[RESOLVED] How Secure is EXE?

[q582gmzhi]

Hi,

I have written a small application.

One is standard vb6 programs, the other is the same program but with MSComms enabled to allow transmission to third party application.

The MSComms works if a boolean flag in the software is set to True.

I set the flag to False for the demo version it then stops the MSComm code working in the application but everythng else works fine.

How secure will this demo version be against someone being able to set flag back to true on the free demo version?

Thanks in advance

Daz.......

[noahssite]

Well any program is hackable, using programs people may download off the internet or a Hex Editor etc...

To improve the security of your program you can make the flag dependent on multiple other things.

For example the flag will only eqaul true if a registry key = 1 and another flag and integer eqauls a certain value, and etc...

So if you were to do what i am saying then you would have to make your program check constantly if the things it is dependent on or all eqaul to 1 / true...

Otherwise there are many ways to secure your application but there will always be a way to hack / manipulate it.

[q582gmzhi]

OK, thanks for the reply,

Would it be better before I make the exe for the demo version to also disable 'MS Comm Control 6.0' as well as setting the the flag to false?

Or could someone also get around this?

Thanks in advance.

Daz.......

[smUX]

Would it be better before I make the exe for the demo version to also disable 'MS Comm Control 6.0' as well as setting the the flag to false?

If possible, comment out all comm-related code for the demo so that when you compile it then no trace of the code is in the demo...if it's not there it can't be hacked to make it work :-)

If you plan to have updated demos (so if you make changes to the program, you want both the demo and full version to have the changes) you could probably write a small program to comment out the source code for you (and mark the lines you want commented out with something like 'commentout at the end of each line (so it wouldn't affect the full version when you compile it)

Of course, if that's too complicated, find another way :-P

[Joacim Andersson]

Instead of commenting code out, use a compiler directive instead.

Code:

#Const Demo = True
'then in some sub or function:
#If Not Demo Then
    'code
#End If

With the above approach the code within the #If block will not be compiled into your program if #Const Demo is set to True.

[akhileshbc]

It is not good enoug to comment out. Using vbdecompiler pro version, its possible to get almost all the codings.

[smUX]

Instead of commenting code out, use a compiler directive instead.

Code:

#Const Demo = True
'then in some sub or function:
#If Not Demo Then
    'code
#End If

With the above approach the code within the #If block will not be compiled into your program if #Const Demo is set to True.

Very useful to know, Joacim...not something I knew was available :-)

Question is, does it compile different based on the constant "Demo"? Or is there a way to change constant to false and make it work fully?

If it can be modified, then commenting out is the only 100% secure way of doing what I suggested and keeping it demo-only

It is not good enoug to comment out. Using vbdecompiler pro version, its possible to get almost all the codings.

Wrong. If something is commented out it doesn't get compiled as part of the code...if not compiled, it can't be decompiled, it doesn't exist anywhere except in the source as commented code.

[Joacim Andersson]

Question is, does it compile different based on the constant "Demo"? Or is there a way to change constant to false and make it work fully?

Yes that's the whole idea of using compiler directives. It only compile the code that matches the directive. It's just as if you had commented out the code, but it's much easier to use since you only need to change the directive value and recompile it.

[q582gmzhi]

OK, thanks for the advice.

I think I will use the compiler directive on the piece of code that send the data via MSComm.

Daz........

[akhileshbc]

Sorry, i was saying about the strings not comments.

[smUX]

Sorry, i was saying about the strings not comments.

I think you need to listen to your own signature next time, and "think think think"...the point was that code would be commented out to force the compiler to only compile important stuff for the demo rather than making it a hackable demo that could become a full version...

...academic now though, Joacim's posted the solution and the poster's neglected to mark it resolved...well, that's just another person whose threads I won't reply to in future

[q582gmzhi]

I am trying to get the compiler to work at present.

Once I get it working I will mark as resolved.

Thanks again.

Daz....

[akhileshbc]

I think you need to listen to your own signature next time, and "think think think"...the point was that code would be commented out to force the compiler to only compile important stuff for the demo rather than making it a hackable demo that could become a full version...

For making my softwares hack-proof, I searched on google for the solutions. I found a software named VB Anti Crack. When I used it, I found that, it is removing all the strings in my program with some arrays or something like that(I don't remember what it is ). So, when I checked my software using the VBDecompiler Pro 5.0, before and after applying the Anti Crack, I found that, after applying tha anti crack and decompiling the program, we won't see the strings.(eg.: if we used msgbox "Hai", after applying it, it will be somthing like this: msgbox ch(56)....)
That's what I was saying about. Sorry for the misunderstanding. Again sorry for posting the above all posts.... Sorry.....

-Akhilesh

[smUX]

Akhil, I suggest you check the filesize before and after, because all it does is convert letters to numbers and that should result in a much larger filesize (although I don't know how the program works, so maybe not :-)), and worse still it wouldn't stop any *good* hacker who would just write a prog to convert the CH() into letters.

If you want to efficiently encrypt your strings, do it manually...write an encryption function and encrypt your strings and set it to decrypt at runtime. Whenever I write code that needs securing against hacking, I use my own custom encryption function

[akhileshbc]

Thanks 4 the info

[tatkosmurff]

hei, if your program is worth stealing, be sure that someone will steal it no matter how secure it is.
So the main point is to ensure, that the effort to break the
code is bigger than the value of the application.
A configuration file which is encrypted does the trick allmost allways, the hardcoded solution is a little bit better, but means that you have two versions of the application.