Bmax Software protector - tryme example
BlitzMax Forums/BlitzMax Programming/Bmax Software protector - tryme example
| ||
| Hi Guys heres an example of my Bmax Software protector, please give it a spin and see if you can bypass the protection. download here http://www.winblitz3d.co.uk/protector_example.zip this small example includes debugger detection, softice detection, it also includes anti tamper protection. still more to be added. this SHOULD work under all os systems, so please report any problem's, you should get a messagebox when run. kev |
| ||
| Running your exe via Wine (on Ubuntu Linux 7.04) I get an error: "no tool detected". Console output says "fixme:wave:ALSA_AddCaptureDevice Add support for DSCapture". Do you recognize that, or is it Wine's doing? I have never tried to run a BMax program through Wine before, so I don't know if that is to be expected or not. Looking at your worklog, this sounds really cool! Way over my head how it works, though. Could you give us a few hints of its cleverness? (For example, what does the anti tamper protection do?) |
| ||
| Hi Picklesworth Im not sure how this would function under wine, it is an emulated pc? anyway the message "no tool detected" sounds correct as no crack tool is detected however you say error:? without givin to much information, 'anti tamper protection' focus on the self modifying calls where crack tools are detected. this does pre-scans of bytecode and validates it againts orignal encryped bytecode before each call. all asm calls are decryped before calling them. kev |
| ||
| I just just called it an error because it looked a bit like one. In that case, I guess it works :) |
| ||
| new version available that adds support to ensure the integrity of the entire executable. re-download from the above link kev |
| ||
| "all asm calls are decryped before calling them." Could you explain that? (Is that happening dynamically in the executbale? Does that impact performance? |
| ||
| hi MGE Developer. Is that happening dynamically in the executbale yes, im also thinking of instruction decryption, by where only one instruction is decrypted at a time and then executed. Does that impact performance? i would think NOT as each detection is less than 50 bytes. some are as little as 9 bytes. its realy straight asm calls once the decryption as taken place. kev |
| ||
| looks quite interesting and seems to work, haven't been able to get on its nerves yet in a usefull way. |
| ||
| Is there a way to say "don't protect" this section of code so it can run normally? |
| ||
| MGE Developer you decide where you want to have protection within your code, the protector is oop so you simply setup and then call its members when needed. kev |
| ||
| This actually makes it even better :) |
| ||
| We are very interstd in this. Any release eta? How much will it cost? |
| ||
| still need to add some extra feature's for example trw2k under win9x. have some more testing done. then maybe some little extra tricks like screen\keyboard locking. the price will be around 20 uk pounds, im also looking into a linux port but it wont have as many features as the windows version. price will include future updates and support. eta? soon if all goes well couple of days/week at the max 2 weeks. kev |
| ||
| Does that impact performance? " i would think NOT as each detection is less than 50 bytes. some are as little as 9 bytes. its realy straight asm calls once the decryption as taken place. " WRONG! you are 100% assurred of a performance hit here. There is no way on earth a function call can work as fast as just branching to the subountine if a decrytion process has to run first. |
| ||
| Yeah but performance hit = you are able to notice it as human beeing. Show me something of 50byte size that has an impact on Core 2 Duo at 2x 3Ghz and 4MB Cache ... |
| ||
| If it can prevent people sharing keys, block keys, lock to hardware, has a timelimit mode etc. I'll definately buy. :) All I'm interested in is stopping the casual Pirate. |
| ||
| @Gav, ok yes there is a small performance hit. i was speeking of the protection call its self being direct asm, decryption is handled within max. If it can prevent people sharing keys, block keys, lock to hardware, has a timelimit mode etc. I'll definately buy. :) for latest news on the protector see my worklog entry. i will be updating as often as ive good news to share. it feels solid but theres always a loop hole to exploit. i think most major detections are complete. now time to get working on testing timed demo mode. http://www.blitzbasic.com/logs/userlog.php?user=71&log=1491 kev |
| ||
| One last thing before going ballistic with ads, selling it, etc. You may want to offer a cash reward for the first person to break it. Ofcourse they have to give you details how they did it in order to claim the reward. Asking someone to "break it" without any incentive, won't bring out the hacker in people. Offer them cash, and you'll have I would guess, quite a few people seriously trying to break it. It would be awful for your product, to go out the door and some coders start using it, only to find a crack for it a few days after they release their product. |
