---- How to make people who crack your program feel a little headache
Thanks cj translations
When you have found yourself for a few months, or even the procedure for several years is broken, the damage is difficult to describe. As a shared software author, it is not because I care about the money (I don't want to do specific calculations here, it will make me more sad ...), no, I always make my procedure as much as possible Cheap, making everyone including students and free software authors can be used. However, I know that the charm of cracking software (if you have absolutely no tolerance to program cracks and hackers, then I will forgive. But one of my classmates is a psychologist, we have been looking for it. the reason). Cracking a restricted software program is like a riddle (sometimes a very embarrassing) riddle, and you may add this feeling of this kind of confusion. Remeive these). The problem is (we now involve this "game" illegal part): The program cracking is not only satisfied with the "talent" that only let himself know him. He must spread the news and released his "crack" (see the breakage package, mostly consisting of the following parts: 1, crack tool; 2, short instructions; 3, a huge file, including seemingly authors Asia in the world, or cracking procedures like all other programs that cannot use the fragile protection method to prevent the process of cracking the program. But now, the joke is completely over. Publish these cracks (let us justice: "Research on the possibility") to others, spread to the website, newsgroups, mailing lists, anonymous FTP, CD, "Abonnements", and any other place, they obviously destroyed All the benefits of spend time and energy on their software products. Although no one can say, all people who receive or download cracks will never buy. But the spread of cracking procedures is indeed a crime, just like someone distributes your car key in the mall - Does he make money? Bearing earlier, I didn't really spend time to protect my products to prevent cracking, but I found that there were several cracks around them. I said to myself: Why is it so simple? As a programmer, I certainly know, no, never! - The program is impossible to crack, and I know that every attractive program will have a crack (at least pirated or illegal replica) sooner or later, but at least, I can avoid the worst mistake. Most advanced language programmers no longer understand the assembly language, so "protective measures" they use are very fragile. I don't know much about compilation, so I decided to start carefully collecting anti-CRACK skills. I also strive to "study hard from the other hand", many of your skills you see here are from typical crack technology, including online various crack guides and reading even by professional crackpers. Give the program protection skills (they give us these skills to give them a bigger challenge), I hope that I have learned enough, and I want to share my experience with everyone, some skills may already have some in other articles. Refer to, but here is the most complete. Many techniques are for Windows, but they can be ported to other operating systems.
This question and answer set is brand new. If you think I miss some points or useful, a typical Delphi programmer can simply join the program to strengthen the skills of program protection, please tell me if you allow, I Will add it here, otherwise I will tell you that I have experienced it. Don't ask me, I may not answer: 1) I have already mentioned that I have no research on the underlying thing; 2) I will send the sample file to you, because I have not prepared anything, if I have Some, then it is here; 3) Finally, I will not provide anyone I found these techniques, please note, this is a site focusing on programming, rather than providing the available crack procedures. Need more information about your program, you can see my Delphi skill page. -------------------------------------------------- ------------------------------ Finally, here is: How to make people who crack your program feel a headache (skills are not important Sexual arrangement) ----------------------------------------------- --------------------------------- Don't use meaningful process names, for example: function registrationok: boolean; // Translator Press: Registration Confirm No matter how mystery and complex in your function, whether you believe in whether an experienced crack will be deleted within 10-20 seconds. As a choice, you can put a part of the code you need in the program into it, if the crack is prohibited from this function, your program will generate an error result.
Don't use meaningful file names such as license.dat..
Encrypted with ASYMETRIC (US Software, Representative Software Toolbook). Just unusual file name is often insufficient, good encryption (encoding) can make the crack for a few months (if he is willing)
Plus for a long time, when it is found that it is damaged by itself, don't issue a warning, then start waiting, maybe one or two days (the crack people hate things).
Add short delay, when entering the password or do other detection, stop one or two seconds to make the exhaustion cannot continue. It is easy to travel, but it is not used in it.
