Anti Piracy Plan..

[SFSxOI]

You're confusing us here We're not "pirates" and we don't make profit from what we reverse. We just gain knowledge through figuring out ways to defeat our task To be honest, I doubt any freelancer made any profit from his/her work - am talking about the web groups. And please tell me you're not pissed we do this for "free" I'd laugh my pants off..

OK, I'm confused. So your saying that you reverse the IP to learn how it works to make a protection better? And that you don't profit? What happens with the product after its reversed?

If the knowledge gained from the reversing of anothers product and that knowledge leads to the production of a protection that is later sold, then there is a profit from reversing anothers product. If you gained knowledge from the reversing that helped you in your employment then there is profit (your pay check). If you received anything what so ever in any tangible form that benefitted you in any way professionally or personally or socially or economically, it doesn't have to be money, then you profitted from reversing the software Intellectual Property (if done without permission).

So your saying that you have never, ever, never, received anything what so ever in any form by any manner from anyone or any entity, either professionally or personally or socially or economically, from any source, in which any reversing you did was involved in anyway?

[localmotion34]

> LaFarge
> New User
> Joined: 06 Dec 2008
> Posts: 1
> Posted: Sat Dec 06, 2008
> i must say i really had tons of laughs reading this thread

I'll bet a million dollars that you and SunBeam are regular users
here just posting anonymously.

No, they aren't "regular" users.

Sunbeam is probably the best EXECrytor reverser out there. Period. Lafarge is another dynamite reverser as well. Trust me. I know their work from other boards.

The Team SND request forum has about the toughest protected apps out there, and they, along with quite a few others, continually defeat these protections.

Anyone here with reversing experience will at least know of these guys, or the Teams they come from.

If you think you are going to beat the combined knowledge of {RES}, SND, AT4RE, CRD, BRD, Unpack.cn, ect, you are kidding yourself.

Focus on your PRODUCT and make it not SUCK. Then people will WANT to buy it. The perfect example here is PureBasic itself. Sure, there are pirated versions out there, but I and a ton of other people loved it so much we WANTED to buy a legit version. Fred has an amazing product, and as a result, people actually BUY it. His protection is very simple and doesnt get in the way a single bit for registered users. You have no idea how much I love him for that, as do most other people.

Take AVS Video tools and other Themidia protected apps. If I have Acronis Trueimage running before I start up AVS, Themedia REFUSES to let me run AVS because of a "monitor" tool. And I paid for Acronis. Screw AVS for that, and they lost me as a customer.

[quosego]

Rofl.. Really need to read everything some more but it's a funny thread.

As for sunbeam the being the best execryptor reverser.. nah team {res} sucks (kidding sun.. you beat me.. )As for every protection has been cracked.. Yups, there have been fine protections but I can't think of one that hasn't been cracked regularly.

With the demise of Themida and execryptor it's time to focus on delivering a good product instead of a good protection.. and with Themida making only lame updates, I mean antidump qword instead of dword come one..!! and execryptor not being developed, there's nothing left.

And yeah haven't seen a dime yet of my work.. And yeah we do it for the challenge and fun.. Making protections keeps us busy.. If you don't make protections there will be no cracks.

@localmotion34
for AVS try my cracks/unpacks they don't mind debuggers/monitors VM's or anything else..

quosego/SnD

[MrMat]

Hi,

What do you guys do against virtual machine protections? It seems slow and boring to crack them or perhaps not?

Thanks.

[quosego]

As far as I know most VM's can nowadays be compiled to normal asm code..
However if you don't have that luxury as most crackers have, there are shortcuts. For example VM registers and API's always hold nice info..

That way 99% of the apps simply do not require VM compiling to crack.

And no increase the complexity of a protection and it becomes exponentially more interesting. As for slowness, depends really, sometimes minutes occasionally days.

Still it depends, some people love VM's others love crypto algo's..

But never forget you only need to defeat a protection once, after that it's done with.

q.

[MrMat]

Thank you for the info.

[spam]

Personally im surprised you even put LaFarge down as a 'dynamite' reverser. All I've ever seen of his work is stolen research from some 0day group ...

pfff..

[localmotion34]

Personally im surprised you even put LaFarge down as a 'dynamite' reverser. All I've ever seen of his work is stolen research from some 0day group ...

pfff..

Then how come his name has not come up in a single RIP report that I am aware of? If you are a member of SND board, you will regularly see him contribute knowledge and application of skills.

It's interesting you use "spam" as your username. Who might you be that you won't reveal your sources or even name? At least Sunbeam, LaFarge, and quosego used their true names from the Scene. Please enlighten us as to a RIP report that names LaFarge and what work was stolen.

None of us reverse for profit. We do it becuase we like to, and in my case, I have gained a sh+t-ton of experience to help protect my applications. Not that my protections could beat Sunbeam or quosego, but it will definitely keep the lamers from running around 0-day with my work for a while.


