Results 1 to 27 of 27

Thread: Copy Protection Ideas

  1. #1

    Thread Starter
    Hyperactive Member
    Join Date
    Nov 2018
    Posts
    315

    Copy Protection Ideas

    Hello,

    I'm looking for ideas as to how to implement a copy-protect scheme for a VB6 app.

    My only experience so far, is having to enter some multi-digit activation codes when I install
    new software (Microsoft software, tax software, etc).

    So I guess something like that??
    But I cannot even begin to think how this code would be used, as anyone can just send exe AND activation code to a friend for example.

    What am I missing here?

  2. #2
    Hyperactive Member
    Join Date
    Jul 2020
    Posts
    283

    Re: Copy Protection Ideas

    I don't remember anymore ..... One of the programs collected the IDs of the processor, sound and video cards during installation, and sent them to the developer's site. Based on this data, an activation code was generated, which was sent back.
    Something like this.

  3. #3
    Frenzied Member
    Join Date
    Dec 2014
    Posts
    1,493

    Re: Copy Protection Ideas

    best way is a online-registration procedure. that means u need a server.
    the user need internet connection to open the exe,
    if "new user", he will need to register it first, maybe a unique code that u give out. this code is only valid one time.
    if the registration passed, the server create a unique id and sends it back to the user, that stores it to his computer.
    this data, has the registration name, computer id, the unique code and maybe a couple of other "identifiers".

    when user open the exe, and the computer id and other identifiers are not correct, it will stop working.
    that means, u need to make sure to read information of windows and computer so that this data contains that information when the user register, so each time he start the program it will compare it.
    after that, the program makes a connection to the server using this "encrypted id" (that also changes each time u run the program, maybe a counter) that the server can decrypt and read.
    doing so, people can not hack the server by sending dummy data, as it will change each time, the server will "remember" the count as well, so if u send the encrypted id with a wrong count it will not work.

    of course, u need to have a memory protecting tool, so people can not scan, and encrypt the exe, using packers and other ways to protect your exe, so people can't de-compile it.

  4. #4
    Member
    Join Date
    Jan 2021
    Posts
    42

    Re: Copy Protection Ideas


  5. #5
    Lively Member
    Join Date
    Nov 2017
    Location
    South Australia ( SA )
    Posts
    65

    Re: Copy Protection Ideas

    G'Day MMS

    If you app. is expensive, then ppl will try to 'steal' it.

    Over the past 40 years we have proved that all of the above will not scale up.

    Your talking about giving them the key, right ???

    The only way to protect your software is not to give them the lock !!!

  6. #6
    Hyperactive Member Episcopal's Avatar
    Join Date
    Mar 2019
    Location
    Brazil
    Posts
    296

    Re: Copy Protection Ideas

    Quote Originally Posted by jg.sa View Post
    The only way to protect your software is not to give them the lock !!!
    I've seen software that doesn't block ..... but it doesn't print the reports, and still erases some files that are generated during data processing.

    Ever heard of hardware key?

  7. #7
    PowerPoster
    Join Date
    Feb 2012
    Location
    West Virginia
    Posts
    13,704

    Re: Copy Protection Ideas

    The company I used to work for used a hardware key for its major product for years before switching to a software key. The key was generated from an ID on the target system so it could not be easily used on any other system, of course there were ways to get around it if you wanted to put in the effort. Our customers weren't that sort and would rather pay than spend hours trying to get around the key.

  8. #8
    Frenzied Member
    Join Date
    Dec 2014
    Posts
    1,493

    Re: Copy Protection Ideas

    as Im doing games, I have "subscribed" members, every month I release a "patch" that contains goodies, that way the paying members gets exclusivity content.
    sure, the "patch" could get shared, but still nobody have done that.
    it is still continuous communication with the members. so I need to put an effort otherwise nobody cares.

    so, one way is: to pay gets me something in return like: support, exclusive content, ask for features, free updates, etc.
    instead of "one-time" cost, you create a subscription model, that u decide the price, could be $10/month or even less.

  9. #9
    PowerPoster Elroy's Avatar
    Join Date
    Jun 2014
    Location
    Near Nashville TN
    Posts
    6,715

    Re: Copy Protection Ideas

    My primary project is open-source, so I don't worry about such things.

