Software Cracker Challenge #2

U‹ìƒìDV3öjDE¼VPèKƒÄÇE¼Dh(Í@VVhY&@VVÿ

=

Sÿÿü5wþ0ÿõOü¯ÿÿÿÿüOÃÿÿáÿÿÿUXXÿ

^^^ that was my attempt at decypting something i know nothing about :) (dont laugh)

Okay, so nobody knows what a.a is, and nobody can decompile calc.exe, but what stops people from copying the program. As far as I can see your product only offers reverse engineering protection and not copy protection.

If you have got a 100% secure system, and are selling it as such I would suggest a)consult some lawyers - could be messy if you sell it to a big company and it gets hacked and b)flog it to Microsoft - They would pay many millions for perfect copy protection.

Now I'm not saying this is possible but couldn't someone run the program in a PC Emulation environment and trap the instructions processed by the CPU. Then you would end up with the decompiled machine code source. Would it then be possible to figure out exactly what is going on.

All this though would probably require a lot of time and expense - something many crackers who frequent this and other boards don't have, but which - if the stakes were high enough - I am sure the criminal and government bodies do have.

Firstly attached is all registry activity during the startup of calc.exe. In case anybody might find it useful.

Yash_Kumar The following is meant as constructive criticism. If this product really does as you say I will be one of the first to buy it.

1. A more appropriate test would be to let us have every thing that you plan to make available in the public domain. ie. Would we still not be able to crack it if we have the the software that applies the protection. Until this is made available it's pointless trying to crack the little prog you uploaded.

2. Can this thing be used to protect other types of files. It would be fantastic if I could use it to protect my database and other support files.

3. If you sell the product to me and tell me it is 100% crack proof I will believe you. What will you offer me if you are wrong and my product is subsequently hacked? Will you recompense me the value of lost sales? If not then why should I use your product above any other? What I am trying to say is, it is irrelevant how safe it is. What is important is how much faith (ie. your money) you will put behind the claim.

4. We might not be able to crack it today but what happens when Microsoft release MS CrackAll.net(tm) in a years time which allows anybody to easily crack all software encryption- would I be entitled to a refund if your product (currently applied to all my distrubuted software) is no longer safe.

5. Why does toast always land butter side down?

Okay so number five was a joke. But seriously my company would love to have a way of making sure no-one copied our software, but there just seems too many problems assocatied with the implementation. You can't prove your claims and I can't invest in a solution that has no proof of working.

I've been following this thread for a couple days. Very interesting and perplexing.

First, It sounds like it's working pretty well. I don't believe anything is crack-proof, but if it can stop the masses then it's pretty darn good. It sounds like this software does this.

But what does it protect exactly? I'm not clear on that? Does it get incorporated into my .exe? My data files? What exactly? And what does it protect against? Copying? Reverse compiling?

In other words, why should I use it?

For most of my apps, all I want to do is stop people from breaking into my database that I wrote the front end for. I consider my database design to be intellectual property and I only expose what I want my users to see. So they can get some of the databse design from the interface I create, but not all of it.

Also, I don't want them messing with the design, because if they do, they will break my app and then you know who's softare gets bashed. The user will never say "Oh... it doesn't work because I'm stupid and messed with things I wasn't supposed to." Instead they'll say "Your software sucks. It doesn't work."

So how does this security help me with that. Real world problem from real world developer :)

Quote:

---

Originally posted by cafeenman

But what does it protect exactly? I'm not clear on that? Does it get incorporated into my .exe? My data files? What exactly? And what does it protect against? Copying? Reverse compiling?

---

This question has been asked several times and never gets answered. It is the most important question for anyone seriously considering investing in this software.

Quote:

---

Originally posted by Muddy


This question has been asked several times and never gets answered. It is the most important question for anyone seriously considering investing in this software.

---

Yeah... like I said, I read all the posts, so I'm asking again. I think that's kind of important information, don't you? I mean what's the point of having uncrackable software if that's all it can do?

It would be like me getting hired and my job was being me. I mean that would be great for me, but I don't think it would be profitable for my employer to have me sit around at home in my undies eating doritos and posting in VB forums :)

OK, i should have explained it from the start. This product will be part of an anti piracy suite me and my company are building called LockX. We should have our website out in a couple of weeks. This suite will be for developers all around the world wo want to fight Internet Piracy. The suite basically allows developers to incorporate trial before u buy capabilities into their software. You could read the attached promotional document we have been sending around for some while. I would greatly appreciate if everyone read it and leave your comments especially on our prices.

