. It's mostly a time and money waste.

[Dude]

And NEVER provide wrong results if you detect your app has been cracked! Your app will get a reputation as being buggy and useless. Is that what you want?

[agb2008]

Thorium, Dude:

Unfortunately I can't agree that there is no sense to protect your application. Indeed it would be quite costly but still you could get result
out of this procedure. As for comment regarding providing incorrect results if cracked - well, that probably depends on the area where
application fits. In my case customers who bought it would get proper result and if someone would like to save money and to remove
protection - then incorrect results would fit just nicely.

P.S. Please note that everything stated above represents just my point of view. Your view on this subject could be different.

[Thorium]

Unfortunately I can't agree that there is no sense to protect your application. Indeed it would be quite costly but still you could get result

There are many problems with "protections". One is you can't tell if it actualy helped. If you sell the software with protection, you can't tell how it would sell without protection and vice versa.
It's not that everyone who can't crack it will buy it. They can wait for a crack or use another software.

The actual impact of protection in sales if very questionable in my opinion.
Whats not questionable is the problems that come with protection, like incompatiblity with future operation systems, incompatiblity with VM's, incompatiblity with other drivers on the system, incompatiblity with debugging tools used for actual debugging on the computer. Protections that use drivers for kernel mode protection actualy introduce security risks.

Of course this is only my opinion.

[Lunasole]

hello i just had a thought but i have no idea if its viable or useless or whatever. Anyway how about using a _signed_ kernel driver (.sys)? a talented Russian forum member made some tweaks to Purebasic so that it can compile drivers lol, was amazing package to have a quick play with! But if im not mistaken Windows only loads a driver if it's digitally signed, so if you had your custom licensing code in a driver wouldnt that essentially stop a cracker being able to modify it? i mean I guess after they crack your driver they could replace the digital signature with their own signature, but then they'd need a fraudulently-obtained certificate etc to do that without risking their identity? and itd be easy to report and have their certificate revoked? but then i guess a talented cracker could simply try to copy the code from the driver back to usermode exe and nop the driver calls? Anyway just a probably useless thought lol but couldn't help but wonder

That's interesting idea. Signed driver costs about $500 per year, and if nicely write it, it can take care about user-mode app executables and just won't allow to modify it at all.
In past there were many protections depending on kernel drivers (and some of them were very hard [both for crackers and regular users, lol], like Starforce), but only recently Windows started to block any unsigned drivers, making attacks to such protections harder (and on x64 systems it should be much harder anyway).

But well, I'm not sure if MS would sign a driver full of system hacks and similar stuff needed for cool protection ^^ (however, it licenses AV drivers, doing the same).
Also it obviously requires very cool skills and efforts to write such one, should care also about problems which it can bring to user and conflicts with other 3rd party drivers, etc. Interesting to know, are there modern protections made this way.

[Dude]

Don't get me wrong: I'm not saying NOT to protect your apps. You must have some protection, for sure. Just don't go nuts spending big bucks on promises that a protection is uncrackable. That's the point I'm making.

For my own apps, when the user buys a license, they get a serial code that has their name and email address in it, which also ends with a checksum. Editing their name or email breaks the checksum so the serial won't work. Now, sure, they can share their serial with others, but it positively identifies them and also opens them to email spam if they do (who wants their email address shared on the web?). Most people wouldn't want to risk that. And no, they can't use a throwaway email when buying, as FastSpring (my vendor) doesn't allow it, and also they won't be able to access support and such because I require that email as payment proof.

[Keya]

That's interesting idea. Signed driver costs about $500 per year

i think you can get it a little bit cheaper than that, but yes the signing certificate is valid for one year, but you don't need to keep re-signing your driver(s) each year, it just means you're only able to sign drivers for one year, but can sign as many as you want, if im understanding it right!

But well, I'm not sure if MS would sign a driver full of system hacks and similar stuff needed for cool protection ^^ (however, it licenses AV drivers, doing the same).

certificate authorities/Microsoft etc don't do reviews on your binaries before they let you sign them - you can sign anything you want, even malware like Stuxnet if you want lol, but obviously with malware the certificate can later be revoked

[nicolaus]

I have protected my application with Pelock and tested it with Packer Detector as you said:

http://imgur.com/a/yf3TR

I guess Nada means Nothing. So nothing got detected, is it good then?

I have also found the SDk in github. Now i want try the examples but it says all the time the keygen.dll is mssing (if i start/debug the keygen example for PUREBASIC).
So where do you have the keygen.dll from?

In the SDK there is no keygen.dll.

thanks,
Nico

[tj1010]

VM type protectors with encrypted sections that require internet to decrypt virtual-bytecode of the original code segments are the "hardest" for crackers. TheMida, StarForce, and LARP are basically tops in stuff you can buy without a lot of incorporation; else Denuvo and TAGES.

Signed binaries behind a paywall with no unlockable-demo is actually proven to be the best(Top indexed warez communities can't source PB and it takes botnet leaks for them to get it.. The signature in the leaked installers helps PB team identify the licence holder and alert them or revoke them).

There are also isolation USB dongle DRMs but you have to send users dongles..

Notice that even with no market/popularity having this stuff just makes your product a trophy, or a target to build tools off of. Warez teams *love* anything with a new version of a competing protector. They will swarm a hello world program if it has a new Oreans protector with everything enabled, for example.

Me: 20 years of RCE

[Martin Goltz]

Update

It's been a while and your tips were great! I want you to know how things work out for us.

Our company decided to purchase PELock and since I was the one who did the integration I can tell you how it went.

Pros:

1. At first I was overwhelmed by the number of options PELock has, turns out you don't need to change anything if you don't need it, but it's highly customizable
2. Tutorials, examples and help file are great, plenty of examples for PureBasic, everything explained to the smallest detail
3. Command line integration allows us to use this protection in our build process without problems
4. You can talk directly with the software author and ask for anything, the response time is really fast, something not very often found in software world
5. Plenty of unusual protection techniques available via SDK macros and extra functions

Cons:

• You need to manually integrate the protection features into your source code, add protection functions and macros to utilize whole strength of the protection
• At the first sight the GUI seems a little bit too technical even for the programming people (me! )
• Some protection mechanism are not obvious at first without reading large help file entries about it
• Expensive, company license is like 999 USD

Our software has been on the market for almost a year since we bought this protection and it hasn't been cracked yet, this is the best thing I can tell about PELock. We don't have to worry about cracks any more and we can focus more on the development, the revenue stream now vs before when we have used UPX is much, much higher.

Would I recommend it? Yes. It was totally worth it to buy it, even with the high price tag and works like a charm with PureBasic apps.