    However, I've seen three ways of relatively strong copy protection.

    1) The use of a dongle/key to use the software. Vicon software is a good example of this. They're a purveyor of high-end motion-capture hardware and software. And, to use their software, a USB dongle must be plugged into the computer you're sitting at. Before USB, is was a serial port dongle.

    2) Fetch some unique hardware number (NIC card MAC address, hard drive serial number, etc), hash this number, tell it to the user, direct them to a server/website you have setup, have them give their name and this hash number, and combine that into a key that you give back to them. Obviously, you check some database of paid users and make sure their name is in it. This method has the advantage of only needing access to the server for the one-time (or annual, or whatever) registration. Also, the key provided is unique to the machine it's installed on. A downside is that you'll probably need an un-register process so they can install on new computers they may purchase, retiring the old ones.

    3) Just give them a key upon purchase, but require that they put their name into the software the first time they execute it. You must also keep a database of valid keys given to users, and these keys should have some kind of checksum (or something) that allows the software to validate that they're a good key. The first time they execute the software AND the computer they're on has web access, register this key and name via a server you have running on the web. If it's already registered under a different name, disable the software. On subsequent executions, if there's web access, just validate that it's a good key-name combination via your server. If it's not, disable the software. Downside to this approach is that they can disable web access (or maybe just access to your server) and the software will continue to execute. However, this day-and-age, the lack of web access is somewhat rare. Another downside is that you've got to keep your server up 24/7 to validate your software when people execute it (or, let it run if your server is down).

    And, with all of these, you've got to make decisions about how many "valid" installations you'll allow each user.

    But, in the end, we must recognize that nothing is absolutely foolproof. End the end, our programs are nothing but bits, and anyone with enough time on their hands can figure out how to toggle those bits to disable our copy protection, and that goes for all three of the above.
    Any software I post in these forums written by me is provided “AS IS” without warranty of any kind, expressed or implied, and permission is hereby granted, free of charge and without restriction, to any person obtaining a copy. Please understand that I’ve been programming since the mid-1970s and still have some of that code. My contemporary VB6 project is approaching 1,000 modules. In addition, I have a “VB6 random code folder” that is overflowing. I’ve been at this long enough to truly not know with absolute certainty from whence every single line of my code has come, with much of it coming from programmers under my employ who signed intellectual property transfers. I have not deliberately attempted to remove any licenses and/or attributions from any software. If someone finds that I have inadvertently done so, I sincerely apologize, and, upon notice and reasonable proof, will re-attach those licenses and/or attributions. To all, peace and happiness.

  10. #10
    Lively Member
    Join Date
    Nov 2017
    Location
    South Australia ( SA )
    Posts
    65

    Re: Copy Protection Ideas

    It is relatively easy to provide cracks for all software, even 1s that us hardware keys.

    You just need to find the branch in the code were it is determining if the hardware key is present and correct.

    Crackers cant hack code they are not provided with !!!

  11. #11
    Lively Member
    Join Date
    Feb 2015
    Posts
    84

    Re: Copy Protection Ideas

    Check out ActiveLock. Does exactly what you need. ActiveLock is written in VB and was a commercial product at one time, but has been free & open source for some time now. It is available on GitHub.

    Go here for more information:

    https://github.com/manojdjoshi/ACTIVELOCK

  12. #12

    Thread Starter
    Hyperactive Member
    Join Date
    Nov 2018
    Posts
    315

    Re: Copy Protection Ideas

    Thanks for all the suggestions.
    Some good ideas to consider.

    Elroy, I especially like your detailed explanation.
    I will have a go with your Method 2

    SomeYguy, I will have a look at ActiveLock, as I like to look at working examples.

