Copy Protection (LockX) (Copy Protection Scheme)

A Discussion of two Copy Protection Schemes offered on PSC. Included are a patch file for the latest LockX project and one for the 'Copy Protection Scheme - A Challenge' project. Both files are a compile of the example projects provided. I then created a patch file which defeats the protection. The Patch File applier will only patch the provided files so if you want to patch a different file you need to create your own patch file. Which is as in the real world. If the Patch File applier is run a second time then the patched application will revert to the original.

Original Author: Tom Brennfleck

Code

LockX and Copy Protection Scheme - A Challenge I have decided to write a small copy protection article, mainly to summarise the previous posts and to help me get my mind around the idea, which I will present towards the end of this article. First lets look at some of the statements made previously, I will take LockX first, Statements made were - * The system is bullet proof This is one of the comments made for the first version, I thought yes great finally something on the protection side. Before I got the chance to have a look at the code, version 2 came out and its 200 times more secure. One of the Statements made was - * LockX 2.0 Software Protection is the ultimate security system I finally got some time to check the code, it took me all of 10 minutes to figure out a way of bypassing "the most secure ActiveX control ever " yep. And then there was version 3 with the comment * LockX 3.0 Software Protection is the ultimate security system (100 times more secure then Version 2.0). I spent about 5 minutes on version 3 and it was bypassed, my be the authors comment should have read 100 less secure ? . Version 3.1 was not any better, so we are now at version 3.2. Ok the OCX has been removed, but is it more secure, I don't believe so. Attached to this article is a patch file, which will patch a particular LockX protected application. In this case the one I compiled, with this version the author can claim that it is 1% more secure than version 3.1 but that is all. The security of any protection product that relies on the following code is cr.p!!! If .AppRegistered Then Do something Else End End if If the author is as he claims a cracker then I would say that he is not very good if he cannot even crack his own software. Any cracker will see the above code and bypass it in a matter of minutes. That brings me to the second Solution for a protection scheme "Copy Protection Scheme" this author has at least thought about protecting software, the supplied code still has the above structure and therefore will not work. But the implementation of the protection scheme is sufficiently different to make me believe that he maybe on the right track. I have been thinking along similar lines for the last couple of years, but never got around some problems. I think Guy Gervais my have just provided a possible solution. A possible Solution Guy's Solution In Pseudo Code we have the following from Guy's code, 1 Load security Script into the Script Control 2 Decrypt the security script 3 Run the security script 4 5 If Me.Caption = TITLE Then 6 "Sorry, key is invalid" 7 End 8 End If 9 Do Something The above is Guy's code, and that got me thinking if the security code can be placed into a separate thread to the main program thread, my extension to the above idea is as follows, Main Program Thread 1 Load security Script into the Script Control 2 Decrypt the security script 3 Run the security script 4 5 If .IsDemoMode Then 6 "You are In Demo Mode" // no need to end even if the app has been patched 7 elseif .IsElapsed then 8 Show Registration Screen 9 End 10 End If {the above block takes care of honest users, and at this stage we still don't care if we have been cracked so just keep loading the program} 11 Do Something {now anywhere in the program we do the following, form load or form activate, etc.) 12 Start Security Thread // Sprinkled through out the program 13 Do Something Else Security Thread 1 Load security Script into the Script Control 2 Decrypt the security script 3 Run the security script 4 Sleep for a random time A minutes/Hours 5 If .IsElapsed or .IsPatched or isTimeSetBack then {this block will know if the App has been patched,Time set back, or has just elapsed.} 6 End Main Program Thread 7 End Random Timer Thread 8 End Security Thread 9 {don't show that we are not registered just stop the program} 10 End If 12 End Security Thread After all of this Blurb, I come back to the same conclusion we cannot protect a program from being copied, all we can do is make it hard for the attacker. In the above example if the attacker finds all of the 'Start Security Thread' references and NOP's them out then the protection is bypassed. I have just gone through Guy's code again and it suffers from the same problems as I have had with the above idea. All the attacker needs to do is to NOP out the 'script.ExecuteStatement sCode' line and the program will never get checked. The only other change that needs to be made is, If Me.Caption = TITLE Then -- changed to -- If Me.Caption <> TITLE Then And the program is useable, no need to worry about registration files, or key. I have included a compiled patch file to prove the point. With a bit of assembler knowledge the above is not difficult to do. I will still upload this, someone may find it useful and have some more ideas. I hope that this article spurs on some more discussion in this area. Tombr...

About this post

Posted: 2002-06-01
By: ArchiveBot
Viewed: 100 times

Comments

No comments have been added for this post.

You must be logged in to make a comment.