Page 2 of 2
Posted: Sun Dec 11, 2005 10:22 pm
by utopiomania
Hi, TitaniumT, if you can, register a good professional protector and use that instead of relying on doing it yourself.
If there's one thing the cracker's warns against, it's homemade protection. You may be able to fight off stupid newbie
script kids, but nothing else.
Posted: Sun Dec 11, 2005 10:45 pm
by thefool
blueznl wrote:....
- now if a hacker runs your code, he will have to do a few additional checks, to figure out why a refular for / next loop is using the result of a dehash of part of the key
best would be to call that dehash the moment you need it, so there's little indication of it being a constant, ie.
the idea here is not to make cracking impossible, just to make it very time consuming
All strings or keys whatever will be reveiled when used!
But for checking if a thingy is registered its probably okay to annoy the cracker. Unless he just bypasses the check where it says "if registered" etc.
And do not listen to utopimania, he has absolutely no experience here...
Everything can be cracked. You cannot stop crackers! If your app is good, sure its worth paying hundreds of dollars to stop the crackers, even though you know you cant stop them.. Or is it??
However, i would recommend a mix. Do YOUR best to secure it from being cracked, AND use a commercial tool. What tool you choose, i dont mind. But be ware of ASProtect. Too many have used it, and there are tons of tutorials and even general unpackers for it. However im not sure how they support the newest versions.
edit: I didnt mean to write that you shouldnt listen to utopimania, i just meant you shouldnt take his words for granted. Trust me, its better to mix it than just leave it to the commercial protectors. Think about how confused a cracker would be when he reads that the app is protected by that and this protector, but the usual methods dont work.
Posted: Sun Dec 11, 2005 10:52 pm
by dagcrack
Hm but thats known, anyone who worked on securing an application knows this (I hope). You should make your own brew of security system, and change it on every single release you make. Make it hard to be jumped as well. But after all, if you have some spaghetti that goes to here then there and then X.. if you know where X is, you will be able to jump from A to X.. no matter how many spaghetti a la bolognesa you've got
So the basic idea is to add some cheese to the recipe, so its always different on each release.
Posted: Sun Dec 11, 2005 11:13 pm
by thefool
dagcrack wrote:Hm but thats known, anyone who worked on securing an application knows this (I hope). You should make your own brew of security system, and change it on every single release you make. Make it hard to be jumped as well. But after all, if you have some spaghetti that goes to here then there and then X.. if you know where X is, you will be able to jump from A to X.. no matter how many spaghetti a la bolognesa you've got
So the basic idea is to add some cheese to the recipe, so its always different on each release.
yep
As well as some other stuff. Use your imagination!
Posted: Mon Dec 12, 2005 12:26 am
by blueznl
olives? tomatoes?
Posted: Mon Dec 12, 2005 3:23 am
by Shannara
Another option could be to use various pieces of strings already in the program (if you have any). Something like if you have certain strings used in window titles, you can run an in string search against the various strings at the time the password is needed. *shrugs*, it's just another hurdle for the criminal/hacker.
Actually, the only two ways I know, to stop a particular criminal/cracker, is to either make sure they have life in prison, or make sure they get the death sentance. But unfortunately, the justice system in this country is virtually nonexistant.
Posted: Mon Dec 12, 2005 9:09 am
by thefool
blueznl wrote:olives? tomatoes?
Code: Select all
Another option could be to use various pieces of strings already in the program (if you have any). Something like if you have certain strings used in window titles, you can run an in string search against the various strings at the time the password is needed. *shrugs*, it's just another hurdle for the criminal/hacker.
Actually, the only two ways I know, to stop a particular criminal/cracker, is to either make sure they have life in prison, or make sure they get the death sentance. But unfortunately, the justice system in this country is virtually nonexistant.
nah no reason to kill them
Afterall they are just having fun. actually many times, they actually do not want to distribute the cracks but only internal for testing but then, some stupid ones let it out.
http://www.lockless.com/
check that statement for example.
Posted: Tue Dec 13, 2005 8:40 pm
by josku_x
@thefool: I did not send a PM, because I knew you'll post in here
Have a nice day!
Re: EXE compliled by PureBASIC and its Security
Posted: Sat Mar 10, 2007 4:54 am
by PB
> PB, reason of why I didnt suggest this little tip is because it doesnt protect
> anything. You just wont be able to notice the strings by reading the exe in
> notepad (doh).. But dissasemble it, for example, using PE Explorer, and
> you'll notice the strings are still totally visible, just as before applying
> MrMat's tip. I'm pretty sure of this.
Well, I decided to test this with PE Explorer v1.98 R5 and nope, it didn't show
any hidden strings using MrMat's tip, after my exe was disassembled.
