54 replies to this topic

[SoftComplete]

Software piracy! Cracked serial numbers! Thousands of commercial products are posted on the warez sites and become available to all every day! Companies lose millions of dollars every year to software piracy, and faulty protection programs. Shareware developers look for unbreakable protection for their products and create some protection themselves or try many of the ready-made tools. Unfortunately most tools have already been cracked, and self solutions often only take one determined cracked a few hours to bypass. As a result they soon find the stoles keys and product cracks on thousands of hacker Internet pages.
No solution ? Well there is

It is time to turn to time tested, EXECryptor protection product. EXECryptor is a powerful software tool that provide developers with software protection from reverse engineering, analysis and modifications. Its main difference from other protection tools is its brand new metamorphing code transformation technology.

With EXECryptor the protected code block is not just packed or obfuscated like many other packers, but also disassembled into nondeterminate transformations, effectively scrambling the visible logical code structure and making it hard to reverse. After the code transformation, it remains executable and working as it is supposed to but it cannot be analysed, modified, or circumvented.
It is not just a question about code encryption but also code transformation. You can optionally wrap additional parts of your code, at a source code level, in special flags which then transform into virtually impossible code to trace, crack, or bypass. Protected code blocks are never decrypted during execution they remain in their transformed code state. Code restoration becomes an NP-hard problem.
EXECryptor has the innovative very powerful antidebug, antitrace and import protection features to stop the latest cracking software.
EXECryptor allows to use short registration keys of 12/16 characters long, based on a new generation of our HardKey algorithm, cryptographically strong ultrashort digital signature.
The power of software protection with EXECryptor is proved out in practice: despite numberous cracking attempts and challenges, the EXECryptor's 2.x series has not been cracked since its inception in July of 2004.
In addition to its advanced protection features, EXECryptor allows you to compress the code and resources of your application.
EXECryptor is able to protect any 32bit PE executable file (exe, dll, bpl, vxd, wdm). It has been tested with W95/98/ME/2000/NT/XP/2003. SDKs are available for Delphi, C++Builder, Microsoft Visual C++, LCC, PellesC, Visual Basic, PowerBASIC and PureBasic.

EXECryptor is distributed electronically over the Internet; free trial version is available at http://www.strongbit.com for evaluation.

* Operating system: Windows 95, 98, ME, NT, 2000, XP, 2003
* RAM: 32 Mb
* Hard Disk: 2.5 Mb
EXECryptor Web Page: http://www.strongbit.com

[Alex]

How do you execute code that "is never decrypted"? That's probably "secret" ;)
After all this is software you're talking about right?

Alex

[neptune3d]

Not to be a wet blanket but even with the shiniest new protection system a hack will be found. I have heard several times about a new unbreakable system and shortly after heard that it had been comprimised.

This is not to say that we should not protect our products at all, stopping the 'casual pirate' (as microsoft would say) can save substantial revenue.

It is interesting that they claim EXECryptor has the longest uncracked record right now (since july 2k4) but I was unable to find any titles listed using this scheme? Perhaps someone knows of some as it would be interesting to see if this is true in the game world.

[geon]

Alex said:

How do you execute code that "is never decrypted"? That's probably "secret" ;)

As I understand it, the processor instructions will be pseudo-randomly rearranged (while keeping the functionality intact) to hide it's true purpose to a would-be cracker.

[Kenneth Gorking]

I think all software developers should learn how to crack so they have an understanding of what they are up against. I played around with it a few years back, and it was quite the eyeopenere to be able to remove cd "protection" from highend storebought games by replacing a jz with jmp just after a few days of reading :blink:

[Kenneth Gorking]

I would also seriosly recomend anyone interested in protecting their executables to read the Make your own PE Protector at The Code Project.

[Alex]

I agree with kenneth. It is a far bigger hassle to crack something that is only used for one specific project. You'd have to invest lot's of time to crack a single app as there is no premade crack for it. AFAIK it is not possible to create secure executeable protected code purely in software on todays machines. With hardware aid (TPM) that's a different story. If they add TPM to your cpu and secure the complete system hardware wise then it will get really hard to crack something. AFAIK, Pure software (win95 compatible) probably running entirely in usermode is not gona stop anyone who's serious.

Alex

[phil14]

Alex said:

AFAIK it is not possible to create secure executeable protected code purely in software on todays machines. With hardware aid (TPM) that's a different story.
Alex

Even a hardware-aided solution isn't 100% safe, AFAIK they tried that with Maya some years ago. Honestly I don't know how you can make an EXE 100% crack-safe - somewhere in your code you gotta do whatever checks you do to see if it's "genuine" - so you can simply jump over it. Even if it was incorporated into the OS somehow it'd still be possible. Even if it's encrypted, you could simply copy & paste the decrypted code in memory (at some point it must be decrypted).
Maybe the best thing one can do is to "generate" different encrypted EXEs for any given machine based on various properties of that computer. If done clever enough this may force ppl to crack every different EXE "version" - making cracked binaries distributions pointless. This means of course you'd have to switch to an online distribution system and have a pretty powerfull server farm to generate the different binaries.
But as usual, it's a trade-off type of thing - how much time do you wanna invest in that stuff and how much do you wanna piss off your "real" customers? And does it pay off?

[Kenneth Gorking]

Doesn't all computers have a unique serial number? During the install one could encrypt the binaries and game data using that number, thereby "locking" the game to the machine. But then there is problem of protecting the installer... :)

[eddie]

Kenneth Gorking said:

Doesn't all computers have a unique serial number? During the install one could encrypt the binaries and game data using that number, thereby "locking" the game to the machine. But then there is problem of protecting the installer... :)

If you're talking about Windows, that's not true. Site licenses for various companies all have one serial, if any at all.

As for unique identifiers, the closest I can think of is your MAC address on your NIC, but that can be faked, and you have to deal with the inevitable swapping/upgrading/defective NIC problem.

There's never an easy solution to it.

Personally, I view it like the breaking-into-my-car issue. I'm not going to make my car/app rock-solid impenetrable -- it's not worth the time. Just make it so that it's harder to break than the next guys, or more trouble anyhow, so people generally won't bother.

[roel]

I think that any kind of protection is a waste of time and effort.

[Kenneth Gorking]

eddie: No I didn't mean the windows serial, I meant an actual serial id inside the computers hardware. I think it's in the bios or something...

[eddie]

Kenneth: Perhaps -- I've never heard of such thing, but I'm no expert.

That said, to retrieve it would probably require access through some API, which you could easily stub anyhow, if you wanted to 'cheat' it... And even if your game goes direct to assembler to read it, someone could simply stub out that check with a 'return true' at the appropriate point. Really - there's no such thing as security, just such a thing as *incredibly difficult to break*. ;)

[roel]

Kenneth Gorking said:

Doesn't all computers have a unique serial number? During the install one could encrypt the binaries and game data using that number, thereby "locking" the game to the machine. But then there is problem of protecting the installer... :)

Like Windows XP was locked to a hardware configuration. That didn't help either. Software protection is a real waste of time, until you invest a few months in developing it, assuming that you have a wizard-like level of knowledge. And even then, it only delays your game being pirated, say, a few weeks, and probably less if your game is hot.

Hardware protection can be a bitch. Not meaning protections like:
if (!dongleAttached())
{
exit(0);
}
But rather placing calculations/algorithms that are crucial to your game in the dongle, preferable in an ASIC or something different that is hard to reverse engineer (comparing to reading the flash of a microcontroller). For the cracker it is a black box. With a lot of effort he can figure out how the results are used, but it would require a very broad knowledge.

[phil14]

eddie said:

Really - there's no such thing as security, just such a thing as *incredibly difficult to break*. ;)

Second that. As I said, it's really a trade-off type of thing...

[kariem2k]

IMHO the only protection that would be effective :unsure: , Nah nothing is near to effective .

I was in the reverse engineering world and after i have seen i can tell that there is nothing can protect your application (except God of course).

Now even games protected by the big and expensive protection systems like Starforce (which need to install a ring-0 driver on your system :D) ,Securom ,etc... you can run the game even without a crack just use something like daemon-tools and voila the game runs like hell :) .

And about the diffeculty of cracking ,As soon as one person cracks the protection (In about 7-30 days after the releasing of the protection :) ) and release his idea to the public the protection system is usless.

[TheNut]

Packers are in my opinion a waste. From my experience, certain machines had problems with them and were unable to run the software. Even then, you can still do whatever you want to the executable once it’s been loaded in memory, which is unpacked by your own packer. Just do a memory dump and voila.

With today’s technology, the only thing you should do to eliminate piracy is the basic (free) tasks that prevent John Doe from giving games to his friends.
a) CD Detection
b) Serial Key for online play
Done…
Net Cost: 0
Net Time: At most one day’s worth. Once the framework is done, all future software can reutilize the code.

In the future, a thin-client, fat-server architecture will help to eliminate hackers and crackers all together. A model whereby the server runs the code and submits the results back to the client.

[Reedbeta]

TheNut said:

In the future, a thin-client, fat-server architecture will help to eliminate hackers and crackers all together. A model whereby the server runs the code and submits the results back to the client.

I hope you're not counting on anything like that happening in the near future.

[eddie]

MMO's do it currently. ;)

[Reedbeta]

But for single-player games? And applications other than games?