Page 1 of 2 12 LastLast
Results 1 to 40 of 51

Thread: Anti Piracy Techniques Questions

  1. #1

    Thread Starter
    Addicted Member
    Join Date
    May 2008
    Posts
    159

    Anti Piracy Techniques Questions

    Hey guys,

    My developer and I are working to create a solution to
    help make it difficult for our software to be cracked.

    We know that what we can do won't stop the dedicated
    but if we place enough road blocks in their way they may
    just give up.

    I need some advice on some things and where to locate
    any help on the below situations. If you know how to accomplish
    these things please let me know where we can research
    this further.

    We want to use custom string encryption so that our strings
    can't be searched easily and bypassed. Where can I find more
    information on best type of string obfuscation / encryption?

    Also, we are looking at byte checks that will check to see if
    any bytes have changed. Can you recommend sample code
    or where to research that too?

    I was also going to use a new online activation method that
    doesn't use traditional name / serial number activation. Instead,
    you enter your email and transaction id, software checks activation
    server-side and sends back unique code to software which will
    either deactivate software or allow it to run licensed. This would
    be done at every launch rather than enter a serial and it's fully
    activated every time after.

    Any other ideas or techniques you use / recommend would be really appreciated.

    -Chris

  2. #2
    VB Addict Pradeep1210's Avatar
    Join Date
    Apr 2004
    Location
    Inside the CPU...
    Posts
    6,614

    Re: Anti Piracy Techniques Questions

    If you put too many checks, legitimate users may start running away. If you put too less, then you risk getting it cracked. It depends on how important your software is and who are your target customers, and on what scale your software is selling. If you have just a small group of customers, then putting too many checks is just a waste of time, as it is a rare chance that someone would try dirtying their hands into it.
    Anyways those were my views.
    This topic has been discussed many times in this forum. So searching with appropriate keywords shoud reveal many threads.
    Pradeep, Microsoft MVP (Visual Basic)
    Please appreciate posts that have helped you by clicking icon on the left of the post.
    "A problem well stated is a problem half solved." — Charles F. Kettering

    Read articles on My Blog101 LINQ SamplesJSON ValidatorXML Schema Validator"How Do I" videos on MSDNVB.NET and C# ComparisonGood Coding PracticesVBForums Reputation SaverString EnumSuper Simple Tetris Game


    (2010-2013)
    NB: I do not answer coding questions via PM. If you want my help, then make a post and PM me it's link. If I can help, trust me I will...

  3. #3

    Thread Starter
    Addicted Member
    Join Date
    May 2008
    Posts
    159

    Re: Anti Piracy Techniques Questions

    Thanks Pradeep. My developer has over 10K members using his software but it's easily cracked and he's using WinLicense as well on top of it. Cracked usually in a matter of an hour or less.

    A friend of mine has another software using some of the above and theirs has yet to be cracked. I know they're using string encryption and the strings are not readable even in source, she's using something but I'm not sure what. That is what I'm looking at.

  4. #4
    VB-aholic & Lovin' It LaVolpe's Avatar
    Join Date
    Oct 2007
    Location
    Beside Waldo
    Posts
    19,541

    Re: Anti Piracy Techniques Questions

    Agreed with Pardeep2010.

    Regarding your following statement, especially the bolded part. I'd be a really mad customer if I cannot use an app I bought from you as stand-alone. What if my internet is down? I can't use the app because it failed to activate/validate. A really bad idea IMO.
    was also going to use a new online activation method that
    doesn't use traditional name / serial number activation. Instead,
    you enter your email and transaction id, software checks activation
    server-side and sends back unique code to software which will
    either deactivate software or allow it to run licensed. This would
    be done at every launch rather than enter a serial and it's fully
    activated every time after.
    Insomnia is just a byproduct of, "It can't be done"

    Classics Enthusiast? Here's my 1969 Mustang Mach I Fastback. Her sister '67 Coupe has been adopted

    Newbie? Novice? Bored? Spend a few minutes browsing the FAQ section of the forum.
    Read the HitchHiker's Guide to Getting Help on the Forums.
    Here is the list of TAGs you can use to format your posts
    Here are VB6 Help Files online


    {Alpha Image Control} {Memory Leak FAQ} {Unicode Open/Save Dialog} {Resource Image Viewer/Extractor}
    {VB and DPI Tutorial} {Manifest Creator} {UserControl Button Template} {stdPicture Render Usage}

  5. #5
    VB Addict Pradeep1210's Avatar
    Join Date
    Apr 2004
    Location
    Inside the CPU...
    Posts
    6,614

    Re: Anti Piracy Techniques Questions

    What language is your application developed in?
    Pradeep, Microsoft MVP (Visual Basic)
    Please appreciate posts that have helped you by clicking icon on the left of the post.
    "A problem well stated is a problem half solved." — Charles F. Kettering

    Read articles on My Blog101 LINQ SamplesJSON ValidatorXML Schema Validator"How Do I" videos on MSDNVB.NET and C# ComparisonGood Coding PracticesVBForums Reputation SaverString EnumSuper Simple Tetris Game


    (2010-2013)
    NB: I do not answer coding questions via PM. If you want my help, then make a post and PM me it's link. If I can help, trust me I will...

  6. #6

    Thread Starter
    Addicted Member
    Join Date
    May 2008
    Posts
    159

    Re: Anti Piracy Techniques Questions

    LaVolpe, in this niche it's customary to have that going
    on and it's a monthly subscription software so we're not
    worried about anyone complaining because they they can't
    use the software without paying monthly for it anyhow.

    If your internet is down the software is no good anyhow,
    it uses the internet to work regardless so no internet, no
    need for the software anyhow.

    -Chris

  7. #7
    PowerPoster
    Join Date
    May 2006
    Location
    Location, location!
    Posts
    2,673

    Re: Anti Piracy Techniques Questions

    Quote Originally Posted by Pradeep1210 View Post
    If you put too many checks, legitimate users may start running away.
    ONLY if those checks interfere with the normal running of the program. A well-written security check would happen in the background and no-one would even know it is there :-)
    Well, everyone else has been doing it :-)
    Loading a file into memory QUICKLY - Using SendKeys - HyperLabel - A highly customisable label replacement - Using resource files/DLLs with VB - Adding GZip to your projects
    Expect more to come in future
    If I have helped you, RATE ME! :-)

    I love helping noobs with their VB problems (probably because, as an amateur programmer, I am only slightly better at VB than them :-)) but if you SERIOUSLY want to get help for free from a community such as VBForums, you have to first have a grounding (basic knowledge) in VB6, otherwise you're way too much work to help...You've got to give a little if you want to get help from us, in other words!

    And we DON'T do your homework. If your tutor doesn't teach you enough to help you make the project without his or her help, FIND A BETTER TUTOR or try reading books on programming! We are happy to help with minor things regarding the project, but you have to understand the rest of it if you want our help to be useful.

  8. #8

    Thread Starter
    Addicted Member
    Join Date
    May 2008
    Posts
    159

    Re: Anti Piracy Techniques Questions

    VB6 but we'd like to port to vb.net soon.

  9. #9
    VB-aholic & Lovin' It LaVolpe's Avatar
    Join Date
    Oct 2007
    Location
    Beside Waldo
    Posts
    19,541

    Re: Anti Piracy Techniques Questions

    Some simple obfuscation for strings. Encryption of the array is a plus.

    One bad thing about strings. Once you use literals, i.e., "Password" in your code, those strings are easily found simply by opening the exe in NotePad or WordPad. I've read from others that using String functions is another way hackers can find them rather easily. The hackers know those function's entry offsets within the DLL and place stops in the code where they are used. Since the functions want pointers to the strings, identifying the strings is then relatively easy. So, you'd want to avoid using VB string functions too. Now we are getting into a mess.

    How to compare strings without using string functions? Easy, compare byte arrays and avoid those string functions. But never using a dim statement in your code where a variable is declared as String is going to be painful.
    Insomnia is just a byproduct of, "It can't be done"

    Classics Enthusiast? Here's my 1969 Mustang Mach I Fastback. Her sister '67 Coupe has been adopted

    Newbie? Novice? Bored? Spend a few minutes browsing the FAQ section of the forum.
    Read the HitchHiker's Guide to Getting Help on the Forums.
    Here is the list of TAGs you can use to format your posts
    Here are VB6 Help Files online


    {Alpha Image Control} {Memory Leak FAQ} {Unicode Open/Save Dialog} {Resource Image Viewer/Extractor}
    {VB and DPI Tutorial} {Manifest Creator} {UserControl Button Template} {stdPicture Render Usage}

  10. #10
    PowerPoster
    Join Date
    May 2006
    Location
    Location, location!
    Posts
    2,673

    Re: Anti Piracy Techniques Questions

    I don't have any proper expertise in the matter (I'm sure RhinoBull is nodding his head vigorously as he reads this :-P) but I've had a play about with control systems in my programs, and the method I used was to have important strings in the data encrypted and for a key to be required to decrypt it...the key itself would be different for everyone as the program then scrambles the key you input based on a value taken from the computer (hard drive name, computer name, that sort of thing) and the unscrambled key would be used to decrypt those important strings.

    As your program has to be online to be used though, perhaps a server/client auth system would be better, and the authentication data would be based on the above plus the current hour and date on the client's PC...the server then sends the right data for the client to use for that hour and an hour later it needs to reauth (or every minute, every day, it's entirely up to you :-))

    I am considering writing a bit of code which would encrypt and hard-wire the encryption key into the program and then compile the project so that everyone who gets a copy has a slightly different version with different methods, so if it did get out then I'd know who it was...one day I will do it, probably...one day!
    Well, everyone else has been doing it :-)
    Loading a file into memory QUICKLY - Using SendKeys - HyperLabel - A highly customisable label replacement - Using resource files/DLLs with VB - Adding GZip to your projects
    Expect more to come in future
    If I have helped you, RATE ME! :-)

    I love helping noobs with their VB problems (probably because, as an amateur programmer, I am only slightly better at VB than them :-)) but if you SERIOUSLY want to get help for free from a community such as VBForums, you have to first have a grounding (basic knowledge) in VB6, otherwise you're way too much work to help...You've got to give a little if you want to get help from us, in other words!

    And we DON'T do your homework. If your tutor doesn't teach you enough to help you make the project without his or her help, FIND A BETTER TUTOR or try reading books on programming! We are happy to help with minor things regarding the project, but you have to understand the rest of it if you want our help to be useful.

  11. #11

    Thread Starter
    Addicted Member
    Join Date
    May 2008
    Posts
    159

    Re: Anti Piracy Techniques Questions

    Honestly I contacted the developer who did the string encryption and she's not giving up the technique she used to make the strings unreadable. I thought it was base64 or something because opening in ollydbg shows 0 strings and they're weird random code that looks like base64.

