PureBasic Forums - English

theres been numerous posts about how to write encryption schemes for shareware that authors want to write in PB. the crackers are ingenious and crack about everything out there. however, theres one thing that no person has yet to fully understand. being a neuroscience PHD canidate, i deal with DNA and sequences all the time. lets say you want to use the basis of the genetic code for your encryption. the DNA uses a triplet base sequence (ie TAC) for a "codon". so TAC (thymine,adenine,cytosine) is transcribed to RNA sequence AUG. that is then translated to the amino acid methionine. string a few thousand of those together and youve then got a protien, the final product. thats how i wrote my encryption. take the username of the client, or a serial,(the "DNA") TRANSCRIBE it to another sequence based on some predefined template you write, TRANSLATE that to the final product (the key). the translation and transcription algorithms could be placed in the exe or different DLL. now to crack that, hes got to understand how your process works. then hes got to figure out the "codons" you are using. being that only nobel prize winners have really fully cracked the genetic coding scheme, its unlikely any cracker will ever come close. what i even did was write a text file with a paragraph containing basically nonsense, "the quick brown fox jumped over the lazy dog in 16, 23, 45, 60, 56, 25, and 9346 seconds". based on that i setup my codon scheme inside the EXE file in a totally unrelated procedure, one that sets gadget states. when the user has to register, i make him check a checkbox in the window which then call the procedure to disable a button "order my program". this sets the codon defining algorithm in motion. then i call the transcription and translation procedures from 2 DLLs separately to read his unsername and serial. since crackers cant debug to simultaneous threads at once, they get lost. ill give a TOTALLY unrelated example to my program LOL.

codon definitions:

th=6ua
qu=436
bri=gf3
reg=324
san=tri
zxo=332
was=548
sac=u75
and so on
TRANSCRIPTION:

username$=getgadgettext(#registrationbox)
while codonsequence()
OpenLibrary(#Library, Filename$)
;;;;this looks for the key "codons" that you define and thentranscribes them to the right sequence
procedure return

translation:

while codonsequence()
OpenLibrary(#Library1, Filename1$)
procedure return

i am sorry this isnt as "correct" as it should be codewise, but im not going to give away the encryption i wrote. this is only to give IDEAS to other sharewarers. read a bit on the genetic code and then try basing a key system on that the way i describe. i posted a little keygen of mine on a "cracking" website for crackers to try and crack for fun. ive yet to see an answer to it. lots of luck!!!!!!!!!!!!!!!

> being that only nobel prize winners have really fully cracked the genetic
> coding scheme, its unlikely any cracker will ever come close.

Don't be so sure. Windows XP activation was supposed to be crackproof,
yet it was cracked within 24 hours of release. Are you saying your code
is a better encryption than all the minds at Microsoft could come up with?

> i posted a little keygen of mine on a "cracking" website for crackers to
> try and crack for fun. ive yet to see an answer to it.

Depends on who the crackers are. Have you offered it to the "big" fish
in the game -- Phrozen Crew, Fosi, etc? Or just to anyone who wants to
have a crack at it (pun intended).

Remember: All the encryption in the world doesn't matter -- they usually
just bypass the entire rego check in your code, meaning they don't even
have to try to work out the encryption at all. In your example code, they
would most likely just bypass the entire CodonSequence() procedure so
your app would run without it.

The problem as always is that the code can be examined and changed to by-pass any encryption you have. Now if we were talking about a bio-computer then your DNA coding would probably fit in nicely there

If this actually works I'd recommend going and selling this stuff to a big fish like microcrap or someone as you'll make millions. Much better to do that than give away your secrets here and give the hackers a head start !

Good luck

What if you embedded your EXE within another "wrapper" which first performs a file checksum and if the file hasn't been tampered with, extracts the target EXE to RAM and then executes it. Once the target executes, it performs another checksum test of itself and another test to see if it has been registered.

Who cracked WinXP? What kinda hack, one where no activation is required?

Thanks,
Phil

pthien wrote:Who cracked WinXP? What kinda hack, one where no activation is required?

Yea, it's everywhere..

> What if you embedded your EXE within another "wrapper"

The crackers would just remove it from the exe and distribute it standalone.

> Who cracked WinXP? What kinda hack, one where no activation is
> required?

Yep. I've got friends who have CD ISO images of WinXP with the
activation code totally disabled, so you can install it like any other
version of Windows.

you're got friends? wow!



winxp might not be the best example...

- winxp was available with a patch before it was even officially released
- before that there was the beta timeout patch
- and to top it all, ms has distributed corporate versions with the check by default of

in fact, although i purchased an offical xp pro, i often change hardware so i decided to install from a copy of a corporate relase to avoid this official registration bullshit... i paid for this, i don't want to be bothered by m$'s copyright scheme and i certainly don't want to explain to some numbnut why the hell i have changed my video card for the umpteenth time this week! (in fact, playing fair and buying your stuff (which i did) means you're getting yourself into more trouble?!? that should not be the purpose...

anyway, back to the subject: there is no failproof encryption scheme, as the code must reside on your machine, where it can be doctored by third parties, and indeed the logical way is simply hack the code in such a way that it thinks it is okay... why remove a copy protection if fooling it is enough?

the only scheme that i think works is either something that has a hardware protection (cd / dongle, but these can be hacked as well) or that needs an online component (multiplayer games come to mind) or... make it so cheap it's simply affordable to everyone

Karbon wrote:

pthien wrote:Who cracked WinXP? What kinda hack, one where no activation is required?

