ok guys need some answers: protection & preventations

[ladoo]

topic is releated to protection of programme and prevent

to be honest and not lie , i have got many friends that has different abilities to do what i want that is break softwares, hack , crack,etc, during the time since 1998- and now they are able to break any software using olly-debug and its because the security the software has is small and not tuff it, the software now days or from before only requires a serial key once entered u can break the tool apart make patch and run it without the key .


now i was thinking about some ideas i have and need your suggestions.
these are my ideas

1: adding a winsock control on the main application ,to connect to server

2: let them crack it even if they got ligit serial , it dont matter

3: software will need to get internet access in able to use it , also the winsock has to connect to server and validate the ip , no serial is needed in that case ip will do it , and if the internet isnt connected or server is unreachable kill the application, if ether connection is blocked from firewall then kill application again.


so i wont to know from you guys will that be a success ? can this be bypassed ? what mean by bypass is can undernourished users tamp and use the tool i need your advise

[Nightwalker83]

Well, even if you put all that protecting in place some people will still be able to crack your application.

[ladoo]

yes crack but if internet connection is closed and also if that tool dont make connection with server then application will force close, what do u say about that can that be bypassed

[si_the_geek]

Yes it can - that is basically the same as bypassing serials etc.

As for IP's, many people will have a different IP address each time they reboot their computer.


There is nothing you can do to make your program completely safe... you can only reduce the amount of people who can break it (but if one can do it, they pass the broken version on), and increase the effort needed for them to break it (which will discourage people who don't have a 'reason' to break it, but your friends do).

All of the things you can do will take lots of time, probably less than those who will break it - so is it worth the effort?

[ladoo]

they say pcode is harder to break and process is longer then breaking an exe that wasnt compiled in pcode, to keep hackers away if memory hack is detected system restart force

[DataMiser]

There are lots of things you can do to protect your program but there is no such thing as a hack proof program and unless you are writing something that is going to be sold to lots of customers and potentially make lots of money off then it is not worthwhile to do anything more than a basic protection. It is easy to make something where most users will not bother to try to get around it. It is impossible to make something where a determined hacker can't get around it.

[Max187Boucher]

Real hackers are able to get in army/goverment/microsoft pc or database, I don't think security will stop a real hacker. But why would a hacker want to hack your program? Are you building nuclear weapons or what?? Like others have said basic protection is ok but beyond that is useless. Look at programs like autoCAD (expensive) or games (less expensive) both of them are cracked as soon as a hacker gets his hands on it. I would think they tried to implement sone kind of protection to it, don't you think? The answer is don't waste your time on security, unless you just want to learn then it's ok to waste a bit of time.

[ladoo]

lol i didnt say hacker i said cracker , i made 1 command button when i click it, a fart sounds comes out of my speakers


autocan , etc etc,,,,,,,,,,,,,,,,, all made by good programmer but 1 thing they failed on is security they are using online serial code authentication to verify the tool


i will walk u through how to crack but in simple way

this is how its done all programmes you mentioned Max187Boucher am not amazed because these are peace of cake for us,

ok let me explain how these autocad or $ 10000 worth tools get broken

just say Max187Boucher you purchase adobe photoshop3 from there site and now they give you the activation key , and now what i will do is ask Max187Boucher to give me that registration key and i will download a new copy of that adobe photoshop trial ,,, i will not input that key right away first thing i will do is open up ollydebug ,load up adobe photoshot.exe and press the play button
and now adobe photoshop.exe will run and ollydebug reads all values in memmory, this is when i input the activation key after i hit the ok button after i inserted the activation key , ollydebug will run to a specific code were the activation code gets triggered , from there you make a bybpass and create a patch.exe ................................................ and its free for all

so this is basic explaination how to crack even 2013 exe even anything that needs serial key

==========

same can be done with online authentication + serial
u just make the exe connect to localhost and tamper some file ,make new generaters to make new key and ur good


=========================

i wasnt talking about hackers i was talking about crackers

who will want to crack a programme if that programe will autoshut down there pc if internet is not detected + cant connect to server

i was a cracker before and now left cracking and moved to programming
i teached my friends how to crack for personal learning reasons and as he was learning and days and years went by they are super craackers now throw anything at them they will break it in 5 min

Max187Boucher
am not sure if you lot made a rat programme if so then it saves me from typing adios

[DataMiser]

cracking is type of hacking so hackers covers it all
It is against the forum rules to discuss how to do so.