| ||
| Does you Protector check for increased executable size I Noticed there is a tool to padd out executables for the purpose of adding hacking code at the end. Execellent idea and I would purchase it, just What many of us Blitz programmers need. |
| ||
| currently it does not check .exe size, but its a great idea and will be easy to add :) ok some more news, ive been working on testing the trial demo mode. this works and detects if the clock is reset back. im just working on a better way to handle the start trial, trial demo work using a trial window. more on this once im happy its safer. this way it would be possable to have keys that last for 1 year. ie yearly reg accounts. and onto serial number registraion, ive coded the start using .php and for a demo see here. its currently connects to a database and validates sent key. an email will be sent to the registerd user with a valid key file. good key http://www.winblitz3d.co.uk/validate.php?username=kevin&serial=HABJ6G-HHA63Y-BBBHY6-74GAQ5-HVQ63F bad key http://www.winblitz3d.co.uk/validate.php?username=mick&serial=HAFJ6G-HHA63Y-DDDHY6-74GAQ5-HVQ63F kev |
| ||
| Has this been designed as a wrapper or a module? |
| ||
| its a module using oop kev |
| ||
| ok some more news, ive been working on testing the trial demo mode. this works and detects if the clock is reset back. Can you specify any allowed thresholds? It's not uncommon for a PC clock to jump back a few seconds or even minutes if someone is running automated time synchronization tools. (XP can/will even sync up with an internet time server periodically on its own) |
| ||
| Hi xlsior currently its not possable to set a trail by anything other than a day. i might change this to include realtime. I wonder if anyone is intrested in beta testing the latest version. people should have some intrest in the use of a range of debuggers and a project to test the protector in. if you have the means and the time please email me and we can come to some agreement. kev |
| ||
| currently its not possable to set a trail by anything other than a day. i might change this to include realtime. Might be useful - many of the online places like Popcap offer a 1-hour trial. |
| ||
| yes some even use minutes take for example Corel trial apps they use *massive* jump tree although not sure if its possable to add this type of protection to a blitzmax .exe kev |
| ||
| Hi, Kev, I would be able to provide a real life test for your protector..... My emulator gets the INCBINs extracted(STOLEN!) every time I put more in by my one competitor. If I put a new INCBIN in I can promise you that day he will start to try and break your protection without him even nowing he is taking part in a "real-life test" of your protection. Once I put a new Include in he will start posting asking others to help crack it, (Just google it!) Im sick of this guy and would get great pleasure and from seeing him foiled. He seems to have no life other than to be a nuisance to me all the time, running down my program or coping every single feature just days after me. |
| ||
| Hi Gav I will email you sometime later today, sounds like we might be-able so kill two birds with one stone. kev |
| ||
| Cheers Kev. "James R Jacobs of Canberra Aus." is my hacker,(He claims to be some kind of software company selling open source software written by others and unknown to them) I even put in a two player network feature into my emulator (But I have no idea how to impliment it yet REALLY!) anyway three weeks later his emulator has "Network Play" features, I never finished it I just wanted to see if he is still copying me. It could make it annoying for him if he cant install a newer trial version over the old one, He could then only install it once unless he reformats his drive each time. He Stalker/Hacker is so persistant that I had to block him from my site with PHP after he was visiting 2-4 times a day to check for new stuff to copy. This has been going on for two years now and he shows no signs of stopping so I assume he has no life at all. Without EXE-Protection everything is exposed and He has full access to my program, Not even having to pay for the tools he uses on my software. My program is lying "Dead" until I can stop my menacing fiend. In over words Kev ,If you can protect my Program and MOSTLY the INCBINs which he wants to extract and re-distribute seperately then PLEASE help me is what I say. James Jacobs is already distributing some of my INCBINs and im SO ANGRY I have just about gone to get a plane ticket to Ausy to have it out with him face to face instead of accross the NET. |
| ||
