progcor.htm: The shareware programmer corner

The shareware programmer corner

Updated July 1998

This section is now in part obsolete. Read, then go over
to the more recent HOW TO PROTECT BETTER section.

Courtesy of fravia's page of reverse engineering

- Why your protections are terribly lame
- What you can do against it (The 14 protector's commandments)
- Other +HCU projects and useful Info for programmers and protectionists 
                ('Most stupid protection' award)
                ('Bogus commercial protections'serie)
                ('Our protection' section)
- A selection of interesting essays for protectionists
- A final message of hope

Why your protections are so lame

Dear protectionists, you better understand immediately a great and simple truth: the real reason your protections are so lame, is that you don't know how to crack; worse: many among you don't even know how to program in assembly. This makes it very easy to defeat your 'high language' protections for people that don't have your source code, yet know perfectly what any single hexadecimal byte means inside your code.
You'll learn on my site enough to protect MUCH better your software (was about time) yet be aware that there is, for you too, no result without study and without knowledge. It takes a lot of time and of study to be a good cracker and it takes a lot of time and of study to be a good protector!
Yet the reward is inestimable! Learning how to reverse engineer any software application will give you, protection schemes apart, which are not so important after all, a POWER and a MIGHT over your overbloated compilers that you have before never ever dreamed of. Believe it or not, from this kind of study your applications will gain even more than your protections

The 14 protector's commandments

Q.: Listen fravia+, I'm reading your messy site almost exclusively in order to PROTECT BETTER my software, and your whole cracking philosophy gives me the creeps... can't you just tell me what the hell I should do to protect better my applications AGAINST you bloody crackers?
A.: Yes, I can, here you are with:

Mark's famous 14 protector's commandments

1 Never use meaningful file or procedure names such as 
  IsValidSerialNum (duh.)
2 Don't warn the user right after a violation is made.  
  Wait later, maybe until the next day or two (crackers hate that).
3 Use checksums in DLL's and in the EXE.  Have them check each other.  
  Not perfect but it just makes it harder to crack.
4 Pause a second or two after a password entry to make brute 
  force cracking unfeasible.  Simple to do, but rarely done.
5 Self-heal your software.  You know, error correction like modems 
  and hard drives use.  The technology has been around for years, 
  and no one uses it on their software?  The best thing about this 
  is that if the cracker used a decompiler, they may be looking at 
  a listing that is no longer valid.
6 Patch your own software.  Change your code to call different 
  validation routines each time.  Beat us at our own game.
7 Store serial numbers in unlikely places, like as a property 
  of a database field.
8 Store serial numbers in several places
9 Don't rely on the system date.  Get the date of  several files, 
  like SYSTEM.DAT, SYSTEM,DA0 and BOOTLOG.TXT and compare them to 
  the system date.  Require that the time be greater than the last 
  run.
A Don't use literal strings that tell the user that their time is 
  expired.  These are the first things to look for.  Build strings 
  dynamically or use encryption.
B Flood the cracker with bogus calls and hard-coded strings.  Decoys 
  are fun.
C Don't use a validation function.  Every time you validate the user, 
  write your validation code inline with the current process.  That 
  just makes more cracking for the cracker.
D When using hard-coded keys or passwords, make them look like program 
  code or function calls (i.e., "73AF" or "GetWindowText").  This 
  actually works very well and confuses some decompilers.
E Finally, never reveal your best protection secrets :-)

This said, Zen-crackers will easily defeat even the most clever protection scheme, yet there is no reason of concern... you see, we examine protections of two sorts: protections that are UNUSUAL and protections that must be removed in order to fully enjoy a VERY USEFUL program. Sadly very few programs are really useful and very few protections are indeed intelligent. Therefore you should not worry: your program is probably NOT useful at all, and your protection is probably NOT clever... nobody will ever attempt to crack it, you may sleep relaxed.

You want more anti-crackers tricks? Read (study) the essay by tibit: Advanced protection schemes! (13 december 1997)

You want even more anti-crackers tricks? Read (study) the advices by dph-man: Some thoughts on key checking methods that are hard to reverse engineer (20 January 1997)

Other projects and useful info

And look! Behold! There is much more for all you little protectionists on this site! Enjoy some new sections and some special essays, and don't forget to check (if you have passed the strainer, that is :-) the three "special" +HCU seminars about Object-Oriented cracking:

9801 = DELPHI CRACKING,
9802 = MAIN *.DLL's "PASSWORD VERIFY" & "TIMECHECK" FUNCTIONS,
9803 = "INSTALLATION WIZARDS" CRACKING

You should not forget, moreover, to check The Bogus commercial protection schemes serie (saving the gullible shareware programmers from commercial crooks) that has recently started and has an obvious interest for those among you that pay money in order to buy ready-made (and completely ridiculous) protection schemes! Hey, don't you see how the "evil" crackers help the poor shareware programmers?

