Learn to protect self-developed software

As we all know, it is much easier to develop a software product, but it is too difficult to obtain the expected benefits. It is not software developed by no one. It is mainly because pirated software is too cheap and easy to obtain. The core problem here is that you can't protect your own software, so it will take two days to go public. Nor can your software be as pirated as Kingsoft is, because you cannot sell many sets. To recover costs, you must be encrypted and cannot be decrypted quickly.

But how can we encrypt it? To be honest, this is especially difficult! Unlike encrypting text with a password, it is very difficult to guess the password. The encryption software features encryption and decryption. Because your software needs to run completely after all, that is, what cryptography is used, but your password will certainly appear in the software, and there is no password guessing problem. In addition, if you want to encrypt the software, you may need to know how to decrypt it, or how the common decryptor cracks the software. This requires knowledge and practice other than general software development, ordinary people do not have the time and energy. Even if you know some decryption knowledge and even try a little bit, the level of encryption and decryption in this industry is particularly different. A person may think that he has come up with a particularly good idea to encrypt the data. However, in the eyes of the experts, it is very likely that he will solve the problem in a few minutes. The experts can immediately see the vulnerability. Why is there a foreign organization named 0 days, which means you can fix your encryption software in one day. Let's take a look at the software on the 0days. There is a lot of effort to encrypt it, but the fate is the same and it will be cracked within one day. This problem is particularly serious and many companies make this mistake. Just like looking for a stack overflow vulnerability, you need to study the overflow mechanism. Encryption has developed into a special field and requires in-depth research.

As a result, many encryption companies emerged. It can be said that encryption locks adopted by encryption companies are the protection software solutions of most software companies. But what is the result? Same as cracking in a few days. In my own experience, not many people can do a good job in encryption, because those who know encryption must understand decryption, and the level of encryption must be extremely high. But there are not many decryption experts, and now let him encrypt it, so there will be fewer such people. My personal opinion does not represent the opinions of the public. I think that few developers of encryption companies actually understand encryption. This is not what I guess. I have dealt with them. I have used almost all of the encryption Locks I have ever seen. They are well-known and unknown in China and found that I have almost no way to discuss with them about real encryption, no way. I have been ill for a long time and become a medical director and expert. Haha, I personally think.

Many encryption companies say how well their products are, but you can't believe them. I think most of it is theoretical. Let's see how the software encrypted with their encryption locks is cracked, and then we know what the actual situation is. It seems that you have not heard of any software that has never been cracked. If there is any software, the encryption company will make an early publicity. Another mistake is that encryption with encryption locks seems to be better. My personal experience is a big mistake, and I am also talking about development managers and product managers. This has something to do with the promotion of encryption companies, because they want to sell encryption locks. In fact, the License encryption method for machine features is no worse than the encryption lock. Only the License for the user machine will cause inconvenience to the user. Do you think about the difference between the decrypted code for modifying your read encryption lock and the Code for modifying your read machine features? Note that the vast majority of decrypted users only use soft decryption to modify the code. Therefore, whether encryption is good depends on how you call the encryption module and how to effectively integrate the encryption module with your program. I'm afraid few decrypts will analyze the internal situation of the encrypted library. He only needs to understand the interface.

Due to the decrease in chip prices, the current encryption locks use chips for smart cards. Theoretically, this encryption lock can be hard to decrypt. But theoretically, no one can actually use the encryption lock. Or the above problem, you must confuse the interface to a level that the decrypted cannot understand. You always need to determine the data returned by the interface call! Think about it. Some difficult registrars such as ACDSee have worked tirelessly to analyze the encryption locks that are usually used by ordinary people. After being analyzed by IDA in the hands of the decrypted, it is almost clear at a glance. If it is unclear, we can use OD to dynamically track it. In particular, most of the modules of encryption lock companies do not have any anti-tracking function, that is, they use exepack to compress, which is also easy to shell and can hardly prevent IDA analysis and OD tracking.

After talking about it for half a day, the conclusion came about thousands of years ago. It is the universal truth that everyone knows. contradictions exist universally and must be fought hard to overcome them. That is to say, it takes a lot of effort to overcome the decryption conflict. There is no good way for you to easily solve this problem. Please remember this truth.

I can only give you two suggestions:

1. Study decryption and become an expert in encryption.

2. Ask the encryption experts to help you encrypt the data.

As for the specific encryption techniques, the following are important.

1. Script languages such as VB, VF, and PB are hard to decrypt. Use them if possible.

2. For compiled languages, the criteria must be much more refined, scattered, and messy. This is the opposite of the idea of software engineering. It's hard for you to understand it after decompilation.

3. If C and C ++ are used, use a local function pointer to call the encryption function. We recommend that you use a position in the structure as a criterion instead of a single int.

4. Add some junk code for audio and video recognition.

5. Let your encryption algorithms have different performances on different machines, so that it is difficult to use things decrypted on one machine on other machines. For example, some data is generated based on the characteristics of the machine and then used.

6. Add a shell to your program. We recommend that you use ASPR2.0 to communicate with the shell using the SDK and all options for encryption.

7. Xprotect is used if you are eager to be decrypted without fear of poor compatibility.

There are a lot of skills, and it is not easy to fully explain. I think it's hard for everyone to understand it even if they have no practical experience. Moreover, it is easy to say. Finally, I will repeat it again. There is no good way to solve this problem easily.