Implementation of software protection with C + + Builder MD5 Control

One, share = free?

Along with the internet, the "Sharing + registration" model is increasingly becoming the main means for programmers to release their own software, but the resulting means of cracking more and more sophisticated. How to protect the fruits of their labor not to be violently cracked or modified? Using MD5 Digest value validation is a very common method.

MD5 as a public algorithm, the implementation of many methods, such as open source software, Windows with the API, C + + Builder and Delphi Integrated Indy inside also have ready-made MD5 control. Using the API to implement MD5 is efficient, but it's too cumbersome, and you can refer to the crypt at the beginning of the MSDN instructions. The MD5 control with C + + Builder is convenient, but slower, and can only handle "end" strings, so using this control requires us to do some preprocessing on the validation data. The key to preprocessing is to pick out the more important content, so that one can remove the ', on the other hand, it can greatly reduce the length of the content to be validated, and only calculate the digest value of the critical code.

Second, source Cheng solution

First to explain the online and Borland help inside the Indy MD5 control very little, this program is basically my own groping results, in C + + Biulder 6.0 and Indy 6.0 under normal operation.

First drag a MD5 control in Indy misc, assuming its name is cipher, and the program is as follows:

/*

MD5 calculation function by Daydreamer 2004-04

Function: Calculates a 16-byte long MD5 value for a file named fname, placed in result

Input: Pointer to file name Char *fname

Output: The MD5 value is placed inside the buffer where result is pointing

Return value: Returns True if MD5 value is correctly computed, otherwise returns false

*/

BOOL MD5 (char* fname, char *result)

{

unsigned int i=0;//For recording the size of the read file

BOOL Flag=false/////Correct calculation of MD, Mark

static ansistring SS;//For temporary storage of MD5 value

Char *buffer=new char[myfile_size];//For reading the target file, the file size cannot exceed Myfile_size

TFileStream *tt=new TFileStream (fname,fmopenread);//For reading the entire contents of the destination file, this method is simpler and can be read using standard CreateFile ()

I=tt->read (buffer,myfile_size); Save the number of bytes actually read in//i

if ((i) && (i! =1)///If the number of bytes read is not 0 or 1, it is processed

{i=i-1;//The last byte must be set aside for Terminator use

_asm{//This assembly is primarily used to preprocess files

MOV ecx,i//Counter

MOV ebx,buffer;//Source Address pointer

MOV edx,buffer//Destination address pointer

L1:mov al, [ebx];//Fetch a byte, because if the file is too large to reduce the speed of the assembly, it must be filtered with a finer granularity of source string

CMP al,0x70//Only digest bytes larger than 0x70 and less than 0x91

JB L2;//Because the main transfer instruction (JZ,JNZ), the null operation instruction (NOP) and so on are greater than 0x70 less than 0x91

CMP al,0x91//can also be replaced with a looser condition, but at least the 0x00 should be filtered out because it is considered a terminator

JNB L2;

mov [Edx],al;//Qualifying bytes saved for verification

Inc edx;

L2:inc ebx;

Dec ecx;

JNZ L1;

mov byte ptr [edx+1],0;//At end of last character '

}

Cipher->reset ()////////////////////////////

cipher->autocompleteinput=false;//Results only when completedinput () is invoked

cipher->codestring (buffer);//input preprocessed data

Ss=cipher->completedinput ();//input completed, get Digest code

if (ss. Length () =md5_lenghth)///If the Digest code is normal (that is, 16-bit), save the

{flag=true;//Set the correct flag

memcpy (Result,ss.c_str (), 16);//Put the results into result

}//End If

}//End If

Delete TT;

delete[] buffer;

return flag;}

Call can use APPLICATION->EXENAME.C_STR () as a fname incoming, notice in C + + Biulder directly run words this will cause an exception, this does not matter, released the program will not have problems. In order to be concise here, there is no save and restore register in the assembly code, it can be added when used, or the register variables in optionsèadvanced complier is set to none in the release.

Iii. Methods of Use

There are many ways to protect shareware with MD5 values, such as keeping the normal execution module's MD5 digest value statically in an external file (for example, in a registry file), calculating its own MD5 each time it is run, and comparing it to determine whether it has been modified. A bit more advanced, such as using the correct MD5 to restore the correct entry address, or participate in the registration code/machine code calculation. It is best to add their own MD5 verification and then use Asprotect or aspack compression software, such as Shell, so once the cracker with shelled software, the software will not be normal implementation, for many crack newbie to suspect that the shelling failed, and then give up.

In fact, the software protection and crack is always the magic road phase of a pair of contradictions, no matter how strict precautions, certain someone can break. We have to do is to put a large number of rookie cracker in the door, if the misfortune is the master stare, then congratulations: This shows that your software is really valuable.