Back to the Protectionist's corner
homepage
links
anonymity
+ORC
students' essays
academy database
tools
Javascript wars
cocktails
antismut CGI-scripts
search_forms
mail_Fravia
Is reverse engineering legal?
Hi there... One of the best serial no. protections I have ever seen was possesed by a game called Stars! It wasn't hidden. It wasn't hard to find. It wasn't cunning. It was merely 8k long of arithmetical transforms, to drive anyone trying to crack it insane. It made a keygenerator almost impossible - I didn't like the game **that** much. I was able to brute force a serial through the checks, but it was very hard. A patch was useless, because it serial numbers were needed for multiplayer games. Some thoughts on key checking methods that are hard to reverse engineer: 1. The rcr/rcl trick: If a rcr/rcl is performed on a value, it becomes much more of a pain to crack - you can't reverse it with by negating it's effects without knowing what the value of the carry flag was before the original operation. If the carry flag is created as a result of some other pain in the neck operation, you are probably onto a winner. 2. Stick conditional jumps in. Everywhere. Conditional jumps are not fun to reverse engineer. I don't mean a loop, I mean jumps which conditionally bypass/include portions of your wonderful key manipulation code. I mean - there is no easy inverse operation to be performed here. 3. Use portions of the code as magic number tables. (preferably critical sections). You have no idea how annoying this can be, if you're like me and like to change things around using softice. 4. Play with the cracker's mind. This one is fun :-) Stick series of nops in, as though you were doing self-modifying code (oh my god! what the heck! nops? Aha! Self-modifying code! Idiot spends next three years trying to find the code that should be there.). Pepper the code with junk instructions. Cut the code up into little pieces and put them all over the executable, with (preferably conditional) jumps between them. - Anything which you would find a pain in the neck. 5. Detect softice. Early. (Thank you +RCG). Now crash the computer. You can crash a pentium or a pentium with MMX even without a vxd by the opcode: F0 0F C7 C8 (illegal form of cmpxchg8b instruction with lock prefix). Beyond that, we have to resort to the tried and true methods. Using a vxd, take the CPU out of protected mode. Windows doesn't like that. Wonder why? Just some thoughts :-) dph-man
homepage
links
anonymity
+ORC
students' essays
academy database
tools
Javascript wars
cocktails
antismut CGI-scripts
search_forms
mail_Fravia
Is reverse engineering legal?