Solved

Changing code from executable

Posted on 2006-07-16
67
725 Views
Last Modified: 2012-08-13
I know there are ways to hack or retrieve the code from an executable created with visual basic, but when someone does this, can the code be changed, and the executable be recreated with all the same forms and construction and such?
For example:
I have a splash form that does all the checking.  Could someone like delete 1 line of code from the executable and put the app back together again without that code in it?
 I'm trying to come up with ways to protect my app, and if this can't be done, then I get to do it the easy way...:-)

Cheers!
Albert


0
Comment
Question by:ahammar
  • 19
  • 18
  • 14
  • +4
67 Comments
 
LVL 9

Expert Comment

by:justchat_1
Comment Utility
For starters compile to native code not p-code...

As far as decompiling that:
http://www.experts-exchange.com/Programming/Programming_Languages/Visual_Basic/Q_10868641.html?query=protect+code&topics=93

There are no ways to decompile vb code back to original source code however a very very skilled reverse engineer could make minor changes to your code.  Unless this app would have a lot of very skilled hackers trying to crack it you should be ok...
0
 
LVL 13

Expert Comment

by:Mark_FreeSoftware
Comment Utility

>>Could someone like delete 1 line of code from the executable and put the app back together again without that code in it?
sort of

these things can be done easily:

text can be changed

if blnRegistered = true then Sub1()
can be changed so it always executes Sub1 or it executes never Sub1

just remove some code



if you want to have more insight in protecting your app, you should learn (a little) cracking yourself
0
 
LVL 9

Expert Comment

by:justchat_1
Comment Utility
thats if you have the source code...are you saying you could easily do that with a compiled app??
0
 
LVL 9

Expert Comment

by:justchat_1
Comment Utility
Short of rewriting assembly...
0
 
LVL 13

Expert Comment

by:Mark_FreeSoftware
Comment Utility

not sort of ;)

rewriting it with a hex editor
0
 
LVL 9

Expert Comment

by:justchat_1
Comment Utility
that still requires knowledge of assembly :) unless your changing text strings...
I guess the real question is who are your customers and what level of computer expertise are they going to have?
0
 
LVL 23

Author Comment

by:ahammar
Comment Utility
Thanks you two!
The customer could be anyone.  I just started a new web site that has utilities that I am writing.  I've only had it up for about 3 weeks and someone has already downloaded, hacked, and got the key code for at least 2 of them (and there's only 5) and have made them available online with the full version key for free on a different site.  They didn't have to change anything, just get the key that I had hard coded in that turned it into a full version, then make it available to the public.  Not really a very hard thing for someone to do.  So I came up with a different plan.  I am now having the trial versions (the ones on the site available for download) show the serial id number of the HDD in the "About" form.  Now if someone wants to purchase it, they have to send me that number, and I will send them a full version that will only run on that machine.
You already know what I'm talking about but something like this:
Sub Form_Load()
     get Hdd number here
     if hdd number <> "The number they sent me" then
     MsgBox "You have an invalid copy of this software.  Cannot continue."
     End
End Sub

But if someone can hack into and remove that section from the executable, that won't work either.  I know that will be a lot more difficult then just retrieving code (like getting the key like I had it before), but the question is, how much more.  How likeley is it that my idea will or will not work.  I know it's better in a lot of ways because anyone who wants to purchase it legitimately now will have to pay for each one they want on a different machine, but I just concerned about having the same thing happen as before.

What do you guys think?

0
 
LVL 8

Expert Comment

by:kaliyugkaarjun
Comment Utility
0
 
LVL 14

Assisted Solution

by:dlwyatt82
dlwyatt82 earned 60 total points
Comment Utility
It's extremely easy for anyone with a hex editor to read your string tables (basically, any string literal in your program, such as "This is my string", gets stored as text data in the executable file.  To some extent, this string can be modified or shortened by inserting a null character, but not grown, as that would disturb the offsets for the rest of the file.

So if your S/N checking is a simple as this:

If strSerial = "12345-67890" Then

then that serial number is in your compiled executable for the world to see, in some cases even without a hex editor.  Try opening an executable file with Notepad sometime, and you'll see what I mean.  There are bits of readable text scattered around the garbage, if the word boundaries happen to line up.

Though I don't have much experience with this (or with software protection in general), what you really want to do is write some sort of checksum algorithm for your serial numbers.  When your algorithm is applied to a "valid" S/N, it will always return the same value.  This will at least protect your valid serials from being easily readable, although anyone relatively skilled with a hex editor may be able to identify your validation function, and modify it so ANY serial is treated as a good one.

