Solved

CD Protection technique

Posted on 2001-07-21
24
507 Views
Last Modified: 2010-04-06
I want to create a CD which if copied the program in copied CD can't run (so it must use the real CD) is there any protection scheme I can plant within the body of the program (I don't want to buy any protection software since this is for study purpose not comercial anyway)
0
Comment
Question by:comicboy
  • 10
  • 7
  • 5
  • +2
24 Comments
 
LVL 1

Expert Comment

by:hobiecat16
ID: 6304527
Hello,

All protection scheme need a good knowledge of how the CD is made, as you'll need to modify the data structure of the CD (make errors, change the CD size, etc.)

The simplest way (i think) is to make windows believe than the CD is 10gb size; but it is also the most easiest way to crack (it just prevent using softs like Adapted CD copier). But if you also check the media size when your prog runs, then to copy your cd you'll need to
1) Do a RAw copy
2) Do a file per file copy and crack your software
Cracking a software can be done, but is harder if you have compressed or encrypted your program; you can also easily add a CRC check (add the crc at the end of the software, and when your prog run simply do a crc of the entire file, except of the crc itself of course)

Other protection schemes use errors; in the factory the manufacturer add a lot of errors in the CD in sectors your program won't read; but when the customer will copy the CD, as he'll copy the entire CD, the CD copy software will read the errors and will fail the copy.

It's everything i know about CD protections; but you can do all you want, if somebody want to copy your CD he will be able to (raw copy), so when you want to protect a software add other protections.

I hope it'll be helpful...
0
 

Author Comment

by:comicboy
ID: 6304576
Hi hoblecat,

Yes that's helpfull but I still don't understand what should I do next ? What you're saying just like a general knowledge of CD copy protection and no step by step what should I do, please help thanks...
0
 
LVL 1

Expert Comment

by:h_mohsenian
ID: 6304599
use the serial # of the CD that u want to write ur program on that.in runtime at first ur program detect the proper serial # and then it start itself.

best regards
hamed
0
 
LVL 1

Expert Comment

by:hobiecat16
ID: 6304619
Hello,

The problem is I don't know exactly HOW to do what i said;
The easiest thing is the CRC; search the web (take a look at www.torry.ru) for some code that compute the CRC of a part of a stream; then calculate the CRC of the stream excluding the CRC itself, and compare it to the CRC. It will prevent your program to be cracked.

To do the other things i said, you must know exactly how is written the data in the CD; then make an ISO image and hex edit it... but i'm afraid i don't have enough knowledge to help you here.

Everything i now is on the previous comment i posted, but if you need help with the CRC fell free to email me (skipper@ifrance.com) i can send you some code if you want, but i'm not sure if you'll be able to understand it... (i use API calls when i can, instead of dealing with streams i have code with CreateFile etc.)

Bertrand
0
 

Author Comment

by:comicboy
ID: 6304622
mohsenian,

Your serial detection is great way (actually I think about it since I once use this on protecting diskette in my class project) but the problem is how can I know a CD serial # before it being burned ?? Should I burn a dummy first ? and add later on open session ? since Open session is not supported on several older CD-ROM and so I'm afraid to use it.
0
 
LVL 1

Expert Comment

by:hobiecat16
ID: 6304662
I think you should locate where is located the serial on a RAW image disk then change it to the desired value.

but if you want to sell your copy, a great way to provide serial numbers would be to compute a "serial number" from the CD serial number, then the customer give it back to you and you give back an unlock key correpsonding to his/her user name.
If the user copy the CD he won't be able to run your soft as the "unique serial number" will be different so the unlock key won't work...

another advanced trick would be to compile your project, the to add a "marker" at the begin and at the end of the core code (asm nop; nop; nop; end;). With an hex editor you locate the marked code, you copy it to another file and you replace it by $90 bytes (nops).
Then you encrypt the file with the code using the serial number as a key.
when your prog start is copy the decrypted code to memory and continues execution. But if the CD serial # isn't valid... your program won't work.

