PB DLL Protector - beta 1

netmaestro · Post by **netmaestro** » Thu Apr 27, 2006 10:39 am

Ok, I'm probably going to get shot down real fast as I've never tried anything like this before. But I post for your target practice a little library which might develop into a protection system for PB 4 dlls. The aim is to provide a way for a dll producer to be reasonably confident that his dll cannot be run from a programming language other than PB 4.

You are invited to download the library (just 2 commands) and show me just how easy it is to beat it. As PureBasic v3.94 is considered a "foreign language" by the protector, perhaps you can try to break it with that. I hope you'll help me test this thing, if nothing else it should be a bit of fun.

PrepareAuthCode()

The PrepareAuthCode() command prepares a key that a calling program must supply
to a protected dll in order to call its functions. While the less said about the key the
better, suffice to say that many steps have been taken to protect the key from being
copied, examined, or created from a "cheater" dll. If a user attempts to create a dll in
PB 4 that calls the PrepareAuthCode() function and returns the code, unlicensed usage
will be detected. The command must be executed from a toplevel process that has a
window at least 640*480 in size, is foreground and visible.

Code: Select all

; Example of authorized usage
; The window must be foreground, visible and at least 640*480 in size
; A screen is ok too
;
OpenWindow(0,0,0,640,480,"DLLAuth Library Test",#PB_Window_ScreenCentered|#PB_Window_SystemMenu)
vcode=PrepareAuthCode()

OpenLibrary(0,"secured.dll")
CallFunction(0,"Init",vcode)
CallFunction(0,"ShowBox")

Repeat:Until WaitWindowEvent()=#WM_CLOSE

ExamineAuthCode(vcode)

Code: Select all

; Example of a dll you might write that protects itself
; with the PB DLL Protector
;
Global auth_ok

ProcedureDLL Init(key)
  If ExamineAuthCode(key)
    auth_ok = #True
  Else
    auth_ok = #False
  EndIf
EndProcedure

ProcedureDLL ShowBox()
  If Not auth_ok
    ProcedureReturn 0
  EndIf
  MessageRequester("Notice","I'm doing this because I'm called by a PureBasic program!")
EndProcedure

And here's the link:http://www.networkmaestro.com/DLLAuth.zip ...** /me ducks **

dell_jockey · Post by **dell_jockey** » Thu Apr 27, 2006 12:00 pm

EDIT: removed my message, didn't make sense...

netmaestro · Post by **netmaestro** » Thu Apr 27, 2006 12:01 pm

No, it shouldn't. I spent a fair amount of effort in detecting that sort of implementation, so hopefully it will work.

[edit] No, it made perfect sense! I had to jump through several hoops to teach the key generator to defend against just that.

dell_jockey · Post by **dell_jockey** » Thu Apr 27, 2006 12:04 pm

netmaestro wrote:No, it shouldn't. I spent a fair amount of effort in detecting that sort of implementation, so hopefully it will work.

[edit] No, it made perfect sense! I had to jump through several hoops to teach the key generator to defend against it.

Why would you want to limit DLL usage to a single programming language? What's in it for me as a programmer?

netmaestro · Post by **netmaestro** » Thu Apr 27, 2006 12:15 pm

For me it's mostly for fun, to see if I can do it. But some programmers have expressed an interest in the functionality.

SFSxOI · Post by **SFSxOI** » Thu Apr 27, 2006 1:54 pm

Its interesting but why bother to do this at all to begin with?

Are you talking about a .dll produced with PB and can only run with PB - right? Will this not cause problems with producing an application in PB and then distributing it (legally) with a .dll produced for the application - will it not cause problems because of a non-standard method employed in the .dll or because a PB4 runtime module (or something or other from PB 4 is not installed on the computer the distributed application is installed on??

Theres probably a reason why .dll's are generally not done this way to begin with isn't there?

So what happens if I produce a .dll in say PB 4, then later upgrade in the future to PB5, will the .dll still work?

If its got real functions in the .dll can it be extracted to a library and used that way?

netmaestro · Post by **netmaestro** » Thu Apr 27, 2006 7:52 pm

Once the dll is compiled and distributed with its calling program it will run on any target machine. The end user's computer doesn't need any PB components installed.

Future versions of PureBasic won't break the functionality.

Extracting the functions with DLL2Lib-style tools isn't a way to defeat the protection as each function checks for the code having been verified before proceeding.

thefool · Post by **thefool** » Thu Apr 27, 2006 8:05 pm

the way of cracking this protection is to patch the dll at the point where it compares the key one that works. (other places i can think of would be where it checks if the key was correct, at the other procedures.
a third method would be to switch the FALSE value in memory with a TRUE.

netmaestro · Post by **netmaestro** » Thu Apr 27, 2006 9:22 pm

Why would you want to limit DLL usage to a single programming language? What's in it for me as a programmer?

I can think of one good reason right away. I can personally make use of this (if it turns out to actually work) with my Transpetris program. I charge nine bucks for it on my website, but I wouldn't dream of asking money for it from the people on the PB forum. I've gotten too much help with various projects from people here, anything I can give back is the least I can do. But if you google Transpetris, the freely available version found on this forum comes right up.

If I were to convert that to a protected dll and post a code snippet of how to call it, it becomes available free of charge to PB folks and useless to anyone else. They want it, it's nine bucks. For you - free.

Thade · Post by **Thade** » Tue May 02, 2006 4:17 pm

This is the same as if Adobe would say ... You can create and save your jpgs with photoshop, but they are protected so you cannot use them in IE or in Paint Shop Pro or anywhere else.. other than Adobe Photoshop.
More examples wanted?
A car manufacturer building cars you can only drive on roads in china...
ID Software producing PC-Games you can only play on Model XF800 of Drell Computers

Who needs this?

Have you ever thought that Microsoft could say: You are not allowed to use my software to make money with it? Then each producer of Software is illegal...
Or they could say ... you are not allowed using Pure Basic to produce DLLs at all, because they all are based on our API development ?
And then?
Or they could say ... Pure Basic is illegal because its completely based on our technology ?

There are enough stupid ideas in the world ...

It is a good idea to protect a dll, that only authorized people can use it ... but what you announce ... sorry to say it that harsh (but its needed to express my view on it) ... its imbecile rubbish

netmaestro · Post by **netmaestro** » Tue May 02, 2006 4:23 pm

Thank you. I can see where a tool like this would be of no use to you. You have my permission to ignore it.

Trond · Post by **Trond** » Tue May 02, 2006 6:00 pm

Thade wrote:Have you ever thought that Microsoft could say: You are not allowed to use my software to make money with it?

Borland Delphi is cheaper if you buy the "personal" version. And you're not allowed to make money with it.

By the way, this can be very easily cracked no matter what you do.

SFSxOI · Post by **SFSxOI** » Tue May 02, 2006 7:39 pm

Been playing around with the example you gave in your original post. I see some possibilities for use, or at least i'm thinking of some. The thing about cracking, or getting around, the protection tho is maybe worth exploring some more. At least it will keep the casual novice type people at bay for a bit. Will you let us know of your progress? I'm interested, and while i'm no expert I can see possibilities.

Wheres the free version of Transpertis at?

Just kidding.

I'm gonna pay the $9.00 for it 'cause after dabbling in this stuff for a while now i realize that some of it isn't easy and I think you deserve what ever you charge for it.

netmaestro wrote:
Why would you want to limit DLL usage to a single programming language? What's in it for me as a programmer?
I can think of one good reason right away. I can personally make use of this (if it turns out to actually work) with my Transpetris program. I charge nine bucks for it on my website, but I wouldn't dream of asking money for it from the people on the PB forum. I've gotten too much help with various projects from people here, anything I can give back is the least I can do. But if you google Transpetris, the freely available version found on this forum comes right up. If I were to convert that to a protected dll and post a code snippet of how to call it, it becomes available free of charge to PB folks and useless to anyone else. They want it, it's nine bucks. For you - free.

netmaestro · Post by **netmaestro** » Tue May 02, 2006 7:45 pm

http://www.networkmaestro.com/transpetris.exe

Enjoy!

Post by **Berikco** » Tue May 02, 2006 7:58 pm

netmaestro wrote:Ok, I'm probably going to get shot down real fast ...** /me ducks **

Damn, i read this to late...
Better late dan never...

PureBasic Forums - English

PB DLL Protector - beta 1

PB DLL Protector - beta 1

Re: PB DLL Protector - beta 1