PureBasic Forums - English

utopiomania wrote: Protection will be broken eventually, but if a hacker needs to work 24/7 for the next 12 month to
crack my little crackme, then I'm a winner, and the cracker is a looser.

So far no protection i know of lasted 1 year. There are allways some shortcuts that hackers find. For example on a VM protected code in lots of cases the hacker don't have to understand the VM and interpret the opcodes. It's a matter of patching the VM in the right place with a little proc that checks for conditions to only alter the behaviour of a specific command in a specific subroutine of a routine in bytecode.

That shortcuts mostly break your effort you put into developing anti-cracking stuff. And the more complex your protection is, the more possible shortcuts are there, that you miss.

Well, Thorium, we'll see. As far as I know, they will not be able to crack the VM protection. The problem
is outside of this, here's the scheme I have dreamt up so far for my crackme:

1 - Customer name/email is fingerprinted, and the result sent him as a licence.dat.

2 - He runs the app and selects Register, the app asks for his name/email.

3 - The app fingerprints the response, and compares it to the fingerprint in licence.dat

4 - If ok, the name/email is written out to a file, and is assigned to a string that shows up
in Help/About as registered to: name/email

5 - Next time the app is run, it looks for the file, if found, fingerprints the name/email found in it
it and compares it to licence.dat. If not equal, the app is unregistered.

5 - If the customer distributes his registered copy to a third party, his name/email is in the about
box...

Sounds like there will be a keygen for that app in no time.

And how many wrong name/emails will my crackme accept from your keygen before it shuts down for the weekend?

utopiomania wrote:5 - Next time the app is run, it looks for the file, if found, fingerprints the name/email found in it
it and compares it to licence.dat. If not equal, the app is unregistered.

Just make this "If" always equal and that's it (at least more or less like this).

Utopiomania: I really don't want to flame you, but you are living in cloud cookoo land! lol!

From Wikipedia:

It hints that the person referred to is naïve, unaware of reality or deranged in holding such an optimistic belief.

http://en.wikipedia.org/wiki/Cloud_cuckoo_land

c4s wrote:

utopiomania wrote:5 - Next time the app is run, it looks for the file, if found, fingerprints the name/email found in it
it and compares it to licence.dat. If not equal, the app is unregistered.

Just make this "If" always equal and that's it (at least more or less like this).

Thats not that easy if the compare is obfuscated by the VM. However i don't see Why the VM can't be broken. There are some possible attack points:

unpack the whole thing (strip off any checks and implement own if needed)

find the code that does the check and change it with a condition so it don't interfear with the execution of the VM

reverse the vm to change the bytecode executed by the vm

guess the key algo and make a keygen

rip the VM and keygen bytecode of and use it in your keygen

Thorium, thanks for taking this seriously . I'm only trying to make my crackme scheme able to buy me/us as much time
as possible, not to stop cracking forever.

If you can see more attack points, or weak areas, or a showstopper in my scheme or choice of protector, please let
me know, and I'll try to fix it before I start coding it.

All of this conversation is good but if you're trying to make a living selling software you should *not* spend a about of time on anti-cracking. Make something "good enough" (or just use a commercial protection system) and concentrate on improving and marketing your software. Time spent on marketing and software improvements will get you many times the return than spending the same amount of time on anti-cracking systems.

Couldn't have said it better myself.

This is so funny, I've enjoyed reading it
anyway cant think of any software that is uncrakable ?!?
And as written earlier on in this thread fred seems to have got it right. Purebasic was the first program I ever purchased, got it free as a trial on a computer mag, used it, loved it bought it.
if the program is good and worth it and the licence isn't ridiculous people will buy it.
who cares about wasting time making it uncrackable you'll drive your self nuts, just look at DVD protection theres always a way around it.....

This is soooo weird...

No one seems to actually read the posts here, they just jump in and post 'everything can be cracked..', like
little kids.

In my first post I suggested using a commercial protector, which was obviously stupid of me, because:
DoubleDutch said:

Utopiomania: I really don't want to flame you, but you are living in cloud cookoo land! lol!

Then karboon says:

(or just use a commercial protection system)

And DoubleDutch response is:

Couldn't have said it better myself.

There you go, weird as hell.... lol my *ss

And then another one jumps in laughing... Stating that Fred got his copy protection right.... Because that is
what it is, a copy protection system that has been discussed before, so why laugh??

If protecting your software is so wrong, can you explain to me why the latest version of our beloved PB isn't
freely downloadable from this site at all times?

No? Because PB uses a copy protection SYSTEM. You pay for the SW, and receives a personal account. IF you
distribute your copy, you feel you could be pointed out if you shared it with the world.. And besides, you paid for
it so why give it away to som chinese kid?

To me this is an ok approch and copy protection as good as anything else. The system I think of is similar, you
receive your personal licence, and If you share the SW on the net, your name and email will be all over the
place, and a commercial protector will make it very hard to remove your fingerprint from it.

With the right kind of protector, the fingerprint can be removed, but not by a kid, and not in a long time, so
'anything can be cracked' doesn't apply

I meant his comment about "concentrate on improving and marketing your software." - as I had said that in an earlier comment. cookoo cookoo!

just out of curiosity name one program that cannot be cracked, I would bet with in less than a couple of minutes I could find a cracked version someware on the net. may be a revision down from the latest, but often you'll find a lot of the "quick" releases are often just to stop the crackers patched exe's or keygens.
Not to say copy protection is a wast of time, just think it only has to be something simple, if people like it they will pay. if they only want a "one off use" chances are a demo version would do, and if there are just to cheap they will use a cracked version regardless of how awesome the copy protection is. sad but true.

PS funny may have been the wrong terminology maybe fun? It kept me going through a boring part of my day

Me wrote:

With the right kind of protector, the fingerprint can be removed, but not by a kid, and not in a long time, so
'anything can be cracked' doesn't apply

You wrote:

just out of curiosity name one program that cannot be cracked,

As I said, you just don't bother reading and understanding previous posts before you jump in, do you?