Banners/Affilates/Money ETC.
I've been here on background silently and read this topic with interest.
You all state on that the copy protection system should exist in the application itself - through some kind of executable fingerprint profile. As mentioned before, every single one copy protection has been cracked. And those who aren't, will shortly follow. An all-purpose, bullet-proof system is simply impossible to create.
I'm not saying you should quit trying: nobody want's to offer their applications for crackers on a silver plate. At least make they see trouble.
Also, the stronger you make your "copy protection", the worse things get on the aspect of the customer. If you, for example, bind the serial key to the hardware components, one cannot make a copy to another home computer - or change his/hers hard drive without causing the system to fail. And what do you get - an angry customer - which is far worse than a cracked piece of software.
I'm suggesting a bit different kind of "protection". I wrote it in quotation because it's not kinda protection. Now, think about Steam or Blitz Basic registration system. One can register hes/hers product in order to get updates/be able to play. The point is that you can only register once. In the process you bind your serial key to a user account which means nobody can not utilize your serial later on because they don't know your userID and/or password. The crackers can't access an online service. The server simply refuses to send the upate files if the authorisation i not valid.
The illegal users get their copy, yes, but they can't get the latest update and/or extra services only available online. You could implement, for example, a smart updater like in PureBasic that needs your e-mail (userID) and password and sends the request to server. If there's no other way of updating, I'd assume you're pretty safe from crackers.
At the end, this would piss the illeal users off, and maybe drive them to place an order and play it cool
After all, many illegal users, in fact, are just testing if they like the product. And if they do, they buy it.
You all state on that the copy protection system should exist in the application itself - through some kind of executable fingerprint profile. As mentioned before, every single one copy protection has been cracked. And those who aren't, will shortly follow. An all-purpose, bullet-proof system is simply impossible to create.
I'm not saying you should quit trying: nobody want's to offer their applications for crackers on a silver plate. At least make they see trouble.
Also, the stronger you make your "copy protection", the worse things get on the aspect of the customer. If you, for example, bind the serial key to the hardware components, one cannot make a copy to another home computer - or change his/hers hard drive without causing the system to fail. And what do you get - an angry customer - which is far worse than a cracked piece of software.
I'm suggesting a bit different kind of "protection". I wrote it in quotation because it's not kinda protection. Now, think about Steam or Blitz Basic registration system. One can register hes/hers product in order to get updates/be able to play. The point is that you can only register once. In the process you bind your serial key to a user account which means nobody can not utilize your serial later on because they don't know your userID and/or password. The crackers can't access an online service. The server simply refuses to send the upate files if the authorisation i not valid.
The illegal users get their copy, yes, but they can't get the latest update and/or extra services only available online. You could implement, for example, a smart updater like in PureBasic that needs your e-mail (userID) and password and sends the request to server. If there's no other way of updating, I'd assume you're pretty safe from crackers.
At the end, this would piss the illeal users off, and maybe drive them to place an order and play it cool
After all, many illegal users, in fact, are just testing if they like the product. And if they do, they buy it.Specialized in "AI Programming Games".
-
Psychophanta
- Always Here
- Posts: 5153
- Joined: Wed Jun 11, 2003 9:33 pm
- Location: Anare
- Contact:
I agree that nowadays there are nothing infallible.
In the "office" world there is still working as very effectively the use of rucksacks (usually to parallel port).
And if i develop a powerful soft, the protection method i'd use is to build a USB rucksack hardware (a simple small ROM, nothing more). This way is effective. You can not lie to the computer, because the program will go to USB port to read the needed data every time, and program squeleton is UBS accessing mostly, so then, the crackers are forced to modify program mains or to build an identical ROM plugged into a USB port, and they will not do that.
For a still more powerful and serious deals, i would use always hardware protections.
In the "office" world there is still working as very effectively the use of rucksacks (usually to parallel port).
And if i develop a powerful soft, the protection method i'd use is to build a USB rucksack hardware (a simple small ROM, nothing more). This way is effective. You can not lie to the computer, because the program will go to USB port to read the needed data every time, and program squeleton is UBS accessing mostly, so then, the crackers are forced to modify program mains or to build an identical ROM plugged into a USB port, and they will not do that.
For a still more powerful and serious deals, i would use always hardware protections.
Umm..
I believe they have this kind of system implemented in Dark Basic Professional. They offer a special USB dongle for purchase which acts as "verifier". But of course, this can also be bypassed by cracking the executable.
As far as I know, the crackers simply need to locate THE If-statement in the ASM-code and change "If True then JUMP" into "Just JUMP" (jz->jmp). In other words, the program accesses its full features independent whether the security check passed or not.
I believe they have this kind of system implemented in Dark Basic Professional. They offer a special USB dongle for purchase which acts as "verifier". But of course, this can also be bypassed by cracking the executable.
As far as I know, the crackers simply need to locate THE If-statement in the ASM-code and change "If True then JUMP" into "Just JUMP" (jz->jmp). In other words, the program accesses its full features independent whether the security check passed or not.
Specialized in "AI Programming Games".
-
utopiomania
- Addict
- Posts: 1655
- Joined: Tue May 10, 2005 10:00 pm
- Location: Norway
@A.I, I have an app that is protected in a similar way. It's only possible to download a demo, not the
full version, and when I registered, I got a username/password to log onto their site and get the
full version and updates. It can be a good idea, but cracked versions are available, which probably
means some registered users uploaded them to have them cracked.
