Software Cracker Challenge #2

Quote:

---

Originally posted by imj75
Anybody tried to use DEpendancy Walker to see what (if any) else the exe uses?

---

In fact, I did, but it didn't make me much wiser. :)
DW says it uses a lot of API things. I only recognised a few: they were for creating registry keys and for creating proces.
Perhaps someone with more xperience of DW can check it out?

Too bad it doesn't work on Win98 yet. Now i can't try something else.

Umm Yash, i suggest you might want to go to a Hacker/Cracker forum if you really want to test your product. I seriously doubt you are going to attract the worlds best Crackers on a VB Forum...Lol.


You seem to act as though if no one on this forum can crack it it's uncrackable....that is a BIG mistake.:D

Infact, if someone on this forum can crack it, then it's very weak protection.

lol... dont worry... i've got a lot of hacking groups to try cracking it... so far haven't heard from them so i guess they are too embarassed to tell me they gave up.. lol

Anyway... i know this is common sense but why dont u look at the obvious facts... do u think windows would run an encrypted file??? i strongly recommend u should try debugging and hex editing all possible source files to see what its exactly doing.... good luck.

In case this hasn't been said before, you should get a version for win98 and 95. Not all the computers in the world have installed XP or 2K. Most of us are still in the stone age with 98, such as myself. So, it would be advisable, as well as "profitable" (can I use that term??) to make one. I'm sure you already know that.

OK: I've never cracked s/w by myself, that is, by using the methods being used by some of the members here. Can you suggest some software (or WHATEVER) so I can get a feel of how it works? (Anyone at all)

Thanks.

There was no reason to move this thread to chit chat.

HOW MANY TIMES HAVE I SAID THAT IT WILL ALSO WORK ON 9X. IM WORKING ON A FIX FOR THE CURRENT PROBLEM. ANYWAY ANY CLOSER TO A CRACK?

I never moved it to CHIT CHAT!!!! grrrr:mad: who did?/?

When i look at a.a in resources, under Version. When i click on
'1 [English (U.S.)]' the program im using stops responding. Any reason? is it somthing to do with encryption and my program not being able to read it?

yep.. its becuase of encryption... Windows gets confused as always and just hangs

Is there any other problems like that when you do this to your programs? or does it ONLY effect areas where crackers go to erm.. crack?

Why would an ordinary user access the a.a file... there are no side affects from encrypting it with my software. the output file will behave just like the original file. You simply cant access a.a because it isn't a normal exe.

btw, how did u like my software so far?

Well does the word 'the best' answer that question. If windows only hangs up when looking at things your not really suppose to look at then this is cooooooool!

btw, im only 15, so dont expect me to find anything out. Im just exploring things :)

I think your attitude about this isn't the best...
It takes time to crack something.. Just because nobody has found anything in an hour, doesn't mean you've succeeded.

If anything, *YOU* are the best cracker for your software. You know how your software works. You know the problems, bugs, and everything.

If you are really wanting to know how secure it is, the best way is to give the source to a hacker/cracker group that you trust.

They [probably] know more about how software works.. and understanding how your software works, will probably be able to tell you if it's secure, or not.

O yeah... im looking for 10 more BETA testers. We have already found 5 and need 10 more to make it 15. each of the BETA testers will have to test my software on their computer and in return you will get your name listed at our website (www.lockX.com... under development). Also, you will get a singe developer license (worth $99) to my LockX suite which would contain the following:

LockX Trialware EUV: ActiveX Control that allows you to create software with trial before u buy capabilities

LockX Trialware DUV: ActiveX control that allows you to create ActiveX controls with trial before u buy capabilities

DataLock: allows you to make custom security solutuions for your software

SoftEncrypt: which encrypts exe/dll/ocx. the same thing i challenged people to crack

If you are interested, contact me at [email protected] specifying what OS do u have and what experience do u have in cracking, if any

prosgiex, this software has been up for 2 days and not an hour. Many people have tried to crack it and so far, everyone has failed or are still trying. I did get it evaluated by a hacking group who exposed a crucial crack which we solved.... but i want to be absolutely sure before putting it up for sale as I would like to say 'our software is 100% secure'. I believe the only way to crack it right now is to crack the 64 bit encryption. I will probably change it to 128 bit encryption before putting it up for sale.