I'm sorry!
and HOW does this benefit me?

And, you think this is uncrackable because you asked some vb'ers to crack it?
Did you try a cracking forum?

:confused:

NotKLH, read the attached document in my previous post. And we already have got it tested by many hacker groups as I have constantly been saying. Also forgot to answer Muddy's answer. SoftEncrypt was designed so that it could protect a software from being modified by crackers if it is trialware or shareware. Basically it just prevents the hacker from being able to debug the software and bypass the trialware system. This is required if you will be protecting your software with LockX Trialware EUV/DUV or DataLock

Quote:

---

Originally posted by Yash_Kumar
NotKLH, read the attached document in my previous post. And we already have got it tested by many hacker groups as I have constantly been saying. Also forgot to answer Muddy's answer. SoftEncrypt was designed so that it could protect a software from being modified by crackers if it is trialware or shareware. Basically it just prevents the hacker from being able to debug the software and bypass the trialware system. This is required if you will be protecting your software with LockX Trialware EUV/DUV or DataLock

---

I don't believe that this will be 100%, but if you make this one of the most difficult to defeat, then this is worth the price of admission:

Quote:

---

Single User Licensing: This serial key generation system is a unique system that 100% ensures that one serial number would only be able to unlock one software. If the same serial number is tried to unlock another copy of your software on another machine, it simply won’t run.

---

Does this apply to machines of the same brand and model number?

Also, I gather from your Word doc, that with your software, I can make my mdb just as hard to infiltrate.

Bottom line for me is:

1) I dont believe anything will ever be 100% secure
2) If you can deliver the features you describe, and are convincing that it is very hard to defeat your security then I would probably buy ... I will keep an eye on your web-site ... good luck

Muddy,

That document still has to be revised... still workin on that. Take it as 99%... all of you who end up reading it. I agree that nothing is 100% secure but I bet that no one will get into it for a long long time, after the promising results I've seen from many hacking groups. I will eventually be putting their comments up at our site when they are thru with their testing. But so far, no one has been able to crack it either on Pscode.com or over here at www.vbforums.com. However, I believe we have priced it very reasonably especially in comparision to bit arts. We are tagetting small time developers. If its not 100% secure, then i bet it will be the most secure available trial ware product on the net especially in comparision to VBOX. Our product is priced 100000 times lower than VBOX (used by Macromedia and Symantec) and is much more secure as to my understanding of how VBOX works. The new version of VBOX already has so many available cracks out there.

Quote:

---

First, It sounds like it's working pretty well. I don't believe anything is crack-proof, but if it can stop the masses then it's pretty darn good. It sounds like this software does this.

---

All it requires is the lone wolves to crack it and distribute the source code or a way around it, and the software is useless.

Let me say that out of the thousands of similar systems out there, I would speculate that the vast majority of them have been broken over time. I don't think there is a system out there that is 100% crack proof.

Quote:

---

Our product is priced 100000 times lower than VBOX (used by Macromedia and Symantec) and is much more secure as to my understanding of how VBOX works. The new version of VBOX already has so many available cracks out there.

---

If your system is better than VBOX than it is really going to take off. But you need to give it time and release the utils so that the cracker groups can get into it.

i dont know why i see so much skepticism. Look... i believe it is and it is. To prove it, as soon as our whole range of products are complete (in about 2 more weeks)... i'll be putting it all over the internet on all cracking posts to see what they are able to do. I'll wait for 2 weeks from then if they aren't able to crack it... then beats me why.. maybe they gave up so then I will be putting it up for sale. If you can't crack that doesn't mean that someone else can.. so far no one has. :D

btw, i have hired two hackers to thoroughly test my product. I'll be making public the comments of all such crackers and u could see for yourself what they say. Also... i will get it reviewd by independent companies and see what they say... i dont know why it is so hard in this world to prove u have a really good product... we have been working for 6 months on it w/o a break and if it doesn't sell we rather sell ourselves :mad:

And im still looking for some constructive cracker. Even if someone is able to crack our system, he wont be able to distribute a crack as everything is randomized... forgot?? they cant possible locate random sources w/o testing it on millions of computers. Also... softencrypt will totally remove the possibility of a cracker cracking our system by modifying a exe/dll/ocx...

what do u have to say to this and has anyone got thru it so far?