@theFool, maybe you could post some protected sourcecode in Tips&Tricks for example. Although I will
pay for the protection, it's an interesting topic.
Another thing, protected apps can be cracked of course, but not easily. The official v.1 crackme for
the protector (execryptor) I'm interested in held up for 1.5 years. The v.2 crackme isn't cracked as
per now, and execryptor v2.x itself (summer 2004) isn't cracked either.
I think this is quite good news for anyone planning to sell software. So, no need to give in to the
bad guys.
full version, and when I registered, I got a username/password to log onto their site and get the
full version and updates. It can be a good idea, but cracked versions are available, which probably
means some registered users uploaded them to have them cracked.
@theFool, maybe you could post some protected sourcecode in Tips&Tricks for example. Although I will
pay for the protection, it's an interesting topic.
Another thing, protected apps can be cracked of course, but not easily. The official v.1 crackme for
the protector (execryptor) I'm interested in held up for 1.5 years. The v.2 crackme isn't cracked as
per now, and execryptor v2.x itself (summer 2004) isn't cracked either.
I think this is quite good news for anyone planning to sell software. So, no need to give in to the
bad guys.
-
utopiomania
- Addict
- Posts: 1655
- Joined: Tue May 10, 2005 10:00 pm
- Location: Norway
again, how can you be sure the crackers just didnt post them but just emailed to him?
You seem to use the smiley a lot heh..
However again, how can you be sure that if it was this amazingly microsoft or someone else would have used it. Perhaps they have one of the big companies? weird that i seem to be able to find a crack for almost anything.
Tell me a KNOWN product wich is protected by exe cryptor..!
You seem to use the
smiley a lot heh..However again, how can you be sure that if it was this amazingly microsoft or someone else would have used it. Perhaps they have one of the big companies? weird that i seem to be able to find a crack for almost anything.
Tell me a KNOWN product wich is protected by exe cryptor..!
-
utopiomania
- Addict
- Posts: 1655
- Joined: Tue May 10, 2005 10:00 pm
- Location: Norway
Sorry, don't know what you mean?? The author submits crackmes to the cracker society to test his product resistance.again, how can you be sure the crackers just didnt post them but just emailed to him?
Execryptor itself is protected by execryptor, and hasn't been cracked for a long time. One drawback with it is the resulting
exe size, but PB exes are small, so no problem. It's a tradeoff which I can live with.
Here's some remarks on cracker threads, ca. summer 2005:
BTW, what's your problem with this protector really. I think it's good, and that it's good advice to point people here to it...you won't make it any more readable. so that - unless you have a lookup table along with some quite complicated maths
- you must trace/analyse/patch the garbage; dissassembling it just makes no real sense...
...there's no way to patch it and dump it correctly without morphing. morphing needs to be done manually. the question is
just how. it looks very ugly to demorph this...
...I need to find a way around the check, or else patch it out somehow. i think this one is far superior to many other
products out there at the moment...
...it looks the only VERY VERY hard (level 8 ) crackme that didn't crack for 1.5 years...
execryptor was not hacked more then 2 years. Also there's execryptor 2.x official crackme on www.crackmes.de since
November 2004 not cracked...
-
DoubleDutch
- Addict
- Posts: 3220
- Joined: Thu Aug 07, 2003 7:01 pm
- Location: United Kingdom
- Contact:
Everything is crackable given enough computing power/time.
So what you do is that as soon as someone gets close you revise the protection so that the version they are cracking is for an old version of the program.
If you have a 5 or 6 protection methods (some of them that kick in after a week or so of use) then you can see when the 1st few levels have been hacked by looking at the warez/crack sites.
If you have a new version "waiting" then you can release it straight away with new levels of protection, as soon as a keygen or crack appears.
Because the last levels (the ones that kick in after a while or under normal long usage) of protection have never been cracked, you don't lose any real sales to people who would have otherwise bought the program.
So what you do is that as soon as someone gets close you revise the protection so that the version they are cracking is for an old version of the program.
If you have a 5 or 6 protection methods (some of them that kick in after a week or so of use) then you can see when the 1st few levels have been hacked by looking at the warez/crack sites.
If you have a new version "waiting" then you can release it straight away with new levels of protection, as soon as a keygen or crack appears.
Because the last levels (the ones that kick in after a while or under normal long usage) of protection have never been cracked, you don't lose any real sales to people who would have otherwise bought the program.
https://deluxepixel.com <- My Business website
https://reportcomplete.com <- School end of term reports system
https://reportcomplete.com <- School end of term reports system
> what you do is that as soon as someone gets close you revise the
> protection so that the version they are cracking is for an old version
> of the program
Don't forget what I said: apps and cracks are distributed together these days...
> protection so that the version they are cracking is for an old version
> of the program
Don't forget what I said: apps and cracks are distributed together these days...
I compile using 5.31 (x86) on Win 7 Ultimate (64-bit).
"PureBasic won't be object oriented, period" - Fred.
"PureBasic won't be object oriented, period" - Fred.
-
utopiomania
- Addict
- Posts: 1655
- Joined: Tue May 10, 2005 10:00 pm
- Location: Norway
Ok, but that's my opinion, nothing else, and you can safely ignore it if you don't agree, there's no point in going on about it.I do have something against on your oppinions about homegrown protection thats all.
I looked into it before I decided to pay for protection instead of the DIY method, but gave up totally after looking around the
net (and getting depressed)
, so I'll pay for protection.