Anti-cracking protection for my PureBasic EXE application?

Everything else that doesn't fall into one of the other PB categories.
Martin Goltz
New User
New User
Posts: 5
Joined: Thu Jul 21, 2016 1:17 pm

Anti-cracking protection for my PureBasic EXE application?

Post by Martin Goltz »

I'm urgently looking for a solid anti-cracking protection for my own PureBasic application (medical), I've used UPX in the past, but my application was cracked in 2 weeks after I release it...

I came up with something called Pelock, from the screenshots it looks very promising:

https://www.pelock.com/products/pelock/screenshots

Image

(even I don't know what some of those options means, can someone explain?)

it claims it has full PureBasic support, I've found PureBasic SDK and examples

https://github.com/PELock/PELock-Softwa ... /PureBasic
https://github.com/PELock/PELock-Softwa ... es/English

but my main concern is, has anyone else tried it already? I will be grateful for any advices, I'm really in a hurry, so please forgive my english, thank you for your time friends.
IdeasVacuum
Always Here
Always Here
Posts: 6425
Joined: Fri Oct 23, 2009 2:33 am
Location: Wales, UK
Contact:

Re: Anti-cracking protection for my PureBasic EXE applicatio

Post by IdeasVacuum »

It's impossible to stop determined hackers, but there are some utils that will keep your app safe. I have to warn you though that the most likely 'hacker' is one of your own customers, doing a friend a 'favour'.

Take a look at WinLicense. It's Windows only, it uses DRM i.e. your app is dedicated to a specific PC.

http://www.oreans.com/winlicense.php

I have used WinLicense for my medical app (Cranial Orthosis Helmets), so I can confirm it's legitimacy.
IdeasVacuum
If it sounds simple, you have not grasped the complexity.
Martin Goltz
New User
New User
Posts: 5
Joined: Thu Jul 21, 2016 1:17 pm

Re: Anti-cracking protection for my PureBasic EXE applicatio

Post by Martin Goltz »

I've done my research in the last week, asked many people, I've heard about it, my friend has used WinLicense and his software was cracked anyway (popular game, he switched from WinLicense to custom server side protection since the game works online anyway), you should be careful too.

I'm currently testing this Pelock, the SDK is very complete for PureBasic (pretty unusual) and author is very responsive.

I like the fact I can encrypt selected functions and it will run only when the registration key is present with certain features enabled, I didn't even know this is possible:

Code: Select all

;///////////////////////////////////////////////////////////////////////////////
;//
;// Example of how to use FEATURE_x_START macros
;//
;// Version        : PELock v2.0
;// Language       : PureBasic
;// Author         : Bartosz Wójcik (support@pelock.com)
;// Web page       : https://www.pelock.com
;//
;///////////////////////////////////////////////////////////////////////////////

IncludePath "..\..\..\..\..\SDK\English\PureBasic\"
XIncludeFile "pelock.pb"

Procedure ExtraFunctionality()

    result.l = 0

    ; at least one DEMO_START / DEMO_END or FEATURE_x_START / FEATURE_x_END
    ; marker is required, so that the license system will be active for
    ; the protected application

    ; with FEATURE_x markers you can enable some parts of your software
    ; depending on the additional key settings

    ; it's recommended to enclose encrypted code chunks within
    ; some conditional code
    If (IsFeatureEnabled(1) = #True)

        ; code between those two markers will be encrypted, it won't
        ; be available without proper feature settings stored in the key file
        FEATURE_1_START

        MessageRequester("PELock", "Feature 1 -> enabled")

        result = 1

        FEATURE_1_END

    EndIf

    ProcedureReturn result

EndProcedure

; start

    ExtraFunctionality()
User avatar
Lunasole
Addict
Addict
Posts: 1091
Joined: Mon Oct 26, 2015 2:55 am
Location: UA
Contact:

Re: Anti-cracking protection for my PureBasic EXE applicatio

Post by Lunasole »

Martin Goltz wrote:I've done my research in the last week, asked many people, I've heard about it, my friend has used WinLicense and his software was cracked anyway (popular game, he switched from WinLicense to custom server side protection since the game works online anyway), you should be careful too.
Because it will be cracked anyway if is needed for more or less amount of ppl, or as IdeasVacuum said some skilled reverse-engineer will crack it for his friend.
No one of widely-used commercial protectors cannot avoid this. There are tools to allowing easily detect what packer/protection you used and then typical steps performed to remove it fast enough.

So the only good protection can be one which was created not so far ago and no one learned and breached it yet. Like some protections used in several AAA-games, but they cost a lot of money.
If you don't want to pay really big moneys for it, then you should search something not much popular, but "looking dangerous".
For example, try to search on russian or chinese hacking resources for tools not well-known in english-speaking world ^^
Then use tools like Packer Detector to see if they are easily detected, read what crackers saying about it and did they write some explained articles already, and do much more such steps to ensure that it will be hard to break chosen protection/s.

The second good protection can be one you write yourself. You know how your program works and you can add many traps and detects to make life of cracker hard and painful enough (but also make your life hard while building all this). Also you can get sources of some packer (even UPX) and modify it to do be very different from widely used version.

And surely those variants can be combined, that should be better what can be done.
Also there are much more tricks not directly related to protection, but helping to avoid crack and illegal distribution.
"W̷i̷s̷h̷i̷n̷g o̷n a s̷t̷a̷r"
User avatar
Tenaja
Addict
Addict
Posts: 1948
Joined: Tue Nov 09, 2010 10:15 pm

Re: Anti-cracking protection for my PureBasic EXE applicatio

Post by Tenaja »

You could build in your own checksum, and if the file is modified, introduce a quirky or intermittent bug. Make bug reports easy, and you will know who is stealing.
Martin Goltz
New User
New User
Posts: 5
Joined: Thu Jul 21, 2016 1:17 pm

Re: Anti-cracking protection for my PureBasic EXE applicatio

Post by Martin Goltz »

Lunasole wrote:Then use tools like Packer Detector to see if they are easily detected, read what crackers saying about it and did they write some explained articles already, and do much more such steps to ensure that it will be hard to break chosen protection/s.
I have protected my application with Pelock and tested it with Packer Detector as you said:

http://imgur.com/a/yf3TR

I guess Nada means Nothing. So nothing got detected, is it good then?
Lunasole wrote:The second good protection can be one you write yourself. You know how your program works and you can add many traps and detects to make life of cracker hard and painful enough (but also make your life hard while building all this). Also you can get sources of some packer (even UPX) and modify it to do be very different from widely used version.
I'm not that skilled Sir...
Tenaja wrote:You could build in your own checksum, and if the file is modified, introduce a quirky or intermittent bug. Make bug reports easy, and you will know who is stealing.
But how to do that? I see Pelock has an option to check the checksum, isn't that enough?
User avatar
Tenaja
Addict
Addict
Posts: 1948
Joined: Tue Nov 09, 2010 10:15 pm

Re: Anti-cracking protection for my PureBasic EXE applicatio

Post by Tenaja »

Martin Goltz wrote:
Tenaja wrote:You could build in your own checksum, and if the file is modified, introduce a quirky or intermittent bug. Make bug reports easy, and you will know who is stealing.
But how to do that? I see Pelock has an option to check the checksum, isn't that enough?
You read every byte of the exe file, adding and xoring as needed, and compare it to a pre-calculated checksum, and if they don't match, use random bugs.

This is something to start with for reading. It's just a snippet from something I started, but it will show you some basics. You can read from the StartOfCode to EndOfCode, and get your checksum. Store that checksum after your EndOfCode label, then compare. Just make sure to use a variable loaded with the checksum value, and not a constant, or you will have to recalculate the checksum manually.

The point is to cause an anomaly somewhere deep in the code, and randomly, so it is harder for them to debug. Heck, you could even make the bug occur every 7 or 100 uses or something annoying like that.

Code: Select all

Procedure display(text.s, gadgetID = 0, position = -1)
	AddGadgetItem(gadgetID, position, text)
EndProcedure

OpenWindow(0, 0, 0, 200, 300, "peek results", #PB_Window_SystemMenu | #PB_Window_SizeGadget)
EditorGadget(0, 0, 0, 200, 500)

Global a.i, b.i, c.i, i.i, x.i


DisableDebugger
a = 5
testthis:
If a = 5
; 	! nop			; these align the FF's, 11's and 22's.
; 	! nop
; 	! nop
	b = $FFFFFFFF
; 	! nop
; 	! nop
	b = $11111111
; 	! nop
; 	! nop
	c = $22222222
	endthetest:
	
Else
	c = 1
EndIf

EnableDebugger

*p = ?testthis
display("Start at " + Str(*p) + " End at " + Str(?endthetest))
display("")

; For i = 0 To 8
Repeat
	x = PeekI(*p + (i* SizeOf(*p)))
	display("$"+RSet(Hex(x, #PB_Long),8,"0"))
	
	If i & %11 = %11
		display(" ")
	EndIf
	i+1
Until (*p + (i* SizeOf(*p))) > ?endthetest
; Next

display("i=" + Str(i) +" End is " + Str(*p + (i* SizeOf(*p))))

Repeat:Until WaitWindowEvent() = #PB_Event_CloseWindow
User avatar
Bisonte
Addict
Addict
Posts: 1226
Joined: Tue Oct 09, 2007 2:15 am

Re: Anti-cracking protection for my PureBasic EXE applicatio

Post by Bisonte »

We use the "activating" method.

