Search Tools Links Login

Copy Protection (LockX) (Copy Protection Scheme)


A Discussion of two Copy Protection Schemes offered on PSC. Included are a patch file for the latest LockX project and one for the 'Copy Protection Scheme - A Challenge' project. Both files are a compile of the example projects provided. I then created a patch file which defeats the protection. The Patch File applier will only patch the provided files so if you want to patch a different file you need to create your own patch file. Which is as in the real world. If the Patch File applier is run a second time then the patched application will revert to the original.

Original Author: Tom Brennfleck

Code

LockX and Copy Protection Scheme - A Challenge


I have decided to write a small copy protection article, mainly to summarise the previous
posts and to help me get my mind around the idea, which I will present towards the end of
this article.


First lets look at some of the statements made previously,


I will take LockX first,


Statements made were -

* The system is bullet proof


This is one of the comments made for the first version, I thought yes great finally
something on the protection side. Before I got the chance to have a look at the code,
version 2 came out and its 200 times more secure.


One of the Statements made was -

* LockX 2.0 Software Protection is the ultimate security system


I finally got some time to check the code, it took me all of 10 minutes to figure out a
way of bypassing "the most secure ActiveX control ever " yep.


And then there was version 3 with the comment


* LockX 3.0 Software Protection is the ultimate security system (100 times more secure
then Version 2.0).


I spent about 5 minutes on version 3 and it was bypassed, my be the authors comment
should have read 100 less secure ? .


Version 3.1 was not any better, so we are now at version 3.2. Ok the OCX has been
removed, but is it more secure, I don't believe so.


Attached to this article is a patch file, which will patch a particular LockX protected
application. In this case the one I compiled, with this version the author can claim that
it is 1% more secure than version 3.1 but that is all.


The security of any protection product that relies on the following code is cr.p!!!


If .AppRegistered Then

Do something

Else

End

End if


If the author is as he claims a cracker then I would say that he is not very good if he
cannot even crack his own software. Any cracker will see the above code and bypass it in
a matter of minutes.


That brings me to the second Solution for a protection scheme "Copy Protection Scheme"
this author has at least thought about protecting software, the supplied code still has
the above structure and therefore will not work. But the implementation of the protection
scheme is sufficiently different to make me believe that he maybe on the right track.


I have been thinking along similar lines for the last couple of years, but never got
around some problems. I think Guy Gervais my have just provided a possible solution.


A possible Solution

Guy's Solution

In Pseudo Code we have the following from Guy's code,

1 Load security Script into the Script Control

2 Decrypt the security script

3 Run the security script

4

5 If Me.Caption = TITLE Then

6 "Sorry, key is invalid"

7 End

8 End If

9 Do Something


The above is Guy's code, and that got me thinking if the security code can be placed into
a separate thread to the main program thread, my extension to the above idea is as
follows,


Main Program Thread

1 Load security Script into the Script Control

2 Decrypt the security script

3 Run the security script

4

5 If .IsDemoMode Then

6 "You are In Demo Mode" // no need to end even if the app has been patched

7 elseif .IsElapsed then

8 Show Registration Screen

9 End

10 End If


{the above block takes care of honest users, and at this stage we still don't care if we
have been cracked so just keep loading the program}


11 Do Something


{now anywhere in the program we do the following, form load or form activate, etc.)


12 Start Security Thread // Sprinkled through out the program


13 Do Something Else




Security Thread

1 Load security Script into the Script Control

2 Decrypt the security script

3 Run the security script

4 Sleep for a random time A minutes/Hours

5 If .IsElapsed or .IsPatched or isTimeSetBack then


  {this block will know if the App has been patched,Time set back, or has just elapsed.}


6 End Main Program Thread

7 End Random Timer Thread

8 End Security Thread

9 {don't show that we are not registered just stop the program}


10 End If

12 End Security Thread


After all of this Blurb, I come back to the same conclusion we cannot protect a program
from being copied, all we can do is make it hard for the attacker.

In the above example if the attacker finds all of the 'Start Security Thread' references and NOP's them out then the protection is bypassed.

I have just gone through Guy's code again and it suffers from the same problems as I have
had with the above idea. All the attacker needs to do is to NOP out the


'script.ExecuteStatement sCode' line and the program will never get checked.


The only other change that needs to be made is,


If Me.Caption = TITLE Then -- changed to -- If Me.Caption <> TITLE Then


And the program is useable, no need to worry about registration files, or key.


I have included a compiled patch file to prove the point. With a bit of assembler
knowledge the above is not difficult to do.


I will still upload this, someone may find it useful and have some more ideas. I hope
that this article spurs on some more discussion in this area.




Tombr...



About this post

Posted: 2002-06-01
By: ArchiveBot
Viewed: 79 times

Categories

Visual Basic 6

Attachments

Copy_Prote4262112172001.zip
Posted: 9/3/2020 3:45:00 PM
Size: 1,375 bytes


Loading Comments ...

Comments

No comments have been added for this post.

You must be logged in to make a comment.