Registration Moduale

scott93727

Member
Licensed User
Longtime User
Registration Moduale, a registration moduale for shareware, all in one sub, allows the programmer to set any expireration date, (for software use to time out), great for any shareware application made with Basic4PPC. See attached file with source and exe for normal windows (demo). Updated version added
 

Attachments

  • regform12.zip
    17.3 KB · Views: 388
Last edited:

agraham

Expert
Licensed User
Longtime User
Note that that this will not work on a desktop on Vista as normal apps cannot write to the Windows folder unless running as an Administrator. Don't take the following as criticism but as a pointer to not rely on simple schemes such as this if money is involved.

If you optimise compile this you can look inside the app with Reflector and see exactly what is happening making it trivial to subvert. You could partly hide things by using what is called an obfuscator but even strings like the registration filename may be visible. You could try to hide it by keeping the string in encrypted form and decrypting it on use, how visible this would be depends upon how good the obfuscator is at hiding things.

A legacy compiled app is more difficult to peer into but the filename will be visible to any hex editor and a look in the file will show the date in clear so it is not hard to guess what is happening! Decrypting the filename from a stored encrypted version before use would be more secure on a legacy compiled app than an optimised compiled app.

Protecting software is very difficult. Basic4ppc has reasonably sophisticated copy protection/licensing involving ... :sign0079: but having (purely out of curiousity) looked at how it works I think that I could break it if I needed to.

(I've been dying for an opportunity to use that smiley :))
 

Erel

B4X founder
Staff member
Licensed User
Longtime User
Protecting software is very difficult. Basic4ppc has reasonably sophisticated copy protection/licensing involving ...
sign0079.gif
but having (purely out of curiousity) looked at how it works I think that I could break it if I needed to.
It harder than it appears ;)
If you will send me a private email I will tell you if you are correct or not.
 

Elrick

Member
Licensed User
I'm using an IMEI protection (by maXim :) ) in this way. All this "protections" protects software against newbies of course, i've already spoken with the man, who cracked my program :) But what about an obfuscator? I've heard (from Erel, as i remember) what progs, compiled with basic4PPC can't be obfuscated... Is it true or I confuse something? Can anyone provide a tutorial on how to do this?
 

Cableguy

Expert
Licensed User
Longtime User
bit like you, I'm planing to user Agraham's MAC address dll, and crypt one of the devices mac....
Since not all WM devices are phones, and do not have IMEi, wich, if the user, as very often do, wichs to "release" the device from the network, will almos surtenly have to change the IMEI....
MAC's are also possible to alter, but there is No "commercial" justification to it, as MOST users doesnt even know what a MAC is....
 

Elrick

Member
Licensed User
MOST users doesnt even know what a MAC is....
Well, users who knows how to crack software don't need to know what MAC is, or what IMEI is, or even what stylus is :) They will find what you doing with MAC and then bypass it... We can protect software by using owner name, what can be simply changed, against users who just don't know how to bypass protections at all, or just don't want to know... And this is what i'm talking about - you can't make an impenetrable protection and doesn't matter which method do you using to protect your software... But we can complicate cracking as much, as possible, right? ;) And this is why i'm interesting about obfuscator
 

Cableguy

Expert
Licensed User
Longtime User
I think you missunderstood me...
It's a known fact...
Whatever we do and However we protect our software, when theres a will, teres a way...to crack it....
Yes we should complicate thisngs, as much as we can...
But, in the PDA world,, spending more than 2 or 3 seconds confirming the security status is too much...
Any way, I got a bit more time these days and I wil post my logic aproach to this matter...
 

WZSun

Member
Licensed User
Longtime User
Sometime back, I asked about encrypting the 'code' in the compiled EXE to make it looks more garbage.. this makes it more harder for novice crackers to hack the program, or to make it takes more time for them to break it. Yes, no program is hack/crack proof.. but if we start by making the 'code' looks garbage, it may not be worth the time for crackers to break it.

At the moment, what I did is a simple primitive prevention. I'd test my completed project first and once done, I will save it to another filename. From there, I would rename all functions, variables, etc., into random cryptic alphanumeric words. For example.. if I have a function 'validateCode', it will be renamed as 'kn5' and so on. As many known variables/subs are renamed so that it does not 'sensible/readable' if you use a hex editor to peek. For me, I simply load the whole compiled EXE into wordpad and see whether I can see 'readable function/veriable names'.. and if so, I will renamed them again... and then compile it as 'finished' product.

If you load your compiled EXE into wordpad, you can stil see portions of your code. In some cases, numeric starings are seen... especially if you have formula...etc. Instead of:

If A = 1234 then
..
..


I would change my values to something like:
x=2
y = x + (x+1) ' 5
z = (((((y*y)*y)*x)*x)*x) + ((((y*y)*x)*x)*x) + (((x^(x+x))+1)*x)
If A = z then
..
..

this way, if you peek at the code of your compiled exe.. it sure looks garbage. Of course, reserved function/variables names used by Basic4PPC can still be seen.. so if the whole compiled EXE is encrypted.. itmakes it harder for cracking.

The key issue it to make it harder for casual hackers.. or make it takes more time to probe.. by then hopefully they'd have given up...

Hopefully Erel can think about something on the development side to have an encrypted compiled EXE.

Anyway, feature that would be great is to have a 'flush' taps/keyboard function.. will it will flush off all keystrokes/taps.. in case there are 'active spy' program running that invokes when a key/tap is pressed. This is a also useful if you have a process running.. and users tap on the screen a few times.. and when the process end.. you may find the program executing the 'unwanted keypress'...
 
Last edited:

alfcen

Well-Known Member
Licensed User
Longtime User
Software protection and reverse engineering is a cold war. Either side triggers
new technologies in an seemingly endless exchange of hatred.

Those spammers offering AutoCAD and MS Office suites have obviously defeated the major professional software giants. The other bad guys are
those shopping, thus creating 'market demand'.

Most commercial PPC software offerers write the date of first installation someplace hidden, preventing erasure upon uninstallation. The stamp is
removed after a hard reset, but who would hard-reset her/his device or
set the device clock back to extend a time-limited fully functional trial?

For most of us, private hobby programmers, one simple method of protecting
know-how is compliling without code comments whilst using inconclusive
variable names. The bad guys want to make QUICK money.

In addition, attach an affordable price tag or work on donation basis which
won't render hacking worth while.

If all doesn't help, hope for an invitation to a private message :)
 

WZSun

Member
Licensed User
Longtime User
For those who simply want a compression.. there's a freeware .Net compressor - MPRESS which reduces the file size of Basic4PPC compiled .Net EXE files.

I tried it on Desktop (Windows) and Device (PPC). The project runs well.

This is just one small step in making things a little harder. Of course, the ideal is to get commercial .net protection utilities.. which make it even harder.. though not impossible, to reverse engineer.
 

Cableguy

Expert
Licensed User
Longtime User
@EREL
It would be a very interesting competition target...
Objective: to implement a Stand alone, customizable interface, protection code/scheme...

We would all gain with this one...
Heck, even I would have a go at it....;)
 
Top