Announcement

Collapse
No announcement yet.

Protection and Conditional Statements

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Protection and Conditional Statements

    I think I have all the info I need to make a nice little protection scheme. Thank you to everyone that contributed code. It is really cool to have such a wealth of experience available.

    The final chapter (you all hope and pray!) of this oddesy has to do with what Scott said:

    snip:
    Guys, all of this is interesting but if you do ANYTHING in your code like this:
    lReg = CheckifRegistered(blah blah)
    Any good cracker is going to make a crack, a ONE time SIMPLE JMP command to BYPASS that and set a flag to 1.

    So in my code I have:

    IF TodaysDate > ExpDate THEN
    MSGBOX "This program has expired"
    EXIT FUNCTION
    END IF

    If I were a craker, I would look for the last conditional statement and jump over it with my first attempt or in this case:

    IF TodaysDate > ExpDate THEN
    MSGBOX "This program has expired"
    EXIT FUNCTION
    ELSE
    'rest of my progam
    '
    '
    END IF
    THe second attempt would be to switch the outcome of the conditional statement to the ELSE portion

    SO,
    How about using SELECT instead:

    '----------------------------------------------------
    FUNCTION Bogus() AS LONG
    FOR i = 1 TO 100
    Result = Encrypt(nonsense) ' some fast long winded procedure with a few conditional statements
    FOR j = 1 TO 100000
    IF Result = 42 THEN
    Var1 = 42
    END IF
    NEXT j
    NEXT i

    '---------------------------------------------------
    FUNCTION PBMAIN
    '
    ' beginning code
    '
    '
    SELECT CASE TodaysDate ' or NumLaunches or some other criteria that changes each time an attempted launch is made
    '
    ' more case statements befor
    '
    CASE ExpDate - 5
    CALL Bogus ' execute alot of conditional statements to cloud the trail
    CALL MainCode ' function containing the main code of the app
    CASE ExpDate - 4
    CALL Bogus
    CALL MainCode
    CASE ExpDate - 3
    CALL Bogus
    CALL MainCode
    CASE ExpDate - 2
    CALL Bogus
    CALL MainCode
    CASE ExpDate - 1
    CALL Bogus
    CALL MainCode
    CASE ExpDate
    CALL Bogus
    EXIT FUNCTION
    CASE ExpDate + 1
    CALL Bogus
    EXIT FUNCTION
    CASE ExpDate + 2
    CALL Bogus
    EXIT FUNCTION
    CASE ExpDate + 3
    CALL Bogus
    EXIT FUNCTION
    CASE ExpDate + 4
    CALL Bogus
    EXIT FUNCTION
    CASE ExpDate + 5
    CALL Bogus
    EXIT FUNCTION
    '
    ' and so on
    '
    '
    END SELECT
    '
    '
    '
    END FUNCTION
    '-------------------------------------------------------------------------------

    Can anyone see if this would this be as easy to jump over or around ?



    ------------------
    Kind Regards
    Mike

  • #2
    Mike,

    A few basic things here, for someone to make a crack of you DLL means that
    they have to get at the code first while its on disk, the simple solution is
    to use a compressor, a viable one is the freeware UPX version 0.84 that
    cannot be routinely decompressed. Do not use the later ones as they have a
    decompression option.

    The virtue of this approach is that it forces the cracker to manually unpack
    the compressed code and try and reconstruct the PE header and with UPX 0.84,
    this task is beyong most of them as it makes a real mess of the original PE
    sections.

    You already know how to do the length test so if the length of the DLL has
    changed on disk, you know that someone is messing around with it so you don't
    have to be gracious about how you exit the DLL. I would suggest that if the
    length has changed, link the length into a critical number in your code, the
    instance handle or a window handle or the registered class address or any of
    a number of other things and you will leave them with a mess to debug to find
    out why the DLL just crashes.

    Make basic dynamic strings as GLOBAL values and gradually construct them
    through your app until you need them for string comparison. This way the
    string data is not in the application's .DATA section and it means they have
    to track the progressive construction of the string data, not just simply
    look at the .DATA section in a hex editor and get the starting address.

    A collective heap of things take the fun out of cracking a DLL of the type
    you are distributing and if you make it messy enough, no-one will bother.