    I wonder if it's not done that way. Is that possible?

  12. #12

    Thread Starter
    Addicted Member
    Join Date
    May 2008
    Posts
    159

    Re: Anti Piracy Techniques Questions

    Quote Originally Posted by smUX View Post
    I don't have any proper expertise in the matter (I'm sure RhinoBull is nodding his head vigorously as he reads this :-P) but I've had a play about with control systems in my programs, and the method I used was to have important strings in the data encrypted and for a key to be required to decrypt it...the key itself would be different for everyone as the program then scrambles the key you input based on a value taken from the computer (hard drive name, computer name, that sort of thing) and the unscrambled key would be used to decrypt those important strings.

    As your program has to be online to be used though, perhaps a server/client auth system would be better, and the authentication data would be based on the above plus the current hour and date on the client's PC...the server then sends the right data for the client to use for that hour and an hour later it needs to reauth (or every minute, every day, it's entirely up to you :-))

    I am considering writing a bit of code which would encrypt and hard-wire the encryption key into the program and then compile the project so that everyone who gets a copy has a slightly different version with different methods, so if it did get out then I'd know who it was...one day I will do it, probably...one day!
    That sounds like a good idea, at least we'd know the cracker or leaker.

  13. #13
    Fanatic Member
    Join Date
    Jun 2008
    Posts
    1,023

    Re: Anti Piracy Techniques Questions

    Quote Originally Posted by cmmorris1 View Post
    I was also going to use a new online activation method that
    doesn't use traditional name / serial number activation. Instead,
    you enter your email and transaction id, software checks activation
    server-side and sends back unique code to software which will
    either deactivate software or allow it to run licensed. This would
    be done at every launch rather than enter a serial and it's fully
    activated every time after.
    thats what adobe uses, but failed because pirates figured they could disturb the signal by setting the hosts file to return the url to localhost instead of the activation server and in that case the server cant register the activation code, and i don't really know how this works...

  14. #14
    PowerPoster
    Join Date
    May 2006
    Location
    Location, location!
    Posts
    2,673

    Re: Anti Piracy Techniques Questions

    Quote Originally Posted by cmmorris1 View Post
    Honestly I contacted the developer who did the string encryption and she's not giving up the technique she used to make the strings unreadable. I thought it was base64 or something because opening in ollydbg shows 0 strings and they're weird random code that looks like base64.

    I wonder if it's not done that way. Is that possible?
    I wouldn't worry too much about how they've encrypted it...all you need is a decryption module in your own code that decrypts it on-the-fly and you can encrypt the data using whatever method you want (personally I make my own quick encryption functions for it and vary it with each program I write) and have it call the decryption function to decrypt it as needed.

    Quote Originally Posted by cmmorris1 View Post
    That sounds like a good idea, at least we'd know the cracker or leaker.
    I was looking into it and it seems simple enough to edit the VB source code on a server and compile it over commandline then have it served up to the client for download...I just haven't got around to doing it :-)
    (of course, as it's compiling each time, it could be intensive to the server...and the code has to be 100% bug-free or the compiler would fall down crying)
    Well, everyone else has been doing it :-)
    Loading a file into memory QUICKLY - Using SendKeys - HyperLabel - A highly customisable label replacement - Using resource files/DLLs with VB - Adding GZip to your projects
    Expect more to come in future
    If I have helped you, RATE ME! :-)

    I love helping noobs with their VB problems (probably because, as an amateur programmer, I am only slightly better at VB than them :-)) but if you SERIOUSLY want to get help for free from a community such as VBForums, you have to first have a grounding (basic knowledge) in VB6, otherwise you're way too much work to help...You've got to give a little if you want to get help from us, in other words!

    And we DON'T do your homework. If your tutor doesn't teach you enough to help you make the project without his or her help, FIND A BETTER TUTOR or try reading books on programming! We are happy to help with minor things regarding the project, but you have to understand the rest of it if you want our help to be useful.

  15. #15

    Thread Starter
    Addicted Member
    Join Date
    May 2008
    Posts
    159

    Re: Anti Piracy Techniques Questions

    Yeah, I'm aware of the Adobe work arounds. Commercial
    software has a big disadvantage because every cracker
    wants the notoriety of cracking a brand like that.

    I just want enough roadblock in the road to make cracking
    it not worth their time. It's cheaper to buy a license and
    with enough updates and our support we know we'd have
    better clients.

  16. #16

    Thread Starter
    Addicted Member
    Join Date
    May 2008
    Posts
    159

    Re: Anti Piracy Techniques Questions

    Quote Originally Posted by smUX View Post
    I wouldn't worry too much about how they've encrypted it...all you need is a decryption module in your own code that decrypts it on-the-fly and you can encrypt the data using whatever method you want (personally I make my own quick encryption functions for it and vary it with each program I write) and have it call the decryption function to decrypt it as needed.
    See that's the thing, they're using something that is working, so for example instead of them opening a url as hxxp://www.whatever.com/ it is encrypted so even with the source it's unreadable.

    That's what I want to figure out.

  17. #17
    VB Addict Pradeep1210's Avatar
    Join Date
    Apr 2004
    Location
    Inside the CPU...
    Posts
    6,614

    Re: Anti Piracy Techniques Questions

    Quote Originally Posted by cmmorris1 View Post
    That sounds like a good idea, at least we'd know the cracker or leaker.
    Hmmm.. but also consider the pain you would have to take to complie it separately for each of those 10,000 customers
    Pradeep, Microsoft MVP (Visual Basic)
    Please appreciate posts that have helped you by clicking icon on the left of the post.
    "A problem well stated is a problem half solved." — Charles F. Kettering

    Read articles on My Blog101 LINQ SamplesJSON ValidatorXML Schema Validator"How Do I" videos on MSDNVB.NET and C# ComparisonGood Coding PracticesVBForums Reputation SaverString EnumSuper Simple Tetris Game


    (2010-2013)
    NB: I do not answer coding questions via PM. If you want my help, then make a post and PM me it's link. If I can help, trust me I will...

  18. #18

    Thread Starter
    Addicted Member
    Join Date
    May 2008
    Posts
    159

    Re: Anti Piracy Techniques Questions

    Quote Originally Posted by Pradeep1210 View Post
    Hmmm.. but also consider the pain you would have to take to complie it separately for each of those 10,000 customers
    Well that would be done server side right? So how hard would it be?

  19. #19
    PowerPoster
    Join Date
    May 2006
    Location
    Location, location!
    Posts
    2,673

    Re: Anti Piracy Techniques Questions

    Quote Originally Posted by cmmorris1 View Post
    See that's the thing, they're using something that is working, so for example instead of them opening a url as hxxp://www.whatever.com/ it is encrypted so even with the source it's unreadable.

    That's what I want to figure out.
    Yeah, that's how I do it too...for instance...

    While some people might use webbrowser1.navigate "http://www.google.co.uk"

    I use webbrowser1.navigate decrypt("gjroigmrjgijmoimhoitrjhjrwoihith,rwoojm")

    That way it is encrypted from the start...the encryption key used in the decryption module is generated using an algorithm taken from the product key, so both keys are obviously going to be different every time...or if I make a project that I am going to give to lots of people but only give out the one program, I make it so the key has two uses...firstly an algorithm can get the encryption key from the scrambled data (by using brute force scrambling to find a scrambled key that matches the requirements...doesn't usually take long) and the descrambled key is then used in the program elsewhere to verify the user is allowed to use the program.

    It's probably harder to understand than I am trying to make it, it's a custom method I've been using for a while and I've had no problems...but then again I don't have a huge base of users who are paying me for the use and would love to get it for free :-)

    Quote Originally Posted by cmmorris1 View Post
    Well that would be done server side right? So how hard would it be?
    Also it would be 100% automated, so there's no need to worry about having to do the work...although it might be better for the server if the code was pre-compiled...or there is always the option of having a "downloader" program which downloads a shell (the program with blank spaces where the encrypted data would go) then writes the correct bytes into the spaces...this would be a HUGE reduction in the load on the server :-)
    Well, everyone else has been doing it :-)
    Loading a file into memory QUICKLY - Using SendKeys - HyperLabel - A highly customisable label replacement - Using resource files/DLLs with VB - Adding GZip to your projects
    Expect more to come in future
    If I have helped you, RATE ME! :-)

    I love helping noobs with their VB problems (probably because, as an amateur programmer, I am only slightly better at VB than them :-)) but if you SERIOUSLY want to get help for free from a community such as VBForums, you have to first have a grounding (basic knowledge) in VB6, otherwise you're way too much work to help...You've got to give a little if you want to get help from us, in other words!

    And we DON'T do your homework. If your tutor doesn't teach you enough to help you make the project without his or her help, FIND A BETTER TUTOR or try reading books on programming! We are happy to help with minor things regarding the project, but you have to understand the rest of it if you want our help to be useful.

  20. #20

    Thread Starter
    Addicted Member
    Join Date
    May 2008
    Posts
    159

    Re: Anti Piracy Techniques Questions

    Thanks smUX, that sounds like what we're looking for. Is there any online reference on how to accomplish that so I can forward to my developer to reference?

  21. #21
    PowerPoster
    Join Date
    May 2006
    Location
    Location, location!
    Posts
    2,673

    Re: Anti Piracy Techniques Questions

    Quote Originally Posted by cmmorris1 View Post
    Thanks smUX, that sounds like what we're looking for. Is there any online reference on how to accomplish that so I can forward to my developer to reference?
    Probably not, the methods I mentioned above I designed myself, I didn't find them online...however, I'm not trying to say they're not out there, just I didn't find them online. Someone else might have an idea for places to look. Plus, if they were out there, the hackers would also have access to it and would be able to circumvent the protection a lot easier...these sort of things are done in-house and the exact methods are kept a closely guarded secret (as you know with the friend of yours who has the encryption she won't tell you about) to keep it as secure as possible...a door is only as secure as the number of people who have don't keys for it :-)

    Injection (using the downloader to get a shell program and "inject" the encrypted data) is a simple enough process, would just require the server to provide the encrypted data, and AFAIK it isn't even a popular process for security but I am pretty sure a few companies and programmers use some level of it from just putting in a random string to identify to the full-blown encryption method I mentioned.

    Oh, and one last thing...security is only as strong as its weakest point...don't use branches that go one way on success and the other way on fail with regards to authentication, it's ALWAYS the hacker's first destination...if the authentication data is integral to the running of the program elsewhere then hacking that branch would be rendered useless...that's basically why I encrypt the internal data :-)
    Well, everyone else has been doing it :-)
    Loading a file into memory QUICKLY - Using SendKeys - HyperLabel - A highly customisable label replacement - Using resource files/DLLs with VB - Adding GZip to your projects
    Expect more to come in future
    If I have helped you, RATE ME! :-)

    I love helping noobs with their VB problems (probably because, as an amateur programmer, I am only slightly better at VB than them :-)) but if you SERIOUSLY want to get help for free from a community such as VBForums, you have to first have a grounding (basic knowledge) in VB6, otherwise you're way too much work to help...You've got to give a little if you want to get help from us, in other words!