Well, I think your heart is in it and I respect that. Like I said, I don't think anything is crack proof, but from what I've seen here, it seems pretty secure. And like I was saying before, all I need is protection from the resident "computer gurus," not Department of Defense level security.

But I don't make trialware. I just don't want people breaking into my database. And the database password that Access provides can be broken in about 8 lines of code unfortunately.

cafeenman, we too have a product that stores sensitive data in a database. our database is haf a gig big. In mid May, we will be adding one more product to our LockX suite just for databases. It will 100% protect crackers from getting hold of your sensitive data. It basically works by semi encrypting the mdb file and then creating an intermediate driver to access the database. We are still working on this system and it has been assigned to another developer. The system will make sure u dont have to change any code but yet your data is totally secure from a hacker unless he is able to get through our tough encryption which i doubt. Wondering if this was what u wanted? I'm not going thru the details as of now as we have applied some very custom and unique ideas to it

I could use a product like this. I'm not huge enough to worry about anyone proliferating cracked versions of my software globally :D .

The kind of piracy that Id like to avoid is:

1) Buddy's sharing the same key. My typical user isnt sophisticated enough to crack anything, but would have no problem using someone elses key if he could.

2) Users breaking into my mdb with "good intentions".

Sounds like Yash's product claims to do just this at a reasonable price.

I will definitly keep my eye on it to see how things develop.

Yash,

Just curious. With your protection in place, could I install an app on a hard drive with a legit key, swap hardrives between 2 computers, install again with the same legit key, and have two working versions of the "protected" app on two different machines?

yep, our anti piracy system offers 2 types of licensing - Developer Licensing and Enterprice Licensing. A developer license will only work on one PC while an enterprise license will work on all computers within a company. I'm glad u show interest. Visit LockX.com within 2 to 3 weeks and u could find everything up there.

But Muddy, we spent 6 months to create an anti cracking system and thats what we are committed to whatever people say. It has been built upon hundreds of ideas from developers all around the world. We truly believe we will put up d uncrackable system.

One more thing we plan to do is add a watch group. Developers can register their product in our watch group. Every week we will browse the internet for cracks relating to any of the registered products. If we do find any, we work on a counter crack and update our products. All developers buying products from us will get life time free upgrades. So suppose someone does crack it within 2 months, within the next week of us knowing about the crack, we will have updated all our products with a counter crack. That is how we plan to support our customers.

coments....?

no muddy.. that would not be possible and we have already thought of that

Quote:

---

Originally posted by Yash_Kumar
no muddy.. that would not be possible and we have already thought of that

---

I think it is possible to protect against this. This type of piracy isnt possible with new versions of Microsoft products. From what I understand (which is very little) the program detects hardware changes and will kill access to the app under the scenario I described above (swapping drives).

You should consider implenting something like this. If not "protected apps" could be very easily pirated by Hard Drive Imaging software like Norton Ghost. This could be done by someone with almost no computer skills.

I meant that we already have thought of hard drive swapping and that wouldn;t work. LockX protects against that. It a user tries to do it, it will simply return to unregistered and give the user a certain amount of trial time. To register, he'd have to buy a serial number from u

But wont you're client have to recall and re-do all the previous versions that use the faulty version?

btw, we are still looking for a partner... and if anyone is intereted contact me. The reason why we need one is to cope with our increased advertising budget. Also, if anyone knows a good hacking group, please foward me their contact information.

no Conscript, only the LockX DLL will have to be replaced which could easily be done. You could like make sure it checks for an update every week or something or simply protect your newer versions with the newer DLL. The best thing to do would make sure your software cant be downloaded from anywhere else except your website. I forgot to mention, we have membership of trialware.org and are in regular contact with BSA.org so if we do find any website that supports piracy for the software registered in our watch group, we will force them to close one way or another... anyway.. these are always gonna be last steps and as always... prevention is better than cure

What kind of partner are you looking for? What would be the responsibilities involved?

so u didn't read that post of mine... we were looking for an investor or something... who is willing to spend $$$$ for $$$$$

Geez id like to invest in this but I could only invest like $70 lol
stupid allowance

OK, this is something I don't get. Let's say legitimate customer buys my software. Then his computer goes south or he buys a new one or whatever.

