Results 1 to 11 of 11

Thread: Hack me, Hack me

  1. #1

    Thread Starter
    Frenzied Member
    Join Date
    Aug 2000
    Posts
    1,539

    Hack me, Hack me

    ok i am talking about software here u perverts..

    i am about to give my clients a app that i been working on for so long (done in vb)
    has there been successful ways of actually cracking the following..

    Each client that i give the app to will provide me with their hard driver serial number. i will take this serial number and compile a unique version of the app based on the serial number provided...
    is there a way that anyone knows that this can be cracked or resued by other people with different hard driver serial numbers?
    ..?

  2. #2
    Super Moderator si_the_geek's Avatar
    Join Date
    Jul 2002
    Location
    Bristol, UK
    Posts
    41,974
    for most people that would be enough to stop them.

    An experienced hacker will be able to get in without much trouble (same as any form of checking you do). All that needs to be done is to change the statement/function that checks the number so that it always returns true. The only way of making it hard for them is to do the check repeatedly (but not by calling the same piece of code - re-write it each time!).

    The important thing to consider is whether your program will be worth a hacker's time.

  3. #3
    Hyperactive Member
    Join Date
    Jul 2002
    Location
    Atlanta, GA
    Posts
    280
    Compile a unique EXE based on the serial number? Well, what exactly does it do? If you are simply putting the serial number as an unencrypted constant, you are in for trouble. If I were u, this is the approach i would use:

    1) have a constant that stores the HD Serial number encrypted with PKI (or any other double key encryption). Using this approach, only the decryption function would be kept in the EXE. The Encryption function would be with u

    2) Distribute the checking routine throughout the EXE. Create an unnecessary complex HDSerial checking routine for every procedure and make sure its well distributed.

    This should keep at least the kiddies out like saracen and Celest (jokin).... If you have something you really need to hide, you need to work at the assembly level testing your own code and editing it to make it more secure.
    OrdinaryGuy

  4. #4

    Thread Starter
    Frenzied Member
    Join Date
    Aug 2000
    Posts
    1,539
    ok thanks that does help a bit..
    i highly doubt my clients know enough about hackers and decryption etc..
    the program is going to be worth 300$/year subscription with approximately 10 clients to start..
    so i guess using a encrypted harddrive serial number is the way to go...

    anyone by any chance got code that does this.. encrpyt the serial number.. decrpyt.. check against the machines hard drive..


    i can whip this up.. but if its done why redo it?

    thanks everyone

  5. #5
    Fanatic Member Slaine's Avatar
    Join Date
    Jul 2002
    Posts
    641
    I can see one major problem with this method, no matter how much encryption you use.

    Where I work we have several machines that are all cloned - this means every one has the same Hard Drive serial number.

    This is common practice in companies with lots of PCs and means only one copy of your program would be needed to run on all the machines.
    Martin J Wallace (Slaine)

  6. #6

  7. #7
    Fanatic Member
    Join Date
    Jun 1999
    Location
    California, USA
    Posts
    662
    tried and probably true method... place a constant in your code that has something that stands out (i.e. "XXXXXXXX")

    have the program display the contents of that constant when some obscure condition is true (i.e. "/Show Serial" is present on the command line)

    next, locate the offset using a hex editor... (remember, vb encodes everything into unicode)

    write a program that can change the constant for each copy produced. keep track of who gets your program and the contents of the constant.

    place a clause in your license agreement that each copy of the program can be uniquely identified and if that copy is foud elsewhere (i.e. on Kazaa) the client will have severe legal problems.

  8. #8
    Addicted Member MasterBlaster's Avatar
    Join Date
    Jul 2002
    Location
    Seattle
    Posts
    196
    Last edited by MasterBlaster; Nov 21st, 2002 at 05:35 PM.

  9. #9

    Thread Starter
    Frenzied Member
    Join Date
    Aug 2000
    Posts
    1,539
    ya i know nics have unique mac addresses.. but i though hard drives did to...
    if i need to put a nic in the computer then i will

  10. #10
    Fanatic Member Slaine's Avatar
    Join Date
    Jul 2002
    Posts
    641
    Hard Drive numbers are far from unique.

    In fact here is a utility that lets you set it to whatever you wish.

    http://www.sysinternals.com/ntw2k/so...shtml#VolumeId
    Martin J Wallace (Slaine)

  11. #11
    Retired VBF Adm1nistrator plenderj's Avatar
    Join Date
    Jan 2001
    Location
    Dublin, Ireland
    Posts
    10,359
    The methods described above won't work properly in my opinon, basically because like si_the_geek said.
    It still boils down to one line in the code that's going to check if something is something else.

    So you always just say yes.




    An idea I've been toying with, is that one would perhaps pull a whole load of values from the computer.
    So HDD serial number and a whole load of other goodies.


    Those values are then sent to the developer somehow, and he or she compiles an app that uses those values to run the application.

    So instead of this :

    VB Code:
    1. For i = 0 To 99

    You would do this :

    VB Code:
    1. For i = 0 To CLng(HDDSN / 196)



    You could then extend that further to be required in lots of areas of code.
    That would then require a hacker to actually change your loops and pieces of code.
    If they didn't know what precisely was going on and what you as a developer were thinking when writing this piece of code, then they'd be ****ed...
    Microsoft MVP : Visual Developer - Visual Basic [2004-2005]

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width