general tips against cracking
This question is for Gerhard to answer because I asked a question about getting a unique system id to protect my program against cracking and he posted a very long article about anti-cracking tips.
Unfortunately, it did not answer my question and does not relate to its title (that's why it would be misplaced where it is). I'd like to give him some points and that's why I post an extra question. Everybody feel free to post comments, but the points will be for Gerhard.
If you see this question in the FAQ: The answer will be quite long and contain very useful tips that help protect your program against cracking - even some tips to make "low-level cracking" (i.e. disassembler) harder... well worth five points :o)) (it's "only" 50 points because he just copied the article - would/should have been 200 for writing it *g*)
Unfortunately, it did not answer my question and does not relate to its title (that's why it would be misplaced where it is). I'd like to give him some points and that's why I post an extra question. Everybody feel free to post comments, but the points will be for Gerhard.
If you see this question in the FAQ: The answer will be quite long and contain very useful tips that help protect your program against cracking - even some tips to make "low-level cracking" (i.e. disassembler) harder... well worth five points :o)) (it's "only" 50 points because he just copied the article - would/should have been 200 for writing it *g*)
can you post the tips back on this thread? Thanks... Zif.
Ditto what zifnab said.
BTW Zif, you still hanging out with that big green dragon?
BTW Zif, you still hanging out with that big green dragon?
Where can we find the article?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Richard Fellner?
Sound familiar...The author of Delphi-Box?
Yes found it at
http://www.user.xpoint.at/r.fellner/nocrack.htm
Sound familiar...The author of Delphi-Box?
Yes found it at
http://www.user.xpoint.at/r.fellner/nocrack.htm
Thanks kjteng. Now the author can get the credit he deserves.
ASKER
As you see, the "answer" was long - very long! That's why I didn't copy it and instead let Gerhard post it as an official answer.
Gerhard - the points will be yours, but I'll keep this open for another day or two to get some more comments on some questions:
1) hmmm... I always thought that the compiler translates identifiers to addresses (fixed or via lookup-tables for dynamic binding)!!! If it doesn't, that leads to a couple of questions (for me):
a) Should I use "short" identifiers to make the *.exe smaller?
b) Should I stop using "descriptive" identifiers to make hacking harder? :-(((
c) Borland JBuilder (for Java) has a "code obfuscator" which replaces all private symbols (i.e. everything that is not "exported" for derived classes) by some illegible symbols to make decompiling harder. How about that for Delphi? Using the same idea, ALL identifiers in an EXE (which doesn't "export" anything) could be replaced with something short that doesn't "make sense" to people it shouldn't make sense to *g*
d) Are there tools around that do that? "Mess up my code" before the final build? Compact all names on forms to random two-letter identifiers? ("my ressources aren't anybody's business!)
I use a very simple XOR-encoding (well, actually slightly enhanced) for all strings that shouldn't be "visible" (about-box etc.) (of course I can't use that for identifiers).
What else do I have to do? I don't really like the idea that my code should be as messy as possible (*g*) to make it harder to crack :-((
Gerhard - the points will be yours, but I'll keep this open for another day or two to get some more comments on some questions:
1) hmmm... I always thought that the compiler translates identifiers to addresses (fixed or via lookup-tables for dynamic binding)!!! If it doesn't, that leads to a couple of questions (for me):
a) Should I use "short" identifiers to make the *.exe smaller?
b) Should I stop using "descriptive" identifiers to make hacking harder? :-(((
c) Borland JBuilder (for Java) has a "code obfuscator" which replaces all private symbols (i.e. everything that is not "exported" for derived classes) by some illegible symbols to make decompiling harder. How about that for Delphi? Using the same idea, ALL identifiers in an EXE (which doesn't "export" anything) could be replaced with something short that doesn't "make sense" to people it shouldn't make sense to *g*
d) Are there tools around that do that? "Mess up my code" before the final build? Compact all names on forms to random two-letter identifiers? ("my ressources aren't anybody's business!)
I use a very simple XOR-encoding (well, actually slightly enhanced) for all strings that shouldn't be "visible" (about-box etc.) (of course I can't use that for identifiers).
