Thoughts on how to prevent software cracking, how to avoid simple jump command-based verification methods, and how to set more complex verification methods.

1. Software directly compiled into machine code is prone to cracking. On the contrary. The current dynamic parsing language is not easy to crack.

Because the machine code can be decompiled into an Assembly directly. Compilation is easy to track and debug. Although the machine code cannot be decompiled into the source code. However, traces are easily captured by key points.

The Dynamic Language runs in the VM. Although the Code may be decompiled. However, The Decompilation software may encounter several problems during its work: Version 1.1, the latest version may not be decompiled; 1.2 complex code and logic or obscure writing cannot be decompiled. In addition, the complexity and skills of the verification process will make the code unable to be correctly decompiled or understood. Because the only method of dynamic language is to crack it after decompiling. If there is a complicated program, the decompiled code must be incomplete, or the project is too large.

 

2. The verification process needs to be hidden, rather than prompting that your registration code is invalid. The assembler debugs most want to see such a prompt.

In my current practice. Is to write the registration code into an INI. Then place a sign to indicate that it is a registered user. Then, in the future, such as restarting the program, how many times of use, or a certain time in the future, the verification will take several seconds. This greatly confuses some people.

 

3. Static machine code generation rules are incorrect. I am using a dynamic machine code generation method. That is to say, the machine code generated each time is different. In fact, the machine code must be the same. However, it is displayed according to different encryption rules. The attacker will also do what he can.

 

4. It is not safe to view the MD5 generated by "12345678. The brute-force cracking method is suitable for any password guesses. Although one-way algorithms cannot be reversed. However, brute-force cracking is effective. Attackers can generate dictionary files. Therefore, it is necessary to hide or store data in multiple locations as much as possible. You must perform multiple encryption and one-way algorithms for stored items. The algorithm is dynamically determined based on some factors. For example, the first algorithm is used on Monday. Today is Tuesday. Another algorithm is used. All in all. Do not naively think that it is safe to store the password with MD5 in the database. Do not write such simple things unless you are a student. In my summary. Confusing, dynamic, encrypted, and encrypted multiple times, storing key data in multiple places, verifying in multiple places, and verifying in multiple places are feasible.

 

Imagine storing the registration code you entered in ten tables, generating some data based on the data in each table's memory, and then verifying the data when the program starts, and control global variables. Such a program does not seem to be easily cracked. Even if you find some places, there are still functional limitations. For example, you can restrict the number of data rows in a menu. If the function is slightly abnormal, you can get the source code. It can be modified only after an experienced programmer has been debugging for N years. Besides, there is no source code.

 

5. The program that calls the external DLL for verification must be careful not to be replaced with the DLL's silly cracking. Check whether the external DLL is the original DLL at any time. For example, return the serial number of a disk. If the DLL is replaced, a registered disk number is always returned, and your program becomes the free version.

 

6. the MD5 of the program itself is crucial. That is to say, the program must have a way to find itself modified. You can find the way to modify the bytecode. At the beginning of program execution, you can use a Startup Program to call the main program and verify the main program. If it is found to be modified. You can delete yourself or format the hard disk. It's up to you. You can also write an endless loop... Scare people.

 

7. You shall make proper pre-sales consultation and price for the software, and keep up with the after-sales service. This is the orthodox way to establish a brand and actively combat piracy. Even if it is good to use the cracked version, it will be all tested. If a real enterprise user is used in formal scenarios, he will not save the company several hundred yuan or even thousands of yuan to take on that risk. So. It is also necessary to give a loose test version.

At the same time, you can write an article by yourself, such as the cracked version of XX software, the free version, and the green version. Make publicity. Users often like to search in Baidu. You can also be first searched. This is also a search engine optimization :)

 

8. You can verify whether the network is genuine.

In this way, some key verification processes can be performed in network programs. It won't be cracked. Upload the encrypted machine code and registration code. Then return a complex data packet. Use this packet to set some local variables... Complicated... In this way, it is safe.

 

9. Strictly Prevent agents from cracking software. Agents have the opportunity to make money by using channels and distributing a large amount of software. Therefore, we must strictly prevent them from committing crimes. There are also many machine codes and registration codes they have mastered. It is easy to analyze vulnerabilities. I am also very familiar with the software. Driven by interests, they are the easiest to crack.

 

10. Software Upgrade. If the upgrade can be performed once in 2-3 months. Or a breakpoint Upgrade within a year (the old version cannot be directly upgraded). This verification method is different from the registration code calculation method. Some cracked versions must be limited to earlier versions. The software also needs to set some time limits. For example, upgrade is required within two years. Otherwise, it cannot be used.

 

11. Form a strong brand. Customers believe that the brand will naturally prevent cracking. The attack is not guaranteed. If you use a private account, you can use it for free. For enterprise use. Data security must be considered. Therefore, enterprise software. Don't worry about it.

For example, if a mis employee finds a cracked OA, it will take three to five years for an OA to work. Who are you looking? Company leaders are very important to you and think that OA runs smoothly. If you want to upgrade to a new version or have some problems with the software. How can you solve this problem? So. Software for enterprises is not very concerned about cracking. For example, many financial software on the market. A lot of attacks. The software for personal use does not have to be mentioned. It is very difficult to receive money. Therefore, you can test it for free. For example, accessible OA. It can be tested by 30 users for one year. This is a good practice. As for a lot of software that I have read for dozens of dollars, don't bother .. What is the purpose of writing these software. Collect money from common customers. It is still difficult in China.

 

Reprinted from: http://blog.csdn.net/chengg0769/archive/2009/02/28/3944575.aspx