  13. #13
    PowerPoster Elroy's Avatar
    Join Date
    Jun 2014
    Location
    Near Nashville TN
    Posts
    6,715

    Re: Copy Protection Ideas

    Quote Originally Posted by jg.sa View Post
    It is relatively easy to provide cracks for all software
    Personally, I wouldn't have said "relatively easy". I'm certainly not one to think through millions of uncommented disassembled lines of assembler code to try and figure out how to jump over the copy protection check. But, yeah, as stated earlier, nothing is absolutely foolproof.

    mms, that actually gives me another idea. You might want to consider doing some kind of checksum on each version of the compiled executable. Again, nothing is foolproof, but that does give you a moderate-level check to see if that executable has been tampered with (in addition to your actual copy protection method).
    Last edited by Elroy; Aug 20th, 2021 at 10:47 AM.
    Any software I post in these forums written by me is provided “AS IS” without warranty of any kind, expressed or implied, and permission is hereby granted, free of charge and without restriction, to any person obtaining a copy. Please understand that I’ve been programming since the mid-1970s and still have some of that code. My contemporary VB6 project is approaching 1,000 modules. In addition, I have a “VB6 random code folder” that is overflowing. I’ve been at this long enough to truly not know with absolute certainty from whence every single line of my code has come, with much of it coming from programmers under my employ who signed intellectual property transfers. I have not deliberately attempted to remove any licenses and/or attributions from any software. If someone finds that I have inadvertently done so, I sincerely apologize, and, upon notice and reasonable proof, will re-attach those licenses and/or attributions. To all, peace and happiness.

  14. #14
    Frenzied Member
    Join Date
    Dec 2014
    Posts
    1,493

    Re: Copy Protection Ideas

    that is why many uses subscription models nowadays.
    people and the dev(s) have a closer relationship, more communication, and investment and a feel of being part of something.
    but sure, if the program is just a utility that theres nothing more to say and add, the subscription will fail.

  15. #15
    Lively Member
    Join Date
    Nov 2017
    Location
    South Australia ( SA )
    Posts
    65

    Re: Copy Protection Ideas

    G'Day Elroy

    A copy protection sys. ( CPS ) takes many years to perfect


    Quote Originally Posted by Elroy View Post
    Personally, I wouldn't have said "relatively easy". I'm certainly not one to think through millions of uncommented disassembled lines of assembler code to try and figure out how to jump over the copy protection check. But, yeah, as stated earlier, nothing is absolutely foolproof.
    I wouldn't and have never done this as well, 99% of ppl. show a msg when the app. is 'not happy', you can find were the string is retrieved and work back from there !!!

    One way to stop this and this is what I do is to have the strings as ASC(chr()) or the reverse so the string is not in plain text

    My CPS triggers and then sets a trip wire for the user to walk, thru. at a later date so it might disable features, but not tell the end user. So they need to down load an updated ver. that does not have the 'bug'


    Quote Originally Posted by Elroy View Post
    mms, that actually gives me another idea. You might want to consider doing some kind of checksum on each version of the compiled executable. Again, nothing is foolproof, but that does give you a moderate-level check to see if that executable has been tampered with (in addition to your actual copy protection method).
    Now you are starting to think like a crackers, I write the chechsum to an .ini and into the .exe and if the .ini changes you know someone is trying to crack the app.

    Part of the setup process might be to create a setup.ini and that date and time can be used for a count down which can be written to another location and compared on image activation.

  16. #16
    PowerPoster
    Join Date
    Jun 2013
    Posts
    5,615

    Re: Copy Protection Ideas

    Quote Originally Posted by Elroy View Post
    You might want to consider doing some kind of checksum on each version of the compiled executable.
    That's what I've done in the Colibrico-Software (an SVG-Icon-Editor-Tool) -
    which was never cracked (to the best of my knowledge).

    In addition, the checksum-check is performed (also) from within a "dynamically added" (machine-ID + Exe-Hash encrypted, and WebServer-generated) VBScript-Text, which becomes only available after online-registration with the "machine-ID and user-mail".
    This Script also contains larger parts of the functionality (e.g. by addressing all Export-related, COM-Methods which the free trial doesn't have, only from within that VBScript).

    In the above I've simplified a bit - because there's quite a lot of "other back and forth" in multiple places -
    between the Executable and the dynamically loaded Script, so the whole thing cannot be "cracked" by just skipping over a single "if-condition".

