Sharing software anti-cracking practices)

Source: Internet
Author: User

1. Check the size of the main program to prevent patches from being cracked.:

Function tform1.gesselfsf: integer;
F: file of byte;
Filemode: = 0;
Assignfile (F, './filename.exe ');
Reset (f );
Result: = filesize (f );
Closefile (f );

2. Check the creation date and time to make the patch effective:

Function tform1.findate: string;
T: tdate;
Required dateformat: = 'yyyy-mm-dd ';
T: Define filedatetodatetime(fileage('filename.exe '));
Result: = datetostr (t );

3. The registration code encryption function is embedded with a mathematical function to increase the difficulty of cracking.:

4. If necessary, delete yourself (main program ):

Procedure tform1.funll;
Hmodule: thandle;
Buff: array [0 .. 255] of char;
Hkernel32: thandle;
Pexitprocess, pdeletefilea, punmapviewoffile: pointer;
Hmodule: = getmodulehandle (NiL );
Getmodulefilename (hmodule, buff, sizeof (buff ));
Closehandle (thandle (4 ));
Hkernel32: = getmodulehandle ('kernel32 ');
Pexitprocess: = getprocaddress (hkernel32, 'exitprocess ');
Pdeletefilea: = getprocaddress (hkernel32, 'deletefilea ');
Punmapviewoffile: = getprocaddress (hkernel32, 'unmapviewoffile ');
Lea eax, buff
Push 0
Push 0
Push eax
Push pexitprocess
Push hmodule
Push pdeletefilea
Push punmapviewoffile

How to use it depends on your own wishes and needs. I did this anyway. My software ADSL dial-up timer only exceeded the registration machine in earlier versions, later, v3.70 had cracked the patch. In fact, it only cracked the dialog box prompting registration at startup, But it basically did not crack it. After using the above method, there is no cracking patch or registration machine in the current v5.28 version.
If the current v5.28 version can be cracked, the program source code will be published immediately.
Appendix: Principles and Countermeasures of the registration server Cracking Method
Recognition of registration server cracking
As the name suggests, the method of writing a registration machine to crack software registration is to imitate your registration code generation algorithm or reverse Register Code Verification Algorithm and write the same as your registration machine. If you are written into a registration machine, your software will be free of charge. Or you have to change the algorithm, but the legitimate users who have previously noted the book have to be forced to change the registration code.
Cracker must study the verification module of your software in detail to write the registration machine, which must first shell your software, then disassemble it or use a debugger to track it. Many shelling and protection software on the market boast that it cannot be shelled, but so far no software has fulfilled its promise. Since the CPU executes all valid commands, You can shell your program after it is decompressed and then Dump it out of the memory. Therefore, do not spend a lot of effort on the shell, because it is not necessary.
First move: create a false picture
Both disassembly and debugger tracing are impossible, because all Win32 programs must use APIs to call key DLL in Windows (such as Kernel32.dll and GDI32.dll ), however, APIs can be hooked. We can only start with our own code to protect the fruits of our work.
For the convenience of debugging and future maintenance, we generally use meaningful names to name our functions, but this gives Cracker a chance. For example, what does this function mean? IsRegistered (), IsLicensed (), LicenseVerify (), CheckReg ()...... In this way, Cracker can easily find its target from thousands of functions-your registration code verification function! In addition, the software compiled by Delphi also has a TMG team's cracking tool-DeDe. It allows you to easily view the Form, Unit, and function names in your software, disassemble some code, and cooperate with Win32DASM to decompile more code, it poses a great threat to the program compiled by Delphi.
In order not to create a warm and comfortable cracking environment for Cracker, We need to intentionally confuse our code and replace all the function names in the software with the randomly generated function names. For example, what does the function Func_3dfsa_fs32zlfv mean? I'm afraid I only know about it. There are ready-made code obfuscators on the Internet, which can be found based on the types of programming languages you use. Note that you must use the software only when releasing it, and be sure to back up the source code. Otherwise, you will be worried when you do not understand your own code :)
Second TRICK: use the public key and rename it
In addition, you must use the public key algorithm to protect your software. Algorithms such as RSA, DSA, and El Gamal can be found on the Internet. Note: rename all the strings in your algorithm unit that contain the algorithm name. Avoid being caught by the Cracker and imitating the algorithm you use to write the registration machine! You can also use the DSA to replace all the names with RSA.
You must change the name of other algorithms, such as symmetric algorithms and Hash algorithms. otherwise:

