?
Solved

protecting from cracking

Posted on 2003-02-22
14
Medium Priority
?
685 Views
Last Modified: 2012-06-21
hi ,
I read some articles about protecting your application against cracking.
In
http://www.scalabium.com/articles/protection.pdf
describe that :
<if you trial software must be available in 30 days only , then dont try to use a system date-time.
Better to use a date-time of some system files (system.dat or DAO , BOOTLOG.txt, autoexec.bat etc).
Also dont forget that additionally you can create the some own hidden file during installation and use a date-time of this file.>

But my question :
Which one (system.dat ,DAO, bootlog.txt , autoexec.bat ) has a better feature for uncracking?
How can work with these issues(system.dat,DAO,bootlog.txt,autoexec.bat)?


Thanks a lot.
Hamid reza
0
Comment
Question by:123456
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +5
14 Comments
 
LVL 8

Expert Comment

by:heskyttberg
ID: 7998534
Hi!

I don't know how many users you think your application will be spread too, but the best way to protect the app is to make it soo great that people just want to license it to get regular updates.

I think the most succesful licensing of shareware apps and such is the subscription types, so you pay like $20-$30 for one year subscription.

I have bought three such applications. I use two of them daily. Other applications like Office is too expensive for me so I usually use free office programs like StarOffice, it's not free anymore but the version I have was free. Or I'll run an older MS office like Office 2000.
I got such a license since they aren't to expensive.

I would never pay $500-$800 for a offcie program, it's not in my budget, besides I have access to newer office at work so not too important to have it at home.

You also need to charge a resonable fee for it, if you charge too much for a license and people want to use it, it will be cracked no matter what you do.

I mean programs like AutoCAD and 3D Studio MAX are almost always cracked in less than a week and they have very sophisticated anti cracking/protection devices.

Most other programs are cracked within hours of release.

If you just want to stop novice users from cracking and illegaly using your application, I'd say it's pretty safe to use the computers BIOS clock.

Not many user change their date and time in BIOS just to extend the trial period, I never heard of one.

I don't now what you intend to do, but what I mean is don't spend too much programming to try and stop piracy, use that time to make an outstanding good app instead.

If you are doing a special app for a company, I don't think you need to have any anti-copy protection at all, just put such thing in the contract with the company instead.

This is how I see on the whole thing.
I'm against piracy/cracking don't get me wrong.

Regards
/Hans - Erik Skyttberg
0
 

Expert Comment

by:The_Creed
ID: 7999270
i'm  totally disagree with heskyttberg.
doesnt metter how good your app is, as long as it spread over the net as a shareware,there is always someone who can and will crack it!
there is no way to stop the phenomenon!!!
0
 

Expert Comment

by:The_Creed
ID: 7999301
i'm  totally disagree with heskyttberg.
doesnt metter how good your app is, as long as it spread over the net as a shareware,there is always someone who can and will crack it!
there is no way to stop the phenomenon!!!
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 
LVL 2

Expert Comment

by:NEOsporin
ID: 8000518
Number 7 is one of the better suggestions in that pdf.
Check out this site, used to be one of the better ones, use the CACHED pages as the site is down currently:
http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&q=+site%3Awww.woodmann.com+tools+protection

Your better off creating your own files, as suggested at #10. And like he says, don't worry about the protection all that much, it will get cracked, Softice will see to that. Also what heskyttberg doesn't realize, is that when you change the time on your clock on an OS, it is changing the one in BIOS. The most popular apps are what gets cracked 1st also. The app's that get cracked, but still get you the $$ are for Ligitimate business, espically Corporations, because if you caught them with even 1 piece of cracked software, they would loose lots of $$. Make you app good, there are those out there (my friends and family) that aren't aware of cracked software :) well, they aren't aware of how easy you can come by it. The more you understand how crackers work, the better off you'll be, but again, focus on the app mainly.
GL
-NEO
0
 
LVL 1

Expert Comment

by:Arrummzen
ID: 8001635
You can also have the application connect to your remote server and verify the date time. You can get the Hard Disk Serial number and and send it to your server. Then you can keep an account for each number.

Keep track of the date time via another meathod as well such as a system file or the BIOS version.
If you can tell that the local security has been cracked have the app launch a pop up box next time the program starts that tells the user that a cracking attempt has been detected, and reported.
Then you can do what you want, give his IP to the FBI etc.

You can also veryify the applications integrity. For example you can have the program install a binary copy of itself so that it can run an integrity check on itself and make sure its binary has not been tampered with.

The last idea I have is to have the program check its own creation date and compair it to its modified date.

What I suggest is that you creat a "demo version" and a "full version". The demo version sould not be able to do some things the full version can. You can also get creative with this for example when they launch the demo it will make them wait 60 seconds to use it.

If you RELY want to make sure that it stays secure you can recompile it for each user. You can keep the sorces on the web server and when the user downloads the demo it modifys the sorce code and then recompiles it and gives it to the user. Then you can have the program compair the local time with the time hard coded into the app, this compared with a check to make sure the file was not modifyed after it was created should make it very secure.

Just some thoughs, sorry about the seppeling, I havent installed my word proceser on this system.
Thank you for your time,
Arrummzen
0
 
LVL 8

Expert Comment

by:heskyttberg
ID: 8002365
Hi!

Well I never said you can hinder anyone from cracking, what I mean is by making a good app and have resonable price for it depending on how hard it is to code and what it does, you are likley to get more people to buy it.

I mean if partition magic would cost $500, to companies it would still be worth buying.

But how many home owners would buy it for that amount ?
I would say just about none.

But when it only costs about $50 some people are buying it.

You can't stop cracking, illegal copie no matter what you do MS$ and other big companies probably spend a lot of money and they still can't stop it.

I'm just saying that isn't it better to get something like 10 000 users and get 2000-3000 that actually buy a license, than get 10 000 users and none buys a license.

That's how I look on the whole thing, feel free to disagre..


Regards
/Hans - Erik Skyttberg
0
 
LVL 2

Expert Comment

by:GP1628
ID: 8011342
all interesting discussion.. but to answer the initial question....

I would use the date that the OS was installed based on its directory. Or maybe the root directory.

The rough part is not making the check obvious. Consider having the install snag that info and encrypt it to do comparisons against.
if the encrypt_string=date_of_OS_dir
  then count timeallowed based on date_of_OS_dir

that way if they change the date of the OS dir to "move time forward" then the program will always refuse. Maybe date of the command.com would be easier.

Also consider adding other the other checks also (autoexec.bat, bootlog.txt, etc) as dummy checks in the program to make cracking harder.

You can also add some other info to that encrypt string such as the part_ID of the motherboard. Makes it harder for someone to copy/give-away your program to a buddy.

Gandalf  Parker
Random Idea Generator
(out of work)
0
 
LVL 24

Expert Comment

by:SunBow
ID: 8020629
First, I say I generally agree with all commenters above, especially compared to the PDF I won't even bother with, since you've already said that it claims I can get better uncracking features for trialware by monitoring file called autoexec.bat, which I find rather ridiculous.

Now let me stir some disagrees. I disagree with comments 2,3,4; the two of The_Creed and NEO, namely that I totally agree with Hans. But I do agree that "there is always someone who can and will crack it! there is no way to stop the phenomenon!!! "

What to add? I suppose saying that you should know that the more you try to make it difficult to crack, the more difficult it will be to provide contued support, so you'd have to plan for providing additional product support or lose some important clients in initial stages of use. As said above, go cheap, have them want to pay to get more of a valuable product, and rather than spend a lot on anti-cracking, spend more on developing stability and testing compatibility with a wider variety of platforms and other products. We've had some that would fail for things that seem simple, such as upgrading our computers to run at a higher speed. Desire was for applications to run faster, but what we experienced was that some would cease to function, unless we made workaround to run dummy apps to just run to waste computer time so the product would not fail. Do that to me and I don't want your product if you offer it for free!
0
 
LVL 2

Author Comment

by:123456
ID: 8034853
Hi aqain ,
 I  know the uncrackable program not exist
I want to know  expert ideas about uncracking . The strategy of a corporate not related to me( I m programmer and I say  my idea to our masters  ),
Accept or reject of our  idea ( software group)  is   related to our masters(  heskyttberg and the_creed talk  about it)
I want to know some ideas for encrypting that ARRUMMZEN and GP1628 talk about it.
Please describe this issue with more clarity ARRUMMZEN:
<<You can also veryify the applications integrity. For example you can have the program install a binary copy of itself so that it can run an integrity check on itself and make sure its binary has not been tampered with.>>

thanks a lot.
Hamid reza
0
 
LVL 8

Expert Comment

by:heskyttberg
ID: 8035033
Hi!

Well how you do it depends on what kind of app you are creating.

An app like:
www.neevia.com

You need a serial number to register it which you get whne buying one license.

Will never be bought by private persons so no need for very elaborate anti-piracy scheme.
Most serious companies will register such a app if they have need for it.

One app I actually have purchased during last year is:
www.xdesksoftware.com

Since I'm a unix/linux fan that is FORCED to use windows in work, I'm used to multiple desktops and therefor this app is well worth the registration fee.

They will send you a binary file that is the registration key and just copy that into the app dir. The license is one year subscription, if you also buy any of their other apps the subscription is added one more year which will last for both apps.

This will help alot if you want to use in remote or quiet installs. Since you don't need to manually input a serial to register the app.

The network/remote/silent install is also something to consider if youplan to make an app that a corporation might wanna use in their whole enterprise.

If you can't do that with your app, they will almost certainly choose another one if it has thoose possibilities.

Just some thoughts.

Regards
/Hans - Erik Skyttberg
0
 
LVL 2

Accepted Solution

by:
GP1628 earned 80 total points
ID: 8035303
<shifting to the list of customer service "learned in english class" words>

"What to do" I can talk about in simple words.

"How to do" is harder. What programming language? What kind of computers will this run on? How it is distributed?

This question that you have asked we can talk about.
I think that "how to do" is better asked as a new question in the area for that programming language.

INSTALL:
query motherboard to $MB
query DIRdate$ of c:\ to $DD
encrypt $MB+$DD to $$tring
save $$tring to program.cfg

query $date
$DD+$date+30days=$expire
save $expire to Registry

RUN:
query motherboard to $MB
query DIRdate$ of c:\ to $DD
encrypt $MB+$DD to $$tring
Does $$tring=program.cfg?
  NO? illegal copy on wrong machine
  YES? is $DD+Date$ > Registry-$expire?
       NO? run program
       YES? inform user that program has expired

Gandalf  Parker
0
 

Expert Comment

by:modulo
ID: 8183114
Dear 123456

I've refunded 30 points to enable you to accept the comment for one expert and to post "Points for <expertname>" Q's for the other experts in the same topic area.
There is however a 20 points minimum for a Q.

Please:
1) Post the link to the original Q in the "Points for <expertname>" and
2) Add in the original Q a comment with the link to the "Points for <expertname>", thus the email notif will warn the expert.

modulo

Community Support Moderator
Experts Exchange
0
 
LVL 24

Expert Comment

by:SunBow
ID: 8184041
If you want to explore file validity checking, you might begin with old tape drive technology and move on to modem. Simple things with parity and checksums, then compressions and variable checksums (used upon file segments). Encryption itself is simply applying some conversion function on each individual data element. Using "known" methods increase odds of being cracked.
0
 
LVL 2

Author Comment

by:123456
ID: 8185327
thanks of every one
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Petya-like ransomware attack served a big blow to hundreds of banks, corporations and government offices The Acronis blog takes a closer look at this damaging worm to see what’s behind it – and offers up tips on how you can safeguard your…
Check out the latest tech news, community articles, and expert highlights in August's newsletter.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question