Keygens, Cracks, Etc.
-
Hi! Well, I've just been notified that two of my programs have keygens available for download. I look at this in two ways. 1st. It sucks. For obvious reasons. 2nd. Wow...somebody actually liked my software to waste a bunch of time tearing it up to figure out the registration algorithm. So, my question is...short of re-writing all my programs to use a shareware/release version (stripped down) and creating dual releases...how can we prevent this sort of thing? Its obvious that we as software developers are vulnerable to this sort of thing. How do we make our software crack proof? Fran
Have a look around here... http://www.instinct.org/fravia/protec.htm
-
Have a look around here... http://www.instinct.org/fravia/protec.htm
-
Hi! Well, I've just been notified that two of my programs have keygens available for download. I look at this in two ways. 1st. It sucks. For obvious reasons. 2nd. Wow...somebody actually liked my software to waste a bunch of time tearing it up to figure out the registration algorithm. So, my question is...short of re-writing all my programs to use a shareware/release version (stripped down) and creating dual releases...how can we prevent this sort of thing? Its obvious that we as software developers are vulnerable to this sort of thing. How do we make our software crack proof? Fran
I agree with Erik. I work peripherally on our company's security system for our applications (hardware protection) and honestly at the end of the day as hard as we try we just end up shaking our heads and saying "All we can do is keep the honest people honest and make it really hard to crack, but it CAN be cracked" Frank, I'm curious what your app is? As you said, if it's worth cracking, that's a compliment in a strange way and probably a worthwhile program. Maybe I could use it. :) Good luck ... Ps. Funny story; I searched the web once for stuff related to our app and found a request for a dongle crack on a message board. The person had used their real name so we looked in our database and found the person was a client. I guess they didn't want to pay for second copy!
-
You are absolutely correct Erik. And you have (In a way) validated my opinion. Anyone else have any thoughts on this? Cheers! Frank
Like everybody here points out - as frustrating :mad: as this may be - there is no crack-proof software or security. Protecting software is as difficult as protecting a "bit stream" (cfr DVD, DECSS, ...). If it's 'ones and zeros', it can be copied, dissected, cracked and altered. That does not mean you do not have to try, as Shane Hyde implies. Maybe a third party library can do the trick. Our company uses "Sheriff software" :eek: (http://www.sheriff-software.com) which is relatively cheap and offers in my opinion an acceptable level of protection. (NB: Please note that this is not a sales speech) I tested the library and it is possible to crack at least a part of it. (NB2: So this is definitely NOT a sales speech) It depends on the license policy you use. If you automatically issue a "fully functional for a limited time" evaluation licenses you are more vulnerable to an attack. I did not exhaustively test :cool: the key generation scheme but it 'seems' robust enough. At least a third party software library might be the answer since they are (hopefully) constantly improving their product, and they are more focused and putting more effort into the software security design goal than you and me have time for. Just my 2 cents. NB3: These Board Emoticons :rolleyes: are cool !
-
Hi! Well, I've just been notified that two of my programs have keygens available for download. I look at this in two ways. 1st. It sucks. For obvious reasons. 2nd. Wow...somebody actually liked my software to waste a bunch of time tearing it up to figure out the registration algorithm. So, my question is...short of re-writing all my programs to use a shareware/release version (stripped down) and creating dual releases...how can we prevent this sort of thing? Its obvious that we as software developers are vulnerable to this sort of thing. How do we make our software crack proof? Fran
There is an alternative approach... Putting *Required* Processing Power into the Dongle, that is, not only some 'key verification', but something that is intrinsic to your app's function. A crack would require to re-invent the section of code placed into the dongle. Admittedly, this is only feasible for applications in the $1K+ range, and there are no development costs included. And it might cause a shift in the crackers profile, but it's worth the idea, isn't?