So it you are worried that someone will crack your program there is one way to prevent it and that is do not use any protection that way there is nothing to crack and they will never be able to do it

[ladoo]

i dont get it ?

[Doogle]

i dont get it ?

It's called "The Brutal Application of Logic"

On a serious note, there is no 'Universal' solution. You have to consider the cost / benifit analysis of trying to protect whatever it is.

If it's going to cost you, say, £10,000 to provide 'adequate' protection and you're selling whatever it is for £100 then you're going to have to sell 100 copies to cover the cost of the protection alone. If you've done your Market Research and it looks as if you can sell 200 if you provide the protection, then your margin will be £10,000. If it looks like you can only sell 100 without the protection then your margin will be £10,000. So, in this case, 'doing nothing' would seem to be a better option as it's likely that you'll get the product to market sooner and you'll have to sell less copies to make the same margin.

The other option is to provide minimal protection (e.g. a Product Key) and make it so cheap that it's not worth the 'cracker's' time and effort to break into it.

The other way of looking at it is to consider that at least 95% of the population are honest and therefore at least 95%, of the copies of product out there and in use, will have been purchased legally, so you set your selling price to cover the 5% that are not.

[ladoo]

the tools i made , i have many people who wants it and yes over 100 copies will go just like that
this is why i opened this topic up, i will not make security for any progs that are freeware , i have made some tool that is just insane the things it can do etc i will not mention but yes its needed buy many people from around the world , dont ask how do i know many people want it from around the world i have my own forum running over k's of users and that is my reference ,, anyways i will not want to spend 1 penny , in u.s a sence what ever u call it there , for protection us as a programmer we can make the protection that is only if we put our head towards it , anything anyone does if u willing to make something it isnt impossible what is needed is idea's , and i am that person , i just needed answers thats all


doogle just say the programme is crackable what good is it if form visibility is set to false

also owner can remote control all these

[DataMiser]

Every type of protection can be "cracked" it is just a matter of how it is done, multiple protections are harder to crack than a single one but still doable. Bad code is harder to crack than good code due to the fact that it is harder to follow but no matter what you do if someone wants to get in bad enough they will.

You should also understand what Doogle meant in his example. It is not if you are going to sell 100 copies but if the amount of money that you are likely to loose in sales will exceed the amount of effort required to create whatever type of protection. Most people will not bother cracking a program.

Over the last 20 years I have had one protected program cracked. I sold just over 100 copies as shareware and then a crack appeared online. I thought it was funny that the crack included a note talking how hard the program was to crack but apparently the guy eventually found a place where he could make the program think it was registered by simply setting a boolean. That was my first attempt at protection and the only one that I am aware of being cracked. It was no big deal really it was a small game addon that I was selling for $5 a copy. Since then I have did many that went to honest customers that range in price from $500 to $50,000 and none have been cracked not so much due to the protection but because of the end users.

Anything game related, hack related or basically targeted to kids is much more likely to be cracked than a serious piece of business software.

[ladoo]

form visibility how do they crack that , how do they make it visible

[si_the_geek]

The easy way is similar to the kind of thing you described in post #8, and the more complex version isn't too much harder.


If that is the kind of level of security you are thinking of, I'm afraid you aren't going to slow down hackers much.

[DataMiser]

form visibility how do they crack that , how do they make it visible

It is just a boolean value all they need to do is find the spot to toggle it. Pretty easy if you know what to look for.

