Registration Moduale

Discussion in 'Share Your Creations' started by scott93727, Jun 6, 2008.

  1. scott93727

    scott93727 Member Licensed User

    Registration Moduale, a registration moduale for shareware, all in one sub, allows the programmer to set any expireration date, (for software use to time out), great for any shareware application made with Basic4PPC. See attached file with source and exe for normal windows (demo). Updated version added
     

    Attached Files:

    Last edited: Jun 15, 2008
  2. agraham

    agraham Expert Licensed User

    Note that that this will not work on a desktop on Vista as normal apps cannot write to the Windows folder unless running as an Administrator. Don't take the following as criticism but as a pointer to not rely on simple schemes such as this if money is involved.

    If you optimise compile this you can look inside the app with Reflector and see exactly what is happening making it trivial to subvert. You could partly hide things by using what is called an obfuscator but even strings like the registration filename may be visible. You could try to hide it by keeping the string in encrypted form and decrypting it on use, how visible this would be depends upon how good the obfuscator is at hiding things.

    A legacy compiled app is more difficult to peer into but the filename will be visible to any hex editor and a look in the file will show the date in clear so it is not hard to guess what is happening! Decrypting the filename from a stored encrypted version before use would be more secure on a legacy compiled app than an optimised compiled app.

    Protecting software is very difficult. Basic4ppc has reasonably sophisticated copy protection/licensing involving ... :sign0079: but having (purely out of curiousity) looked at how it works I think that I could break it if I needed to.

    (I've been dying for an opportunity to use that smiley :))
     
  3. Erel

    Erel Administrator Staff Member Licensed User

    It harder than it appears ;)
    If you will send me a private email I will tell you if you are correct or not.
     
  4. agraham

    agraham Expert Licensed User

    I did and he did.
     
  5. dzt

    dzt Active Member Licensed User

    Well?
    :)
     
  6. agraham

    agraham Expert Licensed User

  7. Cableguy

    Cableguy Expert Licensed User

    :sign0161::sign0188:
     
  8. Elrick

    Elrick Member Licensed User

    I'm using an IMEI protection (by maXim :) ) in this way. All this "protections" protects software against newbies of course, i've already spoken with the man, who cracked my program :) But what about an obfuscator? I've heard (from Erel, as i remember) what progs, compiled with basic4PPC can't be obfuscated... Is it true or I confuse something? Can anyone provide a tutorial on how to do this?
     
  9. Cableguy

    Cableguy Expert Licensed User

    bit like you, I'm planing to user Agraham's MAC address dll, and crypt one of the devices mac....
    Since not all WM devices are phones, and do not have IMEi, wich, if the user, as very often do, wichs to "release" the device from the network, will almos surtenly have to change the IMEI....
    MAC's are also possible to alter, but there is No "commercial" justification to it, as MOST users doesnt even know what a MAC is....
     
  10. Elrick

    Elrick Member Licensed User

    Well, users who knows how to crack software don't need to know what MAC is, or what IMEI is, or even what stylus is :) They will find what you doing with MAC and then bypass it... We can protect software by using owner name, what can be simply changed, against users who just don't know how to bypass protections at all, or just don't want to know... And this is what i'm talking about - you can't make an impenetrable protection and doesn't matter which method do you using to protect your software... But we can complicate cracking as much, as possible, right? ;) And this is why i'm interesting about obfuscator
     
  11. Cableguy

    Cableguy Expert Licensed User

    I think you missunderstood me...
    It's a known fact...
    Whatever we do and However we protect our software, when theres a will, teres a way...to crack it....
    Yes we should complicate thisngs, as much as we can...
    But, in the PDA world,, spending more than 2 or 3 seconds confirming the security status is too much...
    Any way, I got a bit more time these days and I wil post my logic aproach to this matter...
     