    And we DON'T do your homework. If your tutor doesn't teach you enough to help you make the project without his or her help, FIND A BETTER TUTOR or try reading books on programming! We are happy to help with minor things regarding the project, but you have to understand the rest of it if you want our help to be useful.

  22. #22
    PowerPoster isnoend07's Avatar
    Join Date
    Feb 2007
    Posts
    3,237

    Re: Anti Piracy Techniques Questions

    Heres how i do it:
    1. Encrypt the reg file
    2. Hide the reg file
    3. Use an online vendor that accepts credit cards and emails the reg number.
    Eg:

    Code:
    fileName = App.Path & ":test.dat" 'Hide the file
    
    Decrypt and incrept the file:
    Public Function Encrypt1(Txt As String, CodeNr As Integer) As String
    Dim I As Long
    Dim Out As String
    
    'Inital output value is empty string
    Out = ""
    
    'Change ASCII codes
    For I = 1 To Len(Txt)
    Out = Out & Chr(Asc(Mid$(Txt, I, 1)) + CodeNr)
    Next I
    
    Encrypt1 = Out
    End Function
    
    Public Function Decrypt1(Txt As String, CodeNr As Integer) As String
    'Decryption is the same as encryption with CodeNr*-1
    Decrypt1 = Encrypt1(Txt, CodeNr * -1)
    
    End Function
    
    Using the encrypt-decrypt
    
    sText = Encrypt1(sText, 7)' incrypt
    
    sText = Decrypt1(sText, 7) 'uncrypt the string
    Don't remember why i used 7
    
    Pay and get registration number emailed
    http://www.fastspring.com/
    Waiting for a full featured smart phone with out marrying a provider
    Go Android
    Go raiders

  23. #23

    Thread Starter
    Addicted Member
    Join Date
    May 2008
    Posts
    159

    Re: Anti Piracy Techniques Questions

    smUX that's exactly it. I want to encrypt that data so that it is useless and even if they wanted to go that route it wouldn't be worth the time / effort and move on to an easier target.

    I brought that stuff up to my developer and he wanted information to look at how to accomplish it. He a good programmer but I guess isn't so good with the protection aspect. I wish I knew more to help you help me but I'm pretty lost with all this stuff. In my head it works fine but I've not got a clue of how to actually develop it.

  24. #24

    Thread Starter
    Addicted Member
    Join Date
    May 2008
    Posts
    159

    Re: Anti Piracy Techniques Questions

    Quote Originally Posted by isnoend07 View Post
    Heres how i do it:
    1. Encrypt the reg file
    2. Hide the reg file
    3. Use an online vendor that accepts credit cards and emails the reg number.
    Eg:

    Code:
    fileName = App.Path & ":test.dat" 'Hide the file
    
    Decrypt and incrept the file:
    Public Function Encrypt1(Txt As String, CodeNr As Integer) As String
    Dim I As Long
    Dim Out As String
    
    'Inital output value is empty string
    Out = ""
    
    'Change ASCII codes
    For I = 1 To Len(Txt)
    Out = Out & Chr(Asc(Mid$(Txt, I, 1)) + CodeNr)
    Next I
    
    Encrypt1 = Out
    End Function
    
    Public Function Decrypt1(Txt As String, CodeNr As Integer) As String
    'Decryption is the same as encryption with CodeNr*-1
    Decrypt1 = Encrypt1(Txt, CodeNr * -1)
    
    End Function
    
    Using the encrypt-decrypt
    
    sText = Encrypt1(sText, 7)' incrypt
    
    sText = Decrypt1(sText, 7) 'uncrypt the string
    Don't remember why i used 7
    
    Pay and get registration number emailed
    http://www.fastspring.com/
    Doesn't that only encrypt after it reads plain text? I'm trying to encrypt the code so that instead of typing hxxp://www.mysite.com it would be random jibberish that is unreadable from the start, even in source code. Anyhow, I don't want a reg file on the pc at all, I want it to verify the codes serverside using the email / transaction id instead of a key that can be keygenned.

  25. #25
    PowerPoster
    Join Date
    May 2006
    Location
    Location, location!
    Posts
    2,673

    Re: Anti Piracy Techniques Questions

    Tell him that the MOST important part of any security and encryption is to make it as complicated as possible. Obviously don't make it so complicated that he himself can't understand it, but have many different things happening to the data before it is used. Also, don't make it so complicated that it takes ages to do its stuff, it needs to do everything within a few milliseconds preferably, but it needs to be designed in such a way that if the hacker is trying to bruteforce the data there'll be exponentially so many possibilities that they'd spend an eternity trying to work it out...and by then you could have implemented something new into the security that'll again make it exponentially harder to beat.

