Anti-cracking protection for my PureBasic EXE application?
-
- New User
- Posts: 5
- Joined: Thu Jul 21, 2016 1:17 pm
Anti-cracking protection for my PureBasic EXE application?
I'm urgently looking for a solid anti-cracking protection for my own PureBasic application (medical), I've used UPX in the past, but my application was cracked in 2 weeks after I release it...
I came up with something called Pelock, from the screenshots it looks very promising:
https://www.pelock.com/products/pelock/screenshots
(even I don't know what some of those options means, can someone explain?)
it claims it has full PureBasic support, I've found PureBasic SDK and examples
https://github.com/PELock/PELock-Softwa ... /PureBasic
https://github.com/PELock/PELock-Softwa ... es/English
but my main concern is, has anyone else tried it already? I will be grateful for any advices, I'm really in a hurry, so please forgive my english, thank you for your time friends.
I came up with something called Pelock, from the screenshots it looks very promising:
https://www.pelock.com/products/pelock/screenshots
(even I don't know what some of those options means, can someone explain?)
it claims it has full PureBasic support, I've found PureBasic SDK and examples
https://github.com/PELock/PELock-Softwa ... /PureBasic
https://github.com/PELock/PELock-Softwa ... es/English
but my main concern is, has anyone else tried it already? I will be grateful for any advices, I'm really in a hurry, so please forgive my english, thank you for your time friends.
-
- Always Here
- Posts: 6425
- Joined: Fri Oct 23, 2009 2:33 am
- Location: Wales, UK
- Contact:
Re: Anti-cracking protection for my PureBasic EXE applicatio
It's impossible to stop determined hackers, but there are some utils that will keep your app safe. I have to warn you though that the most likely 'hacker' is one of your own customers, doing a friend a 'favour'.
Take a look at WinLicense. It's Windows only, it uses DRM i.e. your app is dedicated to a specific PC.
http://www.oreans.com/winlicense.php
I have used WinLicense for my medical app (Cranial Orthosis Helmets), so I can confirm it's legitimacy.
Take a look at WinLicense. It's Windows only, it uses DRM i.e. your app is dedicated to a specific PC.
http://www.oreans.com/winlicense.php
I have used WinLicense for my medical app (Cranial Orthosis Helmets), so I can confirm it's legitimacy.
IdeasVacuum
If it sounds simple, you have not grasped the complexity.
If it sounds simple, you have not grasped the complexity.
-
- New User
- Posts: 5
- Joined: Thu Jul 21, 2016 1:17 pm
Re: Anti-cracking protection for my PureBasic EXE applicatio
I've done my research in the last week, asked many people, I've heard about it, my friend has used WinLicense and his software was cracked anyway (popular game, he switched from WinLicense to custom server side protection since the game works online anyway), you should be careful too.
I'm currently testing this Pelock, the SDK is very complete for PureBasic (pretty unusual) and author is very responsive.
I like the fact I can encrypt selected functions and it will run only when the registration key is present with certain features enabled, I didn't even know this is possible:
I'm currently testing this Pelock, the SDK is very complete for PureBasic (pretty unusual) and author is very responsive.
I like the fact I can encrypt selected functions and it will run only when the registration key is present with certain features enabled, I didn't even know this is possible:
Code: Select all
;///////////////////////////////////////////////////////////////////////////////
;//
;// Example of how to use FEATURE_x_START macros
;//
;// Version : PELock v2.0
;// Language : PureBasic
;// Author : Bartosz Wójcik (support@pelock.com)
;// Web page : https://www.pelock.com
;//
;///////////////////////////////////////////////////////////////////////////////
IncludePath "..\..\..\..\..\SDK\English\PureBasic\"
XIncludeFile "pelock.pb"
Procedure ExtraFunctionality()
result.l = 0
; at least one DEMO_START / DEMO_END or FEATURE_x_START / FEATURE_x_END
; marker is required, so that the license system will be active for
; the protected application
; with FEATURE_x markers you can enable some parts of your software
; depending on the additional key settings
; it's recommended to enclose encrypted code chunks within
; some conditional code
If (IsFeatureEnabled(1) = #True)
; code between those two markers will be encrypted, it won't
; be available without proper feature settings stored in the key file
FEATURE_1_START
MessageRequester("PELock", "Feature 1 -> enabled")
result = 1
FEATURE_1_END
EndIf
ProcedureReturn result
EndProcedure
; start
ExtraFunctionality()
Re: Anti-cracking protection for my PureBasic EXE applicatio
Because it will be cracked anyway if is needed for more or less amount of ppl, or as IdeasVacuum said some skilled reverse-engineer will crack it for his friend.Martin Goltz wrote:I've done my research in the last week, asked many people, I've heard about it, my friend has used WinLicense and his software was cracked anyway (popular game, he switched from WinLicense to custom server side protection since the game works online anyway), you should be careful too.
No one of widely-used commercial protectors cannot avoid this. There are tools to allowing easily detect what packer/protection you used and then typical steps performed to remove it fast enough.
So the only good protection can be one which was created not so far ago and no one learned and breached it yet. Like some protections used in several AAA-games, but they cost a lot of money.
If you don't want to pay really big moneys for it, then you should search something not much popular, but "looking dangerous".
For example, try to search on russian or chinese hacking resources for tools not well-known in english-speaking world ^^
Then use tools like Packer Detector to see if they are easily detected, read what crackers saying about it and did they write some explained articles already, and do much more such steps to ensure that it will be hard to break chosen protection/s.
The second good protection can be one you write yourself. You know how your program works and you can add many traps and detects to make life of cracker hard and painful enough (but also make your life hard while building all this). Also you can get sources of some packer (even UPX) and modify it to do be very different from widely used version.
And surely those variants can be combined, that should be better what can be done.
Also there are much more tricks not directly related to protection, but helping to avoid crack and illegal distribution.
"W̷i̷s̷h̷i̷n̷g o̷n a s̷t̷a̷r"
Re: Anti-cracking protection for my PureBasic EXE applicatio
You could build in your own checksum, and if the file is modified, introduce a quirky or intermittent bug. Make bug reports easy, and you will know who is stealing.
-
- New User
- Posts: 5
- Joined: Thu Jul 21, 2016 1:17 pm
Re: Anti-cracking protection for my PureBasic EXE applicatio
I have protected my application with Pelock and tested it with Packer Detector as you said:Lunasole wrote:Then use tools like Packer Detector to see if they are easily detected, read what crackers saying about it and did they write some explained articles already, and do much more such steps to ensure that it will be hard to break chosen protection/s.
http://imgur.com/a/yf3TR
I guess Nada means Nothing. So nothing got detected, is it good then?
I'm not that skilled Sir...Lunasole wrote:The second good protection can be one you write yourself. You know how your program works and you can add many traps and detects to make life of cracker hard and painful enough (but also make your life hard while building all this). Also you can get sources of some packer (even UPX) and modify it to do be very different from widely used version.
But how to do that? I see Pelock has an option to check the checksum, isn't that enough?Tenaja wrote:You could build in your own checksum, and if the file is modified, introduce a quirky or intermittent bug. Make bug reports easy, and you will know who is stealing.
Re: Anti-cracking protection for my PureBasic EXE applicatio
You read every byte of the exe file, adding and xoring as needed, and compare it to a pre-calculated checksum, and if they don't match, use random bugs.Martin Goltz wrote:But how to do that? I see Pelock has an option to check the checksum, isn't that enough?Tenaja wrote:You could build in your own checksum, and if the file is modified, introduce a quirky or intermittent bug. Make bug reports easy, and you will know who is stealing.
This is something to start with for reading. It's just a snippet from something I started, but it will show you some basics. You can read from the StartOfCode to EndOfCode, and get your checksum. Store that checksum after your EndOfCode label, then compare. Just make sure to use a variable loaded with the checksum value, and not a constant, or you will have to recalculate the checksum manually.
The point is to cause an anomaly somewhere deep in the code, and randomly, so it is harder for them to debug. Heck, you could even make the bug occur every 7 or 100 uses or something annoying like that.
Code: Select all
Procedure display(text.s, gadgetID = 0, position = -1)
AddGadgetItem(gadgetID, position, text)
EndProcedure
OpenWindow(0, 0, 0, 200, 300, "peek results", #PB_Window_SystemMenu | #PB_Window_SizeGadget)
EditorGadget(0, 0, 0, 200, 500)
Global a.i, b.i, c.i, i.i, x.i
DisableDebugger
a = 5
testthis:
If a = 5
; ! nop ; these align the FF's, 11's and 22's.
; ! nop
; ! nop
b = $FFFFFFFF
; ! nop
; ! nop
b = $11111111
; ! nop
; ! nop
c = $22222222
endthetest:
Else
c = 1
EndIf
EnableDebugger
*p = ?testthis
display("Start at " + Str(*p) + " End at " + Str(?endthetest))
display("")
; For i = 0 To 8
Repeat
x = PeekI(*p + (i* SizeOf(*p)))
display("$"+RSet(Hex(x, #PB_Long),8,"0"))
If i & %11 = %11
display(" ")
EndIf
i+1
Until (*p + (i* SizeOf(*p))) > ?endthetest
; Next
display("i=" + Str(i) +" End is " + Str(*p + (i* SizeOf(*p))))
Repeat:Until WaitWindowEvent() = #PB_Event_CloseWindow
Re: Anti-cracking protection for my PureBasic EXE applicatio
We use the "activating" method.