-
Hi! Well, I've just been notified that two of my programs have keygens available for download. I look at this in two ways. 1st. It sucks. For obvious reasons. 2nd. Wow...somebody actually liked my software to waste a bunch of time tearing it up to figure out the registration algorithm. So, my question is...short of re-writing all my programs to use a shareware/release version (stripped down) and creating dual releases...how can we prevent this sort of thing? Its obvious that we as software developers are vulnerable to this sort of thing. How do we make our software crack proof? Fran
Hi All! I'm working in a company developing timetabling software for schools and universities. This software incorporates a sophisticated Artificial Intelligence algorithm, which automatically performs all the scheduling. We consider this algorithm to be a bit of a breakthrough in that area. As a result, our protection needs grew with the development of this algorithm, and the following type of protection came to my mind: the software will lack the automatic timetabling engine, and will be shipped to everyone without it. Instead, our company's Internet servers will be running an application that'll be waiting for an *online* request for timetabling, so that the algorithm will sit only on our servers. The input data will arrive online, the server will build the timetable, and some time later will email it back to the sender. In that way no one in the world can use the software without "our permission". I guess that approach isn't applicable to every kind of software, but for the kinds that fit, it's almost 100% crack proof. David
-
I agree with Erik. I work peripherally on our company's security system for our applications (hardware protection) and honestly at the end of the day as hard as we try we just end up shaking our heads and saying "All we can do is keep the honest people honest and make it really hard to crack, but it CAN be cracked" Frank, I'm curious what your app is? As you said, if it's worth cracking, that's a compliment in a strange way and probably a worthwhile program. Maybe I could use it. :) Good luck ... Ps. Funny story; I searched the web once for stuff related to our app and found a request for a dongle crack on a message board. The person had used their real name so we looked in our database and found the person was a client. I guess they didn't want to pay for second copy!
Thanks for the info Farzad. Both my apps are NNTP news related. You can check them out at my website http://www.x3software.com Fran
-
Hi All! I'm working in a company developing timetabling software for schools and universities. This software incorporates a sophisticated Artificial Intelligence algorithm, which automatically performs all the scheduling. We consider this algorithm to be a bit of a breakthrough in that area. As a result, our protection needs grew with the development of this algorithm, and the following type of protection came to my mind: the software will lack the automatic timetabling engine, and will be shipped to everyone without it. Instead, our company's Internet servers will be running an application that'll be waiting for an *online* request for timetabling, so that the algorithm will sit only on our servers. The input data will arrive online, the server will build the timetable, and some time later will email it back to the sender. In that way no one in the world can use the software without "our permission". I guess that approach isn't applicable to every kind of software, but for the kinds that fit, it's almost 100% crack proof. David
David, I think your approach is pretty much ideal, and it could apply to almost every kind of software if you think about the design issues up-front. Every program receives periodic updates, bug fixes, patches, etc., and I've purchased a number of packages that use this method, not specifically as a copy protection, but as an integral part of their service. I think in countries other than the US, that demanding an internet connection is quite a bit more difficult, but it shouldn't be a problem in the US, Canada, Europe, Australia, etc. Really, the Internet becomes the dongle. My concern with internet based authentication isn't that I'm being authenticated, but rather that I don't know what information is being sent over the wire.
-
Hi! Well, I've just been notified that two of my programs have keygens available for download. I look at this in two ways. 1st. It sucks. For obvious reasons. 2nd. Wow...somebody actually liked my software to waste a bunch of time tearing it up to figure out the registration algorithm. So, my question is...short of re-writing all my programs to use a shareware/release version (stripped down) and creating dual releases...how can we prevent this sort of thing? Its obvious that we as software developers are vulnerable to this sort of thing. How do we make our software crack proof? Fran
First off, I'm a veteran of shareware, both as a programmer and a user, having been "doing it" since the C64 days, and have done it for C64, Apple ][, Macintosh, Win3.1 and Win32. I’ve been around this issue for a very long while, and have done a lot of research into it. The bad news: As others have put it, if it's on the computer, it can be cracked, given enough time. Doing separate builds - one for trial, one for full - doesn't really solve anything. It may make your “manager” types happy, but someone will still buy it, get the full version, demand a refund, and then post the program everywhere. Yes, this has happened to me. Using a 3rd party protection tool is a SERIOUS waste of money - they all have a formulistic crack or patching method, and I haven't seen any pass a half-assed attempt. Examples: www.gamecopyworld.com, astalavista.box.sk, crackstore.com, suddendischarge.com, and w3.to/protocols - you can sadly find lots and lots of others. Anytime I hear about a game that’s “gone gold” on avault, almost always there is a crack ALREADY UP on gamecopyworld.com – and the thing hasn’t even hit my local MicroCenter’s shelves yet! As for people willing to use development tools and other stuff without paying for them: yes they do - check ANY of the binaries newsgroups if your ISP carries them. Borland 5 C++ compiler is free, yet people seem willing to trade VC++ and Metrowerks. Now, the good news: Generally, the reason people pay for a