    Regards,

    [email protected]

    ------------------
    hutch at movsd dot com
    The MASM Forum

    www.masm32.com

    Comment


    • #3
      Nice try, honestly!
      It will only slow them down however!

      I put 5 function calls in whiel testing my app with a tester, sure it locked up his machine the first 3 times, 2 hours later he cracked it and it ws pretty complex..

      There is yet another flag you can put in, decrypt something and take a value..
      If that Value is not equal to the decrypted value (Now they have to decrypt your encryption scheme) then blow up or exit....


      Start thinking along those lines too, but keep in mind, they can JMP right over that too..


      Best thing, remove that code, cant' crack what ain't there!


      Scott

      ------------------
      Scott
      Scott Turchin
      MCSE, MCP+I
      http://www.tngbbs.com
      ----------------------
      True Karate-do is this: that in daily life, one's mind and body be trained and developed in a spirit of humility; and that in critical times, one be devoted utterly to the cause of justice. -Gichin Funakoshi

      Comment


      • #4
        Wayne, he needs help, can ya hook him up with the CRC Writing function?


        Basically, crack my program, go for it:

        If IsFalse CRC32Verify Then Exit Function


        I've tried......it ain't cracking...


        The EXe must be manually CRC encoded AFTER compiling...
        The CRC is stored somewhere in the EXE....

        It's about as good as I can get besides the 50+ known debuggers that I scan for but we won't go there, it's 4 pages of code and Wayne and i worked a LOT of hours on that, very very complex....

        Wayne, getting an idea now? ($$)...


        ------------------
        Scott
        Scott Turchin
        MCSE, MCP+I
        http://www.tngbbs.com
        ----------------------
        True Karate-do is this: that in daily life, one's mind and body be trained and developed in a spirit of humility; and that in critical times, one be devoted utterly to the cause of justice. -Gichin Funakoshi

        Comment


        • #5
          I d/l the File compressor at: http://wildsau.idv.uni-linz.ac.at/mf...IONS/obsolete/
          It works great. In fact i can still add a LONG to the header at address &H 20 after the BEST compression. So that works great

          I wondered what the advantages of compressed exe's were.

          ------------------
          Kind Regards
          Mike

          Comment


          • #6
            1) If a program changes itself, it's very easy to detect by simple comparasion and to restore previous release before start.
            The same, if program writes to external file or registry.
            2) If a program tests "expirience" date, it's very easy to write simple program, which changes a date before start and restores it.

            It's not necessary to be a professional cracker to do such simple things ...

            Also note that ckrackers are crazy boys. If you will use good protection and will inform that a program works in demo-mode, they really will be interesting to broke similar program.
            For examole, well-known file manager FAR. In russian licence text there is a comment - freeware for xUSSR users and explanation, how to enter a password (russian text, current day of week).
            And what do you think ? After two weeks appears a patch, which allows to enter any password.

            Maybe there are reasons to do hidden "hooks". For example, if "CRC" is wrong, you do not inform "demo-release".
            Instead of this you simply use somewhere in calculations "CRC" de-facto - CRC expected instead of 0.

            ------------------
            E-MAIL: [email protected]

            Comment


            • #7
              Scott,

              The answer to a list of debugger footprints is what you call the
              dead listing approach, do a straight memory dump of the PE file
              to a text file, decompile it and start having PHUN.

              This will tell you where th action is in how the protection system
              works, what the problem is in knowing how and where to patch the
              existing file and it is here where a compressed EXE/DLL becomes
              a real pain.

              If you have a look at the structure of a compressed EXE/DLL, you
              cannot patch it in its compressed state so it must be decompressed,
              patched then recompressed which is not a simple task, especially
              when the compressor seriously messes up the original section data.

              To be comprehensive, there is another approach to protect against,
              it is the "in memory" patcher which does modification of the loaded
              image of the PE file. This type is a lot harder to beat and your best
              weapon against it is complexity and interlocked numbers to component
              parts of the program.

              I think if Mike builds his DLL with the tricks he has in hand, it will
              slow down all but the highest of skill crackers and they usually do not
              bother with dedicated DLLs for an application that few would use.