NOTE:
For anyone interested on this topic, look at my examples in this forum on multi-part serials. I came up with this based on all my knowledge and experience in reversing apps. I explain most everything in that topic, and by using that strategy, you can make things difficult for crackers in the long run.

[spam]

Opps sorry.. should have made myself clear.

I didn't mean to imply that he ripped someone's release but instead he has not rightfully worked for the knowledge he has gained on a particular area of reverse engineering ( armadillo ). He just got the information from someone in 0-day and never actually put any amount of work into it. This is what I meant.

btw : reason for using a idiotic nick, Simple : Security and anonymity ftw !

And a lotta lamers around in "www" scene rather than in 0day but ofc there are the exception's like WRATH still being around and you can obviously guess that the scene has deteriorated since.

[mrjiles]

This is off topic, but it appears some well known software hackers are posting here. Just a question I've always wondered about... have any of you ever received job offers from big companies like Microsoft, etc? If not, why not go work for them? I bet you'd make a killing!!

[utopiomania]

SunBeam (Romania) said

Post facts, not words. Show me that uncrackable product everyone fears..

LaFarge (Serbia) said:

Also, as SunBeam suggested, give us a sample of your work protected with your famous CodeVirtualizer and see how fast u will get your protection upside down..

utopiomania (Norway) says:

Okidoki, will do that. I'll serve you up a crackme in a short while, coz I'm
getting a bit tired at listening to people like you two.

Do you get it

[Rescator]

There is one really cool thing crackers do though. NoCD (hate having a disc in the drive, what's the point in installing if it's not fully installed eh?) and Trainers (for those situations where no dev cheats are available/enabled in a game)

But to try and get back on topic here...

utopiomania my advise is to try to imagine being the user of your own software, how much copy protection and DRM would you put up with before you looked for a free alternative, a competing product, or resorted to hunting down a crack?

Remember, you do not want to annoy your paying customers (or potential customers). A simple serial and registration that enables support, updates, +++ is one of the cheapest and best ways, it saves you time, costs hardly anything do implement (easy to roll your own code rather than licensing a solution) and the paying customers get added benefits.

Example: GTA IV
1. uses a serial
2. must be activated online
3. must register with Windows Live
4. must register with Rockstar Social Club
5. must have disc1 in the drive while playing
6. to play (solo offline) you start the game, get a box asking you to sign in, I click cancel, then I get the GTA launcher, I click Play, then a box saying I am not logged in, only option is to click OK, the game finally loads.

3,4 should have been optional. (needed for savegames, even if you plan to solo play "offline" no idea why but damn annoying, grr)
5 should no longer be necessary in these modern days
6 is damn annoying and I'm slightly pissed due to it.
1,2 are one time only at install and acceptable even by my standards.

I have no idea what madness steam users must go through, all the above + steam? it is no wonder about a dozen cracks appeared shortly after the release of GTA IV.

So the easier, the more convenient, and the more benefits you give to legit customers the more you will get, the more loyalty you will get, ignore the pirates, to you they do not exist, they pay nothing so they should get nothing in return (no attention, no benefits) if the difference between a legit copy and a cracked copy of something is almost the same, potential users wont be tempted, if legit users get more benefits than a pirate then they will be tempted to become a paying customer.

Step 1 and 2 should be all that is necessary, with a optional user account for extra benefits (tied to serial and regged in a database).
Depending on the payment service used, a serial can be generated and added to the database and mailed to the user upon purchase,
tie this to a user account and the user will be able to manage their own license, upgrade, manage features/licenses, buy more copies, or change to a multiple-users license if a company gets more employees or need more copies. And the benefit of the user being able to disable their license(s) in the event their computer is stolen or hacked into, and request a re-issue of new serials/license thus allowing them (and you) to help protect their investment.
Support and service and safety and trust and loyalty (from the company/you to the user) is something that can never be pirated.

[quosego]

Agree fully.. Even Themida protected exes that take 20-40 mb of memory for a small amount of code are beyond believe really.. Same goes for securom exes..

It's simply better to run a cracked exes CPU/memory wise than letting any VM hog up your memory and CPU..

Any semiworking protection will be so annoying no customer will be buying your stuff.

And indeed GTA 4 is incredible, no frigging way anybody is going to buy that..

q.

[utopiomania]

Thing is, I'm not dead yet. @sunbeam and lafarge..

Do you accept my challenge ?

[syk071c]

Okay, plain and simple.. do not use ready made protections as they are easily defeated with a million different methods... a nice home cooked protection with crypted code (only decryptable with a correct keyfile) .. with an excessively large crypto key which would be near impossible to brute force in a lifetime.. also with downloadable trials just the features you want people to try are available in the trial download.. in other words leave the code out for the other features.. And make the keys hardware dependant so if a leak occurs it doesn't matter.. (i.e. tie it to the user so it can be traced back to the source..) okay that should be enough i suppose.. hi to all my *real* reversing friends out there.. I had my reasons to do what i did...