[jmsrickland]

I have never cracked an application simply because I never though it would be worth my time and effort to do so. Before I switched over to VB I was an assembly language programmer for many many years and I was very proficient at it. Knowing that regardless of the original language used to create the application it always winds up as a machine code exe module along with other attributes so wouldn't being able to crack an application is to start the app using some machine code debugger (assuming you know machine code), follow the execution steps one code at a time making note what each step is doing, maybe even translating each code step back into it's assembly instruction ( I think many debuggers do that anyway) and eventually re-create the original functionality of the original app in an assembly coded program? Maybe this is a bit too much to do (for most crackers, hackers, etc) when otherwise all you want is to find certain points in the code to modify in such a way as to allow the application to continue on as though it was a registered copy.

[ladoo]

The easy way is similar to the kind of thing you described in post #8, and the more complex version isn't too much harder.


If that is the kind of level of security you are thinking of, I'm afraid you aren't going to slow down hackers much.

hheheheh when it comes to protection i use all methods i can think of , because i added few simple question like form visibility etc that dont mean i will make simple protection , when it comes to building 1 i will make multi layer , i wish someone had knowledge here how to break i will send u my simple programme if u break it $1000 is yours via paypal


1: rename all forms to lady names or mens names baby names etc or rubbish names 2u12u31i2i etc
2: dirtiest trick off all but it will detect as virus + strongest to unpack, pack the code with many packers out there
3: set form visibilty false - admins turn it on and off via server

4:few layer serial code authentication

5:anti memmory , hex , most off all anti olly debug

olly is crackers best friend without olly no success ,google ollydebug or youtube check how they do it

6: p code your exe

if any attemps restart pc or remote infect them hahhahah nobody will want to play with it




datamiser they look for obvious form names , code names ,most of all again start and end points
scramble the code and they will have nightmares

[Joacim Andersson]

Moved to the General Developer forum.

Show a hidden window: Send WM_SHOWWINDOW.
Shutdown if not connected to Internet or IP address is wrong: Most people have DHCP and not a fixed IP, who wants to use an application that shuts down my computer just because I'm not connected to the Internet or because my ISP have given me a new IP address? Stupid idea.

This discussion is OK if you keep it at the level of how to protect your software, but not when it comes to discussing stupid cracker tools that are mainly used by people without any real knowledge about software design. What crackers don't realize is that people that sell software are fully aware of how easy it is to bypass a registration key process (but crackers think they are smarter than developers simply because they can bypass it, usually using tools they haven't created themselves, which just shows that they don't have the knowledge to create them themselves). What it comes down to is this: Cost of development. The questions you have to ask yourself when you protect your software are these:

• How many people out there exist who are dishonest and want to use this application without paying for it compared to the number of honest people that are willing to pay for useful software?
• If the dishonest group outweigh the honest group we need better security so what are the development costs to better our security?
• How much more must we charge for our application to implement better security and how many people are willing to pay that extra charge?
• Will we make more money (in other words, sell more copies of our software) if we don't spend that extra cash on higher security?

The answer to the last question is usually Yes. Go with the simplest solution that requires people to pay for the software after an initial trial period because we will sell most copies of the software to companies that aren't willing to sacrifice their reputation against their customers by using pirated software, even though we know that some kids will crack it and use it without paying for it.

So it makes most sense from a business point of view to simply accept the fact that it can be cracked. However some companies do use higher security with their software, AutoCAD for example (at least used to) requires a hardware dongle to be attached to the computer for it to work. The problem with this approach is that there first of all is a higher price tag associated with it but also that people might not buy it because it requires that the software is installed on the local computer which makes it harder to use in a virtual environment.

[Shaggy Hiker]

You might try not running your software on their computer, too. Suppose you put all the logic over on the server and only displayed the results on the user computer. Suppose they had to supply a username and password to login, but the login didn't happen on the local computer, only on the server. What do you have then? Well....pretty much a web app.