flat assembler
Message board for the users of flat assembler.

Index > Heap > simple yet elegant way to soft protect your software

Goto page 1, 2  Next
Author
Thread Post new topic Reply to topic
sleepsleep



Joined: 05 Oct 2006
Posts: 8902
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
well,
any simple yet elegant way to simply protect your written software?

no need 1 thousand line, preferably simple concept just to prevent it to simple to copy and paste.

one of the method in my country currently is, the software need to be "reactivate" each year. which is.. trouble some, but yet.. seems to be a usefull way... wat u guys think.
Post 01 Mar 2010, 20:38
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8902
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
soft md5("client pc name" + year) ?? ok ? next year find me again solution?
Post 01 Mar 2010, 20:41
View user's profile Send private message Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
I've never attempted this but I believe it should work. Use some digital signature scheme (one using pair of public and private keys), that way, constructing a keygen is somewhat infeasible (make sure the registration code is long enough to ensure infeasibility).

What I've said above is easily broken by just cracking the executable or just using a publicly disclosed key (if it is computer independent), but it is still simple as you requested Razz
Post 01 Mar 2010, 20:55
View user's profile Send private message Reply with quote
ManOfSteel



Joined: 02 Feb 2005
Posts: 1154
ManOfSteel
No. Neither simple, nor complex.
If you can access it, you can crack it and copy it. And if you add access barriers, you'll get bitten in the ass (cf. Sony DRM fiasco).
If it's made by a human, it can be destroyed by another. All it takes is time, patience and skill.

Reactivation is as stupid as the rest. Just remove or bypass the reactivation code like it's done for nags or CD/dongle checks.
Post 01 Mar 2010, 21:00
View user's profile Send private message Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8902
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
while, since the software is not yet worth of cracking / hacking, so no need to deploy 1 million dollar proctection scheme, just need something simple enough to make some IT guys give up. Very Happy

on slashdot lately, the game put the save function on online server... lol, so, if u wanna save, u got to online Wink then authenticate then only can save.
Post 01 Mar 2010, 21:44
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17279
Location: In your JS exploiting you and your system
revolution
Adding protection schemes is a sure way to inhibit the usefulness of your software. It is a good way to make users search for other programs that are unencumbered by DRM. It is a perfect way to encourage users to recommend to their friends to not use your software. If you are okay with all of these things then feel free to go ahead and spend many days developing and testing the protection system. But remember that it will only take a few minutes for someone else to break it.
Post 01 Mar 2010, 21:58
View user's profile Send private message Visit poster's website Reply with quote
sleepsleep



Joined: 05 Oct 2006
Posts: 8902
Location: ˛                             ⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣⁣Posts: 334455
sleepsleep
i thought we all need $$ to buy food? or ...
Post 01 Mar 2010, 22:07
View user's profile Send private message Reply with quote
ass0



Joined: 31 Dec 2008
Posts: 521
Location: ( . Y . )
ass0
sleepsleep wrote:
i thought we all need $$ to buy food? or ...


You can always find a full-time job in the gigolos market. =D

Anyhow, your argument is like those musicians that say that they need to sell their original discs so they can eat, but what they don't say is that working (sweating) in concerts does a lot of money too.

So there are many ways to make money and the most lazy is patenting/protecting 'intellectual property'.

_________________
Image
Nombre: Aquiles Castro.
Location2: about:robots
Post 01 Mar 2010, 23:51
View user's profile Send private message Reply with quote
roboman



Joined: 03 Dec 2006
Posts: 122
Location: USA
roboman
Only hand out the software on a cd. Mark the last sector of the cd as bad and put a key number there. Have the install program first look on the bad sector for the key before it will install the software. When the install program installs the software have it key the software to a cpu id or something in the bios. Later when the program tries to run if the stuff in the rom or bios doesn't match then the software isn't on the computer it was installed on, so don't let it run, Lots of cd copy programs don't copy bad sectors, so copies of the cd stand a reasonable chance of not working... not fool proof, but doesn't get in the way of legal users. You can't stop the real crackers, so don't get in the way of your legal users trying...

Just my two cents
Post 02 Mar 2010, 03:49
View user's profile Send private message Visit poster's website Reply with quote
cthug



Joined: 03 Apr 2009
Posts: 36
Location: /home/Australia
cthug
Quote:

Mark the last sector of the cd as bad and put a key number there.


Security through obscurity

You have to presume that an attacker knows EVERYTHING about your software system. You could place the public key there or something, but not the actual key.

_________________
"There are only two industries that refer to their customers as 'users'." Edward Tufte
Post 02 Mar 2010, 04:05
View user's profile Send private message Visit poster's website Reply with quote
ManOfSteel



Joined: 02 Feb 2005
Posts: 1154
ManOfSteel
You people really miss the idea. No matter what exotic protection scheme you come up with, all the cracker has to do is remove or bypass every jump or call to the checking routine and voilà!
Any protection can only work if users have no direct access to the software they're using, which is impossible with current computers unless you infect them with a rootkit like Sony did and which failed miserably.

I've seen many wonderful protection schemes that use encryption and obfuscation, and multiple calls to the checking routine, and different types of checks, getting cracked in no time. They weren't as wonderful when the cracker also wrote a tutorial on cracking it, hahaha!
Post 02 Mar 2010, 08:56
View user's profile Send private message Reply with quote
Borsuc



Joined: 29 Dec 2005
Posts: 2466
Location: Bucharest, Romania
Borsuc
You could "sell" your services and help other people having difficulties with your software, provided it's complicated enough to be worth anyway -- most "simple apps" that are shareware these days are complete scams, in the sense that there's always a better free or open-source app alternative. Razz

_________________
Previously known as The_Grey_Beast
Post 02 Mar 2010, 13:51
View user's profile Send private message Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3170
Location: Denmark
f0dder
sleepsleep wrote:
on slashdot lately, the game put the save function on online server... lol, so, if u wanna save, u got to online Wink then authenticate then only can save.
Assassin's Creed 2?

You don't have to store savegames "in the cloud", they can be stored locally - people are spreading a bit of FUD there. The game does require you to be connected to the internet to play, even single-player, though... and apparently you'll get kicked out of the game (no save) if you lose your connection (for too long?).

ManOfSteel wrote:
You people really miss the idea. No matter what exotic protection scheme you come up with, all the cracker has to do is remove or bypass every jump or call to the checking routine and voilà!
Hm, "only". Do you have any idea how much effort is required for writing the tools to deal with today's protection schemes? The ones that are worth anything are not defeated with just a debugger and a disassembler. And even once a mostly-generic tool has been written, the cracking groups often miss embedded triggers or screw up something else.

Yes, "if it runs it can be cracked" is true, as it has always been. Just like it has also always been true that the real goal is to delay the availability of a pirated version, not entirely prevent it.

If you're writing a relatively small-niche piece of software, you can probably get away with a relatively simple scheme - just enough to "keep honest people honest".

_________________
Image - carpe noctem
Post 05 Mar 2010, 00:25
View user's profile Send private message Visit poster's website Reply with quote
zhak



Joined: 12 Apr 2005
Posts: 490
Location: Belarus
zhak
i think that companies lose money from crackers, but this losses are very small compared to what they get from customers. big companies will buy the software and get technical support. because they do money with this software and if smth. goes wrong - they know whom to blame. but i laugh on that home-grew companies which do shitty programs and ask loads of money for it... (take ZetaOS, for example. they tried to make money on this OS in the world where Win and Linux rule! hahaha and they screwed up! but HAIKU lives now. because its free and its driven by its fans)
and frequently that home-grew companies put some shitty protection which can by bypassed in half an hour... they wanna get money right now, so they forget everything else )) it's a matter of self-respect then to use cracked version of this proggie... or even better - find free analogue of it
Post 05 Mar 2010, 01:35
View user's profile Send private message Reply with quote
ManOfSteel



Joined: 02 Feb 2005
Posts: 1154
ManOfSteel
f0dder wrote:
Do you have any idea how much effort is required for writing the tools to deal with today's protection schemes

Are you talking about the protection schemes themselves? In that case, do you have any idea how much effort is required for writing AVs? The volume of allocated resources is not always a reliable indicator of quality or usefulness.

f0dder wrote:
the cracking groups often miss embedded triggers or screw up something else.

Hardly. You can find virtually anything on the Internet or the "black market" if you know where to look. It can be anything from illegal full copies with their original serial numbers, to full or demo versions with cracks and keygens. And most of them do work very well.
And no, I'm not talking about $25 utilities, nor Microsoft Windows or Office, or even Photoshop. I'm talking about highly-specialized professional software that cost anything between $1,000 and $10,000, such as CAD software, video editing software, multimedia-oriented visual programming environments, DAWs, samplers and their libraries, etc.

f0dder wrote:
Just like it has also always been true that the real goal is to delay the availability of a pirated version, not entirely prevent it.

Well, I've seen those software I mentioned above made available illegally a month or so after their official release. Leaking aside, it's barely slower than music albums and movies. Is that your idea of "delaying", because if doesn't sound like it's working too well.

f0dder wrote:
just enough to "keep honest people honest".

Niche or mass, if the software is worth copying/cracking (for fame or money), someone will do it.
"Honest" people will remain "honest" and those who can afford the software will still buy it even if it's available for free or for $3, or $10, or whatever. Others will get the pirated version.


Last edited by ManOfSteel on 05 Mar 2010, 15:09; edited 1 time in total
Post 05 Mar 2010, 14:46
View user's profile Send private message Reply with quote
Borsuc



Joined: 29 Dec 2005
Posts: 2466
Location: Bucharest, Romania
Borsuc
While the "delaying the crackers" is very much a true point, you must also take into account the amount of resources and time spent on researching and heavily-embedding your app into security routines.

Cubase 5, a heavily-protected dongle app, has been cracked in a year. 75% of the program's code is secured in one way or another. This took a lot of resources and research to accomplish, around 7 months. Was it worth it, in the end?

Crackers, on the other hand, usually need a lot of time, but very few resources.