EncryptedCode = Blowfish (MD5 (UserName), MD5 (Key ));

// Your encryption algorithm, using Blowfish (symmetric algorithm) and MD5 (Hash algorithm)
Although Cracker does not know the principles of Blowfish and MD5 algorithms, they do not speculate in reverse direction, but they understand the process and algorithm name of your validation algorithm, you can immediately find similar Blowfish and MD5 Algorithm packages on the Internet to simulate your software to create a registration machine.
If you use uncommon algorithms, such as Skipjack (NASA's NASA standard algorithm), LOKI, 3-WAY, Safer, and other non-well-known but highly-confidential algorithms, and all are renamed, this will hurt their brains.
Of course, it is best to rename all Hash algorithms to create more difficulties for them. However, it should be noted that Cracker will find the Hash values such as MD5 and SHA from the memory, so that he will know the Hash you are using. Therefore, we recommend that you use the MD5 deformation algorithm Ripe-MD (RMD) 128 or 160 or other Hash algorithms, such as Tiger and Haval.
Third TRICK: prevent others from debugging
Another point is that the debugger poses a great threat to us. We will not make Cracker comfortable to use SoftICE, TRW, or OllyDbg to debug our program. In addition to the commonly used MeItICE method, here I will write a method for the author:
Verify that the parent route of the progress is assumer.exe; otherwise, it is loaded by the debugger}

The parent process of the console program is cmd.exe under winnt !}
{Note loading TlHelp32.pas units}

Procedure CheckParentProc;
Var // check the parent process of your process
Pn: TProcesseNtry32;
SHandle: THandle;
H, ExplProc, ParentProc: Hwnd;
Found: Boolean;
Buffer: array [0 .. 1023] of Char;
Path: string;
H: = 0;
ExplProc: = 0;
ParentProc: = 0;
// Obtain the Windows directory
SetString (Path, Buffer)
GetWindowsDirectory (Buffer, Sizeof (Buffer)-1 ));
Path: = UpperCase (Path) + '/ex plorer. EXE'; // obtain the Path of Explorer.
// Obtain a list of snapshots of all processes
SHandle: = createconlhelp32snap Shot (TH32CS_SNAPALL, 0 );
Found: = Process32First (sHandle, Pn); // query the process
While Found do // traverse all processes
If Pn. szExeFile = ParamStr (0) then // your own Process
ParentProc: = Pn. th32ParentProcessID: // obtain the process ID of the parent process.
// Handle of the parent process
H: = OpenProcess (PRO CESS_ALL_ACCESS, True, Pn. th32Parent ProcessID );
Else if UpperCase (Pn. szExeFile) = Path then
ExplProc: = Pn. th32ProcessID; // PID of Ex plorer
Found: = Process32Next (sHandle, Pn); // find the next
// The parent process is not Explorer, but a debugger ......
If ParentProc ExplProc then
TerminateProcess (H, 0); // kill! The last step is quick! :)
// You can add other dead-end code to entertain the cute Cracker :)

You can try it in Delphi or VC to kill Delphi and VC, because you are using the built-in debugger of Delphi and VC to run your program. You should delete the comments during debugging. Do not forget to activate the comments during release!
Step 4: Protect strings
The last question is also a very important one: Protect your strings! The string is very important in the registration module! When an experienced Cracker cracks your software, the first thing you do is to steal your string. For example, he will enter the wrong registration code and get your prompt about the wrong registration code. It is usually "invalid registration code. Please enter it again !" Or "Invalid key (please input again)", etc. Then, use OllyDbg for breakpoint debugging or use static analysis tools such as WinDASM and IDA Pro to find the string in the program after being shelled, find and analyze. Therefore, please encrypt your string! It is decrypted temporarily when used, and the message prompt box should be used as little as possible to avoid being found by Cracker. Encryption strings do not require complex algorithms. You can simply find a fast symmetric algorithm.
Finally, I would like to remind you not to spend too much effort on encryption! You should spend more time and energy on improving your software, which will be more cost-effective. I 'd like to ask you some advice from a senior: take some time to consider your own software and see if it is worth protecting? If no one uses your software, it makes no sense to protect it. Do not overestimate the importance of your software to the world "!

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.