>> fingerprint of your computer

kedaman:

I can't, but I do remember a quote as such....

"With God all things are possible."

...but we're not going to get into that one!

:D

Quote:

---

Whatever you do, there's always ways for a hacker to break
in and trust me I've been a hacker myself.

---

This is the first time I have read this post, I work for an Electronic company that has a software program customers use to replenish their stock of suppliers goods. Enough of boring you, basically, we use a 3rd party tool made in the US - can't think of the name at the moment. :(

It is IMPOSSIBLE to crack the code, this software takes the hard drive number on your pc and generates a 20 digit code from that. EVERY time the program is loaded, the HDD number is re-checked.

This hard drive number is written onto the drive when the drive is formatted, so if you wipe a hard drive & give it another code, you have to start all over again. I agree with 99.9999% of software, hackers can break, but there are exceptions. Use the hard drive number as this is impossible to break! ;)

Hesaidjoe:
Why not?
well maybe not, i'm bit too tired for that now :)
I'm sure though that theres nothing more impossible than possible.

Hi,
Just to give my experience about it...

I have made before installation processes that are virtually impossible to brake. How's that?, well i did use the serial
number from factory of the HD, yes, the one that doesn't change even with the format, but unfortunatly this only works
in old M$DO$ because the process to retrieve the serial number involves some interrupts or whatever that i don't really
get completly (the reason was explained using C examples, and i don't use C).

So, about using the serial number that it's stamped after each format in the HD, well i did one simple .com tiny
program using DEBUG.COM of about 20 bytes to change the HD's serial number and all i needed to know in advance is
the new serial number to stamp by myself, and the practical use for this?, Just to serialize the installation disks that
i used to install my programs.

Quote:

---

It is IMPOSSIBLE to crack the code, this software takes the hard drive number on your pc and generates a 20 digit code from that. EVERY time the program is loaded, the HDD number is re-checked.

---

If the method of protecting this program is based only in the HD's serial number then you just have to change the HD's
serial number in every computer that you want to install it and their protection scheme will be gone...for good?

If this is the case, i don't think that any of us will like this to happen to our apps....

Saludos...;)

Im sorry for you but a protection that is unhackable is IMPOSIBLE, i mean most small shareware wont be hacked and their author will be sooo happy cause they'll think it's unhackable, but that's just cause no hacker really care about it, i mean they have better things to do like hack Macromedia software ;)

ROFLMAO @ "No one mentioned the Windows OEM key."


sorry, that's just hysterical

or you could just use a dongle............

Alex_read said:

Quote:

---

Use the hard drive number as this is impossible to break!

---

impossible?..........no
worth it?..........not to try to backwards match a 168bit encrypted string

hmmm interesting,

Have you still got that .com program or could someone give me an inkling for how to get round this please?

Everything that can be built, can be broken.

When you disassemble an EXE file, it gives you the source of the file in assembly. Then for example if you wrote in your program something like: If SerialNum = GeneratedNum Then, then in the assembly code, you might see something like JE 98765432.
JE stands for "Jump if Equal", in hex: &H74&.
A cracker/hacker can get the offset of this jump and change it from 74 (JE) to 75 (JNE - Jump if Not Equal).

And that brings us to...
If you wrote something like:

Code:

---

If SN = Serial Then
    'Register the software
Else
    'Display an error message
End If

---

A hacker can change the file so it will be as if you wrote:

Code:

---

If SN <> Serial Then
    'Register the software
Else
    'Display an error message
End If

---

Which means that whatever serial the user enters will work, except the actual serial number :).

.
.
.

But on the other hand, there are a few things that CAN'T be cracked, like One-Time Pads or Hash Functions.

Well, when I was back on my Amiga4000 writing BBS doors for CNet Amiga, I had an encryption routine that used the HDD serial, the users name, and a bastardized morse code derived from the alphabet. It worked pretty good and was hard to break, but not impossible.

I found that using any keys that are pretty much dynamic are not the way to go. This does mean the windows product ID, the HDD serial#, etc. I'd use constants. The users name as sent in via the registration, the day the registration was recieved, the time it was recieved, the time and date stamp of the application when the main .exe is created on the HDD, and other minor factors such as software version set (version 5.00 - 5.99 or some such), internal application name, your company name, etc. ... Set up everything as Base36, convert it to decimal, add them together, and then convert back to base36. With VB, you may have to split up the code into sets of 3 or 4 digits as vb can't really handle the large numbers this generates.

zMUD uses a rather irritating protection scheme. After 90 days of use, your license number becomes invalid and you have to get a brand new one from a 3rd party server. Every 90 days. Unless that is changed, I might just try to get my money back on that purchase ;)

Stay away from any type of registration scheme that requires a connection to the internet. This will prove to be a hacker magnet. I, for one, get irritated when software decides to send/recieve info from the net without my permission, Imagine how many others will feel that way? even if your app requires you to be on the net, there is a chance that there could be a server for your particular application on a local lan that doesn't have a connection to the net ... what then? will your software cease to function? will it bring up DUN and start connecting? (yet another irritation) :)

Well, there's my 2 cents. have a good one.

In reply to everything said...

ALL OF THIS DOES NOT WORK. First of all, a HDD serial number can be changed, just re-write the bytes near the beginning of the partition, it is in plain text and is easy to modify with any sector read/write tool.

Second, no matter what happens, the logic of the protection really boils down to a simple ASM "JZ" or "JNZ" statement -- a basic "IF it passed, then act like it passed". Changing the one or two bytes in the code to say it always passes ("IF 1 = 1, then act like it passed") or reversing the test ("IF it didn't pass then act like it passed") totally screws any ideas that you have. So sure -- add a CRC-32 check to make sure the EXE is still the same, but then they modify that too...

So in conclusion, you should just have a simple serial number like MS does, and if it gets copied... you can't do much about it...

---------
or you can try to use the Intel P3 S/N if it is enabled, but don't ask me how you do that.

Hey guys, I know how to break programs, but if you encript or compress your exe file; then it would be very difficult to crack that program. If you don't believe me see the program Fusion on: http://www.bit-arts.com/ It's crackeable but it takes a long time. ;)

how do you decompile into assembly?