Page 1 of 2
Piracy - Combating jack sparrow & evil forces
Posted: Thu Sep 18, 2014 9:34 pm
by minimy
The protection of our software is an important chapter. I think.
I will say that I believe in free software , but only if it is free.
Linux +1, Gimp +1
I'm trying to find the best method to do this.
I would like to open this topic with your help.
My personal system is make bad software. so nobody wants.
But i think this not work for every body.
How to protect comercial software?
What is the best protection for our soft?
Device ID?
Windows registry?
A little terminator (T1000 or +) hide in code, ready to kill anybody?
it is possible to put a terminator in the code ?
any suggestions?
Re: Piracy - Combating jack sparrow & evil forces
Posted: Thu Sep 18, 2014 9:54 pm
by ts-soft
Let the user register the software per e-mail. With the code, show the e-mail or name in the registered program!
It is not sure, but should help.
Re: Piracy - Combating jack sparrow & evil forces
Posted: Thu Sep 18, 2014 10:46 pm
by em_uk
Get a server to allow updates. If you see more than one copy checking for updates with the same hash start secretly deleting windows files.
Harsh, but you have to teach them a lesson.
Re: Piracy - Combating jack sparrow & evil forces
Posted: Fri Sep 19, 2014 12:14 am
by idle
There's no sure way to add protection to software and the more you try, just increases the risk of annoying your softwares users
You can easily generate a unique license file for a user on a server and add results for multiple tests, locking it to a specific user or machine
though it'd be still be fairly trivial to patch the test points in the exe to circumvent them.
Something like this maybe?
Code: Select all
;on server
Procedure hidekey(MasterKey.s,publicKey.s,privateKey.s)
Protected result.q,MasterPublic.s
fn = OpenFile(#PB_Any,"randomfile.dat")
If fn
For a = 0 To 2048
WriteByte(fn,Random(42)+48)
Next
For a = 1 To Len(MasterKey)
MasterPublic + Chr(PeekC(@MasterKey+a) ! PeekC(@publicKey+a))
Next
For a = 1 To Len(MasterKey)
result = CRC32Fingerprint(@MasterPublic,Len(MasterKey),result) & $FFFFFF
result % 2048
FileSeek(fn,result)
byte = Asc(Mid(privatekey,a,1))
WriteByte(fn,byte)
Next
;add aes encypted data block using the users private key containing results of fingerprints ...
CloseFile(fn)
EndIf
EndProcedure
;in client
Procedure.s GetKey(MasterKey.s,publicKey.s)
Protected key.s,result.q,MasterPublic.s
fn = OpenFile(#PB_Any,"randomfile.dat")
For a = 1 To Len(MasterKey)
MasterPublic + Chr(PeekC(@MasterKey+a) ! PeekC(@publicKey+a))
Next
If fn
For a = 1 To Len(MasterKey)
result = CRC32Fingerprint(@MasterPublic,Len(MasterKey),result) & $FFFFFF
result % 2048
FileSeek(fn,result)
key + Chr(ReadByte(fn))
Next
CloseFile(fn)
EndIf
ProcedureReturn key
EndProcedure
Define SharedKey.s,DecryptionKey.s,PublicKey.s
Global dump.s=Space(2048)
;On first run of program, it regsiters the user sending to the server the users data and fingerprints
;Server generates a random license file for the user to use the application
;appends the encrpyted data block to the license file with specific test results, could be hardware fingerprints
;to tie the license file to a specific machine or user
SharedKey = MD5Fingerprint(@"TheSharedKey",12) ;A shared key in the exe and used on server
DecryptionKey = MD5Fingerprint(@"DecryptionKey",13) ;A user specific decryption key to an encypted data block
PublicKey = MD5Fingerprint(@"bob@billbob.com",15) ;The resistered users key sent back to the user
hidekey(SharedKey,PublicKey,DecryptionKey) ;Generate the license file hides the decryption key
;Server returns the PublicKey, RandomFile with appended encrpyted data block, saves them in the application data dir
fn = OpenFile(#PB_Any,"randomfile.dat")
ReadData(fn,@dump,2048)
Debug dump
CloseFile(fn)
Debug "---------------------------------------------------"
;client gets the decyption key from the publickey
Debug getkey(SharedKey,PublicKey)
Debug DecryptionKey
;decrypts the data block used for multiple validation tests while running the exe
Re: Piracy - Combating jack sparrow & evil forces
Posted: Fri Sep 19, 2014 4:02 am
by firsttimer
em_uk wrote:Get a server to allow updates. If you see more than one copy checking for updates with the same hash start secretly deleting windows files.