    For instance...have an algorithm that takes each byte of the key and generates a value from them using simple arithmatic and using mod() to limit the resulting value to a lower and more manageable number...then that number would be used elsewhere for decryption. The key would be generated using a personal piece of data from the client's computer (I mentioned a few possibilities before, and there'll be countless others available in the forum) and your key generator would just have to scramble it and check to see if the resulting value with the above algorithm matches the value you're looking for to decrypt. Me, I use two bytes at the start of the key to tell me how to descramble the rest of the characters, that way there's 65536 possible combinations from the scrambling and at least one of them HAS to output the required value with the algorithm :-)

    Quote Originally Posted by cmmorris1 View Post
    Anyhow, I don't want a reg file on the pc at all, I want it to verify the codes serverside using the email / transaction id instead of a key that can be keygenned.
    Reg files are about as secure as server-side verification...the key to either is the methods used to secure the data. If you have the right security you'll have no problem with people writing keygens for your programs.

    I'd also bet that the people who write the keygens have had some level of inside help from people who have been a part of the programming process, which is how it's so easy for them to do it...that or lazy programming on the part of the developer, of course :-)
    Last edited by smUX; Dec 22nd, 2009 at 04:42 PM.
    Well, everyone else has been doing it :-)
    Loading a file into memory QUICKLY - Using SendKeys - HyperLabel - A highly customisable label replacement - Using resource files/DLLs with VB - Adding GZip to your projects
    Expect more to come in future
    If I have helped you, RATE ME! :-)

    I love helping noobs with their VB problems (probably because, as an amateur programmer, I am only slightly better at VB than them :-)) but if you SERIOUSLY want to get help for free from a community such as VBForums, you have to first have a grounding (basic knowledge) in VB6, otherwise you're way too much work to help...You've got to give a little if you want to get help from us, in other words!

    And we DON'T do your homework. If your tutor doesn't teach you enough to help you make the project without his or her help, FIND A BETTER TUTOR or try reading books on programming! We are happy to help with minor things regarding the project, but you have to understand the rest of it if you want our help to be useful.

  26. #26

    Thread Starter
    Addicted Member
    Join Date
    May 2008
    Posts
    159

    Re: Anti Piracy Techniques Questions

    Thanks smUX, that's a great start. I will send this to him to look over. How about byte checking, how is that done? The other developer mentioned to have a lot of byte checks to see if the code has changed and render it useless.

  27. #27
    VB-aholic & Lovin' It LaVolpe's Avatar
    Join Date
    Oct 2007
    Location
    Beside Waldo
    Posts
    19,541

    Re: Anti Piracy Techniques Questions

    Quote Originally Posted by cmmorris1 View Post
    Doesn't that only encrypt after it reads plain text? I'm trying to encrypt the code so that instead of typing hxxp://www.mysite.com it would be random jibberish that is unreadable from the start, even in source code. Anyhow, I don't want a reg file on the pc at all, I want it to verify the codes serverside using the email / transaction id instead of a key that can be keygenned.
    Step back a second. You can't send gibberish to an API or control function that doesn't know what to do with it. It has to be decrypted before that. Here is a really simple starting point using byte arrays:

    Code:
    Private Sub GetMyText(Index As Long, outArray() As Byte)
       Select Case Index 
       Case 0: 
          ReDim outArray(0 To 20) ' http://www.mysite.com
          outArray(0) = 104: outArray(1) = 116: outArray(2) = 116: outArray(3) = 112: outArray(4) = 58: outArray(5) = 47: outArray(6) = 47: outArray(7) = 119
          outArray(8) = 119: outArray(9) = 119: outArray(10) = 46: outArray(11) = 109: outArray(12) = 121: outArray(13) = 115: outArray(14) = 105
          outArray(15) = 116: outArray(16) = 101: outArray(17) = 46: outArray(18) = 99: outArray(19) = 111: outArray(20) = 109
    
    ' other case statements for other strings
       End Select
    End Sub
    
    ' Possible sample usage.
    Dim myBStr() As Byte
    GetMyText 0, myBStr()
    webbrowser1.navigate StrConv(myBStr(), vbUnicode)
    If someone was looking for your website in the exe, they wouldn't find it as text since it only exists as byte data now. If you wanted the array encrypted in the GetMyText routine, you'd do that in advance, return the bytes, then decrypt them before using the string/array.
    Insomnia is just a byproduct of, "It can't be done"

    Classics Enthusiast? Here's my 1969 Mustang Mach I Fastback. Her sister '67 Coupe has been adopted

    Newbie? Novice? Bored? Spend a few minutes browsing the FAQ section of the forum.
    Read the HitchHiker's Guide to Getting Help on the Forums.
    Here is the list of TAGs you can use to format your posts
    Here are VB6 Help Files online


    {Alpha Image Control} {Memory Leak FAQ} {Unicode Open/Save Dialog} {Resource Image Viewer/Extractor}
    {VB and DPI Tutorial} {Manifest Creator} {UserControl Button Template} {stdPicture Render Usage}

  28. #28

    Thread Starter
    Addicted Member
    Join Date
    May 2008
    Posts
    159

    Re: Anti Piracy Techniques Questions

    Thanks LaVolpe. So by doing it this way is there any way for the hacker to decrypt the code in memory or any other possibilities?

  29. #29
    PowerPoster
    Join Date
    May 2006
    Location
    Location, location!
    Posts
    2,673

    Re: Anti Piracy Techniques Questions

    Quote Originally Posted by cmmorris1 View Post
    Thanks smUX, that's a great start. I will send this to him to look over. How about byte checking, how is that done? The other developer mentioned to have a lot of byte checks to see if the code has changed and render it useless.
    I would assume byte-checking would involve checking specific bytes within the code to see if the EXE has been tampered with...some people hash the EXE to confirm that it is the same as it was when they downloaded it, that's probably doable if you're doing server-side authentication, but personally it's not something I've ever considered doing or needing to do...

