Shulou(Shulou.com)06/01 Report--

This article is from Quanmao Software Studio to reprint, please indicate http://www.qmboy.com

At present, shared software is a hot topic in the software industry in the world, especially in China. Thousands of programmers devote themselves to this field with great enthusiasm, looking forward to getting rich rewards for their hard work, but this is not the case, and the vast majority of people have failed. It is worth noting that apart from the software design and technical reasons, the biggest reason is that the shared parts have been Crack.

Face cracking

A writer of shared parts is faced with many crackers who have formed a gang. Domestic CCG and BCG, and foreign eGis, King, Core, TNT, DAMN and TMG are all first-class cracking organizations. No less than 80% of the world's pirated software is cracked by them, and the technical strength of even large software companies should not be underestimated.

Seeing here, have you been discouraged? Don't be afraid, although we can not avoid being cracked completely at present, if we can effectively delay the time of being cracked and deal a full blow to the cracker's self-confidence, we can make the cracker unable to bear this kind of torture and finally give up.

There are two common ways to crack it-- violent cracking (blasting) and writing registration machines. The author on their own accumulated experience to explain the principle of each cracking method and coping methods, some key routines to explain (Delphi code), the use of C++ and VB friends can modify slightly. I hope this will be of some help to some novices and can protect the fruits of their labor more effectively.

Understanding violence cracking

Brute force cracking is referred to as "blasting", which is the most common and simplest way to crack. This method is most suitable for dealing with software without CRC check, and beginners are happy to use it.

For most shared parts, if conditional statements are mostly used to verify whether they are registered or not. even if you use strong encryption algorithms such as RSA or ECC, you can't avoid using if conditional statements. This is the most dangerous place for sharing parts, and it is also the goal that novice explosives are tirelessly looking for.

For example, your registration function looks like this:

Using RSA to verify the Digital signature of Registration Code

If RSAVerify MD5 Key MD5 Code en then

ShowMessage 'registered successfully!'

Else

ShowMessage 'registration failed!'

Where Key is the registration code entered by the user, which is sent by you to the registered user, Code is automatically calculated according to the user name entered by the user, e is the public key of the RSA algorithm, and n is the modulus of the RSA algorithm.

Fight for the first time

Even if the registration function in the above example uses a strong RSA algorithm to verify the registration code, it is still easy to crack. We just need to change this to:

Change the logical judgment to no

If not RSAVerify MD5 Key MD5 Code en then

ShowMessage 'registered successfully!'

Else

ShowMessage 'registration failed!'

At this time, the dramatic result will be: you can register by entering any registration code, while entering the correct registration code cannot pass the registration.

To crack such software, you must first disassemble or track your program to find the key jump instructions after judging the registration code of cmp, test and other assembly instructions, usually assembly instructions such as je, jz, and modify them to jne or jnz, so that you often only need to modify a byte to crack perfectly.

At present, most of the shared parts are judged by the above methods, which is the main reason why there are so many cracked software on the Internet. Because it's too easy to crack it this way.

The second time.

In fact, as long as the key code of the software is embedded in the registration code or registration file, cracking can be fully prevented.

The easiest way is to make the key code (the most critical and simplest function of your software function) into a small DLL (dynamic link library), encrypt it with a strong symmetric algorithm (the key can be the characteristic hash value of a fixed part or shell of the main program) and generate a registry file (License file, which format is only known to you), or Base64 to generate a registry file Users can double-click to import into the registry.

The verification process is as follows: when a registered user verifies the registration code, first verify whether there is a file, and if there is no file, the naturally restricted function cannot be used. If there is a registration file, a small temporary file is generated after decryption. If the main program is shelled or modified (burst), the natural Hash value password does not match, the decrypted code must be junk code, useless. Only the main program that has not been modified can be decoded correctly, and of course

Only the decrypted correct file is a real DLL file, and the address of the key function to be called can be found by the GetProcAddress function. In this way, only registered users can enjoy the full functions of your software. This makes it difficult for Cracker to crack your software.

First of all, if he does not have a registration file, even if he takes the main program out of its shell, he will not be able to repair it completely because the restricted part is associated with the registration file.

Second, even if he gets your registration file, because it is an encrypted file, he can not directly use it, so he is forced to disassemble your algorithm, which is the last thing they want to encounter! If it comes to this stage, only the Cracker experts who really have research on encryption algorithms will continue to crack.

Third, you can use some tricks to make his cracking work more complicated. Here I recommend that you use the DSA public key encryption algorithm, which, like RSA, can be digitally signed (RSA can also be encrypted, DSA can only be digitally signed). The reason for choosing it here is that it has a very practical feature: the random number filling mechanism. That is, DSA uses a random number K for each signature. Because of this K, even if it is the same user name and machine identifier, every registration file encrypted by DSA will not be the same. This is a big obstacle for Cracker to disassemble your registration file.

Fourth, even if he gets the decrypted DLL file, he still needs to significantly modify the main program or remove the key code from your DLL section and add it to the main executable file. It depends on how well he understands the PE file format. Even so, if you have a lot of Hash check and crash code in your program, you can wait patiently for our lovely Comrade Cracker to vomit blood. :)

Finally, remember: immediately remove the DLL from memory and delete it after using the temporary DLL file, and be careful to detect whether there is a FileMon detector in the system before decryption:

Quanmao | Software customization | crack | Marketing Software | website Design | Software Service | data Collection | Software Design | Research and Development | Software Studio | Mobile Development | Protocol Analysis | Android IOS

Probe FileMon

Function DetectFileMon Boolean

Begin

If CreateFile PChar'\.\ FILEVXD'

GENERIC_READ or GENERIC_WRI

TE

FILE_SHARE_READ or FILE_SHAR

E_WRITE

Nil

OPEN_EXISTING

FILE_ATTRIBUTE_NORMAL

0 INVALID_HANDLE_VALUE then

Result = True / / if there is, turn off the phone!

Else

Result = False

End

Of course, you can protect it better: instead of using temporary DLL, you can write the decrypted key code to the specified location of the memory page where the main executable's own process is committed (Committed) with the API function WriteProcessMemory. In this way, it is more difficult to crack because there are no decrypted temporary files on the disk. In fact, Amadillo, the most powerful professional protection software in the world, uses this method. And this method can fully prevent the debugger Dump. But it is difficult to implement, especially in the operating system after WinNT 5.

Because this method uniquely connects the registration file to the restricted code, the blaster can only stare at your software. It is recommended that everyone add functional restrictions to the shareware, which is more secure than the time and frequency limit.

=

Quanmao Software Studio

Undertake small and medium-sized Windows desktop software development, software cracking and reverse. Kernel software development. Offline, protocol analysis. Use language: C++, C.

Undertake a variety of outsourcing projects, interface development projects. The development of various framework platforms of JAVA and C # language.

Provide solutions to various problems of the system, solve the problem of system collapse, and provide installation solutions.

Official website: http://www.svch0st.com contact Q1483187 191968212 Tel. 18810615383

Http://www.qmboy.com

=

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.