PureBasic Forums - English

so im about 2/3 of the way done my first shareware app, and after looking around and potential targets to protect it, ive discovered that pretty much every protection system has been cracked.

Armadillo: Dillodie 1.6 unpacks, then followed by replacing armaccess.dll with Team inFected's cracked one. drEAM tEAM is at war with Silicon realms, and one of its members keygenned armadillo itself. TMG did too. Chad Nelson no longer works there, and rumor has it because of his inability to stop some groups.

ASprotect\ASpack: StripperX

UPX/scrambler: PEiD plugins, and UPX-it

PEcompact - cracked

Code-Lock - difficult to use, and definitely impossible to use with PB

over 80 OllyDBG plugins to unpack various potections

Generic in-line patchers to remove CRC32 checks

TMG, CORE, SSG, Orion and some others have keygenned almost every possible serial routine

Seek'n'Destroy and Unpacking Gods havent been stopped yet that I know of. SND forums is loaded with posts about "targets" that people want to unpack, alot of Armadillo custom builds that end up cracked, but not released.

is there anything out there that can at least give me 2 weeks before my app is cracked? or do i just have to accept that it will be cracked?

lately i have done alot of reversing on "unpack me" and "keygen" tutorials and have gotten really good. but i know the Scene is better.

Any suggestions?

Try Molebox or execryptor - search on the forums. The latter is supposedly famous for its anti-crack/debug capabilities, and has 2 versions: standard (just protection) or professional (with an added license management scheme). I've looked at the execryptor site and found some (possibly bogus) reports of cracks - one seemed to be the fault of the user, and there was another crack report via China but seems like the makers are onto it (if its real). I'm interested in this issue too so please report back here if you try these and/or find any problems with these. Thanks.

EXEcryptor has been cracked. They state that they are worried that if someone with a WORKING key teams up with the person who cracked it. it is big trouble.

with Vista ready to launch, and all Vista system drivers running at the USER level, and NOT the system level, some anti-debugging tricks will be useless.

RELOADED has cracked Starforce time and time again, with Starforce running at the SYSTEM level. RELOADED relseased their starforce kit, and NOCDs have gone up quite a bit. TAGES has even been beat completely. There was a Starforce unpacker released not too long ago too. Ive read forums where people are now applying the sourcecode of SF unpacker to other protection schemes.

its a back and forth war. crackers get ahead, and relsease like crazy. Protection gets ahead, and crackers spend hundreds of hours figuring it out, and not releasing. Starforce, Armadillo, EXEcryptor were out ahead for a bit, now the crackers are pushing ahead.

RELOADED is as unstoppable as Myth/Ethics was. i thank heaven that RELOADED only releases games.

probably a good thing is that RELOADED releases WHOLE games, which law enforcement definitely sees as a big crime. they most likely will get busted. if they only released fixed EXEs, they would be unstoppable for a long long long time.

localmotion34 wrote:EXEcryptor has been cracked. They state that they are worried that if someone with a WORKING key teams up with the person who cracked it. it is big trouble.

For EXEcryptor, what does cracked mean? As I indicated, EXEcryptor is really 2 things - an encryption/anti-debug scheme & serial number management scheme. Are both schemes 'cracked' or just the latter (which I guess is more important for crooks).

with Vista ready to launch, and all Vista system drivers running at the USER level, and NOT the system level, some anti-debugging tricks will be useless.

So if users are not running Vista then maybe it's not an issue?

localmotion34, you've obviously got some good knowledge & experience in this area, but this is kinda getting off topic for PB - maybe should move this discussion to the 'off-topic' section of the forum.

localmotion34 wrote:is there anything out there that can at least give me 2 weeks before my app is cracked? or do i just have to accept that it will be cracked?

I'd say put in a simple serial key bound to the users full name, nothing fancy, and spend the time on developing the product instead of the protection. Because no matter what you do, if someone wants to crack it they will. With a serial key bound to the users full name atleast most people will not share this with their friends, and that's about all you can hope for.

What it boils down to is this: for most people if they find your product good enough and it has a reasonable price they will pay for it. Then there are those who never do, and they will always be able to get around it. So don't bother spending time and effort on them, you will only get very, very frustrated in the end.

MOLEBOX: NO!!!

I have cracked several molebox "protected" exe's. AVOID it!
I have emailed the authors but they did not respond.

With a protected exe you can simple attach the debugger and when you run the program; then halt it in the debugger, you can edit the instructions like they were totally clean and unprotected. Then its just as simple as writing a little in-memory patch.. I thought to myself that it could not be true, but it is, sadly. The same with armadillo; it basically don't have any dumper protection.

molebox.com wrote:Protect application from disassembling.

Yeah right; not if you let the molebox wrapper run at first. Then its all just ready for you to dump, patch, whatever.

I havent looked at execrypter much, but its really interesting.

with Vista ready to launch, and all Vista system drivers running at the USER level, and NOT the system level, some anti-debugging tricks will be useless.

On the other hand; things like softice will also run in user-level and render it useless. but if i know numega right, they will solve that heh..

Thanks thefool for your molebox feedback - strike that one off!

thefool wrote:I havent looked at execrypter much, but its really interesting.

If you get a chance, I'd be interested to hear what you think of the strength of their anti-dissembly/debug/track claims.

FWIW I've never really put much stock in serial numbers.. though you have to do something for (un)locking.. I agree with maw, usually anything with their name in it will make people think twice about sharing it (for fear of being implicated in the copying).

A quick look (not using softice or something like that; i can do that later.):

Its much much better protected than Molebox. Simply because it refuse to run [creates an error] when ollydbg is trying to trace the program. It seems like it stops olly by firing of an unexisting command.


The reason i am against molebox (another reason than the protection sucks): they did not respons when i sent them an email with a lot of suggestions about how to protect their users! they didnt really care, so to speak.

Molebox has a lot of other great features though, but don't rely on it when its about securing anything. But its definently a good choise if you want to have eg. a game in a sinlge package.

Armadillo 4.48 has just been fully cracked by RESURRECTION, not 5 days after its release.

The day of the Dillo is gone...

It has some bad flaws.. Well; execryptor seems interesting at least. Its worth a look at!

Everything can be cracked/hacked, so the only thing to do is make it all to virus/trojan horses/spywire/adaware and start steal ppl information and sell it to highest bidder lol just kidding


The only thing is to make a server and let them registrer there as a account(only one per program)
By registering their IP you can find out what country they are in, if that changes like 5times in a day then something may wrong - by this way nobody would dare realease their version of it becuase they would risk lose their account for other ppl(almost all cracks are free by my knownlage so they would have to offer money and time for pleasure other ppl they probely don't even know)
. Even through this its just a matter of get it cracked but if you do it right it will take the crackers ages of debuging.

the other way is to make a program nice and have reasonable price then ppl will pay for the good work if they have money and the poor asses can use the cracks.

Everything can and will be cracked/hacked so simply sad and sometimes good.

"the only thing"?

People steal licenses too. Besides; this trick can be avoided if you just monitor the information once and make a small local server, and simply redirect the program to it.

Though the easiest way would be to crack it; and you can only have the crackers use "ages" if you use a really good protection system. Sure, the best way is to implement your own stuff like this and then use a 3rd party tool on top.

Reasonable prices are always lovely. However sometimes the programmer don't want to protect against cracks, they rather want to protect what they do. Like an encryption algorithm?

I seem to remember someone saying Thinstall has never been cracked. The USA DoD use it.

"Thinstall pricing starts at $5,000 USD per application plus the end user per seat fee for distribution of the Thinstall VOS. Thinstall Embedded and the Developer GUI has two components that are licensed and pricing is based on the number of applications and distribution of the VOS:

Thinstall Development Environment

This is used by developers to bind the Thinstall VOS to specific applications. Currently we give away the Thinstall Studio Development Tool at no cost to anyone who purchases a license for the Thinstall VOS. There are no restrictions on how many copies of Thinstall Studio Development Tool may be installed or used by the licensing company's developers. "

Might put us way out of the picture here....

I can afford 5000$ for thinstall but i wont.

Seriously, if thinstall was uncrackable, tell me why none of the huge companies use it? There might be no "general" crack though...

http://thinstall.com/company/customers.php

Okay, no huge software companies here :/
Microsoft shit-beats all of these companies in income and size. Why don't they use it?

Someone like Adobe, Ea-games, AutoDesk and Avid to name a few, why don't they use it?

USA DoD use it

Like i give a shit; i havent heard of them before. neither of any app's they got...

Apart from this; thinstall looks like a good choise. But i cannot tell you to choose it instead of execryptor, because none of them has general cracks.


Like a wise guy said on the programmerstools forums to me:

For an unbiased opinion of their software (or any other protection software): Read around the usual boards to get a general impression of the softwares protection level. Try it out yourself to see if it suits your needs. Try contacting whoever authors the software you're looking at to see what their customer service is like. Most importantly don't base your opinions on what one person or one site says. And of course remember that all software can be cracked given enough time and skill