After first start, the program generates a hardwareid (like microsoft) and then through network the user get an "license" file from our server
with a calculated key, that recalculated by the program.
So it only runs on this machine with the given registrated userdata.
PureBasic 6.04 LTS (Windows x86/x64) | Windows10 Pro x64 | Asus TUF X570 Gaming Plus | R9 5900X | 64GB RAM | GeForce RTX 3080 TI iChill X4 | HAF XF Evo | build by vannicom​​
English is not my native language... (I often use DeepL to translate my texts.)
User avatar
Keya
Addict
Addict
Posts: 1891
Joined: Thu Jun 04, 2015 7:10 am

Re: Anti-cracking protection for my PureBasic EXE applicatio

Post by Keya »

for another simple code-checksumming example see http://www.purebasic.fr/english/viewtop ... 6&start=30
I think the problem with all the public ones is that it seems easy for crackers to download the packer itself, so they can then write generic unpackers for it without ever having seen your software, so even if you use a public one I think it's still good to add some custom home-rolled code!
Joris
Addict
Addict
Posts: 885
Joined: Fri Oct 16, 2009 10:12 am
Location: BE

Re: Anti-cracking protection for my PureBasic EXE applicatio

Post by Joris »

@Bisonte
How to retrieve this hardwareid ?

(Is any hardware able to behold such id, and what if the user changes some of the hardware ?)

@Keya That CRC(@MyProtectedProc(), GetProcSize(@MyProtectedProc())) is probably a crypting command ?
Could you make this a bit clearer to me as a 'beginner'.
(Should it become sometghing like this => StringFingerprint("any text", #PB_Cipher_CRC32))

Thanks.
Yeah I know, but keep in mind ... Leonardo da Vinci was also an autodidact.
Dude
Addict
Addict
Posts: 1907
Joined: Mon Feb 16, 2015 2:49 pm

Re: Anti-cracking protection for my PureBasic EXE applicatio

Post by Dude »

Everything can be cracked. One of my apps even had a tutorial video hosted on YouTube that showed how to crack it with OllyDbg. Took me about two weeks with messages back-and-forth with YouTube to have it removed. :evil:
User avatar
Bisonte
Addict
Addict
Posts: 1226
Joined: Tue Oct 09, 2007 2:15 am

Re: Anti-cracking protection for my PureBasic EXE applicatio

Post by Bisonte »

Joris wrote:@Bisonte
How to retrieve this hardwareid ?

(Is any hardware able to behold such id, and what if the user changes some of the hardware ?)
I don't know how to get the hardware "checksum" (this made a teammate and I only saw this on the notes), but it's related to mainboard and processor.
If the user change one of it, he must "reactivate" this software. Like windows....

This is not perfect (nothing is perfect) but this method is complicated to crack and we have relativ low costs to support it.

Edit : Ähem ... this method is windows only ;)
PureBasic 6.04 LTS (Windows x86/x64) | Windows10 Pro x64 | Asus TUF X570 Gaming Plus | R9 5900X | 64GB RAM | GeForce RTX 3080 TI iChill X4 | HAF XF Evo | build by vannicom​​
English is not my native language... (I often use DeepL to translate my texts.)
IdeasVacuum
Always Here
Always Here
Posts: 6425
Joined: Fri Oct 23, 2009 2:33 am
Location: Wales, UK
Contact:

Re: Anti-cracking protection for my PureBasic EXE applicatio

Post by IdeasVacuum »

I like the fact I can encrypt selected functions and it will run only when the registration key is present with certain features enabled, I didn't even know this is possible
That is actually the staple diet of WinLicense.

You can indeed introduce your own DRM, based on the CPU ID or other hardware, and mix-in other detection too. A lot depends on how many apps you are going to distribute - licensing can be exhausting. The more automated it is, the more vulnerable it becomes, no matter how much money has been thrown at the process.

Again depending on the type of app, you can limit the license time. Expire the app rather than just the Key and distribute an updated app that also changes the protection mechanism.
IdeasVacuum
If it sounds simple, you have not grasped the complexity.
Joris
Addict
Addict
Posts: 885
Joined: Fri Oct 16, 2009 10:12 am
Location: BE

Re: Anti-cracking protection for my PureBasic EXE applicatio

Post by Joris »

Some funny thought ...
Release every 6 months an upgrade of your app, but never change the version number.
So cracked users don't know what version is the latest in there search.
Registered users get it via there official link.
Yeah I know, but keep in mind ... Leonardo da Vinci was also an autodidact.
Dude
Addict
Addict
Posts: 1907
Joined: Mon Feb 16, 2015 2:49 pm

Re: Anti-cracking protection for my PureBasic EXE applicatio

Post by Dude »

Joris wrote:Release every 6 months an upgrade of your app, but never change the version number.
That's actually a good idea, because the offsets used for cracking will no longer be valid. However, that won't stop cracks coming with the exe bundled with it (which I've seen done).

My own thought is that when you make a real update to your app (new features, whatever), you announce the new version on your website but it's only available for paid users for 3 months. So anyone who hasn't paid, can't actually get and use the new features for 3 months... they're stuck with an older cracked version for a while. This also stops crackers getting their hands on the new version immediately and cracking it.
Post Reply