Yea, it's everywhere..

Just download the XP corporate edition and dump 3 or 4 dll in winnt/system and no pesting

PB wrote:> What if you embedded your EXE within another "wrapper"

The crackers would just remove it from the exe and distribute it standalone.

> Who cracked WinXP? What kinda hack, one where no activation is
> required?

Yep. I've got friends who have CD ISO images of WinXP with the
activation code totally disabled, so you can install it like any other
version of Windows.

Not that easy, I don't think. A hacker would have to: (1) Figure out how the file is embedded and remote it, (2) Disbale the code from the target EXE that checks to see if it was called from the shell, (3) Disable the code in the target that checks its checksum, (4) Disable the code from the target that checks for registration.

This is like encryption. The more bits, the harder it gets. Pretty soon you have 128 of them, which is an intractable number. The fastest computers would need thirty-something years to solve it. As you add more and more components, it gets harder and harder.

There are some commercial products which haven't been cracked, you know. Hackers give up, and just search for a public key to share.

Thanks,
Phil

pthien wrote:Not that easy, I don't think. A hacker would have to: (1) Figure out how the file is embedded and remote it, (2) Disbale the code from the target EXE that checks to see if it was called from the shell, (3) Disable the code in the target that checks its checksum, (4) Disable the code from the target that checks for registration.

I don't think, that a real hacker would need more than half a day. Surely the wrapping code wouldn't be very large so there's no problem. Bypassing the check is a very simple task, for someone trained in doing such thinks. Hell, there are cracking groups out there who publish 3-4 hack a day.

This is like encryption. The more bits, the harder it gets. Pretty soon you have 128 of them, which is an intractable number. The fastest computers would need thirty-something years to solve it. As you add more and more components, it gets harder and harder.

And where's the link to your proposal? Using encryption in copyprotection won't work, as you always have to deliver the key with the software. And an encryption that depends on hiding the encryption method can't seriously be called encryption.

There are some commercial products which haven't been cracked, you know. Hackers give up, and just search for a public key to share.

Yes, that's because cracker's aren't dumb. Why spending so much time when it's easier, faster and more secure to publish a serial.

the mistake that people often make is assume that hackers are 'in the dark' concerning cracks, serials, code

if they have a installable version of the code, even including it's wrapper, and they have a key, they will start up their debuggers, and go step by step through the code, whilst inserting the proper key, and thus figure out how the encryption scheme works and disable it

it's getting harder when the key is used to decrypt the code, and is unique, in other words the specific code is only unpackable with that one key (let's ignore the difficulty for the publisher, repacking every title for every single customer, although that might be worth the effort)

now, during installation, code is decrypted using that key, then executed (if it only unpacked, things would be rather easy), somewhere must be a check built in to see if the executed code was actually retrieved from an encrypted source and provided with a proper key

the above is quite a lot harder to defeat, but can be done as following:

1. detect the primary decription algoritm (enter key etc.)
2. install and monitor the code for additional key / decryption checks
3. decrypt the code outside of the normal installation procedure
4. patch all checks on decryption
5. repack to an installable format

lots of work, but still it can be done

i think this topic belongs in the off-topic folder, doesn't it?

> the only scheme that i think works is either something that has a
> hardware protection (cd / dongle, but these can be hacked as well)

Hardware protection is easily fooled too. My PC's DVD player is currently
locked to region 4 (Australia), yet I can still watch any region DVDs with
a little software app called DVD Region-Free. So the software beats the
hardware, even though the hardware thinks non-R4 discs can't play.

> or that needs an online component (multiplayer games come to mind)

Again, this is easily beaten. Quake 3 was one of the first games to use
server-side authentication, yet keygens for Quake 3 exist that let pirated
copies of the game play on legitimate servers. And further to this, there
are cracked versions of Quake 3 that let people set up "illegal" servers
where no checking is required at all.

I used to pirate a lot of software in highschool... I noticed one thing that was very effective... When a program is easy to crack... and after a few minutes of use it then deletes itself...
One way to do this would be to use a painfully simple registration check... Then, somewhere randomly in your code, use your DNA method to check it's validity (a few minutes later...) Finally do whatever mean things you want to the person who cracked yer program
not too mean tho'

You could do this on top of PE packing and all the other methods mentioned above

> after a few minutes of use it then deletes itself

What if it was marked as read-only? And if not, it's a trivial task to have
the exe backed-up and restore itself in such situations (via a batch file).

> do whatever mean things you want to the person who cracked yer
> program

I hope you don't mean run malicious code if you think the app has been
cracked... because a virus can make an app appear different -- you can't
do damage to a user just because of a virus. Imagine the lawsuit you'd
have against yourself! 8O

with online checking i was refering to the model used by red alert 2: yes, it's easy to hack / patch it, but for online gaming you have to rely on the servers of westwood / electronic arts, as that part of the code is not inside the client, so noone can build up their own server without reverse engineering and redeveloping