| PS Kev I just updated my profile with New email address since I realised old email address is nolonger valid. |
| ||
| My emulator gets the INCBINs extracted(STOLEN!) every time I put more in by my one competitor. If I put a new INCBIN in I can promise you that day he will start to try and break your protection without him even nowing he is taking part in a "real-life test" of your protection. you can add another layer by trying inc-binning password protected .zip's with Koriolis' streaming zip module? |
| ||
| Hey Gav... What software (game?) do you make that this guy always copies? I find this interesting and wonder why the hell he would be doing something as stupid as that. |
| ||
| email re-sent gavin, xlsior makes a good point for using Koriolis' streaming zip module. it sure would make it harder for the low life to obtain your incbin's kev |
| ||
| Note that there are brute-force zip password crackers out there as well, so not entirely fool-proof. If you do go that route, make sure to pick a long, complicated password... Especially using odd punctuation like ` ~ { } | and the likes, since many brute-force password crackers tend to save time by leaving out the least likely characters |
| ||
| Hi, TaskMaster I dont think that what I have is SO interesting to most people, Its just that my multi emulator emulates the same machines as him (nearly) since I dont comunicate directly so I dont know why he copies me verbatim, although he is strange enough to carry on with the same behaviour for a two year period. I have roms in my executable which cannot be obtained so he needs to extract them for use in his emulator. If the roms are in my exe and not his then he cant stand that, he even rates my BETTER emulator as lower than his. heres the download link if you want to see BMAxGUI do retro emulation http://software.wizz.googlepages.com/Emulator2001_t.exe its ok kev the roms have already been extracted from this executable, the roms in question are safe on my computer until I test the protection. I will bait my hacker with one tasty rom at a time and see if it appears for download at his site as in the past. |
| ||
| I have not looked at the zipstream module since im using UPX to compress my exe But I consider EXE protection and Zipstream to be big improvements for bmax The Protection patch is now applied to my executable at the link in above post and I found it exetremely easy to apply, thanks Kev I have been doing a little testing, you know how a function can be filled with NOPs can you make functions encrypted and decrypt them when needed? or should I read about the blitz3dlock? |
| ||
| The Protection patch is now applied to my executable at the link in above post and I found it exetremely easy to apply, thanks Kev yes oop helps here, theres plenty of methods i plan on adding to place the protection code through the .exe. i hope to write a small parser that injects the protection direct into your sourcecode before compiling the release version. I have been doing a little testing, you know how a function can be filled with NOPs can you make functions encrypted and decrypt them when needed? or should I read about the blitz3dlock? i will add some methods to support encryption/decryption of functions. *EDIT now done, Gavin i will email new version soon. kev |
| ||
| a sourcecode preprocessor would be cool :) Especially as Blide makes it that simple to use such tools :) |
| ||
| thank you Dreamora, i will get round to it :) Gav, updated module sent to you. |
| ||
| I thought of a good new name for my hacker fiend oldname: Amigan software New name: Copyware Ltd. Maybe I should challenge him to write an orginal program like we blitz'ers do, instead or re-releasing an open source programs as shareware. He has a site with about 7 programs all "written by Jrjacobs" ,BUT when you do a google search they have all been written by other people (and the source code can be openly obtained), Some clearly forbidding him from doing so in the readme text. I dont understand why anyone would want an entire site of plain old rip-offs? only removing the copyright text from the top of the source and saying at his site that he made them? His fountain emulator is straight from MESS source code, compiled in the free MS C++ compiler (Only the copyright text is gone from the top of the source code ,when I asked him why he said he had permission!) The MESS fountain driver was written by Peter Truaner, therefore he is the author of James emulator. You cannot find any mention of Peter anywhere? I just put a message on top of my site asking James to Lay-off my program and stop hacking it and how the next release will contain data protection, That should be better than paying him cash to test Kevs Exe-protection. software.wizz.googlepages.com/Emulator2001_t.exe |
| ||