In order to write to the program memory you must use VirtualProtect and WritePhysicalMemory (if i remember). but it's a very advanced technique...
0
 
LVL 1

Expert Comment

by:h_mohsenian
ID: 6304729
use this function for read serial # : ( i said it again for u although u maybe used a way like this as u said )


function GetDiskVolSerialID(
  cDriveName : char ) : DWord;
var
  dwTemp1,
  dwTemp2 : DWord;
begin
  GetVolumeInformation(
    PChar( cDriveName + ':\' ),
    Nil,
    0,
    @Result,
    dwTemp2,
    dwTemp2,
    Nil,
    0
    );
end;


GetVolumeInformation is a API Function ( in Windows Unit )

and for test ur code :

MessageDlg(
  'Serial number: ' +
  Format( '%X', [ GetDiskVolSerialID( 'E' ) ] ),
  mtInformation, [mbOk], 0 );

but about ur comment : I used this way for a Floppy Disk not CD ( Although i read a CD serial # by this Method ).
therefor i can not be shur about this way that can work on CD.but I think ur way can be a good one ( i think hobiecat16  method maybe can help u too ).it is not bad, to test this way . it was good for me but by Floppy. please if u could use this method told me how did u solve this problem!


best regards
hamed
0
 
LVL 3

Expert Comment

by:VSF
ID: 6304765
Get in touch with Gwen Carpenter
http://delphi.does.it/

He is an EE-Expert also and he gave me some great ideas  and codes when I needed to build my floppy protection!

He probably has some for CD too!


0
 

Author Comment

by:comicboy
ID: 6305594
hobiecat,
your first advice so long the best I think I may use, your second advice is too advance for me to create (remember I still study computer not an expert).

Mohsenian,
Thanks for your code on how to get serial #, I'll try your code...

VSF,
ok I'll contact him
0
 

Author Comment

by:comicboy
ID: 6305641
hobiecat,
I just realize that your first technique can only applied when a CD already burned right?

I don't understand all your experts said about RAW CD what is that ??? how to create it ?
0
 
LVL 1

Expert Comment

by:hobiecat16
ID: 6305815
Hello,

My first technique just prevent your software from being modified (the CRC check) and from being copied with "file per file" copy.
that is to say, copy all files from the CD to your hard drive then reburn them, and every files will be burned without problem.
Now you must check the CD size. If the CD size < 700mbytes (a normal CD), then your app was copied!
To remove this orotection, the hacker will have to make your soft believe the CD is always 10gb, even if it is not. It is quite simple with some assembler knowledge that's why i suggest you to compress your software using UPX or something like that (but use an old version of UPX (< 1.0) that does not support decompression)

But you must know all cd protection techniques are advanced. I think the only simple way is to make a registration key based on the Cd serial number and on the username.

About RAW copy: a raw copy is a sector-per-sector copy of a CD. Softwares like CloneCD or BlindRead can successfully copy protected CDs. That's why your protection scheme should be based on the cd protection, but you must include another protection at least.
0
 
LVL 5

Expert Comment

by:Gwena
ID: 6305817
I think that any good CD protection scheme will involve adding physical damage to a CD and then having your program check for the damaged areas.

You might simulate physical damage by burning the CD in some crazy fashion...but if someone has a way to simply duplicate every bit on the CD they could make a copy...

You might drill a few holes in a CD and add damage that way that nobody could duplicate exactly.... but the problem is finding software that will burn data to a damaged cd and then somehow go back later and update your program on the CD to add info about where the CD damage    is...you would need to re-burn some data inside your exe to alter it in such a way as to let it know about the physical damage...how can we do this??

You can add damage to the CD dye layer by exposing areas to sunlight for a while... but again how do you get the data to the exe that's already burned?

Perhaps some pattern of physical damage could be added to one area of an already burned CD to let the exe on the cd know the specifics about physical damage in another area...hmmm that might work... but it's a really strange idea... I'm full of really strange programming ideas :-)
-----------------------------------

..Hi VSF .. you said
"He is an EE-Expert also and he gave me some great ideas  and codes when I needed to build my floppy
protection"

I'm a 'she' not a 'he' remember?  :-)
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 1

Expert Comment

by:hobiecat16
ID: 6305824
Yes that's a good protection scheme;
What about making a 100mbytes file, add some very immportant data at its beginning, and physically damage the other part of the file ?

At startup your prog will checkif the file exists, then it wxill read the important data. If a program want to copy the file it will read the entire file, ncluding the damaged aera and... b00m copy failed !
0
 

Author Comment

by:comicboy
ID: 6305828
hobiecat well your idea about CD serial number checking is the one I understand most the other idea is too advance for me, though I quite understand about your idea on making disc look like 10gb but how to make it is another. Anyway your idea about the serial number of the disc, how can I know a serial number of a disc when it still blank ? do I need to burn it first? anyway after the burn the CD is unusable since I don't want to use open session (it's not compatible on some CD drives)

For gwena your idea likely what I'm doing on protecting diskette (that's great on this), but diskette can be damaged, checked where the damaged sector is then copy the program which check it to the diskette, but in CD ? how to know where the damaged position before I burn anything ? then again could Adaptec CD Creator burn on Damaged CD (since I only has this software to burn CD + Yamaha CD writer) ?

Thanks experts, well please give me another more hints :) This topic is interresting for me and usefull for my school too.
0
 
LVL 1

Expert Comment

by:hobiecat16
ID: 6305831
Don't bother about knowing the Cd serial number when it is blank !
Simply add a small TEdit in ReadOnly mode which contain the Serial number on the Register/Enter unlock key box. when your customer wants the unlock code he phones you, you give him his unlocak code based on his name and the serial number.

Or simply burn the CD, then generate the unlock key with the new serial number, so the user won't have to know we are dealing with the cd serial number...
0
 

Author Comment

by:comicboy
ID: 6305845
hobiecat,

your idea on checking serial# is the one which I understand the most, the other is too advance for me, anyway about checking serial# of the disc, even if I can get serial# from CD disc then create a password like register number which must be entered by user before he use it then again how a blank CD already has serial# ? is it already has serial# without burn anything first ? I don't want to burn on open session since it's doesn' compatible on some older CD drives (which is actually used in my campus).

Gwena,

You idea is a perfect on diskette where I'm once use it on past school project, my program simply test the right bad cluster pattern. But in CD there is several program like you also already mentioned yourself :) and I agree this is hard to know where is the bad area is without burn it and even so what API to check an area is bad and not ? and also can Adaptec CD Creator can burn CD on bad one ? as long as I know it can't (how to get software which can burn on CD which is bad ?
0
 
LVL 1

Accepted Solution

by:
hobiecat16 earned 50 total points
ID: 6305847
No you don't understand. Burn the CD. Read its serial number. Generate an unlock key.

give this key to the customer.
Now when your program is installing
Read the Cd serial number
compute the unlock key
And compare it to the key the customer given !
0
 

Author Comment

by:comicboy
ID: 6305849
anyway experts here do you use ICQ ? please contact me via ICQ since I like to chat with you in ICQ realtime rather than via this way (it's too long to just achieve an answer) and in the end I will summarize the answer and give the point, isn't it better ?

Mine is : 5912421
0
 
LVL 1

Expert Comment

by:h_mohsenian
ID: 6305867
i am agree with u real time comunication is better. but i dont know any think about ICQ.( i always dont use chat - i have some couse for that ) ;-)

best regards
hamed
0
 
LVL 1

Expert Comment

by:h_mohsenian
ID: 6305870
do u accept to use yahoomessenger instead of ICQ?
0
 
LVL 1

Expert Comment

by:h_mohsenian
ID: 6305877
a crazy way ( not strange! ) is that to use a floppy with ur CD. and use protection on CD ( in any way ) and ur program on CD just works when that Speshial Floppy is in The Ploppy Drive ( & For Example it Detect The Floppy Serial # ).

i have a lot of crazy ways :-)

0
 

Author Comment

by:comicboy
ID: 6305909
Thanks hobbiecat

This is your answer :

the Program give:
Serian number
the Program ask
user name
unlock code

---------------
the user give you
serial number
user name
you give back
unlock code

and that is great :)

anyway for other experts I'm so sorry but hobbiecat answer my question in ICQ and I summarize it here, but thanks anyway for you all the experts :) please contact me in my ICQ : 5912421 for another question by comicboy :) thanks
0
 

Author Comment

by:comicboy
ID: 6305915
m hostein :) sorry I don't install yahoo messager, since there is actually 3 great program which is : ICQ, AOL, Yahoo messager, but ICQ as long as I know older and has SMS facility too :p

Anyway m_hostein if you somwtime use ICQ please contact me in 5912421
0
 

Author Comment

by:comicboy
ID: 6305916
ops sorry I mean mohsenian instead of m hostein, anyway your idea on using diskette is what I'm practically use previously on my project :) anyway thanks for your answer that's great too :)
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

This article explains how to create forms/units independent of other forms/units object names in a delphi project. Have you ever created a form for user input in a Delphi project and then had the need to have that same form in a other Delphi proj…
In this tutorial I will show you how to use the Windows Speech API in Delphi. I will only cover basic functions such as text to speech and controlling the speed of the speech. SAPI Installation First you need to install the SAPI type library, th…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now