  12. WZSun

    WZSun Member Licensed User

    Sometime back, I asked about encrypting the 'code' in the compiled EXE to make it looks more garbage.. this makes it more harder for novice crackers to hack the program, or to make it takes more time for them to break it. Yes, no program is hack/crack proof.. but if we start by making the 'code' looks garbage, it may not be worth the time for crackers to break it.

    At the moment, what I did is a simple primitive prevention. I'd test my completed project first and once done, I will save it to another filename. From there, I would rename all functions, variables, etc., into random cryptic alphanumeric words. For example.. if I have a function 'validateCode', it will be renamed as 'kn5' and so on. As many known variables/subs are renamed so that it does not 'sensible/readable' if you use a hex editor to peek. For me, I simply load the whole compiled EXE into wordpad and see whether I can see 'readable function/veriable names'.. and if so, I will renamed them again... and then compile it as 'finished' product.

    If you load your compiled EXE into wordpad, you can stil see portions of your code. In some cases, numeric starings are seen... especially if you have formula...etc. Instead of:

    If A = 1234 then
    ..
    ..


    I would change my values to something like:
    x=2
    y = x + (x+1) ' 5
    z = (((((y*y)*y)*x)*x)*x) + ((((y*y)*x)*x)*x) + (((x^(x+x))+1)*x)
    If A = z then
    ..
    ..

    this way, if you peek at the code of your compiled exe.. it sure looks garbage. Of course, reserved function/variables names used by Basic4PPC can still be seen.. so if the whole compiled EXE is encrypted.. itmakes it harder for cracking.

    The key issue it to make it harder for casual hackers.. or make it takes more time to probe.. by then hopefully they'd have given up...

    Hopefully Erel can think about something on the development side to have an encrypted compiled EXE.

    Anyway, feature that would be great is to have a 'flush' taps/keyboard function.. will it will flush off all keystrokes/taps.. in case there are 'active spy' program running that invokes when a key/tap is pressed. This is a also useful if you have a process running.. and users tap on the screen a few times.. and when the process end.. you may find the program executing the 'unwanted keypress'...
     
    Last edited: Jun 8, 2008
  13. alfcen

    alfcen Well-Known Member Licensed User

    Software protection and reverse engineering is a cold war. Either side triggers
    new technologies in an seemingly endless exchange of hatred.

    Those spammers offering AutoCAD and MS Office suites have obviously defeated the major professional software giants. The other bad guys are
    those shopping, thus creating 'market demand'.

    Most commercial PPC software offerers write the date of first installation someplace hidden, preventing erasure upon uninstallation. The stamp is
    removed after a hard reset, but who would hard-reset her/his device or
    set the device clock back to extend a time-limited fully functional trial?

    For most of us, private hobby programmers, one simple method of protecting
    know-how is compliling without code comments whilst using inconclusive
    variable names. The bad guys want to make QUICK money.

    In addition, attach an affordable price tag or work on donation basis which
    won't render hacking worth while.

    If all doesn't help, hope for an invitation to a private message :)
     
  14. WZSun

    WZSun Member Licensed User

    For those who simply want a compression.. there's a freeware .Net compressor - MPRESS which reduces the file size of Basic4PPC compiled .Net EXE files.

    I tried it on Desktop (Windows) and Device (PPC). The project runs well.

    This is just one small step in making things a little harder. Of course, the ideal is to get commercial .net protection utilities.. which make it even harder.. though not impossible, to reverse engineer.
     
  15. Cableguy

    Cableguy Expert Licensed User

    @EREL
    It would be a very interesting competition target...
    Objective: to implement a Stand alone, customizable interface, protection code/scheme...

    We would all gain with this one...
    Heck, even I would have a go at it....;)
     
  16. pochero

    pochero Member Licensed User

    will mpress work with basic4ppc optimiced programs? I can't test it. Thank you
     
  17. Erel

    Erel Administrator Staff Member Licensed User

    Optimized compiled Basic4ppc applications are normal .Net applications.
    If mpress supports .Net executables then it should support these as well.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice