Jump to content
Tuts 4 You

How did SnD crack my software?


sandeep

Recommended Posts

Um, no, why would it be?

There is software which operates like this everywhere. Where it is a problem to distribute proprietary algorithms securely, what is the problem of offering a service that users can access and receive resutls? Stock market software does this, SoftWrap PE protector does this, what is the issue with the bandwidth and disk space available these days?

IP logging and such is something which has to be done as a matter of security, you cannot simply let any anonymous person access your server. o0

Once again, i fail to see how this can be spying when the customer has already given their details when purchasing a license/subscription, especially if the license is hardware tied anyway.

Could you please elaborate a little on what you mean?

HR,

Ghandi

Link to comment

Everyone's coming out with good points.

I was actually thinking of verifying with the server but I only want to veriify the license upon initial acitvation by receiving a encrypted string from the web server but still it is prone to being changed.

is there any way to avoid using the syntax:

if(license.isvalid())
{
// valid license
}
Link to comment

The best protection is a custom made protection. Not a comercial one but a custom made. If you prefer a "easy meal" just try Themida. It's not for every cracker. Or move to X64 and protect the app with lena151 LARP.

Link to comment

Further ideas regarding ghandi's post.

is there any way to avoid using the syntax:

Derive a special constant from the validation response and decrypt some important data with it (that constant may be per-user). Introduce magic values to ensure proper decryption.

The user will need a valid license to decrypt the data, given you're doing the crypto right. But he can still remove the validation and replace the encrypted buffer with a decrypted one. It's just a matter of time. Maybe your data changes in every few versions so you can get your server to respond with the encrypted buffer?

Link to comment

1 learn the basics about reversing

2 don't try to crack If you don't know the basics

3 improve your skills in programing

4 be creative

5 you have to invent something new

6 implement your new ideas in your program

example like themida

good luck

Link to comment

@Sandeep : eXodia is right, making two versions will be good. One just a free version with just free functions and make another one which will be supplied to the user when he pays for it. In this case a cracker need a stolen version or he have to buy it himself.

But bro nothing is safe, the last uncracked thing I found is IARP64 :disgust:

  • Like 1
Link to comment
  • 2 weeks later...
EmberTheVulpix

I don't see why people are recommending Themida for a .NET application. Themida will just shell the .NET app and offer no obfuscation. It would be a complete waste of money.

Honestly, .NET as a whole is pretty much completely owned. Many commercial .NET protectors are readily deobfuscate-able in seconds. Even the old "giants" like {SmartAssembly}, .NET Reactor, etc. all come tumbling down. Mostly all major commercial JIT hooking protectors (DNGuard HVM, Cli_Secure, CodeWall, MaxToCode...) are owned and code can easily be made into a readable format using publically available tools. Seeing the current state of .NET automated deprotection tools, it would potentially be a better idea to migrate to a native language like C++ that doesn't have a publically documented VM running JITting it. In fact, you could just go for a .NET frontend for a native backend DLL that handles everything not related to your software's GUI.

As a developer you need to put things into perspective especially in the business sense. Even if you used some commercial VM protector (WinLicense/Themida & VMProtect), they are not all bulletproof. They are good, but not unbreakable. Would it be worth the investment of time and money to write some custom protector and virtualization engine that may not be compatible with all your end users PCs? In a learning sense, I'm sure it would be, but could that be time better spent planning features and improvements for your next version? Will end users not be happy when they have to be constantly connected to the internet to use your program since you are streaming code to it when it is being used?

  • Like 4
Link to comment
  • 2 weeks later...
chickenbutt

Put functionality on the server behind php license checks..

No protector or method will help. If you make it hard to crack better talents will just release it. The above nobody touches.

Link to comment
  • 5 months later...
  • 4 weeks later...
cdwayne foremost

New Link without pwd:

 

http://www.mirrorcreator.com/files/1EV2OCOJ/.net_Tut.rar_links'>>http://www.mirrorcreator.com/files/1EV2OCOJ/.net_Tut.rar_links

all the links are dead can someone  fix this please............

Edited by cdwayne foremost
Link to comment
cdwayne foremost

1 learn the basics about reversing

2 don't try to crack If you don't know the basics

3 improve your skills in programing

4 be creative

5 you have to invent something new

6 implement your new ideas in your program

example like themida

good luck

hey i am with this all the way ,this is what reversing is all about.......

Link to comment
  • 1 month later...
chickenbutt

I was also once a developer with my own products. Work for a company or dont do it. Especially with todays markets and demands.


 


Putting the code on a server behind constant license-auth is the closest thing to uncrackable...


Link to comment
  • 11 months later...

New Link without pwd:

 

http://www.mirrorcreator.com/files/1EV2OCOJ/.net_Tut.rar_links'>>http://www.mirrorcreator.com/files/1EV2OCOJ/.net_Tut.rar_links

 

Please re-up this tutorial if someone has it?

Link to comment
  • 2 weeks later...
  • 4 weeks later...
  • 5 months later...

 Even the old "giants" like {SmartAssembly}, .NET Reactor, etc. all come tumbling down. Mostly all major commercial JIT hooking protectors (DNGuard HVM, Cli_Secure, CodeWall, MaxToCode...) are owned and code can easily be made into a readable format using publically available tools. 

except ILProtector

Link to comment

Even if you used some commercial VM protector (WinLicense/Themida & VMProtect), they are not all bulletproof. They are good, but not unbreakable.

 

I was also once a developer with my own products. Work for a company or dont do it. Especially with todays markets and demands.

 

Putting the code on a server behind constant license-auth is the closest thing to uncrackable...

VMProtect Web License Manager

 

One just a free version with just free functions

http://vmpsoft.com/20130511/vmprotect-2-13-is-here/

 

The demo version is public and bad guys try to use it for protecting malware. That’s why sometimes antivirus applications detect files protected by the demo. This usually doesn’t happen with the full version of VMProtect which has completely different protected code structure.

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...