From undisclosed methods: software explosion-proof strokes
http://www.cnsw.org/bbs/viewthread.php?tid=2056 From Unprecedented Method: Software Explosion Broken Trunage Assumption A is a verification code segment, blasting generally finds some part in the A code segment and then modify It can be done with this: Take the random number x 1 or 2If x = 1 THEN again takes the random number x 1 or 2 if x = 1 THEN again takes the random number x 1 or 2 IF x = 1 THEN Insert code A else Insertion Code A end if else Take the random number x 1 or 2 IF x = 1 THEN Insert code A ELSE Insert code A end if end ifelse Take the random number x 1 or 2 if x = 1 THEN THE Number X is 1 or 2 IF x = 1 THEN insertion code A ELSE Insert code A end if else Take the random number x 1 or 2 IF x = 1 THEN Insert code A ELSE Insert code A end if end ifend IF purpose: Due to random Number, the codeca is not the same at the same point, it is difficult to all PATH8 code A, and even write a layer of random, that is, 16. Finally, if this method is effective, I don't know. Which familiar crack friend has seen it later to evaluate if it is effective ~~ method is effective, but pay attention to the modifications of code A itself, so the focus is: Code A The deformed of itself code A after random call deformation I have used, which is very effective for preventing the blasting of the PATCH class. Because we know, many so-called Crackers are lacking in the professional ethics of Cracker itself. They often have software, modify, it seems to be released, it will not be carefully tested, to the top Random traps can be used to make these Cracker ugly, huh, oh, of course, while adding unspecitated random verification, you can make this Cracker no longer easily publish your software blasting products in the future - why? Because it is often ugly, he will hurt him in the decryption circle is very stinky, huh, huh. . . . .
Explosion explosion
http://www.cnsw.org/bbs/viewthread.php?tid=2088 set a to determine the computer CPU serial number (anyway, what is the only mark of the computer, just taking any of the assignment Xselect Case Xcase 0 ACASE 1 ACASE 2 A ... Case 9 Aend Select This is OK, out of the blasting, is not available on the computer ~~
Make EXE self-verification in CRC (Repost) Original: http://skyfire.dns0755.net/newwweb/list.asp?id=201 Executive Document Declapled Nowcan.yeah.Net 2003-9 -1 Lao Yi first stop When we completed a project, after compiling into an executable document, it is generally not hoped that this executable file is changed, then here is how this is what is done. In fact, this is not difficult, as long as an API function can be completed, this is MapFileandChecksum. The function of this function is 1) Image file, 2) Accept the original checks from the image file, which is the compiler write file, 3) Calculate the checksum of the file. If the file is changed after compiling, the original checksum will be different from the calculated checksum, so that the file is changed. In the following program, Headchksum is the original checkup, and Chksum is the calculated checksum, and finally the same is the same to determine whether the file is changed. The program is written by BCB5, to add imagehlp.lib, and project-> options-> Advance Linker To select Calculate Checksum. This allows the compiler to calculate the checksum and write files. The example program is here. There is also different in VC6, which also wants to connect to the imagehlp.lib this library, then remove the Generate Debug Info and Link IncrementLly options in Project-> Settings-> Link, then select the Category combination box, remove the USE Program Database option. Finally, add "/ release" in Project Options, everything OK! / / -------------------------------------------------------------------------------------------- --------------------------- # prgma hdrstop # incdude # include
/ / -------------------------------------------------------------------------------------------- ---------------------------
#pragma argsused
Int main (int Argc, char * argv [])
{
DWORD headchksum = 1, chksum = 0;
Char Fn [512];
GetModuleFileName (GetModuleHandle (NULL), FN, 512);
IF (MapFileandChecksum (FN, & Headchksum, & Chksum)! = Checksum_suCcess
{
Messagebox (NULL, "Check Error!", "Error", MB_OK;
}
Else
{
IF (Headchksum! = Chksum)
MessageBox (NULL, "File Changd.", "Warning", MB_OK;
}
Return 0;
}
/ / -------------------------------------------------------------------------------------------- ---------------------------
However, if you use VCL, there is a conflict when compiling, mainly the problem of imagehlp.h. I think the simplest solution is to dynamically call this function, LoadLibrary / GetProcaddress / Freelibrary, etc., I believe everyone will, I will not write code.
Anti-breaking questionable answer (ZT) http://www.cnsw.org/bbs/viewthread.php?tid=1429 When you find yourself for a few months, even the process of several years is broken, The damage is difficult to describe. As a shared software author, it is not because I care about the money (I don't want to do specific calculations here, it will make me more sad ...), no, I always make my procedure as much as possible Cheap, making everyone including students and free software authors can be used. However, I know that the charm of cracking software (if you have absolutely no tolerance to program cracks and hackers, then I will forgive. But one of my classmates is a psychologist, we have been looking for it. the reason). Cracking a restricted software program is like a riddle (sometimes a very embarrassing) riddle, and you may add this feeling of this kind of confusion. Remeive these). The problem is (we now involve this "game" illegal part): The program cracking is not only satisfied with the "talent" that only let himself know him. He must spread the news and released his "crack" (see the breakage package, mostly consisting of the following parts: 1, crack tool; 2, short instructions; 3, a huge file, including seemingly authors Asia in the world, or cracking procedures like all other programs that cannot use the fragile protection method to prevent the process of cracking the program. But now, the joke is completely over. Publish these cracks (let us justice: "Research on the possibility") to others, spread to the website, newsgroups, mailing lists, anonymous FTP, CD, "Abonnements", and any other place, they obviously destroyed All the benefits of spend time and energy on their software products. Although no one can say, all people who receive or download cracks will never buy. But the spread of cracking procedures is indeed a crime, just like someone distributes your car key in the mall - Does he make money? Bearing earlier, I didn't really spend time to protect my products to prevent cracking, but I found that there were several cracks around them. I said to myself: Why is it so simple? As a programmer, I certainly know, no, never! - The program is impossible to crack, and I know that every attractive program will have a crack (at least pirated or illegal replica) sooner or later, but at least, I can avoid the worst mistake. Most advanced language programmers no longer understand the assembly language, so "protective measures" they use are very fragile. I don't know much about compilation, so I decided to start carefully collecting anti-CRACK skills. I also strive to "study hard from the other hand", many of your skills you see here are from typical crack technology, including online various crack guides and reading even by professional crackpers. Give the program protection skills (they give us these skills to give them a bigger challenge), I hope that I have learned enough, and I want to share my experience with everyone, some skills may already have some in other articles. Refer to, but here is the most complete. Many techniques are for Windows, but they can be ported to other operating systems.
This question and answer set is brand new. If you think I miss some points or useful, a typical Delphi programmer can simply join the program to strengthen the skills of program protection, please tell me if you allow, I Will add it here, otherwise I will tell you that I have experienced it. Don't ask me, I may not answer: 1) I have already mentioned that I have no research on the underlying thing; 2) I will send the sample file to you, because I have not prepared anything, if I have Some, then it is here; 3) Finally, I will not provide anyone I found these techniques, please note, this is a site focusing on programming, rather than providing the available crack procedures. Need more information about your program, you can see my Delphi skill page. -------------------------------------------------- ------------------------------ Finally, here is: How to make people who crack your program feel a headache (skills are not important Sexual arrangement) ----------------------------------------------- --------------------------------- Don't use meaningful process names, for example: function registrationok: boolean; // Translator Press: Registration Confirm No matter how mystery and complex in your function, whether you believe in whether an experienced crack will be deleted within 10-20 seconds. As a choice, you can put a part of the code you need in the program into it, if the crack is prohibited from this function, your program will generate an error result. Don't use meaningful file names such as license.dat.. Encrypted with ASYMETRIC (American Software, Representative Software Toolbook). Just unusual file name is often insufficient, good encryption (encoding) can make the crack for a few months (if he is willing) plus long delay When it is found that it is damaged by itself, don't give a warning, then start waiting, maybe one or two days (the crack people hate things). Add short delay, when entering the password or do other detection, stop one or two seconds to make the exhaustion cannot continue. It is easy to travel, but it is not used in it. Use mutual inspection to check each other in DLL and EXE, which is not safe, but it can make cracks more difficult. Use self-fix in software, you know that this technology has been used for many years like correcting MODEM and fault tolerance, how can no one in protecting software? The biggest advantage of this method is that if the crack is using an anti-compilation tool, it will see a list of useless lists. Patch your software! The code becomes the different confirmation block each time, and the body of the person is also treated. " Place the serial number in an unusual place, such as the properties of the database field, often hear or read, "use a DLL name, put it in the system directory", too much, don't use it. Put the serial number in different places. Don't rely on system time, get time from some files, such as system.dat, system.da0, and bootlog.txt, compare them with system time, requires them to be late than last time (but remember, many users have recently Catch the millennium).