Welcome to the world of software piracy.  Just ask Microsoft how their efforts to prevent it are coming along...  :)
0
 
LVL 29

Expert Comment

by:nffvrxqgrcfqvvc
Comment Utility
ahammar  can you post a link to your application?
0
 
LVL 13

Expert Comment

by:Mark_FreeSoftware
Comment Utility
check his profile for his site
0
 
LVL 29

Expert Comment

by:nffvrxqgrcfqvvc
Comment Utility
Hello again, I took marks advice and decided to investigate myself. I hope this ok for you as I am only going to try to help you. I will not use your software personally.

So I decided to just try one of your programs. Which was the SetVol after some inspection I was able to find the serial number immediatley.

So I am confirming to you that your Serial number is exposed!!!


0
 
LVL 9

Expert Comment

by:justchat_1
Comment Utility
Theres a very easy fix...instead of saving the serial number as a string have a function programatically generate the serial number (the same one every time)

Someone will have to have alot more experience to reverse engineer that
0
 
LVL 13

Expert Comment

by:Mark_FreeSoftware
Comment Utility

>>Someone will have to have alot more experience to reverse engineer that
no

i tried "Explorer Paths"
and i have it register by modifying one byte
(found the serial one line above that, but that doesnt matter)
it now accepts every serial

now i want to test further, but i can't unregister it :(
0
 
LVL 9

Expert Comment

by:justchat_1
Comment Utility
If I come up with a function that generates a serial-you can reverse engineer it??

Lets say for example it uses the application name, maybe a few registry keys and hashes it all together...
0
 
LVL 23

Author Comment

by:ahammar
Comment Utility
Wow...thanks everyone!  I see it is not at all difficult to retrieve stuff from an executable is it...
I think I will take Mark's advice and try to learn how you guys are doing this and what goes on when someone does these things.  Where should I start?  Just download some kind of Hex editor somewhere (something I know nothing about or barely even what it is)?

I knew this would probably happen, but I didn't know it was that easy.

egl1044:
No, I don't mind at all.  It is helping me out a lot!  I want to learn how to do that now.  It's a touchy subject as they don't like us to ask very precise questions like that here, but I need to learn this for my own sake.

JustChat _1:
I'm curious about your idea's too.  I will investigate that further and see what and if anything else about it is mentioned here as long as this question is open.

Mark (and anyone else who is interested)
I have made an executable available on a page that will unregister all the apps I have there.  Just start it and click the button to the app you want to unregister, that's it.  I put it there due to Mark's comment that he wants to do more testing, but anyone is welcome to it.  Since my apps are so secure and impossible to crack...I figured it would be helpful....lol  It's not like you guys can't make them run all the time anyway...lol

I appreciate the help very much.  I think I'm pretty much stuck with some pirating, but I can learn how to keep it to a minimum.  
I'm still reviewing everything everyone has said so far.
Here's the link to that unregistering file:
http://www.hammarautomaters.com/tmp/unregpage.html
I probably won't leave it there very long...otherwise someone will be finding it too.......

I appreciate all the comments made here by everyone!

Is it still allowed here to post a question just to give someone points?

Thanks!
Cheers!
Albert
0
 
LVL 13

Expert Comment

by:Mark_FreeSoftware
Comment Utility

if it is not against policy i will give a few tips where to look (no links),

but i have to look into it if that is allowed on this site
0
 
LVL 9

Expert Comment

by:justchat_1
Comment Utility
I posted this serial test:
https://filedb.experts-exchange.com/incoming/ee-stuff/403-Serial-Test.zip

It contains four examples for including the serial code in the program...obviously the first one is an easy find but if you can tell me how hard it is to reverse engineer the other 3 serials then we should be able to find a solution thats safe enough...
0
 
LVL 29

Assisted Solution

by:nffvrxqgrcfqvvc
nffvrxqgrcfqvvc earned 65 total points
Comment Utility
ahammar, I hope this doen't in anyway offend you but we will help you come up with a better routine because It only took me 2 minutes to find out exactly how your application works. I fired up a current project im working on which reads NTFS journal records. Which basically tells me every file,stream,security change writing on an NTFS system. Specifically I did not test all the applications only the SetVolume trial. However based on your unrgister.exe file I know that for every program is the same type of registration where it creates files in the system32 directory and checks for a "Full Version" string. Another problem is your program crashes if those files are empty and you attempt to start up your application.

The main goal here is to re-write your routines A.S.A.P

'Upon first startup these files are created.
C:\Windows\System32\avdus.str - This holds the start data
C:\Windows\System32\avdustime.str - This seems to hold the trial duration allowed

'If your application reads "Full Version" it registered.
'Remove these files to un-register
C:\Windows\System32\avdus.str - This file is changed to "Full Version"
C:\Windows\System32\avdustime.str - This file is changed to "Full Version"

'And your serial number which was exposed in plaintext
0
 
LVL 23

Author Comment

by:ahammar
Comment Utility
egl1044:
That is correct.  Very good...or bad...depending on how you look at it.  Yeah, I just used simple text files to keep track of time and dates etc...  I just tried to put them where it would be hard to find without knowing where they were, or that they even existed.  I think that part is still good enough.  I am also using an encryption now to put in the times, and since it never will say full version anymore, (explained next) that part should be ok.  I can solve the problem of the full version key by not even having one like I mentioned yesterday.  Instead have the app only run if the hdd serial number that i hard code in matches the hdd serial of the persons machine it is on.  As I said before, the person would have to send me that number (which the trial version would retrieve), then I would send them a full version (or make it available online) with something like:
Sub Form_Load()
     get Hdd number here
     if hdd number <> "The number they sent me" then
     MsgBox "You have an invalid copy of this software.  Cannot continue."
     End
End Sub

That way there would be no key for anyone to retrieve (except the one that will only work on 1 machine) and each copy would only work on 1 machine because the number would be unique for that machine, and no other.  That doesn't solve the problem of being able to change or remove code though.  They could simply change the <> to an = and then it would work on every machine except 1.

But I still don't see how no matter what solution we might come up with here, how that will ever prevent the code from being changed or some deleted so that it will always run anyway (although no one here has said that they have done that yet, it appears that wouldn't be too difficult)...but I'm here with an open mind.  I am curious and hopeful.

Many Many thanks for helping me come up with ideas and showing me my weak spots.
Points will be well awarded.

Cheers!
Albert
0
 
LVL 9

Expert Comment

by:justchat_1
Comment Utility
Anyone take a look at what I posted??

"But I still don't see how no matter what solution we might come up with here, how that will ever prevent the code from being changed or some deleted so that it will always run anyway"
-Your missing something very important here...what they cracked was very very simple reverse engineering-they never had to look at any of your code and they never reverse engineered any of your code (Strings are stored as plain text and anyone can track system changes).  If you use a more complex method of storing a serial, it is very very difficult to steal.

try stealing the serial for example 3 or 4 in my sample program... its very very difficult (ill post the code if you want)
0
 
LVL 23

Author Comment

by:ahammar
Comment Utility
oops...I was wrong.  Mark did change it and make it work.  But like I said, I don't know how preventing code changes will ever be possible....unless I come up with a combination of code that cannot be changed to work without making it longer...since the code cannot be made longer according to Mark.


Thanks again!
Albert
0
 
LVL 23

Author Comment

by:ahammar
Comment Utility
justchat1:
yes, you are right.  They didn't have to do hardly anything to get that serial, and since now I know that text strings are very easy to retrieve, I also know you are right about storing the serial in a different manner.  Like you say, that will probably make it much more difficult to retrieve, so that might solve that problem, which actually is the only problem I've had so far.  What I am saying now though, no matter what method is used to store the serial, that's not gonna solve the problem of someone being able to change the code, like simply changing <> to = or something, although that would probably constitute as a different problem that there may be no solution to and I'll just have to live with that if thats the case.
Thanks for your info, and yes I might be interested in your code, but I think you were waiting to see how hard it would be for Mark to retrieve first.  That wouldn't be to difficult for him if you posted the code here.  I am interested in it though.  It may be an answer to this problem.  
No one has commented on my idea yet though...why wouldn't that work?  I wouldn't even have to worry about a serial.

Cheers!
Albert


0
 
LVL 9

Expert Comment

by:justchat_1
Comment Utility
It would be ok but once you start to sell more software it can alot of work to validate serials...also some users might want immediate access to the full version when they pay-otherwise it really is up to you

As far as =, <> and such its a little more complicated then that because once converted to assembly string handling becomes much more complex...and since its not possible to decompile the code they never should be able to make a simple change like that...(i think-ill wait for mark to tell me if im right on that or not)
0
 
LVL 1

Assisted Solution

by:RegProctor
RegProctor earned 125 total points
Comment Utility
There are experts on security just as there are hackers cracking it. You are better spending your time on your functionality than you are trying to prevent hacking. Anyone, including me, who has been involved in commercial software comes that conclusion at some point.

Here are some simple things you are can do and to think about that might help:

1. Put a checksum about your exe somewhere, most probably in several places on the computer so you can detect changes to it. Check that these places are not being changed. If you detect too much tampering kill your app so it's not there to hack anymore.

2. Leave your security simple, just a license code and don't worry about the hackers, focus on the customers that want to pay.

