john Wesley

And what confidence does that give you that it can't be reversed?

__________________
Mona Lisa must of had the highway blues you can tell by the way she smiles..

Random Spirit

I can understand why someone might want to protect some clever algorithm but if you have to make the machine code twice as long and therfore less efficent is it really worth it.

There are people that get all cranky about java bytecode and .net's MSIL as they are not very hard to reverse engineer. In the end its not one clever algorithm that makes a piece of software great but the whole design, implementation and testing process. So if your competitor cant design and write software as well as you can (shown by the need to copy) they are hardly likely to make something better even if they did copy your clever algorithm.

There may be situations where you want your algorithm to remain secret such as in sercurity and encryption systems but on the whole i think its not that important.

Game_Ender

I think you miss the point. EXECryptor is not about protecting your clever algorithm, its about protecting the piece of code that checks the make sure you are allowed to run the program.

The way a lot of cracking is done is stepping the through the asembly code of the program and figuring out where it does the license, CD, or date check. You would then break out a hex editor and tweak the assembly to ignore the check. If the code is so obscured it will be harder to circumvent the check that is done.

Random Spirit

I know what you mean. But it looks like any other obfuscator.

I was just broadening the discussion. The probelem is there will always be a way to crack DRM or whatever encryption system a piece of software uses. You just have to look at windows product activation and apple's DRM on iTunes music. Both have been cracked despite the best efforts of the software engineers. Usually a rights managmet system for software or any media is based on some algorithm that you have to understand before you can create a work around. I dont think its possible to make some system that is uncrackable. You just end up making it harder for the cracker but he will still crack it in the end. Using some complex math might be a better way of stopping a cracker. I wonder what techniques government agencies use to protect their data. You can bet there are some clever mathematicians designing these systems. I would like to see your average hacker work out how to compromise them.

In the end if someone wants something for free and they are criminally minded with the necessary skills they will circumvent most software protection for whatever. If you make it harder they will just work harder and longer to crack it. Its a fact of life.

DaWei

The OP is so strong in defending an opinion that he purports (in post #1) not to have (and is thus seeking one), that my mind turns away from thinking about the viability of obfuscation and turns to thinking about spam.

__________________
Abstraction doesn't make it impossible to write bad code; it makes it possible to write superior code.
Contributor's Corner: Grumpy on C++ Exceptions DaWei on Pointers

Arevos

Via the same encryption that everyone else uses.

DRM is weak because the potential attacker is also the one with the key (albeit hidden in obfusicated assembly). In normal encryption schemes, the key is kept secret from the attacker. In such a case, the only way to gain access to the encrypted data is to either:

1. Attempt to steal/con the key out of someone
2. Find a flaw in the implementation
3. Find a flaw in the base algorithm

The first is the most common approach; the latter two depend on finding a flaw that no-one else has yet to find, and some encryption schemes have had years, sometimes decades of testing.

Wizard1988

Actualy I have gone over some cracking tutorials a while ago, this was just to see how it all happens. Here is what I learned. The most comon way that a shareware app gets cracked is by simply looking references to strings. Some applications don't contain strings within the executable they actually load text from another file, this makes cracking a program somewhat harder. Another common thing to see is debugger detectors, when the program is being debugged the code gets screwed up. Make sure to make your activation\unlock scheme complicated, this will add extra work for the crackers, this means don't simply check for one bit in memory. Basically all software is crackable. Even if your program has some encryption engine it doesen't really matter how complicated it is because it resides within the executable which you have to supply with your program in order for it to run. I think that you should have multiple ways of checking if the program is using a valid key(registration) in various places. This leaves me to say that all you can really do is prevent script kiddes from cracking your program. Unfortunateley I don't think it is possible to protect your creations from a group of uber crackers.

__________________
JG-Webdesign

Random Spirit

On a lighter note you could always put funny messages directed at crackers into the strings in the binary. I think apple have done it on a few occasions and donkeys years ago some US microchip company put messages at the edge of the die for the russians to read when they were analysing the chips. This wont really help you much, just i think its funny.

DaWei

You will have encrypted and obfuscated your code sufficiently when the processor cannot make heads nor tails of it. Sufficiently smart humans, who exceed the uP in intelligence, will be somewhat ahead of that curve. You may bet a few million bucks on your scheme, if you like, but I'd recommend against betting your life.

__________________
Abstraction doesn't make it impossible to write bad code; it makes it possible to write superior code.
Contributor's Corner: Grumpy on C++ Exceptions DaWei on Pointers

Godmode

There is a way to completely secure your app.(depending what kind of app is it). Use some kind of client-server authentication thing. In that case of course you have to have server network(hopefully 100% uptime) and every client needs an internet connection. But it is always reliable,unbreakable method to secure your app. (Everything clients could do to "cheat" is to try to scam other users to steal their accounts, it's not even your loss then:p ).

ExeCryptor may help, but I think too that to uberCracker it won't be a problem at all..