Really good protection system?

[Num3]

Okey...
I'm tired of this conversation.

Gonna write a small program with a serial key input, with all the hardcore stuff i know...

Let's see if my pervert and sick sense of humor can be cracked or patched...

Gimme until sunday (because of the wife thing discussed in another thread)

[MadMax]

This is an eternal dilema. Also it's a rather complex situation as the number of variables is quite high, so let's try to simplify it a bit.

1) You want to make money:

a)Some people will never pay for your program no mater what, I would just forget about these as if they use your software or not is irrelevant, you won't see any pennies from them.

b)These people are willing to pay for the software they use. These are the customers you want. Try to not annoy them with protections (Not to do with software, but it annoys me that they force me to watch these "you wouldn't steal an old lady's bag, why do you steal DVD's" when I have bought a legit DVD).

C)These might pay or not depending on various factors. Here investing in some sort of basic protection will be good, but try to be imaginative, make sure it gives some added value to their software, Customer support, a nice forum to share experiences with other users, a discount on further products, whatever. Make sure it's easy to buy your product, be profesional, deliver what you promise. Don't only ask for information, you have to give some too, people want to be sure you are a legit business. A satisfied customer is worth money "word of mouth" is good and very effective publicity.

Well I could go on and on, but resuming copy-protection is important, but one shouldn't forget that having a good product and a solid customer base is much more important.

Anyway good luck and if you become a very rich person I hope you buy me a beer.

[techjunkie]

Since it looks like you don't have any eyes im going to.

Well, I suppose you mean me. Sorry, but I didn't read the full thread. My mistake!!

Well, anyway - as MadMax I don't believe in copy-protection. You can spend how much money you want - it will be cracked. There are much better ways to get paid for you work.

[localmotion34]

Okey...
I'm tired of this conversation.

Gonna write a small program with a serial key input, with all the hardcore stuff i know...

Let's see if my pervert and sick sense of humor can be cracked or patched...

Gimme until sunday (because of the wife thing discussed in another thread)

ive already got ollydbg fired up and waiting for you...

not to mention the entire CrackersKit 2.0..., along with DilloDie and DAMN's hash toolz, TMG ripper studio.

crap i just realized that authors arent just fighting a single cracker. they are fighting many crackers with HUGE amounts of tools created by the Gods of reversing.

My shareware is screwed

[HanzProf]

EXEcryptor has been cracked.

Wrong! EXECryptor unlike other protectors remains uncracked since 2004 summer where 2.x version using Code morphing http://www.strongbit.com/execryptor_inside.asp

There are hot air 'tuts' on cracks sites that don't work and some unfinished tentatives (chineese crackers could strip out nag-screen from execryptor trial). But there neither was nor is any full crack/keygen for EXECryptor 2.

[localmotion34]

EXEcryptor has been cracked.

Wrong! EXECryptor unlike other protectors remains uncracked since 2004 summer where 2.x version using Code morphing http://www.strongbit.com/execryptor_inside.asp

There are hot air 'tuts' on cracks sites that don't work and some unfinished tentatives (chineese crackers could strip out nag-screen from execryptor trial). But there neither was nor is any full crack/keygen for EXECryptor 2.

There are a few INTERNAL Scene releases of execryptor protected applications. I know this for a fact.

SnD has cracked some other execryptor protected apps by manually unpacking.

execryptor ITSELF might not be cracked, but the app uses code morphing as well as homegrown protection extras.

usually, unpacked execryptor-protected apps are 5 times their packed size because the unpacker has to decrypt the segments and resplice them.

almost identical to Starforce. RELOADED has already taken care of that, and consequently, EXEcrytor protected apps fell very soon after RELOADED released their Starforce Kit.

[thefool]

Okey...
I'm tired of this conversation.

Gonna write a small program with a serial key input, with all the hardcore stuff i know...

Let's see if my pervert and sick sense of humor can be cracked or patched...

Gimme until sunday (because of the wife thing discussed in another thread)

Local fired up olly, im freezing some SoftIce for ya

btw: A dump i made of execryptor was scaringly open..

[Num3]

Going to use PE-Spin just for crunching down the size of the executable...

The problem won't be dumping the code

[thefool]

Going to use PE-Spin just for crunching down the size of the executable...

The problem won't be dumping the code

eh yeah you just use PE-SPin to reduce the size
Well hurry up. i cant wait

What about we made a rule: no external tools?

[mskuma]

Going to use PE-Spin just for crunching down the size of the executable...

Well hurry up. i cant wait
What about we made a rule: no external tools?

You guys crack me up. Looking forward to seeing how this pans out..

[NoahPhense]

I wrote an encryption algo, back in another basic language. It is a
machine dependant registration. Offered 10k usd if someone could
break it. That was about 2 years ago.

- np

[localmotion34]

I wrote an encryption algo, back in another basic language. It is a
machine dependant registration. Offered 10k usd if someone could
break it. That was about 2 years ago.

- np

theres a problem with that. you hear about the math genius who solved a hundred year old equation, and then refused the prize? apparently he is a severe recluse, and hates attention.

there are probably many, many crackers who crack anything they come across, but because of their personality, dont want ANY attention.

for example, Code-Lock brags its never been cracked. Paaalease. lets say i went to college with a certain person, that might work for a certain software giant, who because of the security nature of his work, is forbidden to reverse public softwares. lets say that when gov't security clearences are renewed, there is serious investigation into the online activities of persons. now lets say, that before i knew what it REALLY took to make good software, and had no clue how bad cracking CAN be, I told him about this silly little RPG game that i didnt have $$ for, and was protected with code-lock. now hypothesize that within a month, i beat the game.

hes not the wisest person i know, and i am so willing to bet he had a hand in Starforce being reversed.

cryptographers that work for the CIA, NSA, DIA, you have to be insane to think they cant crack anything known to man. its just that violating a federal gov't contract while having security clearance gets you time in Federal prison.

[Max.]

Any suggestions?

Currently I am having a look at http://www.oreans.com/codevirtualizer.php for a C project. It seems to be possible to be used with PB aswell. Seems, because I did no extensive tests, and even if, I can't say anything about the safety of it (except that anything is crackable).

In the following sample I protected the serial number calculation with CodeVirtualizer.

Code: Select all

Macro VIRTUALIZER_START
    
 !db $EB, $10, $43, $56, $20, $20, $0C, $00, $00, $00, $00, $00, $00, $00, $43, $56, $20, $20
 
EndMacro


Macro VIRTUALIZER_END
    
!db  $EB, $10, $43, $56, $20, $20, $0D, $00, $00, $00, $00, $00, $00, $00, $43, $56, $20, $20

EndMacro
 
 Result.s = InputRequester("Licensing","Please enter your serial to continue","")
 
 Serial.l = Val (Result.s)
 
 VIRTUALIZER_START
 
 If Serial % 2 = 0 And Serial % 3 = 0 
    ok = 1
 Else
    ok = 0
 EndIf
 
 If ok
    RetVal = MessageRequester ("Ok!","Thank you")
 Else
    RetVal = MessageRequester ("Failed!","Have a bad day")
 EndIf    
 
 VIRTUALIZER_END
 
 End

Opened with Ollydebug it looks like this now:

Code: Select all

00401000 > $ 68 1C000000    PUSH 1C                                  ; /n = 1C (28.)
00401005   . 68 00000000    PUSH 0                                   ; |c = 00
0040100A   . 68 C0354000    PUSH virtuali.004035C0                   ; |s = virtuali.004035C0
0040100F   . E8 F40F0000    CALL <JMP.&CRTDLL.memset>                ; \memset
00401014   . 83C4 0C        ADD ESP,0C
00401017   . 68 00000000    PUSH 0                                   ; /pModule = NULL
0040101C   . E8 ED0F0000    CALL <JMP.&KERNEL32.GetModuleHandleA>    ; \GetModuleHandleA
00401021   . A3 C4354000    MOV DWORD PTR DS:[4035C4],EAX
00401026   . 68 00000000    PUSH 0                                   ; /MaximumSize = 0
0040102B   . 68 00100000    PUSH 1000                                ; |InitialSize = 1000 (4096.)
00401030   . 68 00000000    PUSH 0                                   ; |Flags = 0
00401035   . E8 DA0F0000    CALL <JMP.&KERNEL32.HeapCreate>          ; \HeapCreate
0040103A   . A3 C0354000    MOV DWORD PTR DS:[4035C0],EAX
0040103F   . E8 F4160000    CALL virtuali.00402738
00401044   . E8 57100000    CALL virtuali.004020A0
00401049   . E8 62170000    CALL virtuali.004027B0
0040104E   . FF35 F8354000  PUSH DWORD PTR DS:[4035F8]
00401054   . 68 0C304000    PUSH virtuali.0040300C
00401059   . 68 0D304000    PUSH virtuali.0040300D                   ;  ASCII "Please enter your serial to continue"
0040105E   . 68 32304000    PUSH virtuali.00403032                   ;  ASCII "Licensing"
00401063   . E8 BB110000    CALL virtuali.00402223
00401068   . 83EC 04        SUB ESP,4
0040106B   . 8D0D D0354000  LEA ECX,DWORD PTR DS:[4035D0]
00401071   . 5A             POP EDX
00401072   . E8 890F0000    CALL virtuali.00402000
00401077   . FF35 D0354000  PUSH DWORD PTR DS:[4035D0]
0040107D   . E8 AE0F0000    CALL virtuali.00402030
00401082   . A3 D8354000    MOV DWORD PTR DS:[4035D8],EAX
00401087   .-E9 F86C0000    JMP virtuali.00407D84
0040108C     6D             DB 6D                                    ;  CHAR 'm'
0040108D     D7             DB D7
0040108E     94             DB 94
0040108F     EA             DB EA
00401090     E4             DB E4
00401091     7C             DB 7C                                    ;  CHAR '|'
00401092     FE             DB FE
00401093     FC             DB FC
00401094     0B             DB 0B
00401095     BA             DB BA
00401096     43             DB 43                                    ;  CHAR 'C'
00401097     42             DB 42                                    ;  CHAR 'B'
00401098     3A             DB 3A                                    ;  CHAR ':'
00401099     C6             DB C6
0040109A     98             DB 98
0040109B     D5             DB D5
0040109C     FC             DB FC
0040109D     A8             DB A8
0040109E     A1             DB A1
0040109F     50             DB 50                                    ;  CHAR 'P'
004010A0     9A             DB 9A
004010A1     57             DB 57                                    ;  CHAR 'W'
004010A2     5D             DB 5D                                    ;  CHAR ']'
004010A3     63             DB 63                                    ;  CHAR 'c'
004010A4     1B             DB 1B
004010A5     35             DB 35                                    ;  CHAR '5'
004010A6     5F             DB 5F                                    ;  CHAR '_'
004010A7     6D             DB 6D                                    ;  CHAR 'm'
004010A8     E1             DB E1
004010A9     C4             DB C4
004010AA     19             DB 19
004010AB     4F             DB 4F                                    ;  CHAR 'O'
004010AC     47             DB 47                                    ;  CHAR 'G'
004010AD     7E             DB 7E                                    ;  CHAR '~'
004010AE     C7             DB C7
004010AF     15             DB 15
004010B0     37             DB 37                                    ;  CHAR '7'
004010B1     8A             DB 8A
004010B2     5A             DB 5A                                    ;  CHAR 'Z'
004010B3     01             DB 01
004010B4     4C             DB 4C                                    ;  CHAR 'L'
004010B5     78             DB 78                                    ;  CHAR 'x'
004010B6     DC             DB DC
004010B7     A9             DB A9
004010B8     8F             DB 8F
004010B9     EC             DB EC
004010BA     0C             DB 0C
004010BB     52             DB 52                                    ;  CHAR 'R'
004010BC     77             DB 77                                    ;  CHAR 'w'
004010BD     56             DB 56                                    ;  CHAR 'V'
004010BE     C6             DB C6
004010BF     2C             DB 2C                                    ;  CHAR ','
004010C0   . C3             RETN
004010C1     BD             DB BD
004010C2     5C             DB 5C                                    ;  CHAR '\'
004010C3     32             DB 32                                    ;  CHAR '2'
004010C4     93             DB 93
004010C5     15             DB 15
004010C6     0B             DB 0B
004010C7     DD             DB DD
004010C8     C0             DB C0
004010C9     33             DB 33                                    ;  CHAR '3'
004010CA     99             DB 99
004010CB     0E             DB 0E
004010CC     D4             DB D4
004010CD     2A             DB 2A                                    ;  CHAR '*'
004010CE     7E             DB 7E                                    ;  CHAR '~'
004010CF     CC             INT3
004010D0     19             DB 19
004010D1     87             DB 87
004010D2     A1             DB A1
004010D3     F5             DB F5
004010D4     D7             DB D7
004010D5     6C             DB 6C                                    ;  CHAR 'l'
004010D6     6A             DB 6A                                    ;  CHAR 'j'
004010D7     3D             DB 3D                                    ;  CHAR '='
004010D8     6B             DB 6B                                    ;  CHAR 'k'
004010D9     DE             DB DE
004010DA     65             DB 65                                    ;  CHAR 'e'
004010DB     F7             DB F7
004010DC     10             DB 10
004010DD     09             DB 09
004010DE     A5             DB A5
004010DF     41             DB 41                                    ;  CHAR 'A'
004010E0     0E             DB 0E
004010E1     8C             DB 8C
004010E2     66             DB 66                                    ;  CHAR 'f'
004010E3     97             DB 97
004010E4     3E             DB 3E                                    ;  CHAR '>'
004010E5     3F             DB 3F                                    ;  CHAR '?'
004010E6     88             DB 88
004010E7     BF             DB BF
004010E8     20             DB 20                                    ;  CHAR ' '
004010E9     47             DB 47                                    ;  CHAR 'G'
004010EA     69             DB 69                                    ;  CHAR 'i'
004010EB     9F             DB 9F
004010EC     56             DB 56                                    ;  CHAR 'V'
004010ED     5E             DB 5E                                    ;  CHAR '^'
004010EE     D4             DB D4
004010EF     BA             DB BA
004010F0     56             DB 56                                    ;  CHAR 'V'
004010F1     43             DB 43                                    ;  CHAR 'C'
004010F2     7E             DB 7E                                    ;  CHAR '~'
004010F3     AB             DB AB
004010F4     CE             DB CE
004010F5     9C             DB 9C
004010F6     9C             DB 9C
004010F7     0A             DB 0A
004010F8     62             DB 62                                    ;  CHAR 'b'
004010F9     6E             DB 6E                                    ;  CHAR 'n'
004010FA     52             DB 52                                    ;  CHAR 'R'
004010FB     B1             DB B1
004010FC     10             DB 10
004010FD     A3             DB A3
004010FE     75             DB 75                                    ;  CHAR 'u'
004010FF     30             DB 30                                    ;  CHAR '0'
00401100     73             DB 73                                    ;  CHAR 's'
00401101     E6             DB E6
00401102     32             DB 32                                    ;  CHAR '2'
00401103     A5             DB A5
00401104     FC             DB FC
00401105     18             DB 18
00401106     09             DB 09
00401107     3D             DB 3D                                    ;  CHAR '='
00401108     08             DB 08
00401109     7A             DB 7A                                    ;  CHAR 'z'
0040110A     4B             DB 4B                                    ;  CHAR 'K'
0040110B     11             DB 11
0040110C     C9             DB C9
0040110D     5E             DB 5E                                    ;  CHAR '^'
0040110E     25             DB 25                                    ;  CHAR '%'
0040110F     6E             DB 6E                                    ;  CHAR 'n'
00401110     13             DB 13
00401111     E3             DB E3
00401112     67             DB 67                                    ;  CHAR 'g'
00401113     C7             DB C7
00401114     F4             DB F4
00401115     A1             DB A1
00401116     E4             DB E4
00401117     AD             DB AD
00401118     A1             DB A1
00401119     23             DB 23                                    ;  CHAR '#'
0040111A     66             DB 66                                    ;  CHAR 'f'
0040111B     7C             DB 7C                                    ;  CHAR '|'
0040111C     60             DB 60                                    ;  CHAR '`'
0040111D     05             DB 05
0040111E     64             DB 64                                    ;  CHAR 'd'
0040111F     D7             DB D7
00401120     05             DB 05
00401121     C1             DB C1
00401122     BF             DB BF
00401123     E3             DB E3
00401124   . 68 00000000    PUSH 0
00401129   . E8 10000000    CALL virtuali.0040113E
0040112E   . FF35 C0354000  PUSH DWORD PTR DS:[4035C0]               ; |/hHeap = NULL
00401134   . E8 E10E0000    CALL <JMP.&KERNEL32.HeapDestroy>         ; |\HeapDestroy
00401139   . E8 E20E0000    CALL <JMP.&KERNEL32.ExitProcess>         ; \ExitProcess
0040113E  /$ E8 09160000    CALL virtuali.0040274C
00401143  \. C3             RETN

The embedded virtual machine resides in a own section.

BTW, just quickly hacked together with no deeper look into it. Just to mention another possibility to protect stuff.


Edit: I can provide an executable (without source and a better serial calculation) if someone is interested.

[thefool]

Max. : Normally you would debug it instead of just disassembling. Try to launch the exe using olly [or attach yourself to the process] instead, then it would probably look different. Yeah upload an executable, please..

[Max.]

Max. : Normally you would debug it instead of just disassembling. Try to launch the exe using olly [or attach yourself to the process] instead, then it would probably look different. Yeah upload an executable, please..

The dump in my posting was from Ollydebug.

I will put up a protected file for download later this day. If it works well, it would be a nice tool to masquerade other debugger countermeasures and it's not expansive at all.

With the features that each run generates a different virtual machine and it also allows batch processing it would be well suitable for commercial usage.