After first start, the program generates a hardwareid (like microsoft) and then through network the user get an "license" file from our server
with a calculated key, that recalculated by the program.
So it only runs on this machine with the given registrated userdata.
After first start, the program generates a hardwareid (like microsoft) and then through network the user get an "license" file from our server
with a calculated key, that recalculated by the program.
So it only runs on this machine with the given registrated userdata.
Re: Anti-cracking protection for my PureBasic EXE applicatio
for another simple code-checksumming example see http://www.purebasic.fr/english/viewtop ... 6&start=30
I think the problem with all the public ones is that it seems easy for crackers to download the packer itself, so they can then write generic unpackers for it without ever having seen your software, so even if you use a public one I think it's still good to add some custom home-rolled code!
I think the problem with all the public ones is that it seems easy for crackers to download the packer itself, so they can then write generic unpackers for it without ever having seen your software, so even if you use a public one I think it's still good to add some custom home-rolled code!
Re: Anti-cracking protection for my PureBasic EXE applicatio
@Bisonte
How to retrieve this hardwareid ?
(Is any hardware able to behold such id, and what if the user changes some of the hardware ?)
@Keya That CRC(@MyProtectedProc(), GetProcSize(@MyProtectedProc())) is probably a crypting command ?
Could you make this a bit clearer to me as a 'beginner'.
(Should it become sometghing like this => StringFingerprint("any text", #PB_Cipher_CRC32))
Thanks.
How to retrieve this hardwareid ?
(Is any hardware able to behold such id, and what if the user changes some of the hardware ?)
@Keya That CRC(@MyProtectedProc(), GetProcSize(@MyProtectedProc())) is probably a crypting command ?
Could you make this a bit clearer to me as a 'beginner'.
(Should it become sometghing like this => StringFingerprint("any text", #PB_Cipher_CRC32))
Thanks.
Yeah I know, but keep in mind ... Leonardo da Vinci was also an autodidact.
Re: Anti-cracking protection for my PureBasic EXE applicatio
Everything can be cracked. One of my apps even had a tutorial video hosted on YouTube that showed how to crack it with OllyDbg. Took me about two weeks with messages back-and-forth with YouTube to have it removed.
Re: Anti-cracking protection for my PureBasic EXE applicatio
I don't know how to get the hardware "checksum" (this made a teammate and I only saw this on the notes), but it's related to mainboard and processor.Joris wrote:@Bisonte
How to retrieve this hardwareid ?
(Is any hardware able to behold such id, and what if the user changes some of the hardware ?)
If the user change one of it, he must "reactivate" this software. Like windows....
This is not perfect (nothing is perfect) but this method is complicated to crack and we have relativ low costs to support it.
Edit : Ähem ... this method is windows only
-
- Always Here
- Posts: 6425
- Joined: Fri Oct 23, 2009 2:33 am
- Location: Wales, UK
- Contact:
Re: Anti-cracking protection for my PureBasic EXE applicatio
That is actually the staple diet of WinLicense.I like the fact I can encrypt selected functions and it will run only when the registration key is present with certain features enabled, I didn't even know this is possible
You can indeed introduce your own DRM, based on the CPU ID or other hardware, and mix-in other detection too. A lot depends on how many apps you are going to distribute - licensing can be exhausting. The more automated it is, the more vulnerable it becomes, no matter how much money has been thrown at the process.
Again depending on the type of app, you can limit the license time. Expire the app rather than just the Key and distribute an updated app that also changes the protection mechanism.
IdeasVacuum
If it sounds simple, you have not grasped the complexity.
If it sounds simple, you have not grasped the complexity.
Re: Anti-cracking protection for my PureBasic EXE applicatio
Some funny thought ...
Release every 6 months an upgrade of your app, but never change the version number.
So cracked users don't know what version is the latest in there search.
Registered users get it via there official link.
Release every 6 months an upgrade of your app, but never change the version number.
So cracked users don't know what version is the latest in there search.
Registered users get it via there official link.
Yeah I know, but keep in mind ... Leonardo da Vinci was also an autodidact.
Re: Anti-cracking protection for my PureBasic EXE applicatio
That's actually a good idea, because the offsets used for cracking will no longer be valid. However, that won't stop cracks coming with the exe bundled with it (which I've seen done).Joris wrote:Release every 6 months an upgrade of your app, but never change the version number.
My own thought is that when you make a real update to your app (new features, whatever), you announce the new version on your website but it's only available for paid users for 3 months. So anyone who hasn't paid, can't actually get and use the new features for 3 months... they're stuck with an older cracked version for a while. This also stops crackers getting their hands on the new version immediately and cracking it.