Piracy protection

I have 3 questions for you:

* How does one register the product? (via a registration key?)

* What type of application are you programming?

* How much effort do you want to put into this?

I need to write an application in C++ (with some free tool), but I don't want to see my software cracked...

I don't have "sponsors", so I can't use hard locks... I need to find "others tools"...

I know, we don't have tools 100% secure against piracy, but, which techniques may I use to minimize the risk of my application be cracked?


The only possibility of your program not being cracked is that crackers will not be interested in it.Should this be the case,you'd wish they would :)
There're a couple of techniques that would make this very difficult though.You could use SMC(self modifying code) which is code that changes itself at runtime.There are numerous tutorials around,i'd suggest that you visit mammon's site(Also make a search for "smc code" in google):

http://www.eccentrix.com/members/mammon/

Some more advanced techniques would involve polymorphism which is the act of executing different pieces of code each time the program runs.Then,you should also use some techniques to kill debuggers,disassemblers and such(make a search for "daemon's cave").Combine all these techniques to possibly create your own pe encryptor or packer.Read more about pe files and import table and import table rebuilding techniques.Should you use such techniques the right way,your program would be VERY interesting for a cracker to spend LOTS of time to crack.Good luck ;)

not sure about the SMC, it can be bypassed by simply debuggin the app, as can other stuff.
Jsut load the app into olly, and trace through it, when u find what u want to modify, do it, and dump the file.


Well,not really ;) If you combine smc with creating a program that allocates space and executes apis dynamically at the allocated space,you would then need to code an iat rebuilder.This would mean that just dumping the executable would result in an executable that would need rebuilding of its imports and this is always the main procedure at which all today's packers rely on.SMC,if implemented with a couple of CRC like checks and iat mangling could make the cracking procedure very time-consuming...

good call on CRC checks, but rebuilding IAT is fairly easy, there are huge number of programs that do it automaticaly, but if u can bypass them, then it will require much more skill to rebuild the IAT.

Indeed,rebuilding the IAT of an executable can become quite easy if you use programs like ImpRec or Revirgin.However,there's a great upset.There can be many tricks to perform that will confuse such programs and will not rebuild the executable correctly.For example,a later version of asprotect would not rebuild all imports and you would have to trace to fix some of them.
Tricks would be protecting memory pages and causing exceptions and call iats dynamically,or emulating first instruction of a dll's function and call it in the middle(like asprotect does).There can be numerous adaptations so that the import table will not be easily fixed.And you can also make some anti-loader stuff so that the executable is not dumped at all(by changing imagebase,sections and stuff dynamically).
All the above techniques require that you step into the executable's code a lot.And if you do so,smc along with crcs(static and memory ones) and debug registers clearing can cause severe pain..

also, can u give more info on what kind of program u are making so we can be more specific on the defense routins.

I'm not really talking of a standard program.Such techniques can be found in packers like SVKP,or armadillo,safedisk etc..There are many defence routines,some of which are pretty intuitive,but for sure all of them can be bypassed.

ASprotect is no longer a good pretocetion, a new packer needs to be made, something like ASprotect, but change how it does it, there are too many tuts on how to bypass ASprotect.

In fact,it's one of the best there is :) I think that the best one is armadillo or SVKP at the time though.ASprotector is probably the third in the hierarchy :)
The question is not what the best packer is,but how one can use certain tricks to protect an application.In general,bypassing a packer using a "how-to" tutorial can be pretty easy.However,the process is not the same in all packers,in fact it's a lot difference.
The result is that if the reverser is not aware of the techniques in general,creating your own packer that uses scarce techinques is pretty difficult to crack and there will not probably be a tutorial on unpacking a home-made packer..

the tut will not apear unless the program is really good., that i agree with u.
As for ASprotect and Armadillo...
if u use them, there are general ways of getting to the OEP.
It can take around 30 minutes, but u wil get there no matter what the program is, if u know the packer.

For protection, u should find out how these packer work, adn then write ur own packer that does similar functions but in a diffrent wy, that will slow the **** out of a reverse, since tracing through the code will be quite long.

Also some packer have protection inside of them, do not be lazy and write protection in ur own prog as well as the packer that has protection inside of it.
First one that comes to mind is VBOX.

Also, if u will be using a keygen algo, then have the algo NOT generate the valid key adn then compear it to the entered one, makes a prog much easier to keygen.
have it check the key that has been enterted.