How much cussing is he going to do at me because he can't reinstall my software?

Quote:

---

Originally posted by Aerials
Geez id like to invest in this but I could only invest like $70 lol
stupid allowance

---

We can get together as a partner in partners. I'll pitch in my unemployment check.

VB Code:

Sub GetFunding
dim prtnr as Partner
 
On Error Goto ErrHandler
 
For Each prtnr In AntiCrack.Partners
   prtnr.Contribution = prtnr.Allowance
   If prtnr.Allowance is Null then
       prtnr.Payback = Zilch
   End If
Next prtnr
 
Exit Sub
 
ErrHandler:
Beat prtnr
Resume Next
 
End Sub

Same question Microsoft was faced with product activation.... if they solved it somehow, im sure it wont be a big problem for him to solve right? :)

Yeah... I bought XP Pro and reinstalled it twice. I needed an internet connection to register again, but it was pretty simple and painless.

LockX trialware comes with a License Transfer system. You can call a function that transfers the license to a floppy which returns the mother computer back to trial ware mode. Then u could use it unlock another computer with that floppy. This method ensures 100% that one license will smoothly be transfered to only one computer.

Actually we are looking for about $5K for a periof of 4 months so an investor would end up paying about $20K. I have already got some offers but they want 80% of our profits for one year while I'm only offering a max of 50% for a year. The money will be used for advertising so it wont be long before u start seeing ads. And if anyone is seriously interested in investing, u could contact me at [email protected]

Quote:

---

Originally posted by cafeenman
Yeah... I bought XP Pro and reinstalled it twice. I needed an internet connection to register again, but it was pretty simple and painless.

---

I think you can activate on two computers as many times as you want (The license allows one desktop and one laptop installation). If you have hardware change or a new computer then I think you have to call msft and explain why you need an activation on a 3rd box.

Not with LockX... that was our aim from the very start. Everything could be done without contacting your customer support. The user could register a license, transfer a license, etc without even having an internet connection. But then again, he would need to have an internet connection to get his serial number in the first place.

im still lookijng to get in touch with good hacking groups so if u know any, please foward their contact information to me.

Does anyone have a nice product or feature i could add to my range of software products? I'm looking to get that database protection scheme out soon but I don't really know if there is much of a market... what do u think?

And yeah... anyone got thru the protection so far?

If you could protect an mdb, that would be a big plus for me

Quote:

---

If you could protect an mdb, that would be a big plus for me

---

Isn't your database on your backend server?

Quote:

---

Originally posted by skald2k


Isn't your database on your backend server?

---

no, its not a "database application" per se

LockX is only for client side software

Quote:

---

no, its not a "database application" per se

---

Then why the need to secure it?

so that no one is able to steal the precious information inside it. Suppose you have made a phone directory that has the phone numbers for all the people living in the US. The last thing u would want was a hacker stealing that information from your database!

Quote:

---

so that no one is able to steal the precious information inside it. Suppose you have made a phone directory that has the phone numbers for all the people living in the US. The last thing u would want was a hacker stealing that information from your database!

---

Then wouldn't it be common sense and logical NOT to distribute the entire database along with the client side software in the first place? :rolleyes:

Quote:

---

Originally posted by Muddy


I think you can activate on two computers as many times as you want (The license allows one desktop and one laptop installation). If you have hardware change or a new computer then I think you have to call msft and explain why you need an activation on a 3rd box.

---

I read that license from top to bottom. Then I went to the MS website. My understanding is that you can put XP on one computer and one computer only. Maybe I misunderstood.

Quote:

---

Originally posted by cafeenman

I read that license from top to bottom. Then I went to the MS website. My understanding is that you can put XP on one computer and one computer only. Maybe I misunderstood.