NEW SECTION: "MOST STUPID PROTECTION" AWARDS
NEW ESSAYS: LESSONS FOR SHAREWARE PROGRAMMERS
NEW SECTION: OUR PROTECTIONS
NEW SECTION: Bogus commercial protection schemes (Now with the last incredible 'dongle bashing' essay by Frog's Print: End of the dongle old aera ~ Dongles bye bye (29 January 1998)

Some interesting essays for protectionists

Of course ALL software reversing essays are useful for protectionists, but I have decided to publish here the ones that I reckon to be the MOST useful ones for direct protection purposes... hoping that protectionists will learn and deliver us something more palatable than the usual, dull and boring "good_guy flag" dinosaurier that still rule the earth :-(

Fooling Disassemblers (Protecting Applications Against Disassembly)
By Snatch, 07 December 1997
(The "non-conditional" conditional jump and other tricks)

Advanced protection schemes
By tibit, 13 December 1997
(How to defeat us crackers at our own game :-)

A couple of protection ideas
By dph-man, 20 January 1998
(Some thoughts on key checking methods that are hard to reverse engineer)

Cracked Metal, runtime dll creation
By Fallen, 04 February 1998
(Hotmetal's good runtime dll trick)

Cracking the ShareLock Protection System (SHRLK20.DLL)
By XaVaX, 11 February 1998
(Shareware protectors backwounded by demo vendors)

RealPlayer Plus 4.0: the "dummy code check" trick
By sPIRIT and HellRaiser, 12 February 1998
(a very interesting anti-crackers trick, if better implemented)

SOFTWrapper: wrapping galore
By HalVar+, 13 February 1998
(An encryptionless wrapper is a protectionless protection)

Decompiling InstallShield scripts and guidelines for decompiler writers
By Zeezee, 04 March 1998
(An useful protector introduction to the world of Installshield decompiling)

Well, let's rationalize things a little...
08 May 98	Marigold	~	marycri1.htm	Instant removing of CrypKey (together with a lock) Unwrapping the wrapped	progcor	~	fra_0116
21 May 98	Goth	~	sales1.htm	SalesAgent 3.0: Rsagnt32.dll, TurnKey and Me	progcor	~	fra_0120
01 June 98	Q	~	q_tv0601.htm	"Fixing" AIMS-Lab's VH-TV Program	progcor	~	fra_0125
15 July 98	Snooty	~	snooty2.htm	Unprotecting unprotectors (AccessData's StopCopy failure)	progcor	~	fra_013A
31 July 98	+Xoanon	~	xoano_27.htm	Another readymade sotware protection (Intellisecure R2) dies	progcor	~	fra_0145
31 July 98	MisterE	~	monitor.htm	Keyfiles: Monitor/RA v1.80 and the 'hidden protection' idea	progcor	~	fra_0146
31 July 98	Johnny+X	~	rcnewht.htm	Cracking an encrypted dll scheme: Virtual Turntables 1.5	progcor	~	fra_0147

We have a very nice and full-fledged

"Most stupid protection" award section, wherein, like in the bogus serie, many apparently strong protection schemes (some of them commercial, i.e. the poor programmers have to pay *money* for them) are revealed as well for what they are: pretty stupid and pretty easy to circumvene. Hey, don't you see how the "evil" crackers help the poor shareware programmers?

As it seems, all protection scheme that you are using to day are much TOO EASY, and we do not like this... no challenge, no knowledge reward... since you do not seem able to program them as it should be, we'll do it for you (that's pretty nice of us, isn't it?
We will therefore further develop a special project section (that actually is a little neglected):

our protections which has already started. +Rcg and +Sync (sync1@nospam.iname.com eliminate "nospam." before pasting :-) take care of it. Here's what we'll do there: We'll publish OUR OWN (pretty tough) protection schemes (coded in assembler or C, of course :-) and anyone who cares will (try to) crack them (for each scheme we'll give two weeks time) we'll then publish the "solution" *AND* the source code!
You learn, we learn... you'll protect better (was about time) and we'll crack better... Hey! That's human evolution at its best: from ape to cracker!

You'll further find new essays with a special "important lesson for shareware programmers" banner. Actually all essays on my site represent (of course) lessons for shareware programmers, yet these specific essays will be particularly important for you, since they will not only "show" you, but "demonstrate" you once more the weakness of some common and widespread protection schemes and "tricks" (at times once more "commercial protections", i.e. you have to *pay* for that crap).
We are trying to help you because we are well aware of the fact that shareware programmers do not have the money, nor the capacities, available for huge "industries" of "overbloated programmers" like Micro$oft... that's the reason we'll try to offer you at least some crumbs from the might of Internet group working. We would like to forge an "holy" alliance between crackers and shareware programmers against Micro$oft... when the wolves howl, cats and dogs join forces.

A final message of hope

No, I lied.
Actually I don't believe that you'll ever 'join forces' with us, I believe strongly that many of you will be so fascinated from our reverse engineering world that will 'change side' and start producing TOOLS that will help us in our half-lost yet glorious struggle against Micro$oft's encompassing 'embrace' (and we need you "real" windoze programmers -after having learned cracking and assembly- in order to get the "nice looking" smart and mighty tools that we want... in fact most crackers are unfortunately the 'other side' of your same coin, and would not even touch visual basic 5 with a badger pole).
The usual problem: WE could not care less about the frilly-dizzy rattamazz ASPECT of the applications we use (I'm still using - february 1998- +ORC's psedit as my preferred powerful hexeditor, and it's a DOS program :-) but the zombies and the slaves out there have been so conditioned that we now need to produce 'alluring' tools just to catch their attention and having they use POWERFUL programs... in order to bring (at least some of) them on the clever side... in due time they will learn, exactly as you did... So we need you at least as much as you need us. Life on the web is funny, isn't it?
Beware: the help we offer may indeed be very valuable for you, as your assiduous presence on my site testify, but that very help is only a decoy!

Dear shareware programmers: the truth is that we need many more 'real' programmers on our side, and therefore we hope to persuade and proselytise you (...yet not to brainwash you, therefore I better finish right here :-)