Re: My old man vs LC Standalone
Tom Glod wrote: > When I change pricing models in the future with a major new release > I will go and look to see if any cracks exist, and then close > the holes. Be sure to run cracked copies and keygens only in disposable VMs. Most of the the ones I've seen are malware delivery vehicles, which makes my job easier since anyone using those will likely face more doom than I could ever deliver. -- Richard Gaskin Fourth World Systems Software Design and Development for the Desktop, Mobile, and the Web ambassa...@fourthworld.comhttp://www.FourthWorld.com ___ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
Re: My old man vs LC Standalone
Hi everyone, thanks for partaking in the thread. Hey Sean, Currently I authorize the license key via a web api running on a WordPress site. But at the end of the day, its still "if license = trial then this if not then this." ...and thats is place of attack.. using his debugger tool... My strategy is to create a few routines that would create a bunch of jumps in the code...hide some stuff..etc just to waste his time if that's what he wants to spend it on. But as far as legit cracks that I am defending against.. its not a priority for medue to pricing model. When I change pricing models in the future with a major new release I will go and look to see if any cracks exist, and then close the holes. Cheers On Thu, Oct 24, 2019 at 5:46 PM Pi Digital via use-livecode < use-livecode@lists.runrev.com> wrote: > Questions. How do customers access/buy your software? How does it know it > is on an authorised machine or with an authorised user? > > I have a couple of methods that I remember I thought were very clever > (although ultimately pointless) you might like to add in to the mix but it > depends on the security deployment method you’ve chosen. > > Sean Cole > Pi Digital Prod Ltd > ___ > use-livecode mailing list > use-livecode@lists.runrev.com > Please visit this url to subscribe, unsubscribe and manage your > subscription preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode > -- Tom Glod Founder & Developer MakeShyft R.D.A (www.makeshyft.com) Office:226-706-9339 Mobile:226-706-9793 ___ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
Re: My old man vs LC Standalone
Questions. How do customers access/buy your software? How does it know it is on an authorised machine or with an authorised user? I have a couple of methods that I remember I thought were very clever (although ultimately pointless) you might like to add in to the mix but it depends on the security deployment method you’ve chosen. Sean Cole Pi Digital Prod Ltd ___ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
Re: My old man vs LC Standalone
Hi The fact you can acquire via nefarious means nearly all software out there demonstrates how easily crackable software is. Adobe, Avid, Autodesk, Boris, Apple and Microsoft (for goodness sake) have all struggled and failed with it. Make it difficult for the everyday user to bypass, look at better price structures for those with morals and find ways to catch or make life tedious for the crackers. A hacker breaks through walls and are mainly concerned with systems and networks. Crackers modify or bypass features or défenses in software. There’s a distinction. A crackers motivation is based on the value they put on it, the value the customers put on it and the value the developer puts on it. The higher the value the product, the more effort you need to put in to protecting it. Kee’s wife’s solution is a really good one but has high risk of eating itself through coding error which could affect the customer and any work they do within it. The bigger the software gets, the higher the risk. Passwords are rubbish and easily bypassed. Network (home) calling make it easy for crackers to find the vulnerable points. Using a resource file is too obvious. Internal encryption is good but You need to still hide the passcodes somewhere clever and make them complicated enough. But even then, a machine code trace will pick up on the build and request of the passcodes and then it’s implementation. As I say to all of my clients past and present, “Anything is possible given the time and resources”. True for both sides of the binary. If it’s ‘fun’ you are after, put in as many of these things as possible and give him a real challenge. I don’t doubt your father will manage it but you can keep him on the merry-go-round a little bit longer than he expected. ;) All the very best Sean Cole Pi Digital Prod Ltd ___ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
Re: My old man vs LC Standalone
One other thing about that - it doesn't have to be a thieving hacker. I wrote a invoicing system for a company years ago (Foxpro for DOS ) and years later I got a phone call saying the system was coming up "I'm Melting " - I could't for the life of me remember why I put that message in. Went to the company and some "clever sod" was cleaning up the hard disk and deleted some of the "unused" files in the data directory. Personally I think your time is wasted putting any protection in other than name and email and address (say) tied to the system and if they have been messed with - It's the user either trying to run it on his laptop (let him) or somebody has taken a copy. Then wait three months and then tell them there is an error "call this number" - if it's the user he will phone for help. If its a thief - just offer him an "upgrade". That is how Microsoft ate Lotus's lunch back in the day was $495 Although Multiplan (the precursor of Excel) had protection - Excel did not (in fact the whole of office did not) you just put in a serial code or one from a serial code generator. This allowed Microsoft to get office in the hands of students and others who did not have the money to spend. Years later everybody with a "illegal" copy was offered an amnesty and "upgraded" to a legitimate version of office for £65 if memory serves. The upshot is EVERYTHING can be broken. Back in the apple 2 days it was more fun to crