Page 7 of 8
Posted: Sat Dec 13, 2008 6:16 pm
by utopiomania
The poster above has some good points I suppose.
The app I'm working on is moving forward, but I need to resolve some very difficult (to me!) problems related to the underlaying algorithms needed to make it do what I want.
That said, nothing posted here has convinced me to abandon either CodeVirtualizer or ExeCryptor as my tools of choice to protect it from criminals as soon as it hits the streets.
Posted: Mon Dec 15, 2008 9:58 am
by PB
> The reason is that if PureB had 100% foolproof uncrackable protection
> then not all of those 100 pirates would turn into customers
Wrong. If you used a paid app, even once, you're meant to have paid for it.
You can't walk into a shop, eat half a pack of chips off the shelf and put them
back and say "I was just trialling" or "I wasn't going to buy them anyway." :roll:
Posted: Mon Dec 15, 2008 1:38 pm
by SFSxOI
PB wrote:> The reason is that if PureB had 100% foolproof uncrackable protection
> then not all of those 100 pirates would turn into customers
Wrong. If you used a paid app, even once, you're meant to have paid for it.
You can't walk into a shop, eat half a pack of chips off the shelf and put them
back and say "I was just trialling" or "I wasn't going to buy them anyway." :roll:
By the same logic, if you walk into a shop and look at a pack of chips and then walk out and get the same pack of chips product from a friend who just gives it to you, the shop keeper should not count that pack of chips you looked at as a lost sale either.
Posted: Mon Dec 15, 2008 9:46 pm
by case
PB wrote:> The reason is that if PureB had 100% foolproof uncrackable protection
> then not all of those 100 pirates would turn into customers
Wrong. If you used a paid app, even once, you're meant to have paid for it.
You can't walk into a shop, eat half a pack of chips off the shelf and put them
back and say "I was just trialling" or "I wasn't going to buy them anyway." :roll:
comparaison of ohysical product and software are biased and not reflect the real lose.
you can't copy a pack of chips... if you goes to a shop and shoplift a pack of chips, the shopkeeper really loose the pack of chips.loose the money he paid to have the pack of chips and will never had any money back for this pack of chips so it's a big loss.
if we could copy the pack of chips, you goes to the shop, copy the pack of chips and eat it, the shopkeeper still have his pack of chips, he don't loose money because he still have all his money , he don't loose the price he paid the pack of chips because he still have it, he can still sell it later so it's not a real loss.
piracy is not thievery, you don't steal something from someone, but you don't pay someone for something you normaly have to pay.
piracy is bad, that's why i pay for all my software
but don't expect me to pay for a drm cripled application :=)
Posted: Mon Dec 15, 2008 11:35 pm
by Rescator
As I said in a thread in Off Topic, common piracy is about copyright. The media keeps forgetting that fact all the time.
Posted: Wed Dec 17, 2008 3:08 pm
by SunBeam
@
utopiomania: What you keep forgetting is one fact - if you code something of your own and shove in a commercial protector, then you're not the god who defeated the cracker. You may act like it (as in - "no one can crack this, muhahaha") - yet you gain nothing, no respect, no nothing. Well, from people that matter. The common user will always kiss your ass.
Back to CodeVirtualizer and EXECryptor, no matter how you put it, they all use SDKs. Those have been researched to death (
quosego can confirm it regarding
Themida and myself can say the same about
EXECryptor) and are facing an obvious "meltdown". EC hasn't evolved in years, its developers basing the product on the premise that using HARDCORE anti-debugging will stop the reverser from analyzing the core of the protection. They were right.. for a while
Then came the darkness, product was discontinued and bold reversers took charge in. I can name a few people I respect who've done great amount of work regarding this protector (mostly russian fellows).
I agree with
sky. He posted a very nice way to keep people away for a short period of time. You shouldn't be mad at us - we're doing intermediate tasks - you should be mad at those bold enough to defeat RSA-1024 and products that are more popular than 100 combined PureBasics
People keep on forgetting ZWT, LZ0, BRD, FFF and other powerful names out there..
P.S. 1: RES, SND and many other teams out there are formed from people with one goal - to EVOLVE - through any means. Being a team is what really matters, and not the name. You should know that..
P.S. 2: Correcting a bit what sky said - you can defeat reversers that way, but don't forget the CARDERS
With at least one valid license, your "story" is over..
I rest my case..
And do post your crackme..
