The shareware programmer corner
Updated July 1998
This section is now in part obsolete. Read, then go over
to the more recent
HOW TO PROTECT BETTER section.
Courtesy of Fravia's page
of reverse engineering
- Why your protections are terribly lame
- What you can do against it (The 14 protector's commandments)
- Other +HCU projects and useful Info for programmers and protectionists
('Most stupid protection' award)
('Bogus commercial protections'serie)
('Our protection' section)
- A selection of interesting essays for protectionists
- A final message of hope
Why your protections are so lame
Dear protectionists, you better understand immediately a great and simple truth:
the real reason your protections are so lame, is that you don't know how to
crack; worse: many among you don't even know how to program in assembly. This
makes it very easy to defeat your 'high language' protections for people that
don't have your source code, yet know perfectly what any single hexadecimal byte means
inside your code.
You'll learn on my site enough to protect MUCH better your software
(was about time) yet be aware that there is, for you too, no result without study and
without knowledge. It takes a lot of time and of study to be a good cracker and it takes
a lot of time and of study to be a good protector!
Yet the reward is inestimable!
Learning how to reverse engineer any software application will give you, protection
schemes apart, which are not so important after all, a POWER and a MIGHT over your
overbloated compilers that you have before never ever dreamed of. Believe it or not,
from this kind of study your applications will gain even more than your protections
The 14 protector's commandments
Q.: Listen Fravia+, I'm reading your messy site almost exclusively in order to PROTECT BETTER my software, and your whole cracking philosophy gives me the creeps... can't you just tell me what the hell I should do to protect better my applications AGAINST you bloody crackers?
A.: Yes, I can, here you are with:
Mark's famous 14 protector's commandments
1 Never use meaningful file or procedure names such as
IsValidSerialNum (duh.)
2 Don't warn the user right after a violation is made.
Wait later, maybe until the next day or two (crackers hate that).
3 Use checksums in DLL's and in the EXE. Have them check each other.
Not perfect but it just makes it harder to crack.
4 Pause a second or two after a password entry to make brute
force cracking unfeasible. Simple to do, but rarely done.
5 Self-heal your software. You know, error correction like modems
and hard drives use. The technology has been around for years,
and no one uses it on their software? The best thing about this
is that if the cracker used a decompiler, they may be looking at
a listing that is no longer valid.
6 Patch your own software. Change your code to call different
validation routines each time. Beat us at our own game.
7 Store serial numbers in unlikely places, like as a property
of a database field.
8 Store serial numbers in several places
9 Don't rely on the system date. Get the date of several files,
like SYSTEM.DAT, SYSTEM,DA0 and BOOTLOG.TXT and compare them to
the system date. Require that the time be greater than the last
run.
A Don't use literal strings that tell the user that their time is
expired. These are the first things to look for. Build strings
dynamically or use encryption.
B Flood the cracker with bogus calls and hard-coded strings. Decoys
are fun.
C Don't use a validation function. Every time you validate the user,
write your validation code inline with the current process. That
just makes more cracking for the cracker.
D When using hard-coded keys or passwords, make them look like program
code or function calls (i.e., "73AF" or "GetWindowText"). This
actually works very well and confuses some decompilers.
E Finally, never reveal your best protection secrets :-)
This said, Zen-crackers will easily defeat even the most clever
protection scheme, yet there is no reason of concern... you see, we examine protections of two sorts: protections that are UNUSUAL
and protections that must be removed in order to fully enjoy a VERY USEFUL
program. Sadly very few programs are really useful and very few protections
are indeed intelligent. Therefore you should not worry: your program is
probably NOT useful at all, and your protection is probably NOT clever...
nobody will ever attempt to crack it, you may sleep relaxed.
You want more anti-crackers tricks? Read (study) the essay by tibit:
Advanced protection schemes! (13 december 1997)
You want even more anti-crackers tricks? Read (study) the advices
by dph-man:
Some thoughts on key checking methods that are hard to reverse engineer
(20 January 1997)
Other projects and useful info
And look! Behold! There is much more for all you little protectionists on
this site! Enjoy some new sections and some special essays, and don't forget to
check (if you have passed the strainer, that is :-) the three "special" +HCU seminars about Object-Oriented cracking:9801 = DELPHI CRACKING,
9802 = MAIN *.DLL's "PASSWORD VERIFY" & "TIMECHECK" FUNCTIONS,
9803 = "INSTALLATION WIZARDS" CRACKING
You should not forget, moreover, to
check The Bogus commercial protection schemes serie (saving the gullible shareware programmers from commercial crooks) that has recently started and has an obvious interest for those among you that pay money in order to buy ready-made (and completely ridiculous) protection schemes! Hey, don't you see how the "evil" crackers help the poor shareware programmers?
NEW SECTION: "MOST STUPID PROTECTION" AWARDS
NEW ESSAYS: LESSONS FOR SHAREWARE PROGRAMMERS
NEW SECTION: OUR PROTECTIONS
NEW SECTION: Bogus commercial protection schemes
(Now with the last incredible 'dongle bashing' essay by Frog's Print:
End of the dongle old aera ~ Dongles bye bye (29 January 1998)
Some interesting essays for protectionists
Of course ALL software reversing essays are useful for
protectionists, but I have decided to publish here the ones that I reckon to be the MOST useful ones
for direct protection purposes... hoping that protectionists will learn and deliver
us something more
palatable than the usual, dull and boring "good_guy flag"
dinosaurier that still rule the earth :-(
Fooling Disassemblers (Protecting Applications Against Disassembly)
By Snatch, 07 December 1997
(The "non-conditional" conditional jump and other tricks)
Advanced protection schemes
By tibit, 13 December 1997
(How to defeat us crackers at our own game :-)
A couple of protection ideas
By dph-man, 20 January 1998
(Some thoughts on key checking methods that are hard to reverse engineer)
Cracked Metal, runtime dll creation
By Fallen, 04 February 1998
(Hotmetal's good runtime dll trick)
Cracking the ShareLock Protection System (SHRLK20.DLL)
By XaVaX, 11 February 1998
(Shareware protectors backwounded by demo vendors)
RealPlayer Plus 4.0: the "dummy code check" trick
By sPIRIT and HellRaiser, 12 February 1998
(a very interesting anti-crackers trick, if better implemented)
SOFTWrapper: wrapping galore
By HalVar+, 13 February 1998
(An encryptionless wrapper is a protectionless protection)
Decompiling
InstallShield scripts and guidelines for decompiler writers
By Zeezee, 04 March 1998
(An useful protector introduction to the world of Installshield decompiling)
Well, let's rationalize things a little... |
08 May 98 |
Marigold
| ~ |
marycri1.htm
|
Instant removing of CrypKey (together with a lock)
Unwrapping the wrapped
|
progcor
| ~ | fra_0116 |
21 May 98 |
Goth
| ~ |
sales1.htm
| SalesAgent
3.0: Rsagnt32.dll, TurnKey and Me
| progcor
| ~ | fra_0120 |
01 June 98 |
Q
| ~ |
q_tv0601.htm
| "Fixing" AIMS-Lab's VH-TV Program
| progcor
| ~ | fra_0125 |
15 July 98 |
Snooty
| ~ |
snooty2.htm
| Unprotecting unprotectors (AccessData's StopCopy failure)
| progcor
| ~ | fra_013A |
31 July 98 |
+Xoanon
| ~ |
xoano_27.htm
| Another readymade sotware protection (Intellisecure R2) dies
| progcor
| ~ | fra_0145 |
31 July 98 |
MisterE
| ~ |
monitor.htm
| Keyfiles: Monitor/RA v1.80 and the 'hidden protection' idea
| progcor
| ~ | fra_0146 |
31 July 98 |
Johnny+X
| ~ |
rcnewht.htm
| Cracking an encrypted dll scheme: Virtual Turntables 1.5
| progcor
| ~ | fra_0147 |
We have a very nice and full-fledged
"Most stupid protection" award section, wherein, like in the bogus serie, many apparently
strong protection schemes (some of them commercial, i.e. the poor
programmers have to pay *money* for them) are revealed as well for what they
are: pretty stupid and pretty easy to circumvene. Hey, don't you see how the "evil" crackers help the poor shareware programmers?
As it seems, all protection scheme that you are using to day are much TOO EASY, and we do not like this... no
challenge, no knowledge reward... since you do not seem able to
program them as it should be, we'll do it for you (that's pretty nice of
us, isn't it?
We will therefore further develop a special project section (that actually is a little
neglected):
our protections which has already started. +Rcg and +Sync (sync1@nospam.iname.com eliminate "nospam." before pasting :-) take care of it.
Here's what we'll do there: We'll publish OUR OWN (pretty tough) protection schemes
(coded
in assembler or C, of course :-) and anyone who cares will (try to) crack them (for each
scheme we'll give two weeks time) we'll then publish the "solution" *AND* the
source code!
You learn, we learn... you'll protect better (was about time) and
we'll crack better... Hey! That's human evolution at its best: from
ape to cracker!
You'll further find new essays with a special "important lesson for
shareware programmers" banner. Actually all essays on my site represent (of course)
lessons for shareware programmers, yet these specific essays will be
particularly important
for you, since they will not only "show" you, but "demonstrate" you once more the
weakness of some common and widespread protection
schemes and "tricks" (at times once more "commercial protections", i.e. you have
to *pay* for that crap).
We are trying to help you because we are well aware of the
fact that shareware programmers do
not have the money, nor the capacities, available for huge "industries"
of "overbloated
programmers" like Micro$oft... that's the reason we'll try to offer you
at least some crumbs from the might of Internet group working. We would like
to forge an "holy" alliance between crackers and shareware programmers
against Micro$oft... when the wolves howl, cats and dogs join forces.
A final message of hope
No, I lied.
Actually I don't believe that you'll ever 'join forces' with us, I believe strongly
that many of you will be so fascinated from our reverse engineering world that will
'change side' and start producing TOOLS that will help us in our half-lost yet glorious
struggle against Micro$oft's encompassing 'embrace' (and we need you "real" windoze
programmers -after having learned cracking and assembly- in order to get the "nice
looking" smart and mighty tools that we want... in fact most crackers are unfortunately
the 'other side' of your same coin, and would not
even touch visual basic 5 with a badger pole).
The usual problem: WE could not care less about the frilly-dizzy rattamazz
ASPECT of the applications
we use (I'm still using - february 1998- +ORC's psedit as my preferred
powerful hexeditor, and it's a DOS program :-) but the zombies and the slaves out
there have been so conditioned that we now need to produce 'alluring' tools just
to catch their attention and having they use POWERFUL programs... in order to
bring (at least some of) them on the clever side... in due time
they will learn, exactly as you did... So we need you at least as much as you need us. Life
on the web is funny, isn't it?
Beware: the help we offer may indeed be very
valuable for you, as your assiduous presence on my site testify, but that very help is
only a decoy!
Dear shareware programmers: the truth is that we need many more
'real' programmers on our side, and therefore we hope to persuade and proselytise you
(...yet not to brainwash you, therefore I better finish right here :-)
Our Protections
|
Our own tools
|
Students' essays
|
Packers & Unp
|
Dongles
|
homepage
links
+ORC
most recent essays
+HCU database
anonymity
counter measures
CGI antismut
cocktails
search_forms
javascript wars
AntiMicro$oft
mail_Fravia
Is reverse engineering legal?
(c) Fravia, 1995, 1996, 1997, 1998. All rights reserved