              A few basic rules, NEVER, NEVER ,NEVER put a test in an EXPORT
              function from a DLL and also don't name it anything understandable.

              TestRegKeyFunction and the like are a signpost to the location of
              the test code,
              Code:
                  If key& = OKval&
                    FUNCTION = 1
                  Else
                    FUNCTION = 0
                  End If
              Go to the end of the function on a hex editor after the program is
              decompiled, NOP out the bulk of the test and type in the opcodes
              for MOV EAX, 1 and the protection is stone dead. The 5 minute crack.

              Tests that involve jumps take an extra 5 minutes. Your only chance is
              to spread out the information and lock it into the critical numbers
              within the program.

              Regards,

              [email protected]

              ------------------
              hutch at movsd dot com
              The MASM Forum

              www.masm32.com

              Comment


              • #8
                Hutch --

                > freeware UPX version 0.84

                The download page contains some pretty strong warnings about using versions below 1.00. What kinds of runtime problems is 0.84 likely to cause?

                -- Eric



                ------------------
                Perfect Sync Development Tools
                Perfect Sync Web Site
                Contact Us: mailto:[email protected][email protected]</A>
                "Not my circus, not my monkeys."

                Comment


                • #9
                  Eric,

                  the problems apparently were related to non-standard PE files
                  but I used UPX 0.84 on PowerBASIC PE format which has never been
                  a problem.

                  I personally no longer use UPX because I had a very public argument
                  with the authors about the unusual GNU public licence attached to
                  it and the later version that prohibit post compression modification
                  of the UPX stub and copyright string.

                  I often use that area to write data that an EXE file can use for
                  things like settings so it became unviable for me to use it any
                  longer.

                  Regards,

                  [email protected]

                  ------------------
                  hutch at movsd dot com
                  The MASM Forum

                  www.masm32.com

                  Comment


                  • #10
                    You do realize, though, that all it takes is one "3733T H4XOR D00D" to register their copy under a false identity and then upload it, along with the name and serial number, to every "warez site" on the web and this whole exercise is immediately rendered academic...

                    ------------------

                    Comment


                    • #11
                      Hello All,

                      I have seen many kinds of protection schemes out there and to be honest, they are ALL crackable. The real key to prevent software piracy is to just write applications that people really like. Instead of reasearching protection schemes for months on end why not invest that time into your application. Here is just a small list of things that will most certainly get people to legally obtain your software.

                      1. (un)Installs clean and simple.
                      2. Documentation, Documentation, etc...
                      3. Intuative work flow. (very important, dont be afraid to make custom controls)
                      4. None of this "if you do that then you can't do this".
                      5. Customer service. (VERY important)
                      6. Realistic prices.
                      7. Throw out "No Vapor Ware".

                      The last item #7 is NOT a poke at PowerBasic. I think its only fair to your potental customer base that you inform them on "what's new". This allows them to decide if what they see in your product appeals to them. Some times we are put in a position "find the best software for the job". Having some insight as to were the company is going might allow us to make better choices. People just dont like waiting for the unknown...


                      So, in a nut shell, take the time you spend on "protection" and put it into making your application "better". Keep in mind this is my own personal feeling. Thanks for letting me speak my mind.


                      ------------------
                      Cheers!

                      Comment


                      • #12
                        Gary,
                        What do mean?
                        Are you saying that if I provide a valid reg it can be uploaded for others to use? I intend to prevent this by having the protection scheme seed the random number generator when the installer runs and produce a UNIQUE crypted code that the user e-mails me (along with a check).

                        Each customer will get a unique number that will not work on another machine. As somone said earlier, when they reformat or upgrade hardware and re-install, I have to send them a new password, but thats fine.

                        In the communication I can also inform them of other programs / Dlls i will have written in the mean time!

                        Mark,
                        I agree with you, but I think your points are self evident. My situation is a little different in that I am not aiming at the mass market but a thin segment of the investing community. Traders are notoriously cheap when it comes to software becuase so many "gurus" have written Cr#p and sold it for $5000.

                        If they can get around my protection scheme they will. If I make it hard enough they wont. As a few people have said, there is nothing that cannot be cracked, I know that, but that does not mean that I should not try to protect it, only that I should not be upset if it is cracked.