3. Partner with a security package such as Armadillo. They, and others like them, have the most up-to-date security and you don't need to be trying to keep up with hackers, let them do it for you. When I added Armadillo to one variation of my software (a requirement for one shareware site I was involved with) it was simply a wrapper that was put around my entire app. You can look at it as armor plating or a sheild that someone else has made for you.

4. Have auto-updates on your software, update your software frequently so that by the time a hacker cracks your code and publishes the crack, you have an update changing the version. Sell the frequent updates as a service/feature (perhaps as a subscription service) make it painless and perhaps optionally transparent to the user to have this happening.

5. Allow all your software to be cracked and have it spread for 6-12 months and then do an update that plugs the security hole so that it's "pay or nothing" for all those that were using it for free.

As you can see, the solution is not necessary a technical. You really need to approach this from a business point of view and ask some questions like: What is my time worth to spend on this issue?; What level of security is appropriate for the price of the software?; Is it better to let it be stolen for a while (in marketing you could call that a lost-leader which is a time-tested and very valid form of marketing)?; and so on.

I hope this help put the issue in perspective a little.

Reg
0
 
LVL 23

Author Comment

by:ahammar
Comment Utility
RegProctor:
yeah,  I agree.  I knew this would happen, but I didn't know how easily someone could retrieve a key code like that, especially the way I had it.  I do want to see what is finalized here, improve the way my app is licensed from what I learn here, and then take your advice and worry about the sales.  I know no matter what i do, there will be someone who can crack it if they want to bad enough, but I can make it better than it is now from what I've learned here (and hopefully will learn a little more yet).  Then I'll be able to improve my future apps from the get go and whatever hacking takes place after that (which should be a lot more minimal), I'll accept.  Thanks for your advice.  I think it was good advice, especially number 2.  I do want to get on with the sales.  I don't expect to make much, but it's something I like to do, and I want to see how good it turns out.

This was a very worthy question to have asked.  I have learned a lot here!  I'm mainly interested now in how to store a text string in a more secure format, and I think that will solve this question and I'll be on my merry way.

Thanks again everyone!


Cheers!
Albert
0
 
LVL 23

Author Comment

by:ahammar
Comment Utility
RegProctor:
Could you explain #1, just a little.  I'm not sure what you mean by that.
0
 
LVL 1

Expert Comment

by:RegProctor
Comment Utility
Checksum, more known among us oldies who programmed in assembler. Add up all the bytes but don't go over 255 so 255+3 (or 2^16 or whatever you want as an upper limit) becomes 2 (starting at 0). Every now and then you can add up all the bytes in your exe and if they don't add up to the same number as you have (checksum error) then you know someone has tampered with it, get 'em.

Look up Checksum on the net if you need more, it's been around forever.

0
 
LVL 1

Expert Comment

by:RegProctor
Comment Utility
As a side note, I don't know how far along you are in your business but if you want help on the sales and marketing, I am well connected in the software industry in that respect and can put you onto poeple to help if you would like.
0
 
LVL 9

Expert Comment

by:justchat_1
Comment Utility
you could aso take a hash of the exe but both methods provide ways of detecting file tampering...
0
 
LVL 9

Expert Comment

by:justchat_1
Comment Utility
Also, a checksum or hash is only as secure as the method u store it in...

We covered how easy it is to read plaintext strings-dont store a checksum or a hash in a string in your program-its too easy to change...
0
 
LVL 13

Expert Comment

by:Mark_FreeSoftware
Comment Utility
>>i think-ill wait for mark to tell me if im right on that or not

ok, i had the exams today of my drivers license, so i am a little bit delayed:

1 was plain text :D
3 was Chr()
2 was the strings abc and def added together, and then a bunch of calculations
i was too lazy to figure ;)
4 not really sure about this one, but you used the string CRCJustinSoft Custom Creations,
and performed a few calculations on it (looped trough every char etc)
created this string: 2F75DC356D157A7EB06C57E18A036E58
lcase of it, and the left 10 chars


am i right?  ;-)
0
 
LVL 9

Expert Comment

by:justchat_1
Comment Utility
lol 1, 2 & 3 all right-and those calculations were an MD5 hash...
number four was the exe name and the software creator-"Serial TestJustinSoft Custom Creations", but yes the left 10 characters of it is an md5 hash.
Impressive-you do that looking at the dll calls?

Btw...I think something important came up-mark didnt want to waste the time finding out what the functions were and thats the goal.  Obviously theres no such thing as hacker proof but the goal is to make it hard enough that most users cant crack it.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 23

Author Comment

by:ahammar
Comment Utility
So which is better...2 or 4.  I'm thinking if I were to use #4 and maybe Lcase left & mid & right that's about as good as I am going to get.  I don't know what a hash is though. I probably should get your code now justchat 1 (unless someone still thinks they have a better answer) and then take RegProctor's advice and get on with it.  There's really not much more I can do I don't think.  If you guys don't think I can improve this any more than by using what I have learned here and maybe using justchat 1's code to help me store the key, then I probaby should close this question and start awarding points...
Mark:
I downloaded a couple Hex editors, but it appears I'd have to take about a 100 years to figure out what that mess all means....lol

Ps...I'm not much of a bragger, but I just gotta mention this:  Steve Bass from PC World listed one of my apps with the link to my page (Caps Lock Timer).  I've had a lot of people download it today.  I'm very surprised.  It's the only one that's free...but maybe that's why he promoted it.  Here's the link:
http://blogs.pcworld.com/tipsandtweaks/

Anyway...thanks everyone!

Cheers!
Albert
0
 
LVL 9

Accepted Solution

by:
justchat_1 earned 125 total points
Comment Utility
Congratulations...you should consider a nice program icon now too

You need to use the md5 class from here;
http://wwwendt.de/tech/md5/index.html

And here is my simple code (took less then a min):
Dim md5test As MD5
Private Sub Form_Load()
    Set md5test = New MD5
    Label1.Caption = Label1.Caption & "Easy to crack"
    Label3.Caption = Label3.Caption & Chr(90) & Chr(85) & Chr(83) & Chr(88)
    Label2.Caption = Label2.Caption & LCase(md5test.DigestStrToHexStr("abc" & "def"))
    Label4.Caption = Label4.Caption & generate()
End Sub

Private Function generate() As String
    generate = left(LCase(md5test.DigestStrToHexStr(App.EXEName & App.CompanyName)),10)
End Function
0
 
LVL 9

Expert Comment

by:justchat_1
Comment Utility
Example 2 and 4 are label2 and label4 both using a very similar method (an md5 hash)
0
 
LVL 13

Assisted Solution

by:Mark_FreeSoftware
Mark_FreeSoftware earned 125 total points
Comment Utility
>>lol 1, 2 & 3 all right-and those calculations were an MD5 hash...
>>number four was the exe name and the software creator-"Serial TestJustinSoft Custom Creations", but yes the left 10 characters of it is an md5 hash.
>>Impressive-you do that looking at the dll calls?

i use different tools, of which one is OllyDbg (a ring 3 debugger) very usefull!


>>Btw...I think something important came up-mark didnt want to waste the time finding out what the functions were and thats the goal.  Obviously theres no >>such thing as hacker proof but the goal is to make it hard enough that most users cant crack it.

yeah, as long as it is implemented right
i saw a protection once, that had a very hard algoritme
but then, after really much calculations, there was a simple comparison

if calculatedserial = userserial then
msgbox "thanks for registering"
'register code section
else
msgbox "wrong code"
end if

only thing to do was to change this to

if calculatedserial = userserial then
nothing
end if

msgbox "thanks for registering"
'register code section
exit sub
msgbox "wrong code"



the protection is as strong as the weakest link!
make sure to implement it right, so it doesnt just use one check to make sure the serial is correct
0
 
LVL 9

Expert Comment

by:justchat_1
Comment Utility
Yea thats the same software I used to check it...

Good Point about the implementation
0
 
LVL 1

Expert Comment

by:RegProctor
Comment Utility
MD5 hash is good from the point of encription but it's a falicy to think that encription of your string is important in this type of security.

Let's get back to basics, someone is looking through your code, instruction by instruction watchnig it execute, where ever your code reads the string the hacker only needs to see that part of the code so any sort of encription or lack thereof is, in my opinion, almost entirely irrellevant.

If you really want to pursue some anti-theft techniques what you need to do is research how to fool the decompilers and disassemblers. The next thing you need to do is get real clever about your checking of tampering so that your "checking" is not easily detected and neutralized by a simple jump being placed in your code. Remember no matter how clever your get--on a machine level--at some point there is one instruction of perhaps only 2-64 bytes long where your testing and then jump to one memory location or another (the result of an "if" statement in higher level languages) and all the cracker has to do is find that point, bypass all your cleverness, and return the right result or jump to the right memory location--and his job is done.

This is why I personally couldn't care less whether something is checksum, md4, md5 or md999--use whatever is the easiest and quickest to implement in your language. It's not the encription that will protect you, it's how well you keep all your techniques for detecting them and trapping them hidden so they don't just neutralize that piece of the code-that's really about all that counts.

If you really want to pursue this path yourself (I wouldn't), remember, "stealth" is your greatest ally. Learn about decompilers and how to mess them up. Even disassemblers you can mess up at critical ponts (I have when I cared about this stuff) but it takes some time to work it out.

Good Luck!
0
 
LVL 1

Expert Comment

by:RegProctor
Comment Utility

Also, please note, I have deliberately NOT giving specfic programming techniques for fighting bad guys (just concept). That is not information I feel would be approprate to make available on the web for all the "bad guys" to read and immune themselves to.
0
 
LVL 1

Expert Comment

by:RegProctor
Comment Utility
Sorry to be a bug again but I just saw that you downloaded hex editors--that's the wrong tool.

What you want are dissaemblers, assemblers and a decompiler for your language (from memory BlackIce has something to do with these).  Even I don't translate hex code to machine instructions in my head and I've been doing this for over 20 years--the assembler will do that for you and you'll see something that starts to look like code to you--although mnemonics for machine code is a very different language to look at than say C or VB.

Think of your program as being written with only numbers, no procedure names, variable names, nothing. That's about what you will get from these reverse engineerng tools since the naming information is usually stripped out during compilation (you can optionally leave it in in some compilers (compile /DEBUG MyProgram) but that only makes it easier for crackers).

Here's something typical in assembly language:

CMP EAX,[DS:002387AC00230089]   ; Compare EAX to an absolute memory location in the Data Segement
JNZ [1A87]                                     ; Jump if not zero (always jumps within the code segement
                                                     ; (CS) so jump can be relative 8 or 16 bit address instead of 32 or 64 bit)
RET                                               ; Return

I just made this up but you can see that it looks like code structure although rather different to what you are used to reading. This is mnemonics representing the language of the machine and is one tool that cracker and hacker have at their disposal.
0
 
LVL 9

Expert Comment

by:justchat_1
Comment Utility
The idea is to make it hard for a cracker to detect (not impossible)...identifying many operations as md5 is relativly easy for an experienced cracker but were not talking about multi-million dollar software were talking about an independednt software developer protectig his code from wannabe crackers...
0
 
LVL 1

Expert Comment

by:RegProctor
Comment Utility
I'm sorry about this but I don't think you quite get it. A cracker doesn't have to detect an md5 or even know what md5 it is to crack your code.  All as they have to detect is a routing whereby return of "something" let's things work right and returning of "something else" flags a problem. Then make sure that that routing always returns "something" and not "something else". It really doesn't matter whether there is md5 being used in the routine, only that the decision logic is bypassed and instead the right result is always returned.

Like I said, it comes down to your routines that detect them being hard for them to find and therefore foil. You don't have to learn assembly to do that. Some basic stuff you can do:

1. Do not have all your security be relied upon one routine.
2. If your compiler will allow, have your security when called be compiled as "in-line" code instead of a called routine.
3. Have at least one routine that triggers "now and then" not every time the code is run, perhaps once every hour or on every odd day (1st, 3rd etc.).

Any combination of those three alone don't require you to learn anything new, doesn't require million dollar budget software to justify doing, and will certainly beef up your security many many fold over not doing them.

I'll give you some advanced techniques (but only off-line) if you wish and they won't be any harder to implement than the above (reg@capiogroup.com).
0
 
LVL 9

Expert Comment

by:justchat_1
Comment Utility
Btw im not the author-just clarifying....

This has come long way-originally the serials were plain text strings you could extract with a hex editor...we tried to move it up to a level that will require some decompiling experience to crack.  Those are all great suggestions for ahammar...as good as our algorithm is to create the serial-its as strong as the weakest link:
  1. make sure the serial cant be viewed with plain text
  2. use multiple inplementations to check the serial and do it in a way so it can not be "jumped" over
  3. You can also use checksums or hashes to detect tampering to your file - in addition to the other methods used above
  4. If your program detects any inconsistancies just have it unload-no tolerance hacking policy
  5. Some programs also use a kill key (if tampering is done too many times hide a registry key that will prevent your program from loading even if it is uninstalled and reinstalled)
  6. plenty more ideas that together create better security-either post for more info or im sure RegProctor would be happy to help
0
 
LVL 1

Expert Comment

by:RegProctor
Comment Utility
Hi justchat, great summary.
0
 
LVL 23

Author Comment

by:ahammar
Comment Utility
Hi everyone!
I guess I'm gonna have to use my next free 3-day, 2-night free stay vacation trying to figure out how to give points for this question........lol

You guys all did such a great job, what I want to do is accept JustChat1's comment with the code he offered and the md5 link as an answer...then post a seperate questions for Mark and RegProctor for 500 points, and questions for 300 points for egl1044 and dlwyat82 for their tests and confirmations.

Thanks for your efforts too kaliyugkaarjun, but I couldn't really find out much from those links, but I still appreciate your comment!

Hey...I only spent 1 day of my vacation figuring that out.....lol

So, I can still give points that way here...right??

Cheers!
Albert
0
 
LVL 13

Expert Comment

by:Mark_FreeSoftware
Comment Utility

i don't think that is allowed,
think you should split the points
0
 
LVL 23

Author Comment

by:ahammar
Comment Utility
:-(....oh...is there any other way.  This question was worth WAY more to me that.
0
 
LVL 1

Expert Comment

by:RegProctor
Comment Utility
I've seen people split points all the time. The others are marked as "Assisted Answer"
0
 
LVL 23

Author Comment

by:ahammar
Comment Utility
Yeah, I know I can split the points, but that is not enough points for this question for each person by the time I split them up....I mean that, it really isn't.  But if that's my only choice, then I will figure it out tomorrow.

Thanks again everyone!
0
 
LVL 13

Expert Comment

by:Mark_FreeSoftware
Comment Utility

>>:-(....oh...is there any other way.  This question was worth WAY more to me that.

i don't care, because it was fun discussing here!
0
 
LVL 9

Expert Comment

by:justchat_1
Comment Utility
Yea and I learned something while answering a question...thanks mark and RegProctor
0
 
LVL 23

Author Comment

by:ahammar
Comment Utility
Ok, I guess this and a BIG THANK YOU
0
 
LVL 23

Author Comment

by:ahammar
Comment Utility
Ok, splitting the points and a BIG THANK YOU is the best I can do!  I learned a lot here.  You guys are great!

Cheers!
ahammar
0
 
LVL 13

Expert Comment

by:Mark_FreeSoftware
Comment Utility

thanks you for the points, and happy coding,

and thanks to the others (including but not limited to  :P  )  justchat_1, egl1044 and RegProctor for the great discussion!
0
 
LVL 23

Author Comment

by:ahammar
Comment Utility
He everybody. I know this question is over with, but in case anyone is interested in seeing how hard it would be to make my latest app into a full version, here is a link to the executable that you can try and crack.  I'm sure you can probably do it, but if you try it, i just want to know how hard it was.

http://hammarautomaters.com/tmp/Testapp.html

This is just if you want to try it and see if you can or how hard it is.

Cheers!
ahammar
0
 
LVL 13

Expert Comment

by:Mark_FreeSoftware
Comment Utility

i noticed this "flaws":

you mistyped disable (you typed dissable)

you didnt properly unload your form,
because the second time i run it, i clicked the "nag" screen and it disapeared
then i waited a short time, and clicked on about
the form displayed, and was hidden after a second or 2

when the form has no focus, and you are typing in another window (like i do now)
the form gets focus every now and then (5 or ten seconds?)

the changed password should be typed twice to make sure it is not misspelled


and the protection is better like this,
i tried for half an hour, but i could not get further than disabling the time checks, so it would always run
i wasnt able to remove the nag screen
0
 
LVL 23

Author Comment

by:ahammar
Comment Utility
lol...I did spell Disable wrong didn't I.  I found and fixed my unloading problem.  I think part of the problem with tthe form getting focus will be fixed now too because of the timer on the nag form. But I'll check into that more.  I haven't tried doing anything else while this program was running yet.

I feel better now.  It will be much more difficult for someone to make this available as a full version.
just to make sure I understand you right...You was able to disable the time checks and make it always run..right?

Thanks Mark!
ahammar
0
 
LVL 13

Expert Comment

by:Mark_FreeSoftware
Comment Utility

>>just to make sure I understand you right...You was able to disable the time checks and make it always run..right?
yes

but everytime the nag did appear
0
 
LVL 23

Author Comment

by:ahammar
Comment Utility
Mark:
previously you posted this:

***********
text can be changed

if blnRegistered = true then Sub1()
can be changed so it always executes Sub1 or it executes never Sub1

just remove some code
*****************

Is that what you did in the last app of mine you tested and made run all the time? and if so would CheckSum be a good way to solve that problem? or do you have a different suggestion?

Thanks!
Albert
0
 
LVL 13

Expert Comment

by:Mark_FreeSoftware
Comment Utility
>>can be changed so it always executes Sub1 or it executes never Sub1

this is what i did


and i found it, just by looking at the nags


if it says trial expired, i'm gonna search for that text, and change the compare above it
it would be a good practice to encrypt the string in your program,
so it isnt clear which string is what
0
 
LVL 23

Author Comment

by:ahammar
Comment Utility
ahhh....I see  Ok thank you!
0
 
LVL 29

Expert Comment

by:nffvrxqgrcfqvvc
Comment Utility
If your going to use files to hold information, and you want to make it harder for someone then you could try and work with some file streams. Below example I created will basically create a zero byte file on disk. However there is a stream of data in that file that can be read. This sort of adds security to a file rather than display something in plain text. This might be of use to you in the future. Don't get me wrong but a typical user wouldn't have much knowledge about this type of file. However a programmer can use FindFirstStream and FindNextStream to find streams, but this is besides the point.

'Copy paste to form1
'Add 1 commandbutton

Option Explicit

Private Declare Function CreateFile Lib "kernel32" Alias "CreateFileA" (ByVal lpFileName As String, ByVal dwDesiredAccess As Long, ByVal dwShareMode As Long, ByVal lpSecurityAttributes As Any, ByVal dwCreationDisposition As Long, ByVal dwFlagsAndAttributes As Long, ByVal hTemplateFile As Long) As Long
Private Declare Function WriteFile Lib "kernel32" (ByVal hFile As Long, ByVal lpBuffer As String, ByVal nNumberOfBytesToWrite As Long, lpNumberOfBytesWritten As Long, ByVal lpOverlapped As Any) As Long
Private Declare Function ReadFile Lib "kernel32" (ByVal hFile As Long, ByVal lpBuffer As String, ByVal nNumberOfBytesToRead As Long, lpNumberOfBytesRead As Long, ByVal lpOverlapped As Any) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long

Private Const GENERIC_WRITE = &H40000000
Private Const GENERIC_READ = &H80000000
Private Const FILE_SHARE_WRITE = &H2
Private Const FILE_SHARE_READ = &H1
Private Const OPEN_ALWAYS = 4

    Dim hStream     As Long
    Dim MyStream    As String
   
Public Sub WriteStream(egFileName As String, StreamID As String, StreamWrite As String)

    Dim dwRet       As Long
   
    hStream = CreateFile(egFileName & StreamID, _
           GENERIC_WRITE, _
           FILE_SHARE_WRITE, _
           0&, _
           OPEN_ALWAYS, _
           0&, _
           0&)
   
    Call WriteFile(hStream, StreamWrite, Len(StreamWrite), dwRet&, 0&)
    CloseHandle hStream
   
End Sub

Public Sub ReadStream(egFileName As String, StreamID As String, StreamBytesToRead As Long)
   
    Dim cbRead      As Long
   
    hStream = CreateFile(egFileName & StreamID, _
           GENERIC_READ, _
           FILE_SHARE_READ, _
           0&, _
           OPEN_ALWAYS, _
           0&, _
           0&)
    MyStream = Space$(StreamBytesToRead)
    Call ReadFile(hStream, ByVal MyStream, StreamBytesToRead, cbRead, 0&)
    CloseHandle hStream
   
    Debug.Print MyStream
   
End Sub

Private Sub Command1_Click()
   ReadStream "d:\test.txt", ":hammer", 12
End Sub

Private Sub Form_Load()
    WriteStream "d:\test.txt", ":hammer", "Full Version"
End Sub


0
 
LVL 13

Expert Comment

by:Mark_FreeSoftware
Comment Utility

yeah, but the filesystem needs to be ntfs
0
 
LVL 29

Expert Comment

by:nffvrxqgrcfqvvc
Comment Utility
There is no security on FAT partition. This would add more security if the partition is NTFS
0
 
LVL 9

Expert Comment

by:justchat_1
Comment Utility
Are there any other ways to encrypt a file...like changeing security permissions so that only his program can access the file?
0
 
LVL 23

Author Comment

by:ahammar
Comment Utility
Oh man....here we go again.....lol

Actually, I think I got it to where it would be very difficult to crack now.  I have all the text so messed up (or atleast the part I'm not using to fool the cracker) that it's hard for me to follow.  I whipped up another quick app to encrypt text that I am encrypting all text with, put it in my application that way, then put the decrypter function in my application to decrypt it with.   hope I don't ever have to change anything....lol.  I've got some text in there to fool the cracker and if he changes the wrong thing, or alters or deletes the reg files, then an entry is made deep in the registry (which that path and keyname is also encrypted) that will not allow the program to run after that without further changing of the app.  I thought about even putting a message in there that said something like: Enjoy your new virus.....not really.
It's not fool proof, but it's much better than it was, and will be difficult to crack now I think.
At least they will have to work for it now...

Thanks again everyone!
Cheers!
Albert
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Introduction In a recent article (http://www.experts-exchange.com/A_7811-A-Better-Concatenate-Function.html) for the Excel community, I showed an improved version of the Excel Concatenate() function.  While writing that article I realized that no o…
If you need to start windows update installation remotely or as a scheduled task you will find this very helpful.
Get people started with the process of using Access VBA to control Outlook using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Microsoft Outlook. Using automation, an Access applic…
This lesson covers basic error handling code in Microsoft Excel using VBA. This is the first lesson in a 3-part series that uses code to loop through an Excel spreadsheet in VBA and then fix errors, taking advantage of error handling code. This l…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now