Use mutual inspection to check each other in DLL and EXE, which is not safe, but it can make cracks more difficult.
Use self-fix in software, you know that this technology has been used for many years like correcting MODEM and fault tolerance, how can no one in protecting software? The biggest advantage of this method is that if the crack is using an anti-compilation tool, it will see a list of useless lists.
Patch your software! The code becomes the different confirmation block each time, and the body of the person is also treated. "
Place the serial number in an unusual place, such as the properties of the database field, often hear or read, "use a DLL name, put it in the system directory", too much, don't use it. :)
Put the serial number in different places.
Don't rely on system time, get time from some files, such as system.dat, system.da0, and bootlog.txt, compare them with system time, requires them to be late than last time (but remember, many users have recently Catch the millennium).
Don't tell users with a clear string: "Sorry, but ... (or something)" These is the first goal that is first looking for, dynamically establish strings or encrypt them. Use forged program calls and strings to irrigate.
Don't use a confirmation function, each time you confirm the user, write the confirmation code in the current process. This is just let the crack do more crack.
With Reserved Words, when using a hard key or password, make them view like program code or function calls (such as., "73af" or "getWindowText"). This is really good, you can confuse some anti-compilation tools.
Without "ban", if your program does not save a data version (CRAPWARE VERSION), do not include "Gray" menu items. There is no saving item equal to no saving, it is then simple.
Avoid unnecessary prompt information, the only reminding user that he has not registered is just the "on" dialog box, this dialogue is to be established to keep it confidential. There are two reasons: many programmers have such views: Excess prompts will have enemies in their customers, which is stupid. One may be more important because excess prompts boot the reverse engineering of your code and often direct direct to your program protection code.
Frequent update, frequent update refers to: Changing code, typical (simple) cracks only modify your hard byte code location, which may be expired when it has not yet expired. And guaranteed uploading into the public server, making you better control procedures, people can't find the old version for cracking. Yes, this is unable to prevent the old version and crack the piracy. If they do, you can at least contribute to the hard drive.
Finally, take some time to consider protecting your own software. Is it worth protection? Is it more improving your software? If no one uses your software, it doesn't make sense, don't overestimate your software "the importance of the world."
-------------------------------------------------- ------------------------------ You can consider more tips ------------ -------------------------------------------------- ------------------ use a continuous several KB long mathematical formula to make anyone who wants to crack it. This is almost invalid for using a password generator - preventing exhaustion attacks.
Carefully run the moment! When writing the beta version, it is fully used, rewriting some functions in the official version, which can at least make the crackman's life more difficult.
Destroy the result, the destruction result is sometimes effective measures for the protection program. For example: imagine a chart program, or a similar program, just disable printing and then recovering printing by some registration code is the most common procedure of destruction results. Allow you to print. When generating a data structure is generated, it is destroyed in some way, and is restored according to the registration code or other things before printing. Even, let the destruction more mystery, suppose you have a pie chart to print, do not change anything, but add some little random values in your data - this is destroyed. The chart looks "not very bad", but no matter how it will not be used (for example, if it is a 20% random order change) found such protection, if this is associated with the registration code, it will undoubtedly make the crack need to be more Time, first, you must go deep into your internal data structure and find terrible damage and recovery data code.
Trap, one I am not sure, but I heard how the program is used: Check your exe file with CRC, if it is changed, do not display typical error messages, wait a day, then use the meaningful error code to notify the user When they contact you and report the wrong code, you know that it is cracked. Missing: Such traps may be triggered by a virus or download error, when you condemn it, you may be before your future customers, first consider the possibilities. Do not rely on the EXE compression program, almost any EXE compression (Shrinker, WWPACK32, Neolite - and all famous compression software) have a back compression program, so the protection capability of the compression program supports at least configurable encoding. The anti-compression software of the above (and other) compression procedures is not widely circulated, but do not rely on those software as a "protection" that you have. -------------------------------------------------- ------------------------------ Advanced Skills - From the Qi Dynasty ----------- -------------------------------------------------- ------------------- RCR / RCL hand play If the RCR / RCL performs a value, it is painful for the crack - do not know the initial operation of the transfer mark ( In the case of the value of Carry Flag, you cannot reverse or deny its role, if the transfer flag is generated by some other cumbersome, then you are almost victorious.