| Can anyone help with how bmax stores incbins I wrote a comparer to find my incbins and found a match for the first bin at $00xxx1E9 I found the second rom at $00xxx9AB (actual hex values are not shown above) The gap between these roms in the executable is 2110 bytes The next rom is 2114 bytes from the start of the last rom and the next gap is 2123 bytes to the beginning of the next rom The first inbin file name length is 28 characters then 23, then 21 characters The Raw .Bin files are 2048 bytes in size each. The gap increased when the roms had bigger file names so does that mean that the file name of the incbin is stored at the start of each incbin |
| ||
| Hey kev Is it possible to have some functions encrypted in a/my distributed executable and use the decrypt function before using them, then encrypting them back using your encrypt function. If the distributed executables sensitive functions are not encrypted (in the file itself) then I could just load my executable file into a disassembler, if the functions are encrypted then I would see garbage code instead. Some good news; I tried to Exescope6 on a bmax executable and nothing shows, its a different story when I tried putting my competitors exe under the scope, everything in his program can be tampered with! (OMG) |
| ||
| Quite interesting thread. I have a question. Sometimes I download demo from BFG and others software companies. The latest times I get a demo I downloaded only a DOWNLOAD-MANAGER (sometimes I found 'powered by ActiveMark' and so on...) that make its job automatically. I suppose that the 'protection' of these games is done via internet (so checking if you are the real owner and so on...). So - even if there is a market for download-once-time software - internet activaction/control seems to become more important every day. (the most 'famous or in-famous' system is Steam - and many pro-developers approched to this platform...) So WILL Kev's BlitzMax Software Protector work in this way? Or is not in the planning? ps: from your worklogs you says that there is an application that *at the moment* is using your system. Any information (if possibile)? |
| ||
| Hi degac Online serial number validation is going to be added, ive made a start on this see one of my post above for a clicky, as for the application see Gav's emulator clicky above. ive just finished adding support for anti file and registry monitors. this will help with limited time trial protection. Gav. i will email this new version for testing sometime today kev |
| ||
| Cheers Kev I have filemon to test the anti-file monitoring I will do more testing when I recieve the update Note if anyone downloads my emulator im thinking of later making the "nag" screen appear after several days because if your like me you will hate nag screens, so what im trying to say this wont be a bug in the protection. Great work Kev. Download my emulator again kev if you like, You have credit for your protection module on the main screen where it is always seen. PS I have moved my emulator to the worklogs section and deleted my website |
| ||
| Heres a link to the worklog and a screen shot of the APP currently testing kevs protector module http://www.blitzbasic.com/logs/userlog.php?user=8050&log=1503 |
| ||
| Hi, I am would love to test your protection module. My email is hyperrushpongREMOVETHIS@.... Thanks |
| ||
| Hi Space Xscape I dont require any more testers, but thanks. The protector is now available to buy. see my sig for a link to more info. kev |
| ||
| "Execuable" Run your page through a spell checker. ;) |
| ||
| "Execuable" Run your page through a spell checker. ;) spelling was never one of my strong points, i will get round to cleaning the page. kev |
| ||
| Will i be able to create nag text that appears after 23 of 30 have passed or after >X days? Also is the php licensing script ready and included in the purchase? |
| ||
| Hi Hyper Rush Pong yes you control what is displayed while the trial days are processed. you also have control of what action to take when the trial has ended. the php licensing script is not included in the purchase, however once you purchase any updates including the online validation will be free as an update. kev |
| ||
| How much will it cost to buy bmx software protector and and "update" together? |
| ||
| Hmm.. this is getting very interesting. Is there any program using this so we can download and see it in action? Also, instead of days, what about hours? For games, the norm seems to be a 1-2 hours to try out the game. |
| ||
| @Hyper Rush Pong the price is £20 this includes future updates and support, for more info see the link http://softwareprotector.winblitz3d.co.uk/ @MGE Developer no plans to do trials other than by the day, however if theres enought people wanting its not out of the question. kev |
| ||
| This only covers Windows, right? |
| ||
| f4ktor, yes currently windows only. i do plan on a linux port but possable wont have as many features. mac version not sure yet. kev |
   |