                        If I am going to protect it I want to give it a good shot. I dont need the latest and greatest, just a good shot at it. The purpose of these threads is to determine the weak points in a protection scheme and at least avoid them.

                        I have learnt many tricks including, hiding files, encrypting reg data, Installers, registry entrys, CRC32 (allthough I still cant get it to work), writing to the header, adding to an exe, reading/writing to the resource, avoiding easy jumps and now file compression.

                        Anyway back to the thread.
                        Steve,
                        By "interlocked numbers" i assume you mean test the result of each function and if it is not whats expected assume that the program has been tampered with?

                        Or do you mean send an extra variable to each function call and perform some operation on it and check the return value?



                        ------------------
                        Kind Regards
                        Mike

                        Comment


                        • #13
                          mark --
                          this a sample of program, which tests own crc. simply run it in ide.

                          but you need to use my "wrapper" for pb/dll compiler. i posted it some minutes ago in source code section.

                          Code:
                             #compile exe
                             #dim all
                             #register none
                             #include "win32api.inc"
                             #include "crc32.inc" ' <-- two assembler subroutines, posted in http://www.powerbasic.com/support/pb...ad.php?t=23005 
                             
                             '%c &h12345678
                                         
                             function pbmain
                                dim tmpasciiz as asciiz * 255, buffer as string
                                dim daddr as dword, crc1 as long, crc2 as long, scrctable as string * 1024
                                      
                                if isfalse(getmodulefilename(byval 0&, tmpasciiz, sizeof(tmpasciiz))) then exit function
                                open tmpasciiz for binary shared as #1 len = 32768
                                get$ #1, lof(1), buffer
                                close #1
                                
                                crc2 = cvl(buffer, len(buffer) - 3)
                                crc32_buildtable scrctable, &h12345678
                                crc1 = crc32_calculate (strptr(buffer), len(buffer) - 4, scrctable, len(buffer) - 4, 1)
                                
                                daddr = crc1 - crc2 + codeptr(continue)
                                goto dword daddr
                                
                            continue:
                                msgbox "ok"
                                
                             end function

                          ------------------
                          e-mail: [email protected]

                          Comment


                          • #14
                            TestRegKeyFunction and the like are a signpost to the location of
                            the test code,
                            Code:
                                If key& = OKval&
                                  FUNCTION = 1
                                Else
                                  FUNCTION = 0
                                End If
                            Go to the end of the function on a hex editor after the program is
                            decompiled, NOP out the bulk of the test and type in the opcodes
                            for MOV EAX, 1 and the protection is stone dead. The 5 minute crack.
                            So remove that point of failure by not using a function to perform such checks. Put the code that does the check and takes appropriate action if a problem is found into an include file, then where ever you want to perform the check, just include the file containing the check code, e.g.
                            Code:
                            FUNCTION DoSomething(  )
                               ...
                               $INCLUDE "REGCHECK.BI"
                               ...
                            END FUNCTION
                            instead of
                            Code:
                            FUNCTION DoSomething(  )
                               ...
                               CALL TestRegKey(  )
                               ...
                            END FUNCTION
                            Sure, you may run into "bloatware" issues (depending on how complicated/large the code for the check is), but some developers may be willing to live with that.

                            If you have a multi-part key, you could have several include files (checks), and arbitrarily select which one to use when you wanted to do a check. With 101 instances where the key is checked, it should (hopefully) take a while for any cracker to track them all down.
                            If you try to make something idiot-proof, someone will invent a better idiot.

                            Comment


                            • #15
                              Mike,

                              the idea of interlocking numbers means things like window handles, instance
                              handles and any other thing that you can make a mess of if you end up with
                              the wrong number. Make a window handle subject to the correct number being
                              added in one place and being subtracted in another, someone plays with the
                              number and the handle is no longer valid so a lot of code no longer works.

                              I regularly use GLOBAL handles and the hInstance so you can modify it in
                              one place and see the results in completely unrelated code elsewhere. This
                              is the stuff that cracking nightmares are made of. Use a call to the
                              FindFirstFile() API in code that does disk access so it fits in easily and
                              fill a GLOBAL structure with the needed information that will include the
                              length of the running EXE file.

