[lena151]

Over at ARTeam, I made this poll but I'm also interested in your opinion here. So, the question is the following: I read recently that anything and everything is crackable, and this even within a "reasonable" (1 month) amount of time. Yeah, we all read already somewhere that "if it runs, it can be cracked" and more of the likes, but is this really true? Let's see what you think ...

BTW, I'm not questioning the theoretical question. Of course -theoretically- there is a way to circumvent any protection. The question is meant as "Can the skilled coder implement so many twists and turns in his program that it becomes so hard and difficult that it is never/ever defeatable?"

And I'm not talking about packers/protectors who are indeed always crackable because those need an automated way to pack/protect which can always be reconstructed.

So, if you haven't voted on ARTeam board, let's see what you think ...

Regards,
lena151.
PS I voted for #1

This post has been edited by lena151: 11 June 2007 - 01:56 PM

[ghandi]

Just MHO, but i believe that theoretically everything is crackable. But, keeping with the theme of the poll, i don't think that everything is crackable within a reasonable time.

Think like this:

Developer A uses RSA 128 bit keys = broken in a very short time...

Developer B however, uses RSA 2048 bit keys & ECC, and uses these keys not only to test registration status, but to also decrypt code, implemented securely enough that there aren't any quick fixes... No key == no decrypt.

This second developer, while stil vulnerable to bruteforce, will not have their product cracked in this lifetime... At least not publicly, using 2048 bit RSA, etc... The only way this will be 'cracked' is using a leaked key, then (to me) it is no longer cracking the software. That last bit is open to interpretation too, it depends on your definition of cracking.

Elliptical Curve Cryptography - Key Sizes

Quote

The hardest ECC scheme (publicly) broken to date had a 109-bit key (that is about 55 bits of security). For the prime field case, it was broken near the beginning of 2003 using over 10,000 Pentium class PCs running continuously for over 540 days (see [2]). For the binary field case, it was broken in April 2004 using 2600 computers for 17 months (see [3]).

Imagine using a 512 bit ECC scheme with a complimentary RSA and then signing the whole key once again with another private key... The only thing that stops the dev's from using such things are the overhead to run the whole shebang. Too damn slow,

HR,
Ghandi

This post has been edited by ghandi: 26 December 2008 - 02:18 PM

[Formingus]

I will tell something that i read from one good Programmer and Cracker
When hi was asked does exist uncrackable SW or which SW is the best to protect my SW

hi answer:

That kind of SW don't exist anything is crackable 100%, programmers make reclamation for their SW just for business to sale their products like Armadillo,As Pack etc. (How can they protect our SW when they can't protect itself (All SW that protect other SW are Cracked))

That was hi say

My opinion

As i see u have gr8 talent on this kind of profession but don't forget there are cracked allot of expensive Sw, Hardware (Like P-Key,Smart Cards,even at last was Cracked Visa, Master, Pay Pal chip) so about Crack Me maybe some good Crackers just don't want to put in hand.
Personal i can't but other can't 100%
No offense pls like u say u want our opinion hear is mine

Regards Formingus

This post has been edited by Loki: 26 December 2008 - 04:58 PM
Reason for edit: Removed the weird ass formatting :|

[Formingus]

And what about this Forum

anyone hear 2 crack ti ?

This post has been edited by Formingus: 26 December 2008 - 05:19 PM

[Hyperlisk]

Forum software gets nulled(Read: cracked) all the time...

This post has been edited by Hyperlisk: 14 January 2009 - 12:58 AM

[aztecx]

I have a question. In comparison how hard do you think protections such as securerom are against things such as themida?

[quosego]

Personally I'd put securom above themida. Though both can be fully rebuild and securom is actually more often than themida, I'd still say securom has more things you need to grasp before doing an succefull unpack.

However once you've got your securom dump running properly that's it.. If you got Themida unpacked properly you still need to crack it. Though that ususally entails less than getting your securom dump running properly.

Opinions may differ, I've done a lot more work on Themida than securom.

This post has been edited by quosego: 03 February 2009 - 11:37 PM

[Loveless]

Depends on what Securom features are used quosego. Some come with triggers in the game code, as well as an SDK. Then you gotta hunt them down, debugging the game as you go along to see why what where screws up... a lot more difficult than cracking an app imo.

[quosego]

Yups indeed, cracking an Themida unpack is usually easier than hunting for triggers.

[Slashmolder]

Everything is crackable. If it wasn't then why is it every single large commercial application has been cracked? Wouldn't companies be able to stop people already if it was uncrackable?