    Olaf

  17. #17
    Fanatic Member
    Join Date
    Feb 2017
    Posts
    645

    Re: Copy Protection Ideas

    Best one I've seen -- but would require an interactive server for each logon -- is:
    A printed card with codes is issued to the user along with software.
    On this card is row column listing which has two numbers side by side.
    The first column is a key (sent by the server) and the second column is a user response number (entered by the user). At logon the server sends the user the key. The user then looks up that key number on the card and notes the User (response). number. That number is entered and
    sent to the server, which server compares it to the key/user table on the server. If they match, logon to the software is permitted.
    The cards (size of a credit card) I'm familiar with contain about 250 key and associated user numbers. Concept, I imagine, is based on the old WWII german enigma machine.
    Last edited by vb6forever; Aug 21st, 2021 at 02:27 PM.

  18. #18
    Lively Member
    Join Date
    Nov 2017
    Location
    South Australia ( SA )
    Posts
    65

    Re: Copy Protection Ideas

    So OP this means you have lots of work ahead and it really depends on the cost of your app

    No 1 is going to spend hours / days if the app is $19

    The easiest way is to add updates regularly


    G'Day Schmidt

    Quote Originally Posted by Schmidt View Post
    In addition, the checksum-check is performed (also) from within a "dynamically added" (machine-ID + Exe-Hash encrypted, and WebServer-generated) VBScript-Text, which becomes only available after online-registration with the "machine-ID and user-mail".
    This is what I have done as well, I have a scripting engine and email enabled all apps. as well as making it mandatory for most apps to "Phone Home" to a WAN Auth. server regularly. Laptops can be a bit of a pain but it is all good.

    With .gov.au and .gov.nz we have to provide a Auth server for their DCs. as they will not allow their data outside their realms.


    Quote Originally Posted by Schmidt View Post
    In the above I've simplified a bit - because there's quite a lot of "other back and forth" in multiple places -
    between the Executable and the dynamically loaded Script, so the whole thing cannot be "cracked" by just skipping over a single "if-condition".
    This is what I mean about not giving the lock, the crackers cannot step through code they do not have. I have even tokenized .dlls and stored them in text files.

  19. #19
    Hyperactive Member
    Join Date
    Jul 2002
    Posts
    419

    Re: Copy Protection Ideas

    Hello,

    All as said before all methods above will work.

    Some additional advice.

    Internally encrypt all strings related to program registration, hackers will look for these strings in the naively compiled exe

    Don't do anything on program start, hackers can easily step through these, do all program checking based on random times

    Do multiple layers, have at least two or more checks that happen at random times, this means if the hackers get the first layer, they will think they have success when they actually do not, because at some random time in future the other layers kick in.

    Also, get an code signing certificate, so that if exe gets modified certificate becomes void.

    good luck!
    Last edited by axisdj; Aug 22nd, 2021 at 10:37 AM.

  20. #20
    New Member
    Join Date
    Apr 2021
    Posts
    9

    Re: Copy Protection Ideas

    Quote Originally Posted by jg.sa View Post
    It is relatively easy to provide cracks for all software, even 1s that us hardware keys.

    You just need to find the branch in the code were it is determining if the hardware key is present and correct.

    Crackers cant hack code they are not provided with !!!
    I once wrote a copy protection system that used a unique key, and I suspected that it would be a simple matter to find the branch and switch it...so I linked the unique key to an encryption key and encrypted the plaintext everywhere within my app. Only a genuine key would decrypt that plaintext back to readable English.

    Can't say whether it worked or not, it was more a proof of concept than an actual protection system for my code...but you can't use an app you can't read.

    Sometimes you WANT your users to have the software, you can't just withhold it from everyone if you're trying to make money from the app!

  21. #21
    Hyperactive Member
    Join Date
    Aug 2020
    Posts
    447

    Re: Copy Protection Ideas

    Quote Originally Posted by Schmidt View Post
    That's what I've done in the Colibrico-Software (an SVG-Icon-Editor-Tool) -
    which was never cracked (to the best of my knowledge).

    In addition, the checksum-check is performed (also) from within a "dynamically added" (machine-ID + Exe-Hash encrypted, and WebServer-generated) VBScript-Text, which becomes only available after online-registration with the "machine-ID and user-mail".
    This Script also contains larger parts of the functionality (e.g. by addressing all Export-related, COM-Methods which the free trial doesn't have, only from within that VBScript).

    In the above I've simplified a bit - because there's quite a lot of "other back and forth" in multiple places -
    between the Executable and the dynamically loaded Script, so the whole thing cannot be "cracked" by just skipping over a single "if-condition".

