Announcement

**Knuth Konrad** · 22 Jan 2008, 07:44 AM

Depends on how you check.

Easy crack: Say you have a function, let's call it IsValidLicense(), that calculates the license and returns TRUE/FALSE. Regardless of how many times you call that function in your application, the cracker will just look for the function and modify the EXE in a way that this function will always return true.

More difficult crack: doing the validation inline (=not using a function) at 256 different places. The hacker has to spot all locations where the validation takes place.

Another step of protection: Not immediately letting your application fail upon an invalid license. Failing immediately will help the hacker in spotting the places where the validation is done. Remember the failed validation, let the application keep on working as normal for a time, than fail. Don't make the fail obviously related to a license issue (i.e. don't pop up a message "Invalid license"). Instead, let the application produce "wrong" results (that you can still identify as a license issue).

(Disclaimer: I'm nowhere near being an expert on cracking/licensing issues. The above is gathered from what I've read over years)

**Michael Mattias** · 22 Jan 2008, 09:59 AM

Instead, let the application produce "wrong" results (that you can still identify as a license issue).

I never liked this. (I think Eric P posted that SQL Tools does something like this).

I have one application where this is signficant. What I do is return a success/fail code of 'fail' with an associated error code/message meaning "invalid or expired library."

Then again, I don't enjpoy taking support calls to start with, but if they must happen... I'd much rather have a discrete error code value returned than have the user putz around for an hour wondering why "it's not working" and then call me when he is in a bad mood because when he learns the problem he will know he just wasted an hour - or - from his point of view - *I* wasted *his* hour.

MCM

**Jim Padgett** · 22 Jan 2008, 01:32 PM

What about 256 Functions?

What about having 256 different functions for verifying a valid program?

I have thought about creating several dummy checks with misleading error messages to attempt to hide the real stuff from the hacker. ( Have the hacker looking for bogus checks instead of valid ones ).

There is a discussion of piracy killing Flight Sim add on vendors which is what prompted my thinking on this subject.

Wouldn't changing the .exe change the CRC of the .exe ?

**Scott Hauser** · 22 Jan 2008, 02:36 PM

This is worth a look.
Scott

http://www.powerbasic.com/support/pb...=stack+protect

Re:
I never liked this. (I think Eric P posted that SQL Tools does something like this).

I have one application where this is signficant. What I do is return a success/fail code of 'fail' with an associated error code/message meaning "invalid or expired library."

Then again, I don't enjpoy taking support calls to start with, but if they must happen... I'd much rather have a discrete error code value returned than have the user putz around for an hour wondering why "it's not working" and then call me when he is in a bad mood because when he learns the problem he will know he just wasted an hour - or - from his point of view - *I* wasted *his* hour.

MCM

AMEN! Throw in a nag screen if necessary, or print headers on hardcopy reports stating "PRODUCED ON AN ILLEGAL AND/OR UNLICENCED COPY of XXX software. or use a watermark.

**Jim Padgett** · 23 Jan 2008, 04:39 AM

Individual Compiles?

Consider a string of data 2048 characters long.. call it a key.
You app only uses 256 characters of this key chosen at random ( specifics don't matter ).

Your app generates this key using hardware serial numbers ( or other hardware specific info ). The user emails you this key and you generate a patch file to embed your deprotection key in the customers install of your app.

You now have a specific .exe for each customer based on the reg key you send them.

Would it be bad to ask your customer to allow info specific to their copy of your app to be sent to your server say 1 out of every 20 times you run it?

The idea is to have a running list of every specific app you have sold. You would at least be able to determine where a pirated copy came from???

*** While this topic is not specifically code based, since it has brought forward some interesting methods of protection that are code based I continued this discussion here... I hope I haven't crossed too many lines *****

**Michael Mattias** · 23 Jan 2008, 09:23 AM

Your app generates this key using hardware serial numbers ( or other hardware specific info ).

I never liked this, either. Too many users - especially corporate users - are upgrading, replacing or swapping machines or parts of machines (the part with the 'hardware-specific info') to make hardware-keyed licensing a good choice.

Disclaimer: I do not sell to the retail market at all. Hardware-keyed licensing may in fact be a good choice in that environment.

MCM

**Jim Padgett** · 23 Jan 2008, 08:07 PM

Corporate License

I would think that for a major volume purchase arangements could be made to provide a completly unprotected version.

I would not be totally against distributing unprotected software, but identified such that I could trace a pirated or non-licensed verstion back to the source customer.

**Michael Mattias** · 24 Jan 2008, 11:45 AM

against distributing unprotected software, but identified such that I could trace a pirated or non-licensed verstion back to the source customer

That's what I do. I have about 3000 copies of various applications around the country and it works for me.

But one thing which has helped me a lot: Over the past couple of years, corporate customers themselves do a lot a 'police' work, mostly by controlling "who may and who may not install stuff."

Whether that's a byproduct of security-consciousness or the lawsuits Microsoft filed against careless (or possibily criminal) licensees a couple of years ago, or some combination thereof, it's a Good Thing for developers who serve the corporate user market (moi).

MCM

**Elias Montoya** · 25 Jan 2008, 01:24 AM

Have you tried TSearch? it allows to open a process and watching for values
directly from process memory in real time.

**Jim Padgett** · 25 Jan 2008, 04:26 AM

Idea?

So what if I take this key and every 10 minutes or so pick random bits from it and compare this to the same values from an encrypted key? Or better yet from several encrypted keys?

So if I get this right.. unless I use encrypted values anyone can search the value of a program variable? I assume this would be easier for globals ?

**Michael Mattias** · 25 Jan 2008, 07:45 AM

You can't effectively search for "Variables" but string literals are stored in the executable file and can be searched for with any decent hex editor. (eg UltraEdit).

For that matter, if the token contains only printable characters,Notepad will do nicely.

Announcement

Hacking data from .exe

Hacking data from .exe

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment