hey guys I was thinking and thought maybe if I got the program to run once then change its password this would be a good protection scheme. Like for example, the person runs the program, and if he puts the right password in, it places a registry key in his/her registry and then he is able to run the program as many times as he wants but after he puts in the right reg key, it changes so if he tries to make a keygen for it/give out the key it wont work because the key will be different for each program (this is a small distributed program and only want a few peopletouse it so I will just make a seperate key for each person but like they say, you cant trust anyone these days lol). How would I make the program modify itself to change the key? thx.

RIF
Posted on 2002-08-05 21:06:11 by resistance_is_futile
Evilz crackerz will patch the program... (the old "bad boy -> good boy" method)
Imho, it is not a solution that will prevent cracking...
If it is distributed to few people, mark each executable with a different signature ID for each guy/customer... if you find it in some websites freely, you can check for the signature and know from who diffused it... (and then, stopping distributing software to this person, and eventually contact your lawyer).

If you make an external program that modify your main program and put encrypted information (Company, name, etc) in unused room (padding, or anything else), theres many chances it will be unnoticed and by decrypting the fields with your external program, you will be able to know to whom it belongs... (the name, compagny, will appear).

That is heavy and doesn't prevent illegal diffusions, but you can know who diffuse your software and do something about that...
Posted on 2002-08-06 00:53:29 by JCP
the user can create a copy of your program before installation and before entering the reg. key. Its' still not a good idea.

If you really want this form of protection you better be the one to install the program(personally).
Posted on 2002-08-06 01:04:03 by stryker
lol u guys are so smart its crazy. I would have never thought of copying it before they started the program up! I still need to add a protection scheme of some kind though. Any suggestions. Examples are great because I still dont get the whole crc thing. Protection schemes arent my thing. :mad:
Posted on 2002-08-06 01:17:50 by resistance_is_futile
Here's a very simple one. I'm too tired to give an example but this one will show you a very weak name-regcode thingy.

1. Create 2 edit boxes(1 for the name, 1 for the reg code) and 1 button
2. Think of a string. E.G. stryker.
3. Find the CRC of the string "stryker"
4. Store this CRC value on the data segment or anywhere you wanted it to...
5. This string "stryker" is the name of the customer which is to be typed in the first edit box. The CRC value is the one to be typed in the second edit box.

Now onto the main event...

6. When the user clicks the button, get the text on the first edit control
7. CRC this string
8. compare this CRC value and the regcode entered on the second edit box and the CRC value personally embedded on the application.

...

I'm sure you can handle from here. Search for CRC on this board, there's a lot. I have a sample code here http://www.asmcommunity.net/board/index.php?topic=6270&perpage=15&highlight=CRC&pagenumber=2

For me, I don't see anything wrong with name-regcode or serial number protection because I know it will be cr*cked. Why put much time on protections if I knew it will be cracked? Just make sure your app can stop "newbies" from cr*cking it.

Remember, most computer users aren't aware cr*cks, serials exists. So, don't worry too much.

A stable, optimized, fast program with many awesome features is the best protection of your investments. ;)

There's still a lot of things I could say, but I'm really really really too tired right now. :)
Posted on 2002-08-06 01:46:31 by stryker
okay I downloaded your example. the crc32 one and its helped a lot. I think I will go with crc32 but a little twist will be added :D.
Posted on 2002-08-06 16:28:42 by resistance_is_futile
hey guys having a bit of trouble with crc heh.. okay first in your example stryker, you use .686 mode. I was wondering can I use .386 instead and if so how would i get the .ash to compile right? this is an error i get when I try to get it to work in .386:

Assembling: register.asm
crc32.ash(21) : error A2085: instruction or register not accepted in current CPU mode
crc32.ash(58) : error A2189: invalid combination with segment alignment : 8
register.asm(91) : fatal error A1010: unmatched block nesting : .if-.repeat-.while

Make error(s) occured.

Also when I change to .686 in RADASM it compiles right but then the system becomes unstable (errors pop up) and the program closes right away. This is the code I think is causing problems when I try to run it in .686 mode:


.if wParam==1002
invoke GetDlgItemText,hWin,IDC_EDT1,addr nm,20
invoke lstrlen,OFFSET nm
invoke crc32,OFFSET nm,eax
invoke GetDlgItemText,hWin,IDC_EDT3,addr ket,100

cmp ket,eax
je good
jne bad
.endif
good:
invoke MessageBox,hWin,goodtxt,goodcap,MB_OK
bad:
invoke MessageBox,hWin,badtxt,badcap,MB_OK



The nm buffer is where the name is stored then "crc"ed and ket is where the key is stored. Then it compares the "crc"ed key with the key the user put in and if they are equal it jumps to good and if not it jumps to bad. Then it displays a message box depending on the situation but like i said, this isnt working right..someone help pls. Thx.

RIF
Posted on 2002-08-06 18:28:02 by resistance_is_futile
The CRC algorithm created by Nexo uses the cmov?? instruction. It's only accepted in .686 mode.

Try this if it works.
.if wParam==1002

invoke GetDlgItemText,hWin,IDC_EDT1,addr nm,20
invoke lstrlen,OFFSET nm
invoke crc32,OFFSET nm,eax
invoke GetDlgItemText,hWin,IDC_EDT3,addr ket,100

cmp ket,eax
je good
invoke MessageBox,hWin,badtxt,badcap,MB_OK
jmp @F

good:
invoke MessageBox,hWin,goodtxt,goodcap,MB_OK
@@:

.endif
Anyway the code is still wrong since your getting the text on IDC_EDT3 use GetDlgItemInt instead or convert the text into a dword value using atodw. Your also not saving the crc value. Do something like this

- CRC
- Save the value to a variable or push/pop
- Get the int value on IDC_EDT3
- compare the CRC, int value on IDC_EDT3, ...

CRC value returned in EAX by the crc32 procedure will be destroyed by GetDlgItemText or GetDlgItemInt.

I assume IDC_EDT3 is the registration code edit control??
Posted on 2002-08-06 18:39:20 by stryker
Yes the IDC_EDT3 is the edit control for the registration key..Also IDC_EDT1 is the name control. The coee you posted worked for the most part but when I push register I get another error lol. What is the difference between GetDlgItemInt and the other? I mean I know GetDlgItemInt will change it to an integer value but then it wont work right will it? Would this work if I did my code like this:


.if eax==WM_INITDIALOG
push hWin
pop hWnd
.elseif eax==WM_COMMAND
mov eax,wParam
and eax,0FFFFh
.elseif wParam==1002
invoke GetDlgItemInt,hWin,IDC_EDT1,NULL,FALSE
mov nm,eax
invoke GetDlgItemInt,hWin,IDC_EDT3,NULL,FALSE
mov ket,eax
invoke lstrlen,OFFSET nm
invoke crc32,OFFSET nm,eax

cmp ket,eax
je good
invoke MessageBox,hWin,badtxt,badcap,MB_OK
jmp @F
good:
invoke MessageBox,hWin,goodtxt,goodcap,MB_OK
@@:

.endif


I tried it and it doesnt say anything when I enter the name and reg key and push the button. Like when i enter both correctly and push register, it does not display any type of messages same for wrong key and name and no key and name... :mad:
Posted on 2002-08-06 19:42:18 by resistance_is_futile
.elseif eax==WM_COMMAND

mov eax,wParam
.IF ax==ButtonID
shr eax,16
.IF ax==BN_CLICKED
invoke GetDlgItemText, hWin, IDC_EDT1, offset nm, sizeof nm
invoke lstrlen, OFFSET nm
invoke crc32, OFFSET nm,eax
push eax
invoke GetDlgItemInt, hWin, IDC_EDT3, OFFSET lpTranslated, FALSE
pop edx
.IF(edx == eax)
;Good
;Additional Comparisons here.
.ELSE
;Bad
.ENDIF
.ENDIF
.ENDIF
.else
;DefWindowProc
.endif


- Get the string with GetDlgItemText
- Find the CRC value of this string
- push this value
- Get the value with GetDlgItemInt
- pop a value from the stack into edx
- compare if the CRC value of the name entered is the same as the registration code
- ...


Please refer to PSDK or MSDN so you will not be confused as to what API I should use and what kind of parameters should I pass.



If you want an example I can give you one. But if you prefer to learn it... ;)
Posted on 2002-08-06 20:05:54 by stryker
Yes I would prefer to learn it but like most people I learn better by example. But I dont want it to be handed to me..
Posted on 2002-08-06 20:37:45 by resistance_is_futile
Well I have tried pretty much everything so I guess Im going to quit on it because I dont know what else to do to get it to work. Thx for all the help guys.
Posted on 2002-08-06 20:58:15 by resistance_is_futile
I didn't use CRC since it's so widely use. Instead I use my own hasher.

Name: stryker
Registration Code: 16777202

And before the mods or any guest who will be alarmed by the name and registration code I just listed. The zipped file is not a tut on cr*cking nor is it a commercial software. The attached zipped file is a program I created to give an example of how a basic registration protection is done. Of course the approach I have here is very weak and should not be used on any other means aside from being an example. :)

P.S. There are no fancy shwansy code/features but just a simple getstring-hash-compare

Hey!!! look at my post count 1001 :)
Posted on 2002-08-06 22:16:18 by stryker
hey i got it working finally!!!!!!!!!!!!!!!!! With a little help from a messagebox after each step in the program I figured out what the problem was. Here is my final code. I threw in some extra things to confuse the cr*cker a little bit but doubt it would too much. I just add to the key and subtract from it:




.IF wParam==1002
invoke GetDlgItemText, hWin, IDC_EDT1, offset g_dbBuffer, sizeof g_dbBuffer

invoke MessageBox,hWin,addr ok,addr ok,MB_OK

invoke GetDlgItemInt,hWin,IDC_EDT3,offset g_lpTranslated,FALSE

invoke MessageBox,hWin,addr ok,addr ok,MB_OK

invoke lstrlen, OFFSET g_dbBuffer

invoke MessageBox,hWin,addr ok,addr ok,MB_OK

invoke crc32, OFFSET g_dbBuffer,eax

invoke MessageBox,hWin,addr ok,addr ok,MB_OK
add eax,956874599
sub eax,8
add eax,20
add eax,956874599
add eax,956874599
invoke MessageBox,hWin,addr ok,addr ok,MB_OK

.if eax==g_lpTranslated
invoke MessageBox,0,addr goodtxt,addr goodcap,MB_OK
.else
invoke MessageBox,0,addr badtxt,addr badcap,MB_OK

.endif

invoke MessageBox,hWin,addr ok,addr ok,MB_OK




.endif







As you can see I used a lot of messageboxes to debug the program lol and it helped a lot..Also I used SOME things from your example program stryker I hope you dont mind. It helped me but what helped me most was experimenting with the diff ways to set up the program and your very first example (the crc32 one that u gave me a link to the board it was on).Thx again for everyones help. It really helped.
Posted on 2002-08-06 23:56:01 by resistance_is_futile

As you can see I used a lot of messageboxes to debug the program lol and it helped a lot

Get yourself a debugger...
Posted on 2002-08-07 03:29:44 by f0dder