product is less than trialware and being forced to buy, than actually getting something for the money, be it continual upgrades, or helpful tech support (of course, if you did a good job on code and docs, tech support is probably minimal). If you find that people are ripping you off for a $30 program, try dropping the price to $20 - if they are still doing it then, then there is nothing you can do, and perhaps your program needs a re-write, if it's irritating people that much. Combating the cracks or keygens falls into two groups: if it's a patch (crack) to your program, simply make a new version. Hell, make one a week. I recommend using something like UPX or Shrinker to compress/encode the exe if this is a continual patching problem – this causes the exe image to change more than normal. If the problem is a keygen (making a new key), the crackers usually use something like "UpN Phrac-e" or “TNO-LamerBeach” or some such stupid thing. Gather all the keygens, and lock out the names. If you can det
-
First off, I'm a veteran of shareware, both as a programmer and a user, having been "doing it" since the C64 days, and have done it for C64, Apple ][, Macintosh, Win3.1 and Win32. I’ve been around this issue for a very long while, and have done a lot of research into it. The bad news: As others have put it, if it's on the computer, it can be cracked, given enough time. Doing separate builds - one for trial, one for full - doesn't really solve anything. It may make your “manager” types happy, but someone will still buy it, get the full version, demand a refund, and then post the program everywhere. Yes, this has happened to me. Using a 3rd party protection tool is a SERIOUS waste of money - they all have a formulistic crack or patching method, and I haven't seen any pass a half-assed attempt. Examples: www.gamecopyworld.com, astalavista.box.sk, crackstore.com, suddendischarge.com, and w3.to/protocols - you can sadly find lots and lots of others. Anytime I hear about a game that’s “gone gold” on avault, almost always there is a crack ALREADY UP on gamecopyworld.com – and the thing hasn’t even hit my local MicroCenter’s shelves yet! As for people willing to use development tools and other stuff without paying for them: yes they do - check ANY of the binaries newsgroups if your ISP carries them. Borland 5 C++ compiler is free, yet people seem willing to trade VC++ and Metrowerks. Now, the good news: Generally, the reason people pay for a product is less than trialware and being forced to buy, than actually getting something for the money, be it continual upgrades, or helpful tech support (of course, if you did a good job on code and docs, tech support is probably minimal). If you find that people are ripping you off for a $30 program, try dropping the price to $20 - if they are still doing it then, then there is nothing you can do, and perhaps your program needs a re-write, if it's irritating people that much. Combating the cracks or keygens falls into two groups: if it's a patch (crack) to your program, simply make a new version. Hell, make one a week. I recommend using something like UPX or Shrinker to compress/encode the exe if this is a continual patching problem – this causes the exe image to change more than normal. If the problem is a keygen (making a new key), the crackers usually use something like "UpN Phrac-e" or “TNO-LamerBeach” or some such stupid thing. Gather all the keygens, and lock out the names. If you can det
-
Hi! Well, I've just been notified that two of my programs have keygens available for download. I look at this in two ways. 1st. It sucks. For obvious reasons. 2nd. Wow...somebody actually liked my software to waste a bunch of time tearing it up to figure out the registration algorithm. So, my question is...short of re-writing all my programs to use a shareware/release version (stripped down) and creating dual releases...how can we prevent this sort of thing? Its obvious that we as software developers are vulnerable to this sort of thing. How do we make our software crack proof? Fran
This isn't an actual response to the question at hand, but I thought I'd share something I'm using in my current development project having to do with keygens etc... The program I'm writing is for a very, very small market, consisting only of our 10-20 customers, so crackers are not a worry for me. However, to make this program worthwhile, we are charging a quarterly fee to actually use the app, which presents the problem of what to do if somebody will not pay. Most of out customers (believe it or not) do not have internet access, so that method is immediately tossed out the window. My theory here is to make the app expire at a certain date, and require a new code to unlock it until a new future time. Luckily for me, each customer has a unique identifier already used in the program, and the program is date sensitive, so I don't have to worry about them changing their computer clocks to run it. I'm also dealing with some VERY dumb users, so the less things they have to deal with, the better. What I've done is to create a code based on the expiration date (expressed as a true julian date - this was a very usefull thing) and their unique ID, along with a checksum or two built-in to the code (kind of the like credit card numbers). Really wasn't all that difficult, and all they have to do is enter a 8 digit code every 3 months, and the program can decode the date and unlock itself. Obviously this won't work in a lot of cases, but its a good solution for this situation, so I thought I'd share.. I guess I'm just in a typing mood today :) Back to work! Danie
-
David, I think your approach is pretty much ideal, and it could apply to almost every kind of software if you think about the design issues up-front. Every program receives periodic updates, bug fixes, patches, etc., and I've purchased a number of packages that use this method, not specifically as a copy protection, but as an integral part of their service. I think in countries other than the US, that demanding an internet connection is quite a bit more difficult, but it shouldn't be a problem in the US, Canada, Europe, Australia, etc. Really, the Internet becomes the dongle. My concern with internet based authentication isn't that I'm being authenticated, but rather that I don't know what information is being sent over the wire.