Harsh, but you have to teach them a lesson.
Lucky, I'm not nasty enough, if not I would wipe off their hard disk instead.
Anyway, I'm the lazy type, so normally I would try to lock the program to one hardware id instead, but the hardware id is not OS dependent(for windows, in case they reformat/hard disk die/crash...) I usually lock it to one hardware, it's either mainboard or hard disk serial number.
Currently, I'm interested in locking the mainboard serial number(I can use vbscript to do it, havent got around to using pb to do it yet since I'm just a beginner).
Re: Piracy - Combating jack sparrow & evil forces
Posted: Fri Sep 19, 2014 6:04 am
by heartbone
minimy wrote:What is the best protection for our soft?
Device ID?
Windows registry?
A little terminator (T1000 or +) hide in code, ready to kill anybody?
it is possible to put a terminator in the code ?
any suggestions?
Distribute your software on burnable CD or DVD.
I believe each "blank" physical disc has unique IDs encoded.
Allow the program to be copied to and run from the harddrive,
but only allow the application to run after the disc ID check passes.
Re: Piracy - Combating jack sparrow & evil forces
Posted: Fri Sep 19, 2014 4:30 pm
by GPI
little suggestion:
load a "key"-file in your directory. Then you should validate the information (for example with aesencode/decoder and a valid-data in the key-file). When the check finish successfull -> Fill version, otherwise demo-version.
You can Send this key in a mail.
Don't waste to much time on a copy-protection. When somebody has the necassary knowlege, he can break ever copy-protection-system. PCs (Linux,Windows,Mac) are open System.
Re: Piracy - Combating jack sparrow & evil forces
Posted: Sat Sep 20, 2014 6:38 pm
by minimy
Thanks very much to every one. Many ideas to start the battle.
What is the best whithout server?
Is possible auto-rewrite the exe file when run on first time?
Re: Piracy - Combating jack sparrow & evil forces
Posted: Sat Sep 20, 2014 11:24 pm
by Jagermeister
Heh. Long before I started programming (true story!), I disabled every protection mentioned here. Wdasm, pedit, and back in the day Softice were all you needed. The best one was where seemingly every procedure did a CRC check. There were over a hundred zombie procedures that made that simple check. It still isn't 100% but tracing each call gets tiring and most n00bs would think their cracks simply weren't working. If your security boils down to a single call to a single protection scheme, the entire idea is futile. If you choose to hardcode the serial, encrypt it AND the text ("Serial accepted!") or it's easy to find the call offset with Wdasm and disable it. One thought I had is to encode all source strings in AES or whatever, embed the key and let the app decode at runtime that way the exe doesn't contain readable text. It would look scrambled in a disassembler. As with anything, not 100% but makes life harder for the casual cracker.
Re: Piracy - Combating jack sparrow & evil forces
Posted: Sun Sep 21, 2014 1:09 am
by PB
> makes life harder for the casual cracker
That's the fallacy: a pro cracker will do the job instead.
It's not only casual crackers that try to attack your app.
Re: Piracy - Combating jack sparrow & evil forces
Posted: Sun Sep 21, 2014 4:10 pm
by Tenaja
One thing I have done is read a checksum on my anti-piracy registration code. If it does not match, I introduce a few bugs, which reveal the pirates. Legit users never complain of the bug; others, just tell them to sign into their account and get the current update... or ban them... either way, their theft is revealed, and they do not get support. This is an undocumented feature...
Re: Piracy - Combating jack sparrow & evil forces
Posted: Mon Sep 22, 2014 12:09 am
by swan
> I introduce a few bugs, which reveal the pirates
Good thinking. The problem with that is the rest of the code must be bug free ...
Re: Piracy - Combating jack sparrow & evil forces
Posted: Tue Sep 23, 2014 1:12 pm
by nblackburn
I would suggest to keep as much of your protection online as it is more secure and less likely to be attacked than a piece of software as you have a certain level of protection and control over it's distribution.
P.S - a bug is an unexpected behavior so how to you plan to introduce bugs without expecting them?
Re: Piracy - Combating jack sparrow & evil forces
Posted: Wed Sep 24, 2014 2:09 am
by Tenaja
I expect the bugs, but the users do not. Things like making the Tips always show at startup regardless of the setting, or randomly capitalize a few characters when a file is saved...
Re: Piracy - Combating jack sparrow & evil forces
Posted: Wed Sep 24, 2014 10:26 am
by Danilo