    Olaf
    Say something off topic. Maybe you should find a professional website design expert to redesign your website homepage, otherwise, it's difficult for strangers to have the desire to click the "download" button.

    In addition, I found the following problems:
    (1) Click the "Download" button, the file is not downloaded. Finally, I downloaded the trial version by manually typing "www.Colibrico.de/download/Colibrico.zip".
    (2) The handwriting of the startup window is blurred (OS: Chinese Win10)
    (3) The installation process is very slow (I installed from a U-disk)

    In addition, although Colibrico's UI is based on the pixel-level Cairo-lib, Colibrico's UI does not seem to be as refined as the HTML-based VsCode. I don't know if RC6.Widgets can develop an UI similar to VSCode.
    Last edited by SearchingDataOnly; Aug 24th, 2021 at 05:21 AM.

  22. #22
    Hyperactive Member Episcopal's Avatar
    Join Date
    Mar 2019
    Location
    Brazil
    Posts
    296

    Re: Copy Protection Ideas

    Quote Originally Posted by axisdj View Post
    ,Also, get an code signing certificate, so that if exe gets modified certificate becomes void.
    Could be the CRC32 code ...

  23. #23
    Lively Member
    Join Date
    Aug 2013
    Posts
    126

    Re: Copy Protection Ideas

    Write an app that needs regular updating and support!

    On a tangent...
    A client's tech guy recently moved their server to a new machine.
    He made a disk image and gave the new server the same name and everything they used, including our software just worked.
    In the past our app always needed to be reinstalled in this scenario, I don't know the change is due to the software that
    makes the disk image or a change in Windows.

  24. #24
    PowerPoster
    Join Date
    Feb 2012
    Location
    West Virginia
    Posts
    13,704

    Re: Copy Protection Ideas

    Quote Originally Posted by jg.sa View Post

    I wouldn't and have never done this as well, 99% of ppl. show a msg when the app. is 'not happy', you can find were the string is retrieved and work back from there !!!
    I released a game back in the 90s that was cracked. The crack included a readme that commented that it was one of the hardest games to crack that he had encountered to date. I thought that was a bit funny given that it was my first attempt and locking down a piece of shareware. He managed to located the flag that set the registered status and override the check.

    My next piece of software that I locked down uses different methods and requires a key to work, within the key is an encrypted code that tell it how many ports it should use so bypassing or overriding the test will stop the program from asking for the code but will not allow it to function.

  25. #25

    Thread Starter
    Hyperactive Member
    Join Date
    Nov 2018
    Posts
    315

    Re: Copy Protection Ideas

    Thanks for all the replies.

    I've got something working, that I am happy enough with.
    I don't need a "bullet-proof" scheme, but just some sort of obstacle/deterrent to unauthorized copying.
    This I have I think.

    Going through all the hoops of creating some hashed authorization code, can a potential hacker still not search
    through the code looking for something like
    If Key <> someHashedNumber Then End
    and delete that line?
    (Obviously I over-simplified)
    Or perhaps I am still not fully understanding the concept correctly?

  26. #26
    PowerPoster
    Join Date
    Feb 2017
    Posts
    3,403

    Re: Copy Protection Ideas

    I wonder about the checksum approach, how to deal with the issue that the checksum itself will become part of the program changing the right checksum. (Because the checksum data itself needs to be computed in the checksum)

  27. #27
    Lively Member
    Join Date
    Jun 2016
    Posts
    99

    Re: Copy Protection Ideas

    Quote Originally Posted by mms_ View Post
    Thanks for all the replies.
    ....
    If Key <> someHashedNumber Then End
    and delete that line?
    ...
    ... I never bothered about copy protection much, but thought about it from time to time.

    I think it's important that you use keys not in your mentioned way (so the cracker may just localize and delete code).

    Better use a key to construct some vital program parameters, and be it just some program constants

    e.g. (air code)
    instead of FOR I = 1 TO 100 use FOR I = 1 TO key * SOMETHING / SOMEOTHERTHING

    and do that in various places, may be shift around the key to various variables in between, so if the key is wrong the program doesn't just quit but goes wild and a cracker would be hard pressed to figure that out!
    (..and hope you don't shoot in your foot by doing so)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width