> Really, the Internet becomes the dongle. My concern with > internet based authentication isn't that I'm being > authenticated, but rather that I don't know what > information is being sent over the wire. That's exactly the problem. I don't know many people being willing to give an application full access to the internet to call it's mama. There could be any kind of information (and not only pure application data) being transfered and for me, as a user, this is really nothing I would like. Why else do I install personal firewalls ? I don't think a program uses this technique finds many friends, at least not here in Europe where there a many security concerns about the internet. Regards, Tom
-
> Really, the Internet becomes the dongle. My concern with > internet based authentication isn't that I'm being > authenticated, but rather that I don't know what > information is being sent over the wire. That's exactly the problem. I don't know many people being willing to give an application full access to the internet to call it's mama. There could be any kind of information (and not only pure application data) being transfered and for me, as a user, this is really nothing I would like. Why else do I install personal firewalls ? I don't think a program uses this technique finds many friends, at least not here in Europe where there a many security concerns about the internet. Regards, Tom
Tom, I think fundamentally putting a "lock" on software puts people off. There has to be some value in connecting to a server beyond copy protection, and I think having some part of the app centrally hosted is not a bad approach in the grander scope of things. FWIW, I don't think I have a piece of software right now that doesn't greatly benefit from an internet connection. Your point about the about of trust you have to have to give an application full access to your machine is well taken. Maybe there's an opportunity for a web service in that...? A trusted company (IBM, Microsoft, Rainbow, etc.) offers a web authentication service, and it ensures that no sensitive data is exchanged. Might work, but it would have to be totally free and probably be integrated into the OS so it was standardized enough to be valuable
-
I agree with Erik. I work peripherally on our company's security system for our applications (hardware protection) and honestly at the end of the day as hard as we try we just end up shaking our heads and saying "All we can do is keep the honest people honest and make it really hard to crack, but it CAN be cracked" Frank, I'm curious what your app is? As you said, if it's worth cracking, that's a compliment in a strange way and probably a worthwhile program. Maybe I could use it. :) Good luck ... Ps. Funny story; I searched the web once for stuff related to our app and found a request for a dongle crack on a message board. The person had used their real name so we looked in our database and found the person was a client. I guess they didn't want to pay for second copy!
Not necessarily, the user may have simply wanted to use the program without having to have the hardware installed (For instance, a paralell dongle can often interfere with certain kinds of printers). I often apply cracks to programs (mostly games) that I use to remove the CD protection so I can copy it to disk and not have to find the CD when I want to play it.
-
Hi! Well, I've just been notified that two of my programs have keygens available for download. I look at this in two ways. 1st. It sucks. For obvious reasons. 2nd. Wow...somebody actually liked my software to waste a bunch of time tearing it up to figure out the registration algorithm. So, my question is...short of re-writing all my programs to use a shareware/release version (stripped down) and creating dual releases...how can we prevent this sort of thing? Its obvious that we as software developers are vulnerable to this sort of thing. How do we make our software crack proof? Fran
I've recently noticed Microsoft using a new approach to prevent their Age of Empires II game from being pirated. They require the original CD to be in the drive for the game to start. If you make a copy of the CD and try it, it just prompts you for the original CD. This leads me to believe that they have something special on the original CD that the program looks for when it starts. So essentially, the CD behaves like a dongle. Pretty clever, don't you think
-
Hi! Well, I've just been notified that two of my programs have keygens available for download. I look at this in two ways. 1st. It sucks. For obvious reasons. 2nd. Wow...somebody actually liked my software to waste a bunch of time tearing it up to figure out the registration algorithm. So, my question is...short of re-writing all my programs to use a shareware/release version (stripped down) and creating dual releases...how can we prevent this sort of thing? Its obvious that we as software developers are vulnerable to this sort of thing. How do we make our software crack proof? Fran
We're facing most of the same issues that are being discussed on this thread. Here is a technical question that probably should be asked in a different forum: What is the best way to transmit user information via the internet to our web server where a database is accessed and a special code generated which is sent back to the installation program - all transparently to the user. I'm a C++/MFC programmer with no experience with ActiveX, Java, ASP, VB or any other internet language. Our install program is Install Shield. Thanks, Dave Saulnie
-
