[Reprinted] about software cracking and Protection

 

Currently, China's software industry is facing urgent problems. At present, most software adopts encryption technology. This article analyzes several important technical terms and common software cracking methods in software cracking, and introduces both soft encryption and hard encryption technologies.

 

Keywords:Intellectual property rights, Software Encryption, software cracking

1. Introduction
The registration code and activation code are very important when developing software, especially when it is used for commercial purposes. unregistered users may add some restrictions, such as the number of days of use, delay, and unregistered images. However, the current software cracking technology is very powerful, and a variety of large software at home and abroad have a registration mechanism, but it is also constantly cracked. The country has repeatedly stepped up its efforts to crack illegal software publications and support genuine software, however, the actual results are not satisfactory. Most software vendors choose to buy encryption products or encryption technologies to protect their own software. Software Protection is generally divided into soft encryption and hard encryption.

 

2. Common Software cracking methods 

Also see the following link: http://tech.sina.com.cn/s/s/2006-06-23/061020983.shtml
First, let's take a look at several important terms in cracking.
(1) breakpoint. The so-called breakpoint is where the program is interrupted. the interruption occurs due to a special event. The computer suspends the current task and executes another task, then return to the original task to continue the execution. The decryption process is to wait until the program obtains the registration code of the person we entered and prepares to compare it with the correct registration code to interrupt it. Then we can find the correct registration code through the analysis program.
(2) airspace: the so-called procedural airspace is the territorial territory of the program, that is, the location where the program code to be cracked is located. There is no fixed mode for writing every program. Therefore, to interrupt the program when we want to cut the program, we must set the breakpoint without relying on the specific program, that is, the breakpoint we set should be something that every program will use.
(3) An API, short for application programming interface, is called an application programming interface. It is a large collection of system-defined functions and provides methods to access operating system features. APIS contain functions called by hundreds of applications. These functions perform all required operating system-related operations, such as memory allocation, on-screen output, and window creation, windows programs use APIs to deal with the system. No matter what kind of application, its underlying layer is ultimately implemented by calling various API functions.

After learning about the above three terms, let's take a look at the basic software cracking methods.
2.1 brute force cracking. This is the most common and simplest method to crack, the attacker directly use the editing tool <such as ULTRAEDIT-32> to modify executable files, that is to say, attackers can crack the program by modifying the source file of the Property Program. When some components verify the user registration information and registration code, if the user's information is the same as the registration code generated by the algorithm used by the software, the program will be successfully registered, otherwise the registration will fail.
2.2 Use an algorithm registration machine. An algorithm registration machine is a program that can automatically generate a software registration code based on the analysis of the software registration code algorithm. Therefore, software algorithms are very important. Generally, software authors write their own algorithms to facilitate software sales. This type of Software Encryption features that a registration code can only be used on one computer, like a one-to-one binding with a computer. The procedure is to first run the trial software, get the software machine code of the machine, and then use the algorithm registration machine to register the code, and then use the algorithm registration machine to directly calculate the appropriate registration code, finally, use the calculated registration code to register directly.
2.3 use memory cracking. We know that all the data of all running programs must be loaded into the memory, and the software will have a comparison process during registration code authentication, therefore, we only need to know the memory address of the software registration code to be cracked to achieve the goal. The advantage of this method is that you do not need to make great efforts to master the software registration code algorithm, which saves a lot of time to write the memory registration machine. The step is to first load the memory registrar and then obtain the real registration code of the software in the memory, or modify some data related to the software in the memory to crack the software. There are two main methods: first, get the registration code directly from the memory, and second, simulate the running environment of the registered program in the memory.
2.4 patch cracking and file registration. The patch cracking method uses related patches to modify the software to crack the software. This method is generally used to crack the software verification registration code or time. Basically, it is used to modify the judgment statement of the original program. For example, if the trial period of a program is one month, you can modify it to achieve unlimited use. The file registration method is to put the software registration content into a file to facilitate registration by yourself or others. There are mainly two methods: registry guide and registration file guide.