Don't tell users with a clear string: "Sorry, but ... (or something)" These is the first goal that is first looking for, dynamically establish strings or encrypt them. Use forged program calls and strings to irrigate. Don't use a confirmation function, each time you confirm the user, write the confirmation code in the current process. This is just let the crack do more crack. Using Reserved Words When using a hard key or password, make them view like program code or function call (for example, "73af" or "getWindowText". This does work very well, you can confuse some anti-compilation tools No "prohibited" feature, if your program does not save the data version (CRAPWARE VERSION), do not include "Gray" color menu item. No saver is equal to no saving, then it is so simple. Avoid unnecessary prompt information, unique reminder The user has not registered is just the "about" dialog box. This dialog box must be established to confidential. This has two reasons: many programmers have such views: Excess prompt information will produce enemies in their customers, this It is stupid. One may be more important reason is: Expercy information will guide the reverse engineering of your code and often direct direct to your program protection code. Frequent update, frequent update refers to: often replace code, typical ( Simple) Crack only modify your hard byte code location, which may be expressed as it has not yet been expired. And guarantees that IAO 衿鳎 刂 刂 刂? Br /> People can't find the old version targeted by cracks. Yes, this is unable to prevent the old version and crack the piracy, if they do, you can do at least to make some contributions to their hard drives. Finally, spend points Time considering protecting your own software. Is it worth protection? Is it more improving your software? If no one uses your software, it is not meaningful, don't overestimate your software "The importance of the world" ------------------------------------- ------------------------------- You can take into account more tips ----------- -------------------------------------------------- ------------------- Use a continuous several KB long mathematical formula to make any people who want to crack its spirit. This uses a password generator almost invalid - block The exhaustive attack is also effective. Carefully run the moment! When writing the beta version, completely use it, rewrite some functions in the official version, this can at least make the crackman 's life more difficult. Destroy the results, the destruction result is sometimes Active action for protection program. For example: a chart program, or similar programs, just prohibiting printing and then recovering printing according to some registration code is the most common destruction result. Allow you to print. When generating a data structure, Some ways to destroy, restore according to registration code or other things before printing. Even let the destruction more mystery, suppose you have a cake picture to print, do not change anything, but add some little random value in you Data - so broken. The chart looks "not very bad", but no matter how it will not be used (for example, if it is a 20% random order change) found such protection, if this is associated with the registration code, it will undoubtedly make the crack need to be more Time, first, you must go deep into your internal data structure and find terrible damage and recovery data code.