    ...however, and this is where it gets really complicated...if you wrote the code in such a way that adding random data elsewhere in the code allowed you to modify the hash value, you could use brute-force to change this random data and keep on changing it until the hash for the file matched the one you want AND the hash could be stored internally, but again that's where hackers target and they do exactly the same thing when they modify code...they keep on editing other unimportant parts until the hash matches and it works...so it might not be the best solution.

    Perhaps what the developer needs to do is research into how other people hack the programs and see if he can see ways to stop them from doing the same things...who knows about security better than a hacker :-)
    Well, everyone else has been doing it :-)
    Loading a file into memory QUICKLY - Using SendKeys - HyperLabel - A highly customisable label replacement - Using resource files/DLLs with VB - Adding GZip to your projects
    Expect more to come in future
    If I have helped you, RATE ME! :-)

    I love helping noobs with their VB problems (probably because, as an amateur programmer, I am only slightly better at VB than them :-)) but if you SERIOUSLY want to get help for free from a community such as VBForums, you have to first have a grounding (basic knowledge) in VB6, otherwise you're way too much work to help...You've got to give a little if you want to get help from us, in other words!

    And we DON'T do your homework. If your tutor doesn't teach you enough to help you make the project without his or her help, FIND A BETTER TUTOR or try reading books on programming! We are happy to help with minor things regarding the project, but you have to understand the rest of it if you want our help to be useful.

  30. #30
    PowerPoster isnoend07's Avatar
    Join Date
    Feb 2007
    Posts
    3,237

    Re: Anti Piracy Techniques Questions

    Quote Originally Posted by cmmorris1 View Post
    Doesn't that only encrypt after it reads plain text? I'm trying to encrypt the code so that instead of typing hxxp://www.mysite.com it would be random jibberish that is unreadable from the start, even in source code. Anyhow, I don't want a reg file on the pc at all, I want it to verify the codes serverside using the email / transaction id instead of a key that can be keygenned.
    Yes, plain text. i realize that my method is not fool proof, but my intended customers are roofing contractors and in the last 5 yrs have not been hacked that i know of.
    Waiting for a full featured smart phone with out marrying a provider
    Go Android
    Go raiders

  31. #31
    PowerPoster
    Join Date
    May 2006
    Location
    Location, location!
    Posts
    2,673

    Re: Anti Piracy Techniques Questions

    Quote Originally Posted by LaVolpe View Post
    Step back a second. You can't send gibberish to an API or control function that doesn't know what to do with it.
    The suggestion I made previously would decrypt the gibberish before it was sent, otherwise (as you said) it'd be useless :-P

    SOMEONE isn't reading my posts which described the exact same sort of method :-)
    Well, everyone else has been doing it :-)
    Loading a file into memory QUICKLY - Using SendKeys - HyperLabel - A highly customisable label replacement - Using resource files/DLLs with VB - Adding GZip to your projects
    Expect more to come in future
    If I have helped you, RATE ME! :-)

    I love helping noobs with their VB problems (probably because, as an amateur programmer, I am only slightly better at VB than them :-)) but if you SERIOUSLY want to get help for free from a community such as VBForums, you have to first have a grounding (basic knowledge) in VB6, otherwise you're way too much work to help...You've got to give a little if you want to get help from us, in other words!

    And we DON'T do your homework. If your tutor doesn't teach you enough to help you make the project without his or her help, FIND A BETTER TUTOR or try reading books on programming! We are happy to help with minor things regarding the project, but you have to understand the rest of it if you want our help to be useful.

  32. #32

    Thread Starter
    Addicted Member
    Join Date
    May 2008
    Posts
    159

    Re: Anti Piracy Techniques Questions

    Exactly, I guess I need to hire a hacker then huh?

  33. #33
    PowerPoster
    Join Date
    May 2006
    Location
    Location, location!
    Posts
    2,673

    Re: Anti Piracy Techniques Questions

    Quote Originally Posted by cmmorris1 View Post
    Exactly, I guess I need to hire a hacker then huh?
    (dons his "Linux hackers do it to the kernel in a darkened room" cap and smiles sweetly)

    Or get more knowledgeable in the ways of the hacker, yeah...I'm not a hacker, despite seeming to be one...I know a few though :-)

    If you can't beat them, join them...always a good motto to have, especially when its your income on the line if people are stealing your well-earned profits from a program.
    Well, everyone else has been doing it :-)
    Loading a file into memory QUICKLY - Using SendKeys - HyperLabel - A highly customisable label replacement - Using resource files/DLLs with VB - Adding GZip to your projects
    Expect more to come in future
    If I have helped you, RATE ME! :-)

    I love helping noobs with their VB problems (probably because, as an amateur programmer, I am only slightly better at VB than them :-)) but if you SERIOUSLY want to get help for free from a community such as VBForums, you have to first have a grounding (basic knowledge) in VB6, otherwise you're way too much work to help...You've got to give a little if you want to get help from us, in other words!

    And we DON'T do your homework. If your tutor doesn't teach you enough to help you make the project without his or her help, FIND A BETTER TUTOR or try reading books on programming! We are happy to help with minor things regarding the project, but you have to understand the rest of it if you want our help to be useful.

  34. #34
    VB-aholic & Lovin' It LaVolpe's Avatar
    Join Date
    Oct 2007
    Location
    Beside Waldo
    Posts
    19,541

    Re: Anti Piracy Techniques Questions

    Quote Originally Posted by cmmorris1 View Post
    Thanks LaVolpe. So by doing it this way is there any way for the hacker to decrypt the code in memory or any other possibilities?
    There is always a way.