First off, I'm a veteran of shareware, both as a programmer and a user, having been "doing it" since the C64 days, and have done it for C64, Apple ][, Macintosh, Win3.1 and Win32. I’ve been around this issue for a very long while, and have done a lot of research into it. The bad news: As others have put it, if it's on the computer, it can be cracked, given enough time. Doing separate builds - one for trial, one for full - doesn't really solve anything. It may make your “manager” types happy, but someone will still buy it, get the full version, demand a refund, and then post the program everywhere. Yes, this has happened to me. Using a 3rd party protection tool is a SERIOUS waste of money - they all have a formulistic crack or patching method, and I haven't seen any pass a half-assed attempt. Examples: www.gamecopyworld.com, astalavista.box.sk, crackstore.com, suddendischarge.com, and w3.to/protocols - you can sadly find lots and lots of others. Anytime I hear about a game that’s “gone gold” on avault, almost always there is a crack ALREADY UP on gamecopyworld.com – and the thing hasn’t even hit my local MicroCenter’s shelves yet! As for people willing to use development tools and other stuff without paying for them: yes they do - check ANY of the binaries newsgroups if your ISP carries them. Borland 5 C++ compiler is free, yet people seem willing to trade VC++ and Metrowerks. Now, the good news: Generally, the reason people pay for a product is less than trialware and being forced to buy, than actually getting something for the money, be it continual upgrades, or helpful tech support (of course, if you did a good job on code and docs, tech support is probably minimal). If you find that people are ripping you off for a $30 program, try dropping the price to $20 - if they are still doing it then, then there is nothing you can do, and perhaps your program needs a re-write, if it's irritating people that much. Combating the cracks or keygens falls into two groups: if it's a patch (crack) to your program, simply make a new version. Hell, make one a week. I recommend using something like UPX or Shrinker to compress/encode the exe if this is a continual patching problem – this causes the exe image to change more than normal. If the problem is a keygen (making a new key), the crackers usually use something like "UpN Phrac-e" or “TNO-LamerBeach” or some such stupid thing. Gather all the keygens, and lock out the names. If you can det
-
We're facing most of the same issues that are being discussed on this thread. Here is a technical question that probably should be asked in a different forum: What is the best way to transmit user information via the internet to our web server where a database is accessed and a special code generated which is sent back to the installation program - all transparently to the user. I'm a C++/MFC programmer with no experience with ActiveX, Java, ASP, VB or any other internet language. Our install program is Install Shield. Thanks, Dave Saulnie
Dave there are a variety of ways of doing this, One I can suggest really easy to implement is to host a hidden webbrowser control that posts data to a http: site and the site returns the data via a mini webpage to the users PC: A Hacker/Cracker can bust this in Seconds if they no what to look for, and if the user is operating behind a firewall, they'll have to set up a rule to permit your app doing this. Also have a look at this article and consider increasing the identification to the URLS Name Still a Firewall Rule will probably have to be set up for this to work ;-0 Regardz Colin Davies
-
I've recently noticed Microsoft using a new approach to prevent their Age of Empires II game from being pirated. They require the original CD to be in the drive for the game to start. If you make a copy of the CD and try it, it just prompts you for the original CD. This leads me to believe that they have something special on the original CD that the program looks for when it starts. So essentially, the CD behaves like a dongle. Pretty clever, don't you think
Actually, pretty lame. See www.gamecopyworld.com for the crack. These "methods" are so trivial to break any more the cracks are calling them the "scratch and sniff" method
-
Hi! Well, I've just been notified that two of my programs have keygens available for download. I look at this in two ways. 1st. It sucks. For obvious reasons. 2nd. Wow...somebody actually liked my software to waste a bunch of time tearing it up to figure out the registration algorithm. So, my question is...short of re-writing all my programs to use a shareware/release version (stripped down) and creating dual releases...how can we prevent this sort of thing? Its obvious that we as software developers are vulnerable to this sort of thing. How do we make our software crack proof? Fran
Quite honestly I never really bother with trying to make software I work on difficult to crack. Firstly, as many people have already stated, if somebody wants to crack your software, they will. Secondly, anybody who actually installs cracked software was never likely to actually purchase a copy from you anyway. When you want to buy the latest MS product, do you search all of the warez sites? - or do you pick up the nearest computer software catalogue? Saying this, I do frequently visit a whole list of 'top' warez sites, etc, to keep on top of what is happening to software packages I have worked on. I do laugh a bit when I see some software that I have worked on available to download - it is nice to know somebody out there liked it enough to crack it. Also, I have to admit that I 'leaked' a 'special' version of some software I was working on about a year ago to most of the warez sites, etc, that had a whole range of dead-ends for the crackers to follow. Even now that the final release has been out around 4 months, it has not yet been cracked. The crackers probably remeber the hard time they had with the 'dummy' version! This isn't to say that ignoring the possibility is good, but you lose more money trying to combat these cheaters than you'd ever making selling software to them