The conditional transfer condition of the condition is not interesting to reverse engineering. There is no loop, just jump, as a conditional roadblock, including your lovely Key processing code. In this way, there is no simple reverse operation.
Use some code as a wonderful number table. (More suitable for the comment section) If you change things like most cracks or like to change things with Soft-Ice (a popular crack tool), you can't imagine how much more annoying.
And the crackman Dao Zhi is very interesting :-) Post continuous NOP, just like you are making self-code modification (day, what is messy, NOP? Ha! Self-code modification! Idiot will spend three years to hurt those originals What is it? Confucian annotation code. Divide the code into small pieces, all over the executable code, use (preferably conditional) jump in the middle of them.
I found Softice early. Now you can do it, you can get rid of the Pentium or Pentium MMX computer or even don't need VXD, you can use the opcode: F0 0F C7 C8 (illegal CMPXCHG8B instructions with lock prefix). In addition to this, we must take true measures : Use VXD to bring the CPU out of the protection mode. Windows doesn't like that, miracle? On the other hand, don't waste too much time to write to destroy the disassembler or debug code. It is useless, I believe in me, some people wrote those things, others will have a way to bypass it, so transfer your interest to more important places - those that are easy and fast, just like the above Skills. -------------------------------------------------- ------------------------------ Decline for Delphi controls --------------- -------------------------------------------------- --------------- Let's understand some kernels about Borland's new development tools. These knowledge will allow us to speed up the speed of crack, and of course, those shared software programmers use Delphi to easily expose their "secret" to those curious eyes. VCL refers to Visual Component Library, which has recently been used by Borland visual programming tool, such as Delphi and C Builder. These environments are displayed as "rcdata '" in the resource Workshop (one tool of the Borland Editing Resource) in these environments. These resources contain a so-called form (Forms), and the form is a window (Windows). All information for the window is included, and when a typical Delphi program starts running, its initialization code establishes such a form and reads the information you want from the resource. Sometimes this read will be delayed - uncommon forms are established and deleted when needed. Such a mechanism is that the biggest advantage of delphi is also its greatest disadvantage. It greatly enhances the speed of programming, but for the entire application, it slows down the speed of the program when the program is called, is true and interesting: routine (used to respond to the element of the user interface) It is based on the name. So just know these names, we can know the address you need. If you have broken my delphi program, you must call the call between the cumbersome libraries, such as the API call, breakpoint, and similar "do xx". [Discuss a very famous application written by Delphi] Just like you will see it, I completely crack it, and it is very easy. After I first installed a week later, I found a disgusting information - "Your test has expired". The first thing to do is to collect information about the target EXE file using the Resource or Form Probe (SPY) tool. You may think about seeing TValidatorDlg - it is clear that the username and the registration code are thus entered. But you will find that is just a simple dialog box, and the real job is done by its caller tsplashform. This is an annoying window that is constantly appearing in the program off, press the "About" button and the start of the program. You can choose TsplashForm and observe in text format. Many information about Button and Label will be clearly displayed. Let us pay attention to the following parts (close to the last):
Object regbutton: tbuttonleft = 200top = 176width = 97HEight = 25caption = 'regiSter'taborder = 1onclick = regbuttonclickend What is this? This is a button with a "registration" title. You can see its size, location ... and an enormous name - "Onclick". "OnClick" tells us that when the user calls the routine called when we have a name (Name), we can search the address of the routine. This is because the routine is and the button is determined by name (Name). Using a hex editor, observe "RegbuttonClick", I found twice, the second is the resource itself, the first is in the address table (Address Table).