                              Somewhere else in the code that is completely unrelated, add or subtract it
                              from the instance handle then somewhere else when a function uses the instance
                              handle the program will crash for no apparent reason.

                              Matthew,

                              The problem is one of identification and distribution, code that moves a value
                              into a register is spread all through a program so if you plug the test in one
                              place, evaluate it in another and display information about it somewhere else,
                              it becomes very hard to track down.

                              Literal strings are a serious weakness in protection systems, place the text,

                              "1 h4vê c4úGT y0ú, y0ú w1Ckêd Ï1itÏ5T H4CkêR"

                              in your program and the cracker tracks its address and does a global search
                              of the binary code to find what is using it. The best technique is to use
                              basic dynamic string and construct it in different places through the EXE
                              file so that there is no single place to identify the string from.

                              Regards,

                              [email protected]

                              ------------------
                              hutch at movsd dot com
                              The MASM Forum

                              www.masm32.com

                              Comment


                              • #16
                                Semen,

                                I have spent all afternoon working on your examples. I dont get the Wrapper stuff tho I am lost with that code. I also dont know what IDE is.

                                But I did get the MakeCRC to work in a modified form (see below). I can append the CRC i think but only to file that are 10k or less. I have an EXE that is 26k and it does not get any longer when it append the CRC to it!?

                                Here is the code I put together:
                                #COMPILE EXE
                                #REGISTER NONE
                                #DIM ALL
                                #INCLUDE "WIN32API.INC" ' Win API definitions
                                #INCLUDE "Comdlg32.INC" ' For Open/Save Dialog

                                '-----------------------------------------------------------------------------------------
                                FUNCTION OpenSaveDialog(BYVAL Caption AS STRING, _ ' caption
                                BYVAL NameofFile AS STRING, _ ' filename
                                BYVAL InitialDir AS STRING, _ ' start directory
                                BYVAL Filter AS STRING, _ ' filename filter
                                BYVAL DefExtension AS STRING, _ ' default extension
                                Flag AS LONG) AS STRING ' 1 = Save Dlg, 0 = Open Dlg
                                LOCAL Ofn AS OPENFILENAME
                                LOCAL zFileName AS ASCIIZ * 256
                                LOCAL zFileTitle AS ASCIIZ * 256
                                LOCAL zFilter AS ASCIIZ * 256
                                LOCAL zInitialDir AS ASCIIZ * 256
                                LOCAL zTitle AS ASCIIZ * 256
                                LOCAL zDefExt AS ASCIIZ * 10
                                REPLACE "|" WITH CHR$(0) IN Filter
                                zFilter = Filter + CHR$(0)
                                zInitialDir = InitialDir + CHR$(0)
                                zFileName = NameofFile + CHR$(0)
                                zDefExt = DefExtension + CHR$(0)
                                zTitle = Caption + CHR$(0)
                                ofn.lStructSize = SIZEOF(ofn)
                                ofn.hWndOwner = 0
                                ofn.lpstrFilter = VARPTR(zFilter)
                                ofn.nFilterIndex = 1
                                ofn.lpstrFile = VARPTR(zFileName)
                                ofn.nMaxFile = SIZEOF(zFileName)
                                ofn.lpstrFileTitle = VARPTR(zFileTitle)
                                ofn.nMaxFileTitle = SIZEOF(zFileTitle)
                                ofn.lpstrInitialDir = VARPTR(zInitialDir)
                                IF LEN(zTitle) THEN
                                ofn.lpstrTitle = VARPTR(zTitle)
                                END IF
                                ofn.Flags = Flag
                                IF Flag = 1 THEN
                                CALL GetSaveFilename(ofn)
                                ELSE
                                CALL GetOpenFilename(ofn)
                                END IF
                                ofn.lpstrDefExt = VARPTR(zDefExt)
                                FUNCTION = zFileName
                                END FUNCTION
                                '-------------------------------------------------------------------------
                                SUB Crc32_BuildTable(sCrcTable AS STRING * 1024, BYVAL MagWord AS LONG)