_________________
Previously known as The_Grey_Beast
Post 05 Mar 2010, 15:08
View user's profile Send private message Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3170
Location: Denmark
f0dder
ManOfSteel wrote:
f0dder wrote:
Do you have any idea how much effort is required for writing the tools to deal with today's protection schemes

Are you talking about the protection schemes themselves? In that case, do you have any idea how much effort is required for writing AVs? The volume of allocated resources is not always a reliable indicator of quality or usefulness.
No, I'm talking about the tools for stripping the protection. It's nowhere near "just crack it" with the more interesting protections.

ManOfSteel wrote:
f0dder wrote:
the cracking groups often miss embedded triggers or screw up something else.

Hardly. You can find virtually anything on the Internet or the "black market" if you know where to look. It can be anything from illegal full copies with their original serial numbers, to full or demo versions with cracks and keygens. And most of them do work very well.
Look at the amount of RLSNAME-{CRACKFIX,PROPER}-GRPNAME and say that again Smile[/quote]

ManOfSteel wrote:
And no, I'm not talking about $25 utilities, nor Microsoft Windows or Office, or even Photoshop. I'm talking about highly-specialized professional software that cost anything between $1,000 and $10,000, such as CAD software, video editing software, multimedia-oriented visual programming environments, DAWs, samplers and their libraries, etc.
Yeah sure, most things are eventually cracked, and even some of the really hardcore protections are dealt with, including dongle protections where parts of the program run on the dongle. But how long did it take before a working cubase was rlz'ed? that is the point, time-to-(black)market.

ManOfSteel wrote:
f0dder wrote:
just enough to "keep honest people honest".

Niche or mass, if the software is worth copying/cracking (for fame or money), someone will do it.
"Honest" people will remain "honest" and those who can afford the software will still buy it even if it's available for free or for $3, or $10, or whatever. Others will get the pirated version.
There's still a lot of people around who don't know how to (or just won't, for whatever reasons) find cracked software on teh intarwebs - but wouldn't hesitate giving friends/family a copy if there was no protection at all... and there's probably more of these people than you think.

Then there's the group of people who are likely to grab a warezed version of the latest & greatest game, but will end up going to the store if they have to wait more than a couple of weeks after official release date; dunno how big this group is, but I have a feeling that it isn't inconsequential.

And lastly, you have the hardcore pirates that will either wait indefinitely for a pirate version, or who's not going to deal with your software at all. Those are obviously the men that you cannot reach.

_________________
Image - carpe noctem
Post 05 Mar 2010, 15:19
View user's profile Send private message Visit poster's website Reply with quote
Borsuc



Joined: 29 Dec 2005
Posts: 2466
Location: Bucharest, Romania
Borsuc
f0dder wrote:
But how long did it take before a working cubase was rlz'ed?
how long did it take and how many resources were used to implement the security in the first place?

That is the question, too. Wink

_________________
Previously known as The_Grey_Beast
Post 05 Mar 2010, 15:25
View user's profile Send private message Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3170
Location: Denmark
f0dder
Yes, that's a relevant point as well, Borsuc - and you need to compare that to what that has meant for it's sales... which is of course pretty much impossible to come up with reliable figures for Smile

I didn't think cubase protection was done in-house though?
Post 05 Mar 2010, 15:28
View user's profile Send private message Visit poster's website Reply with quote
ManOfSteel



Joined: 02 Feb 2005
Posts: 1154
ManOfSteel
f0dder wrote:
It's nowhere near "just crack it" with the more interesting protections.

I know that very well. It may take a lot of dedication, and hours of repeated breakpoint-setting, tracing, patching, finding out the compression/encryption algorithm, bypassing the anti-debugger protection, etc. But all these obstacles are removed one after the other, as really tough systems are extremely rare.
The whole thing is about security through obscurity, and with enough time (usually not that much), most tough systems are broken. As for the "generic" commercial protection software (the majority) it's even easier. When one of these is broken, it's literally thousands of commercial software that are striped of their protection.

f0dder wrote:
Look at the amount of RLSNAME-{CRACKFIX,PROPER}-GRPNAME and say that again

As I said: if you know where to look...

f0dder wrote:
But how long did it take before a working cubase was rlz'ed

I don't know what are Borsuc's "sources", and version 5.0 might have taken quite a lot of time to be pirated, but version 5.1 was released early December and pirated late December. How about FLS9 released late November and pirated early December? Or Live 8 released early April and pirated mid April?

f0dder wrote:
There's still a lot of people around who don't know how to (or just won't, for whatever reasons) find cracked software on teh intarwebs

Don't tell me they don't know how to buy an illegal copy on a CD from any barely-legal shop or local "warez dealer"!
I don't know about Denmark, but there are more places on Earth than you think, where perfectly legal shops offer illegal software for a few bucks and have never even bothered hiding it, thanks to very lax (or total lack of) anti-piracy legislation.


Last edited by ManOfSteel on 05 Mar 2010, 21:15; edited 1 time in total
Post 05 Mar 2010, 21:03
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page 1, 2  Next

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar.

Powered by rwasa.