MadaraUchiha Posted December 8, 2013 Share Posted December 8, 2013 (edited) Hi, I need some advice. I planned creating a protection system in future, similar to XProTec. But I have a understanding problem. Let's say, I created a nice protection algorithm do validate a key. All the methods are encrypted, obfuscated etc But at the end, it doesn't matter how good the protection is, because there will be a statement like: Entered Licence key = valid? How can I prevent this beeing reversed? I mean I can just add a 'not' in the decompiler (or replace a true-condition with a false-condition) so even if my protection recognizes that the key is not valid it will still start the main program or tell the user that licence is valid. Then all my nice protection/encryption algorithms are made for nothing. Is there a runtime protection or something where I don't have a if statement in my code to validate the key? :s Edited December 8, 2013 by MadaraUchiha Link to comment Share on other sites More sharing options...
BrewManNH Posted December 8, 2013 Share Posted December 8, 2013 Don't store the password in the script, store a hash of the password in it. Search for hash and password and you're going to find a lot topics about it. If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag GudeHow to ask questions the smart way! I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from. Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays. - ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script. - Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label. - _FileGetProperty - Retrieve the properties of a file - SciTE Toolbar - A toolbar demo for use with the SciTE editor - GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI. - Latin Square password generator Link to comment Share on other sites More sharing options...
MadaraUchiha Posted December 8, 2013 Author Share Posted December 8, 2013 You haven't got my point;-) Even if I hash everything and store my stuff in files etc, in the final end, there must be a condition to validate the entered key. And that has a true/false statement. The problem is those statements can be reversed easily...:/ Link to comment Share on other sites More sharing options...
BrewManNH Posted December 8, 2013 Share Posted December 8, 2013 I got your point exactly, you're the one missing the point. So what if you have to validate it? You hash the password so that it's not in plain text. You have the user enter a password, hash THAT password and see if the 2 hashes match. If they match it's good, if they don't match then that's up to your "protection" schema. If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag GudeHow to ask questions the smart way! I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from. Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays. - ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script. - Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label. - _FileGetProperty - Retrieve the properties of a file - SciTE Toolbar - A toolbar demo for use with the SciTE editor - GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI. - Latin Square password generator Link to comment Share on other sites More sharing options...
MadaraUchiha Posted December 8, 2013 Author Share Posted December 8, 2013 And this "see if the 2 hashes match." Part, how is this supposed to look like? Link to comment Share on other sites More sharing options...
BrewManNH Posted December 8, 2013 Share Posted December 8, 2013 Search broken? If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag GudeHow to ask questions the smart way! I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from. Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays. - ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script. - Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label. - _FileGetProperty - Retrieve the properties of a file - SciTE Toolbar - A toolbar demo for use with the SciTE editor - GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI. - Latin Square password generator Link to comment Share on other sites More sharing options...
MadaraUchiha Posted December 8, 2013 Author Share Posted December 8, 2013 No. But please explain me what you mean if I don't understand you correctly. Let's say this is the protection system: ;All crypting/hashing/obfuscating functions... If (_Decrypt($CryptedKey)) = MyHashedKey Then ;Run program Else MsgBox(0,'','Invalid key') EndIf The problem now is that its very easy to replace this line: If (_Decrypt($CryptedKey)) = MyHashedKey With this one: If not (_Decrypt($CryptedKey)) = MyHashedKey Now the app is cracked :/ Link to comment Share on other sites More sharing options...
BrewManNH Posted December 8, 2013 Share Posted December 8, 2013 If Microsoft/Apple/Any game company ever can't protect their software from being pirated, what chance do YOU think you have? They have some of the best minds working on this stuff, and their programs are cracked within hours of release. If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag GudeHow to ask questions the smart way! I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from. Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays. - ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script. - Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label. - _FileGetProperty - Retrieve the properties of a file - SciTE Toolbar - A toolbar demo for use with the SciTE editor - GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI. - Latin Square password generator Link to comment Share on other sites More sharing options...
MadaraUchiha Posted December 8, 2013 Author Share Posted December 8, 2013 That doesn't answer my question... Link to comment Share on other sites More sharing options...
jchd Posted December 8, 2013 Share Posted December 8, 2013 You just discovered that there exist no way to locally protect software from tampering. Software is nothing more than a passive string of bytes which can be copied, examined, retro-engineered, modified ad nauseam. All one can do is make the tampering more costly than the price of legal acquisition. And even that is far from easy and involves significant cost (time or else) which increases the price tag of the product itself. Switch your mindset from shield/bullet to cost analysis framework. This wonderful site allows debugging and testing regular expressions (many flavors available). An absolute must have in your bookmarks.Another excellent RegExp tutorial. Don't forget downloading your copy of up-to-date pcretest.exe and pcregrep.exe hereRegExp tutorial: enough to get startedPCRE v8.33 regexp documentation latest available release and currently implemented in AutoIt beta. SQLitespeed is another feature-rich premier SQLite manager (includes import/export). Well worth a try.SQLite Expert (freeware Personal Edition or payware Pro version) is a very useful SQLite database manager.An excellent eBook covering almost every aspect of SQLite3: a must-read for anyone doing serious work.SQL tutorial (covers "generic" SQL, but most of it applies to SQLite as well)A work-in-progress SQLite3 tutorial. Don't miss other LxyzTHW pages!SQLite official website with full documentation (may be newer than the SQLite library that comes standard with AutoIt) Link to comment Share on other sites More sharing options...
Moderators Melba23 Posted December 8, 2013 Moderators Share Posted December 8, 2013 Hi,I see that someone let that poor bird out again - I only just got here in time to prevent it vanishing. M23 Any of my own code posted anywhere on the forum is available for use by others without any restriction of any kind Open spoiler to see my UDFs: Spoiler ArrayMultiColSort ---- Sort arrays on multiple columnsChooseFileFolder ---- Single and multiple selections from specified path treeview listingDate_Time_Convert -- Easily convert date/time formats, including the language usedExtMsgBox --------- A highly customisable replacement for MsgBoxGUIExtender -------- Extend and retract multiple sections within a GUIGUIFrame ---------- Subdivide GUIs into many adjustable framesGUIListViewEx ------- Insert, delete, move, drag, sort, edit and colour ListView itemsGUITreeViewEx ------ Check/clear parent and child checkboxes in a TreeViewMarquee ----------- Scrolling tickertape GUIsNoFocusLines ------- Remove the dotted focus lines from buttons, sliders, radios and checkboxesNotify ------------- Small notifications on the edge of the displayScrollbars ----------Automatically sized scrollbars with a single commandStringSize ---------- Automatically size controls to fit textToast -------------- Small GUIs which pop out of the notification area Link to comment Share on other sites More sharing options...
Recommended Posts