Trap, one I am not sure, but I heard how the program is used: Check your exe file with CRC, if it is changed, do not display typical error messages, wait a day, then use the meaningful error code to notify the user When they contact you and report the wrong code, you know that it is cracked. Missing: Such traps may be triggered by a virus or download error, when you condemn it, you may be before your future customers, first consider the possibilities. Do not rely on the EXE compression program, almost any EXE compression (Shrinker, WWPACK32, Neolite - and all famous compression software) have a back compression program, so the protection capability of the compression program supports at least configurable encoding. The anti-compression software of the above (and other) compression procedures is not widely circulated, but do not rely on those software as a "protection" that you have. -------------------------------------------------- ------------------------------ Advanced Skills - From the Qi Dynasty ----------- -------------------------------------------------- ------------------- RCR / RCL hand play If the RCR / RCL performs a value, it is painful for the crack - do not know the initial operation of the transfer mark ( In the case of the value of carryflag, you can't reverse or deny its role. If the transfer flag is generated by some other cumbersome operations, then you are almost victorious. The conditional transfer condition of the condition is not interesting to reverse engineering. There is no loop, just jump, as a conditional roadblock, including your lovely Key processing code. In this way, there is no simple reverse operation. Use some code as a wonderful number table. (More suitable comment section) If you change things like most cracks or like to use Soft-Ice (a popular crack tool), you can't imagine that this will be more annoying, and the fragments are very interesting :-) Post Constant NOP, just like you are making self-code modification (day, what is messy, NOP? Ha! Self code modification! I idiot will spend three years to hurt those things that should be.). Confucian annotation code. Divide the code into small pieces, all over the executable code, use (preferably conditional) jump in the middle of them. I found Softice early. Now I can do it, you can do it, you can do it, you can do any VXD, you can use the opcode: F0 0FC7 C8 (illegal CMPXCHG8B instructions with lock prefix). In addition to this, we must take true measures: Use VXD to bring the CPU out of the protection mode. Windows doesn't like that, miracle? On the other hand, don't waste too much time to write to destroy the disassembler or debug code. It is useless, I believe in me, some people wrote those things, others will have a way to bypass it, so transfer your interest to more important places - those that are easy and fast, just like the above Skills.
-------------------------------------------------- ------------------------------ Decline for Delphi controls --------------- -------------------------------------------------- --------------- Let's understand some kernels about Borland's new development tools. These knowledge will allow us to speed up the speed of crack, and of course, those shared software programmers use Delphi to easily expose their "secret" to those curious eyes. VCL refers to Visual Component Library, which has recently been used by Borland visual programming tool, such as Delphi and C Builder. These environments are displayed as "rcdata '" in the resource Workshop (one tool of the Borland Editing Resource) in these environments. These resources contain a so-called form (Forms), and the form is a window (Windows). All information for the window is included, and when a typical Delphi program starts running, its initialization code establishes such a form and reads the information you want from the resource. Sometimes this read will be delayed - uncommon forms are established and deleted when needed. Such a mechanism is that the biggest advantage of delphi is also its greatest disadvantage. It greatly enhances the speed of programming, but for the entire application, it slows down the speed of the program when the program is called, is true and interesting: routine (used to respond to the element of the user interface) It is based on the name. So just know these names, we can know the address you need. If you have broken my delphi program, you must call the call between the cumbersome libraries, such as the API call, breakpoint, and similar "do xx". [Discuss a very famous application written by Delphi] Just like you will see it, I completely crack it, and it is very easy. After I first installed a week later, I found a disgusting information - "Your test has expired". The first thing to do is to collect information about the target EXE file using the Resource or Form Probe (SPY) tool. You may think about seeing TValidatorDlg - it is clear that the username and the registration code are thus entered. But you will find that is just a simple dialog box, and the real job is done by its caller tsplashform. This is an annoying window that is constantly appearing in the program off, press the "About" button and the start of the program. You can choose TsplashForm and many information in text Ground Iao 鄄熘 鄄熘9 赜诎 ィ ィTton and label will be clearly displayed. Let's pay attention to the following parts (close to the last): Object Regbutton: TButton Left = 200 TOP = 176 width = 97 height = 25 caption = 'register' taborder = 1 onclick = regbuttonclick end What is this? This is a button with a "registration" title. You can see its size, location ... and an enormous name - "Onclick". "OnClick" tells us that when the user calls the routine called when we have a name (Name), we can search the address of the routine. This is because the routine is and the button is determined by name (Name).