You are unpakking the program in the memory right ?

then you only need to dump the memory :)

(just have to find out where)

so you won`t have the beat a 64/128 bit algo

errr... how would one even view whats in the memory?

Numega Soft-ice (kernel debugger)

and many other :)

U‹ìƒìDV3öjDE¼VPèKƒÄÇE¼Dh(Í@VVhY&@VVÿ

=

Sÿÿü5wþ0ÿõOü¯ÿÿÿÿüOÃÿÿáÿÿÿUXXÿ

^^^ that was my attempt at decypting something i know nothing about :) (dont laugh)

Okay, so nobody knows what a.a is, and nobody can decompile calc.exe, but what stops people from copying the program. As far as I can see your product only offers reverse engineering protection and not copy protection.

If you have got a 100% secure system, and are selling it as such I would suggest a)consult some lawyers - could be messy if you sell it to a big company and it gets hacked and b)flog it to Microsoft - They would pay many millions for perfect copy protection.

Now I'm not saying this is possible but couldn't someone run the program in a PC Emulation environment and trap the instructions processed by the CPU. Then you would end up with the decompiled machine code source. Would it then be possible to figure out exactly what is going on.

All this though would probably require a lot of time and expense - something many crackers who frequent this and other boards don't have, but which - if the stakes were high enough - I am sure the criminal and government bodies do have.

Firstly attached is all registry activity during the startup of calc.exe. In case anybody might find it useful.

Yash_Kumar The following is meant as constructive criticism. If this product really does as you say I will be one of the first to buy it.

1. A more appropriate test would be to let us have every thing that you plan to make available in the public domain. ie. Would we still not be able to crack it if we have the the software that applies the protection. Until this is made available it's pointless trying to crack the little prog you uploaded.

2. Can this thing be used to protect other types of files. It would be fantastic if I could use it to protect my database and other support files.

3. If you sell the product to me and tell me it is 100% crack proof I will believe you. What will you offer me if you are wrong and my product is subsequently hacked? Will you recompense me the value of lost sales? If not then why should I use your product above any other? What I am trying to say is, it is irrelevant how safe it is. What is important is how much faith (ie. your money) you will put behind the claim.

4. We might not be able to crack it today but what happens when Microsoft release MS CrackAll.net(tm) in a years time which allows anybody to easily crack all software encryption- would I be entitled to a refund if your product (currently applied to all my distrubuted software) is no longer safe.

5. Why does toast always land butter side down?

Okay so number five was a joke. But seriously my company would love to have a way of making sure no-one copied our software, but there just seems too many problems assocatied with the implementation. You can't prove your claims and I can't invest in a solution that has no proof of working.

I've been following this thread for a couple days. Very interesting and perplexing.

First, It sounds like it's working pretty well. I don't believe anything is crack-proof, but if it can stop the masses then it's pretty darn good. It sounds like this software does this.

But what does it protect exactly? I'm not clear on that? Does it get incorporated into my .exe? My data files? What exactly? And what does it protect against? Copying? Reverse compiling?

In other words, why should I use it?

For most of my apps, all I want to do is stop people from breaking into my database that I wrote the front end for. I consider my database design to be intellectual property and I only expose what I want my users to see. So they can get some of the databse design from the interface I create, but not all of it.

Also, I don't want them messing with the design, because if they do, they will break my app and then you know who's softare gets bashed. The user will never say "Oh... it doesn't work because I'm stupid and messed with things I wasn't supposed to." Instead they'll say "Your software sucks. It doesn't work."

So how does this security help me with that. Real world problem from real world developer :)

Quote:

---

Originally posted by cafeenman

But what does it protect exactly? I'm not clear on that? Does it get incorporated into my .exe? My data files? What exactly? And what does it protect against? Copying? Reverse compiling?

---

This question has been asked several times and never gets answered. It is the most important question for anyone seriously considering investing in this software.