3. Common Software protection methods
3.1 registration code. The software registration code is generally one machine and cannot be repeated. Let's take a look at how to implement it.
The first step is to generate a machine code based on the hard disk volume label and CPU serial number. First, write the public static string getdiskvolumeserialnum-ber () function to obtain the volume number of the device's hard disk, and then write the public static string getcpu () the function obtains the serial number of the CPU and generates the machine code. The function is as follows:
String number; string public static string getsoftnum ()
{Strnum-= getcpu + getdiskvolumeserial-strsoftnum = strnum. substring (0, 24); // extract the first 24 characters from the generated string as the machine code return strsoftnum ;}
The second step is to generate a registration code based on the machine code. You need to compile the public static string getregistnum () function.
Step 3. Check the registration status. If you have not registered, you can customize the number of trial days, latencies, and unregistered images. You can compile the private void checkregist0 CPL number.
3.2 soft encryption. Soft encryption is a software protection technology that does not rely on special hardware. Currently, more common software in the world adopts soft encryption, such as Microsoft's Windows system and anti-virus software. Its biggest advantage lies in its extremely low encryption cost. At present, there are mainly cryptographic methods, computer hardware verification methods, key disk methods, and so on. Currently, it is popular to use a shell, which can be divided into a compressed shell and an encrypted shell. The protection of the compressed shell is relatively weak. Therefore, the encrypted shell is generally used. The principle is to use the stack Balancing Principle, modify the code of the program population, jump to the shell code to execute the decryption program, decrypt the original program code, and then jump back to the OEP of the original program for further execution. Currently, strong encryption shells use dynamic decryption code, SMC, and IAT encryption technology. The program dynamically decrypts the code during running, deletes the code immediately after execution, and encrypts IAT, when you need to call an API, use the decryption algorithm to calculate the actual address of the API. What's more, the shell contains a shell. Currently, the top five common shells are:

(1) encryptpe, which features strong IAT encryption,

(2) asprotect is characterized by the use of multi-layer Seh, it is easy to turn people dizzy,

(3) acprotect is characterized by stolen code,

(4) Armadillo is characterized by mutual detection between two processes. (5) themida is characterized by virtual machine technology. The good encryption effect is that hackers are forced to give up the attack when cracking the protected software at a huge cost and time-consuming.

3.3 hard encryption. Hard encryption is what we call dongles or locks. It is an encryption product integrated with software and hardware inserted into the USB port or USB port of a computer. Currently, most of the products are in the USB port format and are based on hardware protection technology, its purpose is to protect software and data against illegal use of intellectual property rights. It is a powerful tool that ensures that high-end software is protected from piracy during the life cycle of the market. Dongle generally has dozens or hundreds of bytes of non-volatile storage space for reading and writing. The newer dog also contains a single chip microcomputer. Software developers can exchange data with software dogs through interface functions to check whether software dogs are inserted on interfaces. The dongle's built-in single-chip microcomputer contains an algorithm software dedicated to encryption. After the software is written by a single-chip microcomputer, it cannot be read. This ensures that the dongle hardware cannot be copied. At the same time, encryption algorithms are unpredictable and irreversible. The encryption algorithm can convert a number or character into an integer, such as dconvert (6) = 67876, dconvert (x) = 34567 0

 

4. Conclusion 
Software cracking and Software Encryption are the relationship between spear and shield. The good encryption effect is that hackers will pay a huge price and spend a lot of time and energy to crack the protected software, eventually forced to give up the attack. Finally, we must realize that software cracking is immoral and violates the computer software protection regulations. Nowadays, software is becoming popular, market-oriented, and inexpensive, it also gives us the opportunity to use genuine software. Therefore, we need to improve our awareness and do not use pirated software as much as we can to support the development of China's software industry with actual actions.