Page 4 of 8
Posted: Wed Aug 23, 2006 10:04 pm
by Num3
Okey...
I'm tired of this conversation.
Gonna write a small program with a serial key input, with all the hardcore stuff i know...
Let's see if my pervert and sick sense of humor can be cracked or patched...
Gimme until sunday (because of the wife thing discussed in another thread)
Posted: Thu Aug 24, 2006 12:42 am
by MadMax
This is an eternal dilema. Also it's a rather complex situation as the number of variables is quite high, so let's try to simplify it a bit.
1) You want to make money:
a)Some people will never pay for your program no mater what, I would just forget about these as if they use your software or not is irrelevant, you won't see any pennies from them.
b)These people are willing to pay for the software they use. These are the customers you want. Try to not annoy them with protections (Not to do with software, but it annoys me that they force me to watch these "you wouldn't steal an old lady's bag, why do you steal DVD's" when I have bought a legit DVD).
C)These might pay or not depending on various factors. Here investing in some sort of basic protection will be good, but try to be imaginative, make sure it gives some added value to their software, Customer support, a nice forum to share experiences with other users, a discount on further products, whatever. Make sure it's easy to buy your product, be profesional, deliver what you promise. Don't only ask for information, you have to give some too, people want to be sure you are a legit business. A satisfied customer is worth money "word of mouth" is good and very effective publicity.
Well I could go on and on, but resuming copy-protection is important, but one shouldn't forget that having a good product and a solid customer base is much more important.
Anyway good luck and if you become a very rich person I hope you buy me a beer.
Posted: Thu Aug 24, 2006 1:01 am
by techjunkie
thefool wrote:Since it looks like you don't have any eyes im going to.
Well, I suppose you mean me. Sorry, but I didn't read the full thread. My mistake!!
Well, anyway - as MadMax I don't believe in copy-protection. You can spend how much money you want - it will be cracked. There are much better ways to get paid for you work.
Posted: Thu Aug 24, 2006 1:49 pm
by localmotion34
Num3 wrote:Okey...
I'm tired of this conversation.
Gonna write a small program with a serial key input, with all the hardcore stuff i know...
Let's see if my pervert and sick sense of humor can be cracked or patched...
Gimme until sunday (because of the wife thing discussed in another thread)
ive already got ollydbg fired up and waiting for you...
not to mention the entire CrackersKit 2.0..., along with DilloDie and DAMN's hash toolz, TMG ripper studio.
crap i just realized that authors arent just fighting a single cracker. they are fighting many crackers with HUGE amounts of tools created by the Gods of reversing.
My shareware is screwed
Posted: Thu Aug 24, 2006 2:12 pm
by HanzProf
localmotion34 wrote:EXEcryptor has been cracked.
Wrong! EXECryptor unlike other protectors remains uncracked since 2004 summer where 2.x version using Code morphing
http://www.strongbit.com/execryptor_inside.asp
There are hot air 'tuts' on cracks sites that don't work and some unfinished tentatives (chineese crackers could strip out nag-screen from execryptor trial). But there neither was nor is any full crack/keygen for EXECryptor 2.
Posted: Thu Aug 24, 2006 2:24 pm
by localmotion34
HanzProf wrote:localmotion34 wrote:EXEcryptor has been cracked.
Wrong! EXECryptor unlike other protectors remains uncracked since 2004 summer where 2.x version using Code morphing
http://www.strongbit.com/execryptor_inside.asp
There are hot air 'tuts' on cracks sites that don't work and some unfinished tentatives (chineese crackers could strip out nag-screen from execryptor trial). But there neither was nor is any full crack/keygen for EXECryptor 2.
There are a few INTERNAL Scene releases of execryptor protected applications. I know this for a fact.
SnD has cracked some other execryptor protected apps by manually unpacking.
execryptor ITSELF might not be cracked, but the app uses code morphing as well as homegrown protection extras.
usually, unpacked execryptor-protected apps are 5 times their packed size because the unpacker has to decrypt the segments and resplice them.
almost identical to Starforce. RELOADED has already taken care of that, and consequently, EXEcrytor protected apps fell very soon after RELOADED released their Starforce Kit.
Posted: Thu Aug 24, 2006 6:09 pm
by thefool
Num3 wrote:Okey...
I'm tired of this conversation.
Gonna write a small program with a serial key input, with all the hardcore stuff i know...
Let's see if my pervert and sick sense of humor can be cracked or patched...
Gimme until sunday (because of the wife thing discussed in another thread)
Local fired up olly, im freezing some SoftIce for ya
btw: A dump i made of execryptor was scaringly open..
Posted: Thu Aug 24, 2006 8:26 pm
by Num3
Going to use PE-Spin just for crunching down the size of the executable...
The problem won't be dumping the code
Posted: Thu Aug 24, 2006 8:50 pm
by thefool
Num3 wrote:Going to use PE-Spin just for crunching down the size of the executable...
The problem won't be dumping the code
eh yeah you just use PE-SPin to reduce the size
Well hurry up. i cant wait
What about we made a rule: no external tools?
Posted: Thu Aug 24, 2006 10:08 pm
by mskuma
thefool wrote:Num3 wrote:Going to use PE-Spin just for crunching down the size of the executable...
Well hurry up. i cant wait
What about we made a rule: no external tools?
You guys crack me up. Looking forward to seeing how this pans out..
Posted: Fri Aug 25, 2006 4:01 am
by NoahPhense
I wrote an encryption algo, back in another basic language. It is a
machine dependant registration. Offered 10k usd if someone could
break it. That was about 2 years ago.
- np
Posted: Fri Aug 25, 2006 5:09 am
by localmotion34
NoahPhense wrote:I wrote an encryption algo, back in another basic language. It is a
machine dependant registration. Offered 10k usd if someone could
break it. That was about 2 years ago.
- np
theres a problem with that. you hear about the math genius who solved a hundred year old equation, and then refused the prize? apparently he is a severe recluse, and hates attention.
there are probably many, many crackers who crack anything they come across, but because of their personality, dont want ANY attention.
for example, Code-Lock brags its never been cracked. Paaalease. lets say i went to college with a certain person, that might work for a certain software giant, who because of the security nature of his work, is forbidden to reverse public softwares. lets say that when gov't security clearences are renewed, there is serious investigation into the online activities of persons. now lets say, that before i knew what it
REALLY took to make good software, and had no clue how bad cracking CAN be, I told him about this silly little RPG game that i didnt have $$ for, and was protected with code-lock. now hypothesize that within a month, i beat the game.
hes not the wisest person i know, and i am so willing to bet he had a hand in Starforce being reversed.
cryptographers that work for the CIA, NSA, DIA, you have to be insane to think they cant crack anything known to man. its just that violating a federal gov't contract while having security clearance gets you time in Federal prison.
Re: Really good protection system?
Posted: Fri Aug 25, 2006 10:56 am
by Max.
localmotion34 wrote:Any suggestions?
Currently I am having a look at
http://www.oreans.com/codevirtualizer.php for a C project. It seems to be possible to be used with PB aswell. Seems, because I did no extensive tests, and even if, I can't say anything about the safety of it (except that anything is crackable).
In the following sample I protected the serial number calculation with CodeVirtualizer.
Code: Select all
Macro VIRTUALIZER_START
!db $EB, $10, $43, $56, $20, $20, $0C, $00, $00, $00, $00, $00, $00, $00, $43, $56, $20, $20
EndMacro
Macro VIRTUALIZER_END
!db $EB, $10, $43, $56, $20, $20, $0D, $00, $00, $00, $00, $00, $00, $00, $43, $56, $20, $20
EndMacro
Result.s = InputRequester("Licensing","Please enter your serial to continue","")
Serial.l = Val (Result.s)
VIRTUALIZER_START
If Serial % 2 = 0 And Serial % 3 = 0
ok = 1
Else
ok = 0
EndIf
If ok
RetVal = MessageRequester ("Ok!","Thank you")
Else
RetVal = MessageRequester ("Failed!","Have a bad day")
EndIf
VIRTUALIZER_END
End
Opened with Ollydebug it looks like this now:
Code: Select all
00401000 > $ 68 1C000000 PUSH 1C ; /n = 1C (28.)
00401005 . 68 00000000 PUSH 0 ; |c = 00
0040100A . 68 C0354000 PUSH virtuali.004035C0 ; |s = virtuali.004035C0
0040100F . E8 F40F0000 CALL <JMP.&CRTDLL.memset> ; \memset
00401014 . 83C4 0C ADD ESP,0C
00401017 . 68 00000000 PUSH 0 ; /pModule = NULL
0040101C . E8 ED0F0000 CALL <JMP.&KERNEL32.GetModuleHandleA> ; \GetModuleHandleA
00401021 . A3 C4354000 MOV DWORD PTR DS:[4035C4],EAX
00401026 . 68 00000000 PUSH 0 ; /MaximumSize = 0
0040102B . 68 00100000 PUSH 1000 ; |InitialSize = 1000 (4096.)
00401030 . 68 00000000 PUSH 0 ; |Flags = 0
00401035 . E8 DA0F0000 CALL <JMP.&KERNEL32.HeapCreate> ; \HeapCreate
0040103A . A3 C0354000 MOV DWORD PTR DS:[4035C0],EAX
0040103F . E8 F4160000 CALL virtuali.00402738
00401044 . E8 57100000 CALL virtuali.004020A0
00401049 . E8 62170000 CALL virtuali.004027B0
0040104E . FF35 F8354000 PUSH DWORD PTR DS:[4035F8]
00401054 . 68 0C304000 PUSH virtuali.0040300C
00401059 . 68 0D304000 PUSH virtuali.0040300D ; ASCII "Please enter your serial to continue"
0040105E . 68 32304000 PUSH virtuali.00403032 ; ASCII "Licensing"
00401063 . E8 BB110000 CALL virtuali.00402223
00401068 . 83EC 04 SUB ESP,4
0040106B . 8D0D D0354000 LEA ECX,DWORD PTR DS:[4035D0]
00401071 . 5A POP EDX
00401072 . E8 890F0000 CALL virtuali.00402000
00401077 . FF35 D0354000 PUSH DWORD PTR DS:[4035D0]
0040107D . E8 AE0F0000 CALL virtuali.00402030
00401082 . A3 D8354000 MOV DWORD PTR DS:[4035D8],EAX
00401087 .-E9 F86C0000 JMP virtuali.00407D84
0040108C 6D DB 6D ; CHAR 'm'
0040108D D7 DB D7
0040108E 94 DB 94
0040108F EA DB EA
00401090 E4 DB E4
00401091 7C DB 7C ; CHAR '|'
00401092 FE DB FE
00401093 FC DB FC
00401094 0B DB 0B
00401095 BA DB BA
00401096 43 DB 43 ; CHAR 'C'
00401097 42 DB 42 ; CHAR 'B'
00401098 3A DB 3A ; CHAR ':'
00401099 C6 DB C6
0040109A 98 DB 98
0040109B D5 DB D5
0040109C FC DB FC
0040109D A8 DB A8
0040109E A1 DB A1
0040109F 50 DB 50 ; CHAR 'P'
004010A0 9A DB 9A
004010A1 57 DB 57 ; CHAR 'W'
004010A2 5D DB 5D ; CHAR ']'
004010A3 63 DB 63 ; CHAR 'c'
004010A4 1B DB 1B
004010A5 35 DB 35 ; CHAR '5'
004010A6 5F DB 5F ; CHAR '_'
004010A7 6D DB 6D ; CHAR 'm'
004010A8 E1 DB E1
004010A9 C4 DB C4
004010AA 19 DB 19
004010AB 4F DB 4F ; CHAR 'O'
004010AC 47 DB 47 ; CHAR 'G'
004010AD 7E DB 7E ; CHAR '~'
004010AE C7 DB C7
004010AF 15 DB 15
004010B0 37 DB 37 ; CHAR '7'
004010B1 8A DB 8A
004010B2 5A DB 5A ; CHAR 'Z'
004010B3 01 DB 01
004010B4 4C DB 4C ; CHAR 'L'
004010B5 78 DB 78 ; CHAR 'x'
004010B6 DC DB DC
004010B7 A9 DB A9
004010B8 8F DB 8F
004010B9 EC DB EC
004010BA 0C DB 0C
004010BB 52 DB 52 ; CHAR 'R'
004010BC 77 DB 77 ; CHAR 'w'
004010BD 56 DB 56 ; CHAR 'V'
004010BE C6 DB C6
004010BF 2C DB 2C ; CHAR ','
004010C0 . C3 RETN
004010C1 BD DB BD
004010C2 5C DB 5C ; CHAR '\'
004010C3 32 DB 32 ; CHAR '2'
004010C4 93 DB 93
004010C5 15 DB 15
004010C6 0B DB 0B
004010C7 DD DB DD
004010C8 C0 DB C0
004010C9 33 DB 33 ; CHAR '3'
004010CA 99 DB 99
004010CB 0E DB 0E
004010CC D4 DB D4
004010CD 2A DB 2A ; CHAR '*'
004010CE 7E DB 7E ; CHAR '~'
004010CF CC INT3
004010D0 19 DB 19
004010D1 87 DB 87
004010D2 A1 DB A1
004010D3 F5 DB F5
004010D4 D7 DB D7
004010D5 6C DB 6C ; CHAR 'l'
004010D6 6A DB 6A ; CHAR 'j'
004010D7 3D DB 3D ; CHAR '='
004010D8 6B DB 6B ; CHAR 'k'
004010D9 DE DB DE
004010DA 65 DB 65 ; CHAR 'e'
004010DB F7 DB F7
004010DC 10 DB 10
004010DD 09 DB 09
004010DE A5 DB A5
004010DF 41 DB 41 ; CHAR 'A'
004010E0 0E DB 0E
004010E1 8C DB 8C
004010E2 66 DB 66 ; CHAR 'f'
004010E3 97 DB 97
004010E4 3E DB 3E ; CHAR '>'
004010E5 3F DB 3F ; CHAR '?'
004010E6 88 DB 88
004010E7 BF DB BF
004010E8 20 DB 20 ; CHAR ' '
004010E9 47 DB 47 ; CHAR 'G'
004010EA 69 DB 69 ; CHAR 'i'
004010EB 9F DB 9F
004010EC 56 DB 56 ; CHAR 'V'
004010ED 5E DB 5E ; CHAR '^'
004010EE D4 DB D4
004010EF BA DB BA
004010F0 56 DB 56 ; CHAR 'V'
004010F1 43 DB 43 ; CHAR 'C'
004010F2 7E DB 7E ; CHAR '~'
004010F3 AB DB AB
004010F4 CE DB CE
004010F5 9C DB 9C
004010F6 9C DB 9C
004010F7 0A DB 0A
004010F8 62 DB 62 ; CHAR 'b'
004010F9 6E DB 6E ; CHAR 'n'
004010FA 52 DB 52 ; CHAR 'R'
004010FB B1 DB B1
004010FC 10 DB 10
004010FD A3 DB A3
004010FE 75 DB 75 ; CHAR 'u'
004010FF 30 DB 30 ; CHAR '0'
00401100 73 DB 73 ; CHAR 's'
00401101 E6 DB E6
00401102 32 DB 32 ; CHAR '2'
00401103 A5 DB A5
00401104 FC DB FC
00401105 18 DB 18
00401106 09 DB 09
00401107 3D DB 3D ; CHAR '='
00401108 08 DB 08
00401109 7A DB 7A ; CHAR 'z'
0040110A 4B DB 4B ; CHAR 'K'
0040110B 11 DB 11
0040110C C9 DB C9
0040110D 5E DB 5E ; CHAR '^'
0040110E 25 DB 25 ; CHAR '%'
0040110F 6E DB 6E ; CHAR 'n'
00401110 13 DB 13
00401111 E3 DB E3
00401112 67 DB 67 ; CHAR 'g'
00401113 C7 DB C7
00401114 F4 DB F4
00401115 A1 DB A1
00401116 E4 DB E4
00401117 AD DB AD
00401118 A1 DB A1
00401119 23 DB 23 ; CHAR '#'
0040111A 66 DB 66 ; CHAR 'f'
0040111B 7C DB 7C ; CHAR '|'
0040111C 60 DB 60 ; CHAR '`'
0040111D 05 DB 05
0040111E 64 DB 64 ; CHAR 'd'
0040111F D7 DB D7
00401120 05 DB 05
00401121 C1 DB C1
00401122 BF DB BF
00401123 E3 DB E3
00401124 . 68 00000000 PUSH 0
00401129 . E8 10000000 CALL virtuali.0040113E
0040112E . FF35 C0354000 PUSH DWORD PTR DS:[4035C0] ; |/hHeap = NULL
00401134 . E8 E10E0000 CALL <JMP.&KERNEL32.HeapDestroy> ; |\HeapDestroy
00401139 . E8 E20E0000 CALL <JMP.&KERNEL32.ExitProcess> ; \ExitProcess
0040113E /$ E8 09160000 CALL virtuali.0040274C
00401143 \. C3 RETN
The embedded virtual machine resides in a own section.
BTW, just quickly hacked together with no deeper look into it. Just to mention another possibility to protect stuff.
Edit: I can provide an executable (without source and a better serial calculation) if someone is interested.
Posted: Fri Aug 25, 2006 11:37 am
by thefool
Max. : Normally you would debug it instead of just disassembling. Try to launch the exe using olly [or attach yourself to the process] instead, then it would probably look different. Yeah upload an executable, please..
Posted: Fri Aug 25, 2006 1:44 pm
by Max.
thefool wrote:Max. : Normally you would debug it instead of just disassembling. Try to launch the exe using olly [or attach yourself to the process] instead, then it would probably look different. Yeah upload an executable, please..
The dump in my posting was from Ollydebug.
I will put up a protected file for download later this day. If it works well, it would be a nice tool to masquerade other debugger countermeasures and it's not expansive at all.
With the features that each run generates a different virtual machine and it also allows batch processing it would be well suitable for commercial usage.