> My pedit was cracked at http://202.103.100.253/hambo/pdazone.html. Should I
> ignore it or should I write a new registration process? Is there a generally
> accepted attitude towards such cracking in the palm programmer community?
> Best regards, Paul
trust me.. no matter how hard you try.. you wont be able to beat these
guys :)) i have a running competition going with one of the #palmwarez
members (BigToaster) and i dont mind in having the competition - as he
gets a thrill out of cracking software, i get my thrill out of trying
to make my software as hard as possible to crack. :)
----------------------------------------------------------------------
NOTE: the remainder of this email contains information on how DKJR was
protected (and is probably the hardest app to crack right now).
if you are not interested in the technique, and how they cracked
it (it is good information to know how they do this to protect)
then dont read on.
i am interested in writing a paper on protection for PalmSource
2000 - please vote if you are interested or NOT interested in
this paper by emailing me here:
[EMAIL PROTECTED]
*cheers*
----------------------------------------------------------------------
this is what i did for Donkie Kung Jr 1.0c - and it took 2.5 hours to
crack (with no knowledge at all about my scheme).. i sat down and had
a little chat with my competitor and learned some interesting facts :)
Donkie Kung Jr:
===============
the design was quite simple, but it took a while to get working and
fully functional. the application contains eight code segments, the
application is not greater than 32K (code), so these are used solely
for management and for this technique.
code0000.bin - bootstrap
code0001.bin - normal code segment
code0002.bin - segment with all 'registration' checks
code0003.bin - encrypted segment - keygen
code0004.bin - encrypted segment - code registered users execute
code0005.bin
code0006.bin
code0007.bin - other code segments (device, help etc)
my protection was as follows..
1. using a checksum of code0002.bin and a memory dump of
code0002.bin as the decryption key, perform a RC4 level
(dynamic key, windowing, XOR technique) decryption of
the code0002.bin and code0003.bin
why?
- if they patch the application, the checksum and key
will be different, and hence the code segments will
not decrypt correctly..
99% of hackers stop here :P a patch means the application
will crash, but 1% (BigToaster) saw this as a challenge.
2. since the code that registered users get access to is also
protected using this encryption, a simple patch to avoid
the checks still wont give the user a chance to execute
all the code.
the patch? 2.5 'hard' working hours later :))
using a memory dump of Donkie Kung Jr after it was executed, he
managed to get a unencrypted view of the code that was encrypted.
he then wrote a patch that did the following:
1. code0003.bin and code0004.bin no longer encrypted
(cut and paste memory dump)
2. remove all decryption calls
3. where there was a function pointer, change it to call a real
address instead (not memory area)
4. apply the normal 'ignore this check' to make it registered
i was very impressed by BigToaster :)) so impressed, that i am
working on the next level of protection. which i am sure will take
longer than 2.5 hours :)) my aim is 8 hours :)) because that is a
WHOLE day he will have wasted on this :P
i dont care about the cracking personally, but i am interested in
what theys guys think about - cracking is an art.. :)) BigToaster
would not let me know any more about how he did it - as i quote:
"_bt- does not want to improve his protection any further"
the sad news is that #4 takes something like 5-10 minutes to do,
and the reality is that this is how yours and 99% of the general
Palm Community write their applications. the best protection is
to simply not have the code that registered users get when they
buy it within the demo - so then the hackers cannot patch it..
with this, you have the problem of having to ship two versions, and
what stops the hackers buying one, and distributing the one purchased
version on warez :)
if you got any questions about protection? email me:
[EMAIL PROTECTED]
i love this as much as BigToaster enjoys cracking it :)) my aim is
to make the effort level so high, they just give up - i acknowledge
that NOTHING is impossible to crack, it just takes time and effort :)
i proposed earlier to PalmGearHQ to write a paper on cracking and
how to best "protect" your applications for the Palm Computing
Platform. i have not taken it further due to the fact that it might
affect a large number of developers (publishing cracking info), but
if you are interested, drop me a line ([EMAIL PROTECTED]) and vote.
i can complete the paper if a load of people want to see it at
PalmSource 2000 :P
cheers, and happy coding :)
az.
--
Aaron Ardiri
Java Certified Programmer http://www.hig.se/~ardiri/
University-College i G�vle mailto:[EMAIL PROTECTED]
SE 801 76 G�vle SWEDEN
Tel: +46 26 64 87 38 Fax: +46 26 64 87 88
Mob: +46 70 656 1143 A/H: +46 8 668 78 72
if you enjoy it, then it aint work :) - rule #106 of life
--
For information on using the Palm Developer Forums, or to unsubscribe, please see
http://www.palmos.com/dev/tech/support/forums/
