I know it is almost impossible to produce a software that is fully protected. In this I would like to share my experience in protection.
I developed a program that works in PPCPE and I have made a very good protection system….. I think
The protection system works as fallows:
- when the software is first install it capture the date of the installation
- it reads the device ID
- it ask the user for the program serial number
- I have two way of registering the system either through an SMS or through the web using a GPRS.
- The software combines the three number together using some equations to make it almost impossible to find out what I am collecting… also I use an equation verify if the serial number is OK since we are using SMS and it is very costly to send SMS that contains a wrong serial number
- When the user chose the method to register the number is send to my server and the server send back the activation key to the user PPCPE
- The PPCE will read the SMS and delete it and store this SMS in the database …
The above is to get the activation key
In the software the activation key is produce and I use “if statement” to compare the activation key which is stored in the data base and the one the software produce if they are the same it will execute otherwise it will stop execution
To make it very difficult for the hacker I use pointer in the program and in these pointer I add the protiction key to it and subtract the key the program produce to make the additon equal to zero if the two key are the same
The pointer point to each button and each menu item in the program
I hop this information will help and I welcome any comment
Hmmm, sounds nice...but is it worth all the trouble...especially the SMS route could complicate things, no?
Besides, with good debuggers is it not possible to NOP the check section or jmp it, applying a patch?
I would opt more for a good packer such as Armadillo, and protect it that way. It will obfuscate the code, has debugger protections built-in, splits codes and destructs IAT. Additionally, you could add nanomites to make unpacking even harder. Then use a simple license key system.
Yes you are write .. a good hacker can do that …. But
If you use the method of pointer it is almost impossible to get any thing out of the program and it will be use les for any body to use it
And also it is almost imposable to hack it
But armadillo is only available for x86 Windows. But your message is right, HappyGoat.
pointer protection: piece of cake!
Well, the pointer thing as you describe it does not sound too difficult to hack.
You said your software will take the address for a pointer, add the key the user has entered, and substract the one the program has computed so that it equals to zero.
So, this means that the shift is always the same, so if you can get the entry point for any button, you know which value to add to the key generated by your software. Since you don't obfuscate the code this is a matter of minutes to hack this. :roll:
UL
Re: PROTICT YOUR SOFTWARE
As an old cracker I can tell you that this algo would not be difficult to crack. You are not using EXE file encryption, anti-debugging, integrity checking, and other tricks that are used in good protections like ASProtect. They would take some hours to bypass. And playing with pointers can stop only kiddies. UnlockMe said why.
If a cracker would get one valid question-answer pair, he'll easily convert any program to a fully working version. And your code can be cracked without this knowledge.
- The software combines the three number together using some equations to make it almost impossible to find out what I am collecting…
Click to expand...
Click to collapse
Funny. Why should the cracker try to "find out what I am collecting"? Why the cracker should be bothered with all this ****? There are easier ways.
also I use an equation verify if the serial number is OK since we are using SMS and it is very costly to send SMS that contains a wrong serial number
Click to expand...
Click to collapse
Costly SMS? Even in Russia you can get free SMS subscription. I have free SMS + free GPRS + free incoming calls.
Your protection has at least one very thin part that makes it useless. I've seen the similar ideas before. But I would not tell you
And remember:
If it runs, it can be defeated. (c) +Orc
Click to expand...
Click to collapse
It is very nice to see people participates in a subject. I find it very interesting. And very helpful
I am not going to tell what I do but I am given a point to start to programmer
Chatty
Thanks for bringing this point. I can not find it also
UnlockME
I think it is very difficult to hack.
Imagine in my software I have 36 button and menu item. Each of them has a pointer. Let us say button one has a pointer value equal to 11675 let say it is stored in ptr
My key is 123456789 .. let say it is stored in a string str1
The key in the program is 908070605040302010 …… I use more encryption than that but this is just a demonstration
And let us say it is stored in str2
When you address the button you address it like this
Ptr = ptr – (str1[1]-str2[17])
As I mention I am not going to reveal the protection that I use.. I am only giving a point to start
There is more thing in it I leave it to your imagination ..
Mamaich
In my country each SMS cost the mobile owner 0.1 USD … I am not going to cost hem moony for a wrong entry
…….
I think I know what you are thinking …. If the key is produced in the program I can hack it … I hope the above example clear thing up
……..
if you know any EXE encryption or anti debugging software I will be thankful
……..
thanks every body for your replay
-------------------------
pleas remember I am not Claiming that my sAlgorithm is anti-hacked …. It is only an algorithm for protection that I came with
wwb95, I'm not going to disclose in this forum how to actually hack an exe, but what i can tell you is that pointer-based protection will only stop kiddies as Mamaic says.
a hacker is not always a bad guy, though often they use their knowledge for such purpose, but it is before everything a guy that has an extensive knowledge of development tools, operating system, memory management, ...
I can tell you that if you are going to protect your software with this pointer thing, please send me a link I'll be only too happy to provide it for free to the community with a working "yes-code". 8)
wwb95 said:
When you address the button you address it like this
Ptr = ptr – (str1[1]-str2[17])
Click to expand...