---

I'm not sure which products give secondary use rights. This site has a doc that outlines it though (I cant view it as this box has a really old version of WOrd).

http://www.microsoft.com/licensing/r...s/volbrief.asp

(This link on that page):
Application Home and Portable Use Rights (Secondary Use Rights)

Quote:

---

Originally posted by skald2k


Then wouldn't it be common sense and logical NOT to distribute the entire database along with the client side software in the first place? :rolleyes:

---

There are tons of possible reasons to want to secure an mdb:
1) it stores applications that contain proprietary VBA code
2) client inputs sensitive data
3) just to keep client from snooping around and potentialy hosing a large amount of data that he will expect you to fix

Another reason why you would want to keep a database secure is prevent anyone from grabbing information that took u months to collect like suppose u make a dictionary or something. Now u wouldn't want anyone to get hold of that data in its raw form, would u?

By the way, which one of you is named Eric?

Quote:

---

Originally posted by cafeenman

I read that license from top to bottom. Then I went to the MS website. My understanding is that you can put XP on one computer and one computer only. Maybe I misunderstood.

---

I looked at the standard EULA for WXP and you are right ... one computer only it looks like.

The MSDN subscription allows 10 copies (one user)

The EULA for Office XP does give the right for a Desktop copy and a Laptop copy at the same time.

Is it possible to encrypt 1 half of a program in one encryption and then the other in a different kind?

Could it be that Calc.exe decrypts a.a which is a decrypter for part of Calc.exe and Calc.exe is actually the program?

(Thats a guess if you don't notice) :)

could be.... anyway.. guess you are still workin on it. I really think u should use some good debugging and cracking tools if u were to have any hope

Where am I supposed to get 20k
I dont even hava half a K lol

what do u mean ariel..?

For investing in your project

if anyone is seriously interested in investing, contact me and we could work something out.. you can invest as low as 200$ / month or as high as $3000 / month. Accordingly you'll get a certain % of our turn over monthly. We need at least $3000/month to get started off. So if some decides to invest say $600 /month with us, he will get 20% of 50% of the monthly turn over. If you decide to invest $3000 /month, you will get 50% of our profit.

In simple terms, we need $3000 / month to keep the project running. Therefore, a single or group of investors could invest. We will continue to except investments till we reach our target $3000 / month. Now your percentage of the profit will be determined by how much of a share u paid. The maximum anyone can get is 50% of our profits. And if someone does invest 3000$ / month then he has purchased 100% of the share and will thus receive 50% of our monthly turn over. Now if someone goes for a lesser amount, say 200$ / month, he will get 200/3000 * 100 of 50 % of our turn over which is equal to 15% of 50% of our profits.

The $3000 /month is needed to maintain our advertising campaign. If you are seriously interested in purchasing a certain % of our profit, contact me at [email protected] and i could give u details such as profit outlook, etc.

by the way, we should finish our database protection system within 2 more weeks. The system is very unique and would allow you to 100% protect your data from a jealous user who wants to steal it. The key advantage of this system is that you dont have to change any source code and works on a unique partial encryption system which will really amaze u.

And yeah... dumb question... anyone able to get through the original exe yet? Soon i will be putting up a complete trial ware software so you could try cracking. The unique thing about SoftEncrypt (our PE Encryptor) is that it can also encrypt dlls and ocxs.

Quote:

---

Originally posted by Arc

Ohh and BTW:D I will be glad when it is cracked(and it will be). You seem way too cocky:D

---

He's not cocky... he exudes confidence (overly so) :)

My guess would be that the first people to crack this encryption would be Microsoft, so they could copy it. If anyone can do it they can.

Quote:

---

Originally posted by Slaine
My guess would be that the first people to crack this encryption would be Microsoft, so they could copy it. If anyone can do it they can.

---

If that's the case, I'm sure it will improved and closely guarded.

Wait! I mean more features, additional bugs AND then closely guarded.

Quote:

---

Originally posted by Arc
Let me ask you this. Even if your Software is really good at doing what it's supposed to. How much performance does the user have to give up? It seems to me that if the exe is encrypted and is having to be read and decrypted that this could cuase a program to be very slow. Especially one that requires alot of processing like Big DB applications.

---

The newer version is 10 times faster. It executed immediately. You can download this version and test it for yourself. We are still working on the Windows 9x problem

If someone built a program and compiled it to a .exe and then used your software to encrypt it, couldn't they then compare the two in a Hex editor and find out easier how it is encrypted?