    That "my.web.site" example is probably not really worthwhile. Since you can't send a gibberish url, other simple tools could be used to get what is passed to your server: packet sniffing for example.

    What I provided might work well for internal activation/hashing. Instead of passing a string to a hashing/encryption routine, you pass an array. The idea is you don't want to use literals in your activation/validation code.
    Insomnia is just a byproduct of, "It can't be done"

    Classics Enthusiast? Here's my 1969 Mustang Mach I Fastback. Her sister '67 Coupe has been adopted

    Newbie? Novice? Bored? Spend a few minutes browsing the FAQ section of the forum.
    Read the HitchHiker's Guide to Getting Help on the Forums.
    Here is the list of TAGs you can use to format your posts
    Here are VB6 Help Files online


    {Alpha Image Control} {Memory Leak FAQ} {Unicode Open/Save Dialog} {Resource Image Viewer/Extractor}
    {VB and DPI Tutorial} {Manifest Creator} {UserControl Button Template} {stdPicture Render Usage}

  35. #35

    Thread Starter
    Addicted Member
    Join Date
    May 2008
    Posts
    159

    Re: Anti Piracy Techniques Questions

    Yeah, well I started out learning to crack software programs for fun, always seemed interesting to me so I learned a little bit, I also wanted to learn to code but I haven't mastered that one yet.

    Now I wish I did so I could use both in this instance. I know some hackers too, I doubt they'll give away this kind of information but I guess it doesn't hurt to ask

  36. #36

    Thread Starter
    Addicted Member
    Join Date
    May 2008
    Posts
    159

    Re: Anti Piracy Techniques Questions

    Quote Originally Posted by LaVolpe View Post
    There is always a way.

    That "my.web.site" example is probably not really worthwhile. Since you can't send a gibberish url, other simple tools could be used to get what is passed to your server: packet sniffing for example.

    What I provided might work well for internal activation/hashing. Instead of passing a string to a hashing/encryption routine, you pass an array. The idea is you don't want to use literals in your activation/validation code.
    The url thing was an example of what I'd like encrypted but I know there is a way to decode that. I was more concerned with strings like "Wrong Serial, Try Again!" And they'd know where the check is made and patch it.

  37. #37
    PowerPoster
    Join Date
    May 2006
    Location
    Location, location!
    Posts
    2,673

    Re: Anti Piracy Techniques Questions

    Quote Originally Posted by cmmorris1 View Post
    The url thing was an example of what I'd like encrypted but I know there is a way to decode that. I was more concerned with strings like "Wrong Serial, Try Again!" And they'd know where the check is made and patch it.
    And don't forget to put a few dummies in there too, so they think it's there when it's not :-P
    Well, everyone else has been doing it :-)
    Loading a file into memory QUICKLY - Using SendKeys - HyperLabel - A highly customisable label replacement - Using resource files/DLLs with VB - Adding GZip to your projects
    Expect more to come in future
    If I have helped you, RATE ME! :-)

    I love helping noobs with their VB problems (probably because, as an amateur programmer, I am only slightly better at VB than them :-)) but if you SERIOUSLY want to get help for free from a community such as VBForums, you have to first have a grounding (basic knowledge) in VB6, otherwise you're way too much work to help...You've got to give a little if you want to get help from us, in other words!

    And we DON'T do your homework. If your tutor doesn't teach you enough to help you make the project without his or her help, FIND A BETTER TUTOR or try reading books on programming! We are happy to help with minor things regarding the project, but you have to understand the rest of it if you want our help to be useful.

  38. #38

    Thread Starter
    Addicted Member
    Join Date
    May 2008
    Posts
    159

    Re: Anti Piracy Techniques Questions

    Another great idea smUX. I am sending him over to this thread hoping this will help him.

    -Chris

  39. #39
    PowerPoster
    Join Date
    May 2006
    Location
    Location, location!
    Posts
    2,673

    Re: Anti Piracy Techniques Questions

    As I said before, "learn to hack"...think like a hacker and you'll realise how people do these things and how you can prevent them doing it in your code...I've never hacked a program in my life, can't even use a hex editor properly, but I know the grounding info about how hacking works so I can think outside the box and stop them as best I can :-)
    Well, everyone else has been doing it :-)
    Loading a file into memory QUICKLY - Using SendKeys - HyperLabel - A highly customisable label replacement - Using resource files/DLLs with VB - Adding GZip to your projects
    Expect more to come in future
    If I have helped you, RATE ME! :-)

    I love helping noobs with their VB problems (probably because, as an amateur programmer, I am only slightly better at VB than them :-)) but if you SERIOUSLY want to get help for free from a community such as VBForums, you have to first have a grounding (basic knowledge) in VB6, otherwise you're way too much work to help...You've got to give a little if you want to get help from us, in other words!

    And we DON'T do your homework. If your tutor doesn't teach you enough to help you make the project without his or her help, FIND A BETTER TUTOR or try reading books on programming! We are happy to help with minor things regarding the project, but you have to understand the rest of it if you want our help to be useful.

  40. #40

    Thread Starter
    Addicted Member
    Join Date
    May 2008
    Posts
    159

    Re: Anti Piracy Techniques Questions

    Cool. well thanks smUX. I just forwarded this to my friend to look over.

    -Chris

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width