What else do I have to do? I don't really like the idea that my code should be as messy as possible (*g*) to make it harder to crack :-((
deJohn99, yes still, don't you see me flying? :-) Found a better one around? Zif?
ASKER
Hello everybody? Nobody wants to post comments because the points are already taken?
Too bad, could be an interesting discussion...might be worth writing a little tool that searches all project files and replaces identifiers by a1, a2, a3, a4, ... would probably shrink the code somewhat and make it almost impossible to understand it. Too bad I can't "rename" my event-handlers. An OnClick will always have to be an OnClick :-(
Too bad, could be an interesting discussion...might be worth writing a little tool that searches all project files and replaces identifiers by a1, a2, a3, a4, ... would probably shrink the code somewhat and make it almost impossible to understand it. Too bad I can't "rename" my event-handlers. An OnClick will always have to be an OnClick :-(
Zif: Haven't found better yet. Give my regards to Moneypenney. :-)
Ronald: It could be changed IF you also recompiled the VCL. The Delphi documentation states that the OnXXX convention is simply that - it is not enforced by the compiler.
You would want to maintain a table of hashed <=> normal identifiers if you started playing with the VCL. You'd also need the cooperation of Borland to the extent that you had the "magic file" they never ship. Maybe if enough of us demand it they may start shipping it in at least a DPU form.
Ronald: It could be changed IF you also recompiled the VCL. The Delphi documentation states that the OnXXX convention is simply that - it is not enforced by the compiler.
You would want to maintain a table of hashed <=> normal identifiers if you started playing with the VCL. You'd also need the cooperation of Borland to the extent that you had the "magic file" they never ship. Maybe if enough of us demand it they may start shipping it in at least a DPU form.
ASKER
So let's go and demand it!! *g* What does that "magic file" contain?
Seriously, I imagine that it would be quite a task to recompile the VCL in order to replace "all" identifiers. Shouldn't be impossible, though. About 5 years ago, I wrote a source-code lister (including syntax highlighting, counting the nesting level, automatic indent etc.).
Would be an interesting project, but I really don't have the time to do s.th. like taht right now. I think it should be included in D5! *g* - if such a program was an integral part of the IDE, you wouldn't even have to mess with the files and keep two sets of VCL (yuck!), the compiler could simply replace all "symbols" with the shortest identifier available (a..z, aa..az, ba..bz, ca..cc) - that should make the exe significantly smaller and give hackers a really good time *ggg*
Seriously, I imagine that it would be quite a task to recompile the VCL in order to replace "all" identifiers. Shouldn't be impossible, though. About 5 years ago, I wrote a source-code lister (including syntax highlighting, counting the nesting level, automatic indent etc.).
Would be an interesting project, but I really don't have the time to do s.th. like taht right now. I think it should be included in D5! *g* - if such a program was an integral part of the IDE, you wouldn't even have to mess with the files and keep two sets of VCL (yuck!), the compiler could simply replace all "symbols" with the shortest identifier available (a..z, aa..az, ba..bz, ca..cc) - that should make the exe significantly smaller and give hackers a really good time *ggg*
ASKER
ok, I had hoped to still get some interesting comments, but looks like this is too far down the "locked" list now... and everybody who's posted so far can continue posting anyway.
Thanks for these tips, Gerhard (and Richard *g*)
Thanks for these tips, Gerhard (and Richard *g*)
This method isnt fool proof but to help make my app that little bit trickier to crack I search for common cracking apps that might be running and then close them (I have this routine in a timer).
ie.
{ look for Registry Monitor which alerts user changes in the registry }
h:= FindWindow('RegMonClass',n
{ kill the monitor if it's found }
if h <> 0 then SendMessage(h,WM_CLOSE,0,0
I know this method isnt perfect, but it is easy enough to implement and removes a few hassles.
ie.
{ look for Registry Monitor which alerts user changes in the registry }
h:= FindWindow('RegMonClass',n
{ kill the monitor if it's found }
if h <> 0 then SendMessage(h,WM_CLOSE,0,0
I know this method isnt perfect, but it is easy enough to implement and removes a few hassles.