000A4990 ____ ____ ____ bc57 4a00 0e52 6567 4275 ______. Wj..regbu
000A49A0 7474 6F6E 436C 6963 6B______ _______ TTONCLICK_______
Now, before the name (Name), the magical number is written, there is a byte ('0e') indicates the length of "regbuttonclick" (14 characters). Moreover, there is an address: 004ABC57.
Some disassemblers will think that the file is too long, and it cannot be correctly disassembled - however, uses special tools, we can stop here, yes, stop in the part of our press button. These will make you discover a call (Call). Tracking, you will find a "Standard Stack Frame" at 44ec8:
0044ECC8 55 Push EBP0044EC9 8BEC MOV EBP, ESP This is a programmer written by the advanced routine. We have avoided a long string called the VCL library generated by the NOTIFICATION to come to the correct location. Here, you can easily test some calls with a way of setting breakpoints - you will find that they are used to display the dialog boxes that request the username and password. Then, the registration code is generated by the user name and the user's input. You can enter the username you selected, and anything as a registration code, after BPX to 44ed69, a call one routine is used to compare two strings. D Edx will display the registration code of your input (counterfeit), EAX will display the correct registration code, simple? Beginners can be completed in just 10 minutes, how to avoid being crackdown in similar programs? Read my skills. The most basic is not to generate a default method with a double-click button or an attribute monitor (Object Inspector.), Write code in other parts of the program, preferably in another template, then use the following code to associate with the button :
Regbutton.onclick: = regbuttonclick;
Of course, you need to execute this code when the form is established (before being called), it is best to be called by some unrelated routines. Of course, this is far from preventing your program from being cracked, but at least not as you just look like you. It is easy to come.
-------------------------------------------------- ------------------------------ About registration code (if you can't avoid it) -------- -------------------------------------------------- ---------------------- Sign in balance between safety, feasibility, programmability, and end users. Too long, the alphabetic registration code may cause a continuous input error. Consider the input confirmation domain (mostly the password), or provide at least one "unfixed" registration code input field so that the user can rewrite the registration code each time, perhaps the last correct input. Many people will only "look at" with the registration code entered by the comparison and the registration they receive in E-mail, they finally believe that they entered the correct registration code. But the font is too small or they are too lazy to note that "I" and "1" are exchanged (just like 'l83jjd_0) pH1lte'). According to the feedback of different users, the registration code input area must be unlimited to accept any length information. Don't let the crack people understand your registration code - If you take "Online-Verification" and display it has 10 characters long or only uppercase letters will give them help - don't do this! Calculate the number of potential users! There is no harder than such things: You limit the number of users at 9,999, you don't want to have 10,000 users, because so you must upgrade your registration code to meet this 1,000 users . If your registration code has 10 bits, there may be 10 ^ 10 registration code. However, your application may only allow 10 ^ 4 (10,000) users, you must take some algorithm to get 10 ^ 10 registration code per person 10 ^ 10 users. This protects the user and your application itself is subject to exhaust attack (just like a macro player using VXD). If there is only 10 ^ 4 users, and you define 10 ^ 9 legitimate registration code, then average 10 times per trial, there will be a "legal" registration code. However, in the case of only 10 ^ 4, the average will succeed every 10 ^ 6 times. Even use high-speed computers and extreme macro players (keys to simulate entered registration code), it is not possible to find the time spent in 10 ^ 6 to find the required registration code. From the user name to the registration code, it should not only have only simple operations. It must be universal and profile language (notes, Delphi still allow you to use compilation directly) ASM) code)! Then, check your operation, draw a flowchart, and understand how it works. To completely understand your own work, especially its shortcomings. There must be innovative awareness, don't use anything that looks simple, quickly, and effective, unless you believe in the relativism of Einstein. Your method is indeed simple, it is indeed rapid, but it is definitely not effective, it is indeed easily crack. I am very sorry, I am not a genius, and I have not found an effective protection program to maintain too long. Just some ideas :)