                                ! MOV EDI, sCrcTable
                                ! MOV EDX, 0

                                Crc32_BuildTable_Lb1:
                                ! MOV EBX, EDX
                                ! MOV ECX, 8

                                Crc32_BuildTable_Lb2:
                                ! MOV EAX, EBX
                                ! AND EAX, 1
                                ! JE Crc32_BuildTable_Lb3
                                ! SHR EBX, 1
                                ! MOV EAX, MagWord
                                ! XOR EBX, EAX
                                ! JMP Crc32_BuildTable_Lb4

                                Crc32_BuildTable_Lb3:
                                ! SHR EBX, 1

                                Crc32_BuildTable_Lb4:
                                ! DEC ECX
                                ! JNZ Crc32_BuildTable_Lb2
                                ! MOV [EDI], EBX
                                ! ADD EDI, 4
                                ! INC EDX
                                ! CMP EDX, 255
                                ! JLE Crc32_BuildTable_Lb1
                                END SUB

                                '-------------------------------------------------------------------------------------
                                FUNCTION Crc32_Calculate (BYVAL Address AS DWORD, BYVAL Length AS LONG, _
                                sCrcTable AS STRING * 1024, BYVAL InitCrc AS LONG, BYVAL Inverse AS LONG) AS LONG

                                ! MOV EBX, InitCrc
                                ! MOV EDI, Address
                                ! MOV ESI, EDI
                                ! ADD ESI, Length

                                Crc32_Calculate_Lb1:
                                ! CMP EDI, ESI
                                ! JGE Crc32_Calculate_Lb2

                                ! MOV EAX, 0
                                ! MOV AL, [EDI]


                                ! XOR EAX, EBX
                                ! AND EAX, &HFF

                                ! SHL EAX, 2
                                ! add EaX, sCrcTable
                                ! MOV EAX, [EAX]
                                ! SHR EBX, 8
                                ! AND EBX, &H00FFFFFF
                                ! XOR EBX, EAX
                                ! INC EDI
                                ! JMP Crc32_Calculate_Lb1

                                Crc32_Calculate_Lb2:
                                ! CMP Inverse, 0
                                ! JE Crc32_Calculate_Lb3
                                ! XOR EBX, &HFFFFFFFF

                                Crc32_Calculate_Lb3:
                                ! MOV Function, EBX
                                END FUNCTION

                                '----------------------------------------------------------------------------------
                                FUNCTION PBMAIN() AS LONG
                                LOCAL WZCrc AS LONG, Crc AS LONG, sCrcTable1 AS STRING * 1024, sCrcTable2 AS STRING * 1024
                                LOCAL TargetFile AS STRING, BUFFER AS STRING

                                TargetFile = OpenSaveDialog("Exe to append checksum to", "", "C:\PBDLL60\", "exe", "exe", 0)
                                IF TargetFile = "" THEN EXIT FUNCTION

                                OPEN TargetFile FOR BINARY SHARED AS #1: GET$ #1, LOF(1), Buffer: CLOSE #1
                                MSGBOX TargetFile+ $CRLF +"fileLength= "+STR$(LEN(Buffer))
                                Crc32_BuildTable sCrcTable1, &HEDB88320
                                WZCrc = Crc32_Calculate (STRPTR(Buffer), LEN(Buffer), sCrcTable1, &HFFFFFFFF, 1)

                                Crc32_BuildTable sCrcTable2, &H12345678
                                Crc = Crc32_Calculate (STRPTR(Buffer), LEN(Buffer), sCrcTable2, -2&, 0)

                                MSGBOX "WinZip Incompatible CRC= "+HEX$(Crc)+" Winzip compatible CRC= "+HEX$(WZCrc)

                                'IF sCrc <> "" THEN
                                OPEN TargetFile FOR BINARY AS #1 LEN = 32768 '
                                GET$ #1, LOF(1), Buffer ' Tmp
                                'Crc32_BuildTable sCrcTable, VAL(sCrc)
                                'Crc = Crc32_Calculate (STRPTR(Tmp), LEN(Tmp), sCrcTable, LEN(Tmp), 1) 'why is this different
                                SEEK #1, LOF(1) + 1: PUT$ #1, MKL$(Crc)
                                CLOSE #1
                                'END IF

                                END FUNCTION
                                '-------------------------------------------------------------------------------------


                                ------------------
                                Kind Regards
                                Mike

                                Comment


                                • #17
                                  mike ---
                                  i uploaded all files to http://ltr.perevozki.ru/pb/pbdll1.zip

                                  1) put crc32.inc into c:\pbdll60\winapi (together with winapi.inc)
                                  2) put pbdll1.bas and pbdll1.exe into c:\pbdll60\bin (together with pbdll.exe)
                                  3) in pb editor click menu window - options - compiler . change a path for compiler. should be pbdll1.exe instead of pbdll.exe.
                                  4) then you can start small sample, which i posted yesterday.

                                  Code:
                                     #compile exe
                                     #dim all
                                     #register none
                                     #include "win32api.inc"
                                     #include "crc32.inc" ' <-- two assembler subroutines, posted in http://www.powerbasic.com/support/pb...ad.php?t=23005 
                                     
                                     '%c &h12345678
                                                 
                                     function pbmain
                                        dim tmpasciiz as asciiz * 255, buffer as string
                                        dim daddr as dword, crc1 as long, crc2 as long, scrctable as string * 1024
                                              
                                        if isfalse(getmodulefilename(byval 0&, tmpasciiz, sizeof(tmpasciiz))) then exit function
                                        open tmpasciiz for binary shared as #1 len = 32768
                                        get$ #1, lof(1), buffer
                                        close #1
                                        
                                        crc2 = cvl(buffer, len(buffer) - 3)
                                        crc32_buildtable scrctable, &h12345678
                                        crc1 = crc32_calculate (strptr(buffer), len(buffer) - 4, scrctable, len(buffer) - 4, 1)
                                        
                                        daddr = crc1 - crc2 + codeptr(continue)
                                        goto dword daddr
                                        
                                    continue:
                                        msgbox "ok"
                                        
                                     end function
                                  btw, ide - i beleive - is integrated development environment (here pbedit).

                                  [this message has been edited by semen matusovski (edited may 02, 2001).]

                                  Comment


                                  • #18
                                    Each customer will get a unique number that will not work on another machine. As somone said earlier, when they reformat or upgrade hardware and re-install, I have to send them a new password, but thats fine.

                                    Yikes - you're going to tie the serial number to the user's hardware configuration??? Bad, bad, bad idea.

                                    Not only are most people not going to want to put up with the inconvenience of having to re-register every time they do something to their system, but they're going to be very nervous about what happens to them come the day that you lose interest in the product, get hit by a bus, or whatever, and they can no longer get new serial numbers for the program they purchased.

                                    ------------------

                                    Comment


                                    • #19
                                      Allow me to chime in with another Yikes! My biggest problem with tying
                                      the app to the hardware is that it treats the customer as a potential criminal.

                                      At my previous job one of our sister divisions had a new app framework for sale
                                      that used the PC hardware as the security key. They had drop the scheme as the
                                      feedback from customers and potential customers was overwhelmingly negative.

                                      If you're that concerned about security, use a dongle.


                                      ------------------
                                      Mark Newman



                                      [This message has been edited by Mark Newman (edited May 02, 2001).]
                                      Mark Newman

                                      Comment


                                      • #20
                                        Gary and Mark,
                                        This app is going to very few people. If I get hit by a Car I probably wont care if they change hardware and it no longer works! (is that bad Karma?)

                                        I just want to make sure that it does not end up on a d/l site for the world and their mother to use for free!

                                        Semen,
                                        I got all the files OK. I followed the instrutions, and got the example to work! This is amazing! I think this another level of programming from where I am at. I have studied it all for a while. I love the trick:
                                        dAddr = Crc1 - Crc2 + CODEPTR(Continue)
                                        GOTO DWORD dAddr
                                        Thats exactly what I started the thread for. Cool.
                                        as for the CRC, I see how it is calculated but I dont understand how you append it to the end of the file and then read it later.

                                        I have tried many ways and I just cant seem to get it to work. Calculating it seems to be no problem. I open the file for writing as binary then what?

                                        ------------------
                                        Kind Regards
                                        Mike

                                        Comment

                                        Working...
                                        X