Posted: Thu Dec 18, 2008 1:12 pm
by superadnim
I think the only way there is to efficiently protect software is through virtualization as someone suggested, however even this can be fooled through account sharing, so special care must be taken to ensure that this doesn't happen but even then they could be using localized proxies and whatnot to fool your company!
some office tools are indeed perfect candidates for this sort of distribution, specially when they deal with sensitive information. however some other tools are almost impossible to virtualize due to factors such as bandwidth and processing power on your side...
the other big issue, specially on not-so-rich countries is the fact that you require to be online all the time, with high amounts of bandwidth just to use the tool, this hopefully isn't such a big issue anymore on most places, however small shops and places alike still don't have broadband connections since they don't feel it's a part of the business, luckily if you talk them into voip solutions, etc. they'll eventually get themselves at least a dsl connection and that opens a huge window for your company!
Posted: Tue Dec 23, 2008 7:34 am
by LaFarge
spam wrote:Personally im surprised you even put LaFarge down as a 'dynamite' reverser. All I've ever seen of his work is stolen research from some 0day group ...
pfff..
I shall say nothing more than "Please ask vel why he made hes Armadillo papers public".
Also, if u're here just to talk crap about me or someone else, u should do your homework 1st.
I DID my homework on Armadillo, God knows how much i traced Arma's virtual dll, BUT vel's PUBLIC arma keygenning tutorials did much of the work already.
Also, FFF friends helped alot, so big F*U*. And yes, i have 0day friends that were willing to help out with my quest to nail Armadillo. And i'm glad i was successfull.
Now all that is left are ppl like u who are mad for not beign the only one who can keygen Armadillo. And that deserves another FU!
Ask yourself, ever since vel made hes papers public, how come all these grps that can keygen arma started to pop out? Did they stole "secret 0day files that nobody should see"?? Lol, as some friend here on this board said, we do this for FUN, not some lame ass competition, like U fuckin' 0DAY morons do. And yea, ppl like u deteriorate the scene with this kind of talk. Some ppl... Really....
One more thing, i didnt earned my friends and their respect by going around and telling bullshit, like u do now... Pfff
Posted: Tue Dec 23, 2008 10:36 am
by pdwyer
^^ Self Esteem Issues ^^
Posted: Mon Jan 05, 2009 7:26 am
by devski
when microsoft threaten our goverment with some "action" regarding rampant piracy, the solution that the goverment came up with was to force all computers in the public sector (pub school/libraries/government offices/etc..) to use free/open-source software. ms did not like the idea, and they even complained to the u.s. goverment about it. it would solve the piracy issue but it wont benefit microsoft (they said it was unfair.. ??).
same is true not just for microsoft. people are against piracy in general only when it does not benefit them (directly or indirectly). a lot are even opposed to forcing open source as a solution to piracy because that would mean loss of business for them.
Posted: Thu Jan 08, 2009 7:16 pm
by devski
here is a good anti-piracy plan, guaranteed to lessen the illegal use of your software:
1. point them to an alternative that is freeware.
2. point them to a paid but cheaper competitor.
since theres just so many software that does the same thing, you will do them a favor of pointing out the best free/cheap alternative (handpicked by you of course). by using somebody else software, they will leave and forgot about yours (which is what you want right?.. since they wont pay you anyway).
the above will not benefit you at all, but will help the users. unfortunately, what will benefit others but wont benefit us is not in the minds of many people.
Posted: Thu Jan 08, 2009 9:06 pm
by PB
> ms did not like the idea, and they even complained to the u.s. goverment
Damn, there's no law that says a business HAS to use MS products! :roll:
The sheer arrogance of Microsoft never fails to astound me. No wonder
it's got such a bad reputation for its competitive behavior.
Posted: Fri Jan 09, 2009 7:34 pm
by utopiomania
sunBeam wrote
if you code something of your own and shove in a commercial protector, then you're not the god who defeated the cracker. You may act like it (as in - "no one can crack this, muhahaha") - yet you gain nothing, no respect, no nothing. Well, from people that matter.
Heh.. Those 'people that matter' shure doesn't matter much to me, and neither do their
respect.
I rest my case.. And do post your crackme..
I will. I've decided to make a simple, but hopefully commercial grade product and post it
as a crackme.
I have been working hard on it every day for the last weeks now, and can probably post it
in a month or so if everything goes well.
EDIT
The product can be freely downloaded, but will have a limited lifespan. After
a certain date in the future, it will die.
This is the only feature of the app that will be protected, just tell you so that you can
prepare your attack
Posted: Mon Jan 19, 2009 7:55 pm
by localmotion34
I think this settles the questions anyone has.
TuneUp.Utilities.2009_KEYGEN-FFF
Level 9 to 10 Armadillo protection, ECDSA signing
Fighting For Fun (FFF) just keygenned Level 10 Armadillo protection that has Elliptic Curve DSA
http://en.wikipedia.org/wiki/Elliptic_Curve_DSA
a variant of elliptic curve cryptography.
http://en.wikipedia.org/wiki/Elliptic_c ... yptography
If not, the Winmount keygen by tPort which breaks Distorted Transformation Encryption which is described as "a brand new, fabulous encryption method invented by our company. Anyone who wants to crack, reverse engineer or analyze our software will end up in extremely painful failure"
http://www.winmount.com/faq.html#6
I rest my case. If it is available on the internet, it can and WILL be cracked, patched or keygenned.
Posted: Thu Jan 22, 2009 8:06 pm
by utopiomania
The code below is plain ansi C, but obfuscated. It isn't about keygens anymore,
its about VERY hard work.
The below source looks simple to untangle, but isn't. thousands of lines of assembly
messed up even worse is probably a nightmare.
Shure it can be cracked eventually, but the next time i recompile my app, the crackfaces
will have to start all over again
and they know it.
Code: Select all
char r[]="C#S3K+[;G'W7OB/_? ? « ( !IOCCC! ´ ³Ën £0 0 e÷|ÅtÑ%Ä ° 2u"
" »¾ß mÔ/p ª c p) nm «¨ªúïµ!!¶â¡a £À3sîÜ 9sz2{ +§ 9_°0 © h0 ºÂ / "
"¤)$1 ¬ a~ ) % y qÃ'¯ ¹â ° \" ! q 6 µy' 0 3;e{ Ì kãÔs¾,Ê 2~a q t"
" 9dl 9 ¬.´ .ù_ &Á!ê '* · ; ·± µÁ = <eàª1à B:29 ¦ 6 n´ o®¨b:_2"
" µ +úí h |÷t\177°#d`Ý l½Ù r )þÁ @ ·´Ö m d©ià ¤6 e¦ v¸½^ ¶` rq"
"Á <'7Ã÷°ÅÙ ´[|äÈ=ñ@îp (², /ä^ c ¦ . ` £²î ¡ñ`fæ /= :ù]y÷¢·"
" 2º » q ¢ v²4Õm³íÓ&=a¤¡ g ; dà,é+· +_¼ =È 5߬iêÔØû§ÌÌ r£"
#define O(Q)p!O) { *i[25][41]|=U(642+Q); u e r[(Q)/2]&63); }
"solÞÄ&¾X¼[Ý; }ï? º= &c} 9ȾóÀ2 >ü 5 ,Þ & Ã0 Úù*½ ³äÿgh";
#define C( b)O(28+(B+b)%6)
# define a >> B &M[i X]
#include/* s */<stdio.h>
#include/* s */<time.h>
unsigned int long
# define e putchar(
B,E,M,A,Z,I,N,G
# define g ! (32 a)
# define u U(533);
# define n (65 a)
# define z for (
[32768], i [32]
# define p if(
[48][3]={ { { 2} } } ; void**V,*D,*F[32][48];
void*Q(void**O){ return*O?(*O=Q(*O)):O; } U(
O){return E+=(O/=2)-1?U((A=A/2^57525273+(A&
1^O&1)*9583591<<5,O)),0:O,16; } main(O){ A
=O?time(D):953351751; z I=0; I<26; ++I){z
N=I/2; N<30+I/2; ++N){ z M=0; M<3; ++M){
p Z=O)z; (B=I+Z*!!M) <26&&N+Z*(M!=2)-B/
2<30; B[G]=N<<7|Z++<<13|I*4+M)z; G[B=A
# define X [ I+Z*!! M] [ N+Z*(M!= 2)]
&32767]; )u p!Z&&M[i X]){ z B=0; B<6
; B++){ p!g){ C(5)O(0)C(2)O(2)} C((
B&1?!!n:4-3*g))p!g|n)O(4)O(7)} z B
=0; B<6; B++){ p g&&!n)O(14)p!g)O
(8)p B&1|g){ O=!n; O(10)O=!(1040
a ); O(12 )O=0; } O(17+(B&1 ?!(
1040 a)!=!n:g))} } } O(24)} O(
21+(I&1))} O(26)p O)z E=0; E<
1<<15; I=16){ B=E++[G]; D=Q(
&F[I=B/4&31][N=B>>7&63]); M
=B%4; Z=B>>=13; V=Q(&F X);
p!(D==V|N[I[i]] [1]|i X[1
])){ z; --Z&&!(*i X%9|*i
X/9&*i X/9-1); ); p!Z){
*V=D; *i X|=32>>M; Z=B
; z*i X|=4>>M; --Z; i
X[*i X?2-!i X [1]:!(
F X=V)]=36>>M); } }
} p!O){ u u z I=8;
I--; )p(N=I[r]=(I
>3?E:A)>>(I*9&24
))==10||N==13){
e 0 ); I =8; u
u u u} e 1 );
} z E =1333;
++ I<8+469*
!!O; e(N=I
[r])-32|!
O?N:r[++
I]-N));
return
O &&
main
(!O
);
}