CRACKPROOF YOUR SOFTWARE The Best Ways to Protect Your Software Against Crackers C R A C K P R O O F Y O U R S O F T W A R E BEST PROTECT THE WAYS TO YOUR SOFTWARE AGAINST CRACKERS ˇ Pavol Cervenˇ San Francisco CRACKPROOF YOUR SOFTWARE.Copyright ©2002 by No Starch Press, Inc. All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage or retrieval system, without the prior written permission of the copyright owner and the publisher. Printed in the United States of America on recycled paper 1 2 3 4 5 6 7 8 9 10–05 04 03 02 Crackproof Your Software is an English version of Cracking a jak se proti nemuˇ bránit, byPavol Cˇervenˇ,the origi- nal Czech version (80-7226-382-X), copyright ©2001 by Computer Press. English translation prepared by Skrivanek Translation Services. Trademarked names are used throughout this book. Rather than use a trademark symbol with every occur- rence of a trademarked name, we are using the names only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark. Publisher: William Pollock Editorial Director: Karol Jurado Cover and Interior Design: Octopod Studios Composition: 1106 Design, LLC Copyeditor: Andy Carroll Indexer: Broccoli Information Management Distributed to the book trade in the United States by Publishers Group West, 1700 Fourth Street, Berkeley, CA 94710; phone: 800-788-3123; fax: 510-658-1834. Distributed to the book trade in Canada by Jacqueline Gross & Associates, Inc., One Atlantic Avenue, Suite 105, Toronto, Ontario M6K 3E7 Canada; phone: 416-531-6737; fax 416-531-4259. For information on translations or book distributors outside the United States and Canada, please see our distributors list in the back of this book or contact No Starch Press, Inc. directly: No Starch Press, Inc. 555 De Haro Street, Suite 250, San Francisco, CA 94107 phone: 415-863-9900; fax: 415-863-9950; [email protected]; http://www.nostarch.com The information in this book is distributed on an “As Is” basis, without warranty. While every precaution has been taken in the preparation of this work, neither the author nor No Starch Press, Inc. shall have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the information contained in it. Library of Congress Cataloging-in-Publication Data Cˇervenˇ, Pavol. [Cracking a jak se proti nemˇu bránit. English] Crackproof your software / Pavol Cˇervenˇ. p. cm. Includes index. ISBN 1-886411-79-4 1. Software protection. 2. Computer security. 3. Data protection. 4. Computer crimes. I. Title. QA76.76.P76 C47 2002 005.8--dc21 2002012207 ABOUT THE AUTHOR I started programming on 8-bit computers and the only good programming language for them was assembler. My father bought a PC about four years ago, and if not for that PC, this book probably would not exist. (When I finished this book, I was 23 years old.) I have tried several programming languages but have remained faithful to assembly because I think it is the clearest and the most beautiful programming language. What you write in assembly is exactly what you will find in the com- piled version — nothing less and nothing more. In the days of DOS I dealt with the problems closest to assembly — viruses, and even dreamt about working for an antivirus software company. When Windows 9x appeared, assembler was used less and less and there were also fewer viruses (at least fewer assembly viruses). That’s when I discovered some- thing new, unexplored and often mysterious: protecting software against illegal copying. As I explored this challenge, I became so preoccupied with it that I quit the virus field (though I still enjoy the protection field and think I will stick with it for some time to come). My page at www.anticracking.sk will give you a bit more information about what I do and our product, SVK - Protector: a powerful tool for securing soft- ware against unauthorized copying, use, and distribution. SVKP was designed with ease of use and high speed as a priority without sacrificing high levels of protection. It offers three different methods of securing: It uses RSA algorithm, API functions, and new anti-debug tricks. PavolCˇervenˇ BRIEF CONTENTS Introduction Chapter 6 1 Commercial Software Protection Programs Chapter 1 75 Basics 5 Chapter 7 Anti-Debugging, Anti-Disassembling, Chapter 2 and Other Tricks for Protecting Cracking Tools Against SoftICE 9 95 Chapter 3 Chapter 8 The Basic Types of Protecting Against Breakpoints, Software Protection Tracers, and User Debuggers 15 167 Chapter 4 Chapter 9 CD Protection Tricks Other Protection Tricks 41 185 Chapter 5 Chapter 10 Program Compression and Important Structures in Windows Encoding: Freeware and Shareware 207 53 Chapter 11 Suggestions for Better Software Protection 225 Glossary 231 About the CD 232 Index 233 Brief Contents vii CONTENTS IN DETAIL INTRODUCTION Protection as a Deterrent 2 Working with Assembler 2 Publishing Cracker Tricks 2 1 BASICS Why Crackers Crack 5 How Crackers Crack: Debuggers and Disassemblers 6 Debuggers 6 Disassemblers 6 Decompilers 6 The Most Frequent Protection Failures 7 2 CRACKING TOOLS SoftICE Basics 10 Key Commands 12 The BPX Command 13 The BPR Switch 13 The BPM Switch 13 Display Commands 13 3 THE BASIC TYPES OF SOFTWARE PROTECTION Registration-Number (Serial-Number) Protection 15 Registration Number Is Always the Same 16 Registration Number Changes in Accordance with Entered Information 17 Registration Number Changes in Accordance with the User’s Computer 19 Registration-Number Protection in Visual Basic Programs 19 Registration Number Is Checked Online 23 Time-Limited Programs 25 Time Limit Is Removed Once the Correct Registration Number Is Entered 26 Time Limit Is Removed Once a Registration Key File (.REG) Is Entered 26 Time Limit Cannot Be Removed; the User Must Buy the Full Program 27 Time Limit Is Contained in a Visual Basic Program 28 Time Limit Applies to a Certain Number of Starts 28 Registration-File (KEY File) Protection 29 Some Program Functions Are Blocked Without the Correct Registration File 29 Program Is Time-Limited Without the Correct Registration File 30 Hardware-Key (Dongle) Protection 30 Program Cannot Be Started Without the Hardware Key 30 Some Functions Are Limited Without the Hardware Key 32 HASP Hardware Keys 32 Sentinel Hardware Keys 38 4 CD PROTECTION TRICKS How CD-Checkers Work 42 CD Protection Software 42 CD-Cops 42 DiscGuard 43 LaserLock 44 SafeCast 44 SafeDisc 44 SecuROM 47 VOB 48 Other CD Protection Tricks 48 CD Contains More Than 74 Minutes of Data 49 Damaged TOC (Table of Contents) 49 Huge Files 50 Physical Errors 50 One or More Huge Files 50 Demo with Selected Program Functions Limited 50 Contents in Detail ix 5 PROGRAM COMPRESSION AND ENCODING: FREEWARE AND SHAREWARE aPLib 54 ASPack 54 Ding Boys PE-Crypt 56 NeoLite v2.0 58 Advanced Compression Options 59 Icons 59 Preserve Data 59 Other Resources 60 Miscellaneous 60 NFO 61 PE Compact 61 PELOCKnt 62 PE-Crypt 63 Manual Removal 66 Creating a Loader 66 PE-Crypt Options 67 PE-Crypt Summary 68 PE Shield 68 Petite 70 Shrinker 71 UPX 72 WWPACK32 73 6 COMMERCIAL SOFTWARE PROTECTION PROGRAMS ASProtect 76 FLEXIm 80 InstallShield 82 ShareLock 84 The Armadillo Software Protection System 84 Vbox 86 Timelock 3.03 Through 3.10 87 TimeLock 3.13 Through 3.15 87 Vbox 4.0 Through 4.03 87 Vbox 4.10 88 Vbox 4.3 88 The Slovak Protector (SVKP) 89