Using a hex editor, observe "RegbuttonClick", I found twice, the second is the resource itself, the first is in the address table (Address Table). 000A4990 _______________. Wj..REGBU 000A49A0 7474 6F6E 436C 6963 6B_____ ________ TTONCLICK_______ now, observe the magical number before the name, there is a byte ('0e') pointed out "RegbuttonClick" length (14 characters). Moreover, there is an address: 004ABC57. Some disassemblers will think that the file is too long, and it cannot be correctly disassembled - however, uses special tools, we can stop here, yes, stop in the part of our press button. These will make you discover a call (Call). Tracking, you will find a "Standard Stack Frame": 0044ECC8 55 PUSH EBP 0044ECC9 8BEC MOV EBP 0044ECC8 55 PUSH EBP 0044ECC9 8BEC MOV EBP 0044ECC9 8BEC MOV EBP 0044ECC9 8BEC MOV EBP 0044ECC9 8BEC MOV EBP 0044ECC9 8BEC MOV EBP, and ESP is written by the programmer . We have avoided a long string called the VCL library generated by the NOTIFICATION to come to the correct location. Here, you can easily test some calls with a way of setting breakpoints - you will find that they are used to display the dialog boxes that request the username and password. Then, the registration code is generated by the user name and the user's input. You can enter the username you selected, and anything as a registration code, after BPX to 44ed69, a call one routine is used to compare two strings. D Edx will display the registration code of your input (counterfeit), EAX will display the correct registration code, simple? Beginners can be completed in just 10 minutes, how to avoid being crackdown in similar programs? Read my skills. The most basic is not to generate a default method with a double-click button or an attribute monitor (Object Inspector.), Write code in other parts of the program, preferably in another template, then use the following code to associate with the button : Regbutton.onclick: = regbuttonclick; But at least not as easy as you just see. -------------------------------------------------- ------------------------------ About registration code (if you can't avoid it) -------- -------------------------------------------------- ---------------------- Sign in balance between safety, feasibility, programmability, and end users. Too long, the alphabetic registration code may cause a continuous input error. Consider the input confirmation domain (mostly the password), or provide at least one "unfixed" registration code input field so that the user can rewrite the registration code each time, perhaps the last correct input.
Many people will only "look at" with the registration code entered by the comparison and the registration they receive in E-mail, they finally believe that they entered the correct registration code. But the font is too small or they are too lazy to note that "I" and "1" are exchanged (just like 'l83jjd_0) pH1lte'). According to the feedback of different users, the registration code input area must be unlimited to accept any length information. Don't let the crack people understand your registration code - If you take "Online-Verification" and display it has 10 characters long or only uppercase letters will give them help - don't do this! Calculate the number of potential users! There is no harder than such things: You limit the number of users at 9,999, you don't want to have 10,000 users, because so you must upgrade your registration code to meet this 1,000 users . If your registration code has 10 bits, there may be 10 ^ 10 registration code. However, your application may only allow 10 ^ 4 (10,000) users, you must take some algorithm to get 10 ^ 10 registration code per person 10 ^ 10 users. This protects the user and your application itself is subject to exhaust attack (just like a macro player using VXD). If there is only 10 ^ 4 users, and you define 10 ^ 9 legitimate registration code, then average 10 times per trial, there will be a "legal" registration code. However, in the case of only 10 ^ 4, the average will succeed every 10 ^ 6 times. Even use high-speed computers and extreme macro players (keys to simulate entered registration code), it is not possible to find the time spent in 10 ^ 6 to find the required registration code. From the user name to the registration code, it should not only have only simple operations. It must be universal and profile language (notes, Delphi still allow you to use compilation directly) ASM) code)! Then, check your operation, draw a flowchart, and understand how it works. To completely understand your own work, especially its shortcomings. There must be innovative awareness, don't use anything that looks simple, quickly, and effective, unless you believe in the relativism of Einstein. Your method is indeed simple, it is indeed rapid, but it is definitely not effective, it is indeed easily crack. I am very sorry, I am not a genius, and I have not found an effective protection program to maintain too long. Just some ideas, Richey is taken from "Hubdog unconfirmed sunflower book returning: Elgamal algorithm Elgamal algorithm can be used for data encryption and digital signatures, which relies on the problem of discrete log in the calculation. Key pair is generated. First, select a populinary number P, two random numbers, G, and X, G, X The encrypted information is M, first selecting a random number K, K and P - 1, calculating a = g ^ k (MOD P) B = Y ^ K M (MOD P) (A, B) for ciphertext, It is twice as long as the plain text. Deciphering M = B / A ^ x (MOD P) ELGAMAL signature is calculated on the discrete logarithm calculation on the multiplication group (IFP) *. The number P must be large enough, and P-1 contains at least one bulk factor to resist the attack of the Pohlig & Hellman algorithm. M General should use the HASH value of information (such as the SHA algorithm). The security of Elgamal is mainly based on P and G. If you choose not proper, the signature is easy to fake, and the GM is not about the P-1. Some attack methods and countermeasures are mentioned in D.blementhenbache "GeneratingElgamal Signatures without Knowing the SecretKey". A shortcoming of Elgamal is its ciphertext classification. The DSA (Digital Signature Algorithm) algorithm in the United States is the Elgamal algorithm. How to prevent cracking with simple methods http://www.cnsw.org/bbs/viewthread.php?tid=1063 can see the limit of the debug tool in the Debug manual. The first limit is only the breakpoint of the 4 memory area, each The breakpoint cannot control more than two bytes, such that the memory disconnection cannot control more than 16 bytes. The second limit is a multithreading only tracks a thread at the same time. Suppose your registration section has 300 lines, you can Divided into 30 Inline functions calls or Macro (must be inline), func1 (), func2 () ... func30 (). Place them at all parts of the program, must not be put together (you can find it) . Do not call the copy registration code with usage system, which is likely to write, like Memcpy is very well written, and the performance alteration does not matter. After compiling, the registration section and other code are mixed together. He wants to write the registration machine like a needle in the sea, and find a useful registration section in hundreds of thousands of millions of assembly code. The most important thing for using Debug is: Don't put together in the registration code, assume your registration code 12 digits, don't use a 12-digit array to leave a registration code, you can do different locations in the program Define 12 global character variables, each place one, so the registration code is not continuous in memory. It is best to encrypt the process (simple characters or can be), and then decrypt when verify. Do not use continuous memory to save the variables used, try to use the authentication temporary variable dispersion definitions in the program, and then in the verification, constantly transferring some values to other variables, dealing with violence and LoAder are more effective. There is no need to use a complex encryption algorithm to make it easier to be a tracking goal. As long as you hide your registration part enough, there is no vulnerability, you spend 1 day written encryption algorithm, the crack may spend 100-1000 times time crack. Most people will give up. You will be registered together, just like your treasure in a modern safe, although it is very firm and difficult to decrypt, it is open for two minutes of unlocking masters. The method of ancient pirates is burying the treasure on the island, so there is no collection of treasure maps, there is only one road for the master and the low hand, and I will take a piece of iron. I may try my life. There are so many codes of the program, which may more than one million lines, you will hide the registration part, hiding, just buried the treasure in the island. Those so-called CRACKMEs are just a modern safe of masters, with the original approach to achieve the same effect. 1. Do not immediately check the registration code after reading the registration code, because reading registration code is definitely used by system calls, and it is easy to break down near the system call. Place the memory as a global variable, then you can use any part of the program, read the registration code, and read memory is no system call. 2. Two ways to process the registration code in memory, one method is Check the registration code before checking so they cannot search from memory, because they will break down near the registration code. There is also a way to just instead, you can make a lot of copies after reading the registration code, multiple copies of the registration code in memory (multiple places with Malloc), and waste some memory. The 16BITS registration code is available for 1,60K memory. If you do not have these memory, then the best multi-variable interaction with other programs use (so even if the crackler opens and searches for the code in your program, you can not use the code data and The registration code is distinguished. You don't check the registration code immediately, 1,000 copies, you only have to find a copy of it later, the crack people don't know that one you are using. At the same time, you can constantly generate some false reads The memory registration code calls interference crackper. This approach has a slight impact on the performance of the program, just a waste of memory.