Click to collapse
I'll assume that (str1[1]-str2[17]) is always a constant for all Ptrs. Then you can easily find an original button handler (don't ask me how, newbies can check all function addresses, gurus can just look at the code, I'll use a different method), calculate this value and patch a program or write a keygen. And if it is not a constant - the process would not be much more difficult.
if you know any EXE encryption or anti debugging software I will be thankful
Click to expand...
Click to collapse
I don't know any existing protection. Long time ago I was developing such a project, but due to a lack of time and no investitions I've dropped it.
Here is a crackme - http://mamaich.kasone.com/wz/crackme.rar
and a pre-aplha of protector - http://mamaich.kasone.com/wz/protector.rar
It can compress&encrypt ARM WinCE DLLs and EXE files, has minor anti-debugging tricks and primitive import/export/resources encryption. And thats all that was done. No API, no stolen bytes, no on-the fly decryption, no integrity checking, etc.
I would not publish its source codes nor continue the work.
My advice: give up trying to protect your app. It can't be done; anything can be cracked easily. You're only going to piss off your users when the complex reg scheme starts introducing bugs and instability.
All you really want to do is a simple registration scheme. You have to rely on people's honor.
At Airscanner we wrote a book showing how to crack software, with a couple of chapters on ARM-based cracking for Windows CE. But you can get more info, and better, for free at Kaos' website:
http://ka0s.net/
It has everything you need to get started in Pocket PC reverse engineering.
By the way, it's good to see +ORC referenced in this forum. Mamaich do I know you?
airscanner said:
By the way, it's good to see +ORC referenced in this forum. Mamaich do I know you?
Click to expand...
Click to collapse
Some time ago I was a regular poster on www.reversing.net and www.reng.ru and reader of fraviamb. Now I don't have time for that.
Maybe you've seen my name in "thanks" sections of some tools.
ZXEvil why are you posting that link on multiple topics? What is that file?
Hi!
I'm a new windows mobile user, developer by trade. I have a need for an application that will intercept a dial attempt from contacts or smart dialing and apply some re-write rules to the number then proceeding with the dial as normal. I've not found such a program for WM (I use TakePhone to do it on Treo 650) so I decided to try to write it!
This is for Windows Mobile 5 (on a wizard, if it matters).
I'm a Java developer, and rarely use Windows so I'm not so up on the technology used for this kind of thing, but no matter. I orderd the Windows Mobile 5 developer thing from MS and have it all installed. Using the managed code Microsoft.WindowsMobile.Telephony stuff I can dial a phone number. I suppose I could even add a menu to the contact that would specifically run my code and then I could use the Phone.Talk thing to place the call, however, I'd really like to enable the program and just have it work in the background when it is enabled.
First, can this be done with managed code? If so, how! Any input would be appreciated. Also, if you know of software that does this already, I'll just go buy it.
Thanks in advance!
this should be possible to be done with managed code, but the only idea I have now is hooking RIL.DLL or COM-port communications. And the easiest way to hook something - is to use C/C++.
Thanks for the reply! I've done some searching on RIL and RILGSM and found minimal info regarding "hooking" it. It seems that the person most likely to have done it is "itsme" who has posted a bit of information regarding the entry points and functions available in said DLL.
I'll keep looking...
One thing that PPC phones seem to be missing, depending on who you are talking too, is the lack of adding digits in front of a phone number, most specifically in a text message, or call history, a "1", a "+" or *67 are good examples.
Is it possible to get a program that would, by holding the talk key, for example, add those digits in front of the phone number?
Thank you all in advance!
I guess this request is created by the discussion over here
Not really "rage" , but I just found a $600 dollar "smart" phone with a $300 dollar monthly LD plan some how can't even does dialing properly, really stupid! I know it probably mainly Telus's fault, but as long as someone can fix it. I will be happy!
Please consider this request!
I would say the phone should have feature to automatically add digits (like *67) to -all out going call- automatically. This is not what I need myself, but I imagine this will help the most people.
Additionally, it should have feature to optionally add a 1 depends on the area code of the phone itself. (If it is the same area code, don't add a 1, it is is different, add a 1) for all out going call made by the phone. This is on my top wish list!
Would also be nice if it will automatically take out the area code if it is the same as the area code the phone number of the cell phone itself is in. However, I believe having the area code works for everyone, so this probably just an extra bonus while you are at all. It is potentially helpful to some people.
Anyone know where it is? I'm assuming the G1 doesn't come with the algorithm pre-installed so you can only use one network unlock code. It must be stored somewhere, where's that hex at?
edit: It would seem that it does use an algorithm with only one possible outcome. After receiving the IMEI from hardware ROM it spits out a code to be matched up with the network unlock code.... Gotta see how I'm going to work this out.
What is the level of encryption? Is a 5 number code safe or is it somehow crackable? (I'm not afraid of trial and error method, but I've seen early versions of iPhone being crackable)
I would like to use alphanumeric and still only use 4 numbers/letters, but then it requires 7 characters, capital and numbers! Not to mention the fact that they could use the same lock-screen, instead of one for numeric and one for alphanumeric.. Why not let the intruder wonder about the level of protection? That way we could be much much safer with 4 letter code than random numeric code.. Has this been thought of in any ROM?
Ideally without slider+code, when we use a code protection the slider is redundant..
Thanks in advance