[aztecx]

Slashmolder, on Feb 16 2009, 05:22 PM, said:

Everything is crackable. If it wasn't then why is it every single large commercial application has been cracked? Wouldn't companies be able to stop people already if it was uncrackable?

If they released something that was uncrackable they would basically halt their income completely.

Everytime their protection gets cracked they are able to release new and updated versions of it which keep people buying their product.

[SrTango]

Ouch, I read the first post after voting :S
Anyway if the thing is humanly possible then I would say that there some stuff can not be cracked.

As a matter of fact I think that operating systems would be impossible to crack if the company behind it really wanted to.
Just think about it
How many .exe's or how many dlls windows comes with? If MS really wanted to protect their OS instead of taking advantage of piracy to standardize their platform they could easily do it.
Is not that the protection would be uncrackable in itself but that it would be humanly impossible to check every single file in a reasonable time. Even if people can try to heuristically find files with the protection on them nothing prevents ms from using different encryption schemes or keys to avoid that kind of analysis.
I mean just think about the frustration of finding the protection on any given file just to find out a couple of days later that the protection is still there in another file.
Not to mention service packs, automatic updates (even tho they can be turned off)
The problem wouldn't be the protection in itself but the number of places where you can hide it.

Slashmolder, on Feb 16 2009, 04:22 AM, said:

Everything is crackable. If it wasn't then why is it every single large commercial application has been cracked? Wouldn't companies be able to stop people already if it was uncrackable?

Nope, that is somewhat naive.
Most companies, at least most big companies NEEDS piracy. Not only they need it, they WANT it.
They use piracy to standardize their products and then charge the people that can not copy the software.
For example. MS office. They needed the piracy to beat the competition at the time (borland and lotus IIRC). So basically you make it really easy for everyone to copy your product (of course that is not the only "ingredient" you also need to have a decent product or good publicity. heck some company may even have both) you make sure that the format in which your product stores information is not compatible with other products or even with older versions[1] (off course you add an option to save in the old version format but you make the default the new format cause you know most people wouldn't even bother to change it)
Anyway point is you try to make your product the standard, once you succeed you know that even when most home users may copy the software 99% of corporate users just can not do that. And you, by allowing pirated copies, made sure that you are going to sell millions of copies.
That is, obviously the simplified version.


[1] BTW not only the point is to beat the competition but to keep selling the software. why do you think that people keeps buying new versions of a software that can do all that you want to do with it since 15 years ago? If people pirate the software and don't have to buy it , it is off course irrelevant for them, but why do you think that big companies spend millions buying a software that won't provide any desired new functionality to them?
Easy: because most home users seems to believe that their computer skills are measured as the sum of the version of the programs they use and they feel the need of updating every time that there is a new version around even tho they don't have a clue as to WHY they need to update, and taking into account what I already said about incompatible file formats, what they are basically doing is pushing everyone else to update.
Just add a REALLY GOOD protection to office and you will break the circle effectively shooting yourself in the foot and making sure that a big user base switches to staroffice

This post has been edited by SrTango: 14 March 2009 - 12:01 AM

[deepzero]

I think basically you are right, tango.
THe question is if anythang CAN be cracked, i think yes, if you have enough time....

deep0

[nick_name]

ghandi, on Dec 26 2008, 11:23 PM, said:

Just MHO, but i believe that theoretically everything is crackable. But, keeping with the theme of the poll, i don't think that everything is crackable within a reasonable time.

Think like this:

Developer A uses RSA 128 bit keys = broken in a very short time...

Developer B however, uses RSA 2048 bit keys & ECC, and uses these keys not only to test registration status, but to also decrypt code, implemented securely enough that there aren't any quick fixes... No key == no decrypt.

This second developer, while stil vulnerable to bruteforce, will not have their product cracked in this lifetime... At least not publicly, using 2048 bit RSA, etc... The only way this will be 'cracked' is using a leaked key, then (to me) it is no longer cracking the software. That last bit is open to interpretation too, it depends on your definition of cracking.

Elliptical Curve Cryptography - Key Sizes

Quote

The hardest ECC scheme (publicly) broken to date had a 109-bit key (that is about 55 bits of security). For the prime field case, it was broken near the beginning of 2003 using over 10,000 Pentium class PCs running continuously for over 540 days (see [2]). For the binary field case, it was broken in April 2004 using 2600 computers for 17 months (see [3]).

Imagine using a 512 bit ECC scheme with a complimentary RSA and then signing the whole key once again with another private key... The only thing that stops the dev's from using such things are the overhead to run the whole shebang. Too damn slow,

HR,
Ghandi

Hi Ghandi,

in my humble opinion, for the scheme you proposed, it would be more like cracking the crypto, not the software.
The way I would interpret "software cracking", which is kind of all what we discuss here, is if we can stop it from
being pirated. Then again, it's debatable how we interpret cracking and in which context. Cryptography would be
hard to crack if we are trying to generate a new serial, but like you have pointed out, if the single valid serial is
leaked, the whole scheme falls apart.

Regards,

[ghandi]

I know that the definition can be interpreted any way you want, but to me, a leaked serial isnt cracked, it isimply stolen. Yes, cracking can be looked upon as theft, im aware of this, but that (to me) doesnt mean Also, bear in mind that cracking can also be RCE, pending on what your actual intentions are. IE: Reversing to understand a file system, not to circumvent copy protection.

Horses for courses, everyone has the right to their own opinion though, so what are others thoughts on this?

HR,
Ghandi

[quosego]

Well if the serial encrypts something and the crypto is sufficient that it cannot be cracked, and the crackers dumps the decrypted data and reconstructs a file without the encryption, then I do consider this cracking.
If you just use the leaked serial and release that, it's not very impressive.

[Mr. X]

According to me everything is crackable. Just new to the forum but one thing which i know that things are crackable the entire thing depends upon cracker knowledge. So cracker has to increase his power and skills of learning assembly and other stuff. So the same thing i am doing.

Always keep one moto. Never quit. Every application is crackble. The day when the cracker stop working over it then on that day that application will become uncrackable only for that cracker not for all This is my moto and I follow this always.

Cheers.

This post has been edited by Mr. X: 04 July 2009 - 05:49 PM

[willie]

Mr.X,
i am so glad that you are feeling frisky..
Just start now, Cracking RaidenFTPD and by the time you get done with the million checks you and I both will be too old to use it!
willie

[Mr. X]

I will try my best

[SunBeam]

Oh, not again with Raiden.. Pfft.. Do you ever USE other programs, wil?

[hypa]

Uncrackable/Inconvienent Challenge

I think good design is demeaned by convenient excuses.

Making the security mechanisms out of context with hardware reinforcements works great with DRM, just look at Telco SS7 and Sony PS3.

The PS3 differs from the other consoles in that it has DLPAR, and internally controlled 256Kib of hardware SDRAM per SPE; this has internally controlled DMA and privileged internal flag registers. Sony runs it's kernel in one and does MMU filtering for hypervisor calls, and runs everything even native XMB applets and signed content in a separate SPE-Kernel controlled DLPAR. X360 didn't have near the security, hence a DMA attack that altered typical MS grade code that left the upper 30 bits of a primary vital control vector unchecked. They fixed this with more crappy code, but now their is a JTAG method because of poor hardware layout; the PS3 is even better here with a anally refined PCB and bus interface configurations; a JTAG/Dump method for the CBE loader or a method to corrupt memory from a DMA source that is buffered in the kernel SPE are the only potential attack vectors..literally.

The Iphone's mistake was allowing public threads to run in context with the security instructions. They are fixing it with features in the new ARM IP cores though and iphone dev team status reflects this(look at the ipod touch 2g status.) It still doesn't have what the cell chips have though, that being DLPAR and internally controlled on die memory with it's own processor.

With software most of the people who know PE structure and kernel architecture along with 8086 instructions are going to keep reversing targets until an out of context solution is developed. This would take memory management redesign at hardware level or hardware storage and logic reinforcement that isn't effected by any context that a potential attacker of any skill can instruct in.

If I was going to make a system nobody could crack, I'd do something like a VM based PE protector that used a hardware resource for obfusct keying. This would be an IC with no debug or internal stack. It'd also use an internal packing structure based on a hardware key for unpacking, and I'd have a ring 0 anti-debug that hid in page tables and native ring 0 threads. I would also have it do ring -1 dynamic secondary checks on the actual ring 0 protection. What really needs to be done is better MMU design for 8086.

Summary: Not impossible without proper design which hasn't been done. Trying to do it with software with no existing means of secure salting of an obfuscation or signing is like trying to dig a mine with a single tea spoon. You could even use weak inline encryption if their was a secure key scheme from software that blocked side channel attacks.


Also quosego made a good point with SecuRom and Themida, but I see more intermediate reversers doing SecuRom 7.40 than Themida. I even see major release teams putting releases out protected with Themida with actual licensed serials instead of inlines or injections. One target I do is in super high demand, but the only other person who was putting it out gave up finally. This target has a vendor protector and openssl under Themida 2.0.8.0 and you also have to do other stuff before you can even make it full. I couldn't do it either for a while when they used more features until articles raised here.

This post has been edited by hiya: 15 October 2009 - 06:16 AM