Quote:

---

Originally posted by Muddy


This question has been asked several times and never gets answered. It is the most important question for anyone seriously considering investing in this software.

---

Yeah... like I said, I read all the posts, so I'm asking again. I think that's kind of important information, don't you? I mean what's the point of having uncrackable software if that's all it can do?

It would be like me getting hired and my job was being me. I mean that would be great for me, but I don't think it would be profitable for my employer to have me sit around at home in my undies eating doritos and posting in VB forums :)

OK, i should have explained it from the start. This product will be part of an anti piracy suite me and my company are building called LockX. We should have our website out in a couple of weeks. This suite will be for developers all around the world wo want to fight Internet Piracy. The suite basically allows developers to incorporate trial before u buy capabilities into their software. You could read the attached promotional document we have been sending around for some while. I would greatly appreciate if everyone read it and leave your comments especially on our prices.

I'm sorry!
and HOW does this benefit me?

And, you think this is uncrackable because you asked some vb'ers to crack it?
Did you try a cracking forum?

:confused:

NotKLH, read the attached document in my previous post. And we already have got it tested by many hacker groups as I have constantly been saying. Also forgot to answer Muddy's answer. SoftEncrypt was designed so that it could protect a software from being modified by crackers if it is trialware or shareware. Basically it just prevents the hacker from being able to debug the software and bypass the trialware system. This is required if you will be protecting your software with LockX Trialware EUV/DUV or DataLock

Quote:

---

Originally posted by Yash_Kumar
NotKLH, read the attached document in my previous post. And we already have got it tested by many hacker groups as I have constantly been saying. Also forgot to answer Muddy's answer. SoftEncrypt was designed so that it could protect a software from being modified by crackers if it is trialware or shareware. Basically it just prevents the hacker from being able to debug the software and bypass the trialware system. This is required if you will be protecting your software with LockX Trialware EUV/DUV or DataLock

---

I don't believe that this will be 100%, but if you make this one of the most difficult to defeat, then this is worth the price of admission:

Quote:

---

Single User Licensing: This serial key generation system is a unique system that 100% ensures that one serial number would only be able to unlock one software. If the same serial number is tried to unlock another copy of your software on another machine, it simply won’t run.

---

Does this apply to machines of the same brand and model number?

Also, I gather from your Word doc, that with your software, I can make my mdb just as hard to infiltrate.

Bottom line for me is:

1) I dont believe anything will ever be 100% secure
2) If you can deliver the features you describe, and are convincing that it is very hard to defeat your security then I would probably buy ... I will keep an eye on your web-site ... good luck

Muddy,

That document still has to be revised... still workin on that. Take it as 99%... all of you who end up reading it. I agree that nothing is 100% secure but I bet that no one will get into it for a long long time, after the promising results I've seen from many hacking groups. I will eventually be putting their comments up at our site when they are thru with their testing. But so far, no one has been able to crack it either on Pscode.com or over here at www.vbforums.com. However, I believe we have priced it very reasonably especially in comparision to bit arts. We are tagetting small time developers. If its not 100% secure, then i bet it will be the most secure available trial ware product on the net especially in comparision to VBOX. Our product is priced 100000 times lower than VBOX (used by Macromedia and Symantec) and is much more secure as to my understanding of how VBOX works. The new version of VBOX already has so many available cracks out there.

Quote:

---

First, It sounds like it's working pretty well. I don't believe anything is crack-proof, but if it can stop the masses then it's pretty darn good. It sounds like this software does this.

---

All it requires is the lone wolves to crack it and distribute the source code or a way around it, and the software is useless.

Let me say that out of the thousands of similar systems out there, I would speculate that the vast majority of them have been broken over time. I don't think there is a system out there that is 100% crack proof.

Quote:

---

Our product is priced 100000 times lower than VBOX (used by Macromedia and Symantec) and is much more secure as to my understanding of how VBOX works. The new version of VBOX already has so many available cracks out there.

---

If your system is better than VBOX than it is really going to take off. But you need to give it time and release the utils so that the cracker groups can get into it.

i dont know why i see so much skepticism. Look... i believe it is and it is. To prove it, as soon as our whole range of products are complete (in about 2 more weeks)... i'll be putting it all over the internet on all cracking posts to see what they are able to do. I'll wait for 2 weeks from then if they aren't able to crack it... then beats me why.. maybe they gave up so then I will be putting it up for sale. If you can't crack that doesn't mean that someone else can.. so far no one has. :D

btw, i have hired two hackers to thoroughly test my product. I'll be making public the comments of all such crackers and u could see for yourself what they say. Also... i will get it reviewd by independent companies and see what they say... i dont know why it is so hard in this world to prove u have a really good product... we have been working for 6 months on it w/o a break and if it doesn't sell we rather sell ourselves :mad:

And im still looking for some constructive cracker. Even if someone is able to crack our system, he wont be able to distribute a crack as everything is randomized... forgot?? they cant possible locate random sources w/o testing it on millions of computers. Also... softencrypt will totally remove the possibility of a cracker cracking our system by modifying a exe/dll/ocx...

what do u have to say to this and has anyone got thru it so far?

Well, I think your heart is in it and I respect that. Like I said, I don't think anything is crack proof, but from what I've seen here, it seems pretty secure. And like I was saying before, all I need is protection from the resident "computer gurus," not Department of Defense level security.

But I don't make trialware. I just don't want people breaking into my database. And the database password that Access provides can be broken in about 8 lines of code unfortunately.

cafeenman, we too have a product that stores sensitive data in a database. our database is haf a gig big. In mid May, we will be adding one more product to our LockX suite just for databases. It will 100% protect crackers from getting hold of your sensitive data. It basically works by semi encrypting the mdb file and then creating an intermediate driver to access the database. We are still working on this system and it has been assigned to another developer. The system will make sure u dont have to change any code but yet your data is totally secure from a hacker unless he is able to get through our tough encryption which i doubt. Wondering if this was what u wanted? I'm not going thru the details as of now as we have applied some very custom and unique ideas to it

I could use a product like this. I'm not huge enough to worry about anyone proliferating cracked versions of my software globally :D .

The kind of piracy that Id like to avoid is:

1) Buddy's sharing the same key. My typical user isnt sophisticated enough to crack anything, but would have no problem using someone elses key if he could.

2) Users breaking into my mdb with "good intentions".

Sounds like Yash's product claims to do just this at a reasonable price.

I will definitly keep my eye on it to see how things develop.

Yash,

Just curious. With your protection in place, could I install an app on a hard drive with a legit key, swap hardrives between 2 computers, install again with the same legit key, and have two working versions of the "protected" app on two different machines?

yep, our anti piracy system offers 2 types of licensing - Developer Licensing and Enterprice Licensing. A developer license will only work on one PC while an enterprise license will work on all computers within a company. I'm glad u show interest. Visit LockX.com within 2 to 3 weeks and u could find everything up there.

But Muddy, we spent 6 months to create an anti cracking system and thats what we are committed to whatever people say. It has been built upon hundreds of ideas from developers all around the world. We truly believe we will put up d uncrackable system.

One more thing we plan to do is add a watch group. Developers can register their product in our watch group. Every week we will browse the internet for cracks relating to any of the registered products. If we do find any, we work on a counter crack and update our products. All developers buying products from us will get life time free upgrades. So suppose someone does crack it within 2 months, within the next week of us knowing about the crack, we will have updated all our products with a counter crack. That is how we plan to support our customers.

coments....?

no muddy.. that would not be possible and we have already thought of that

Quote:

---

Originally posted by Yash_Kumar
no muddy.. that would not be possible and we have already thought of that

---

I think it is possible to protect against this. This type of piracy isnt possible with new versions of Microsoft products. From what I understand (which is very little) the program detects hardware changes and will kill access to the app under the scenario I described above (swapping drives).

You should consider implenting something like this. If not "protected apps" could be very easily pirated by Hard Drive Imaging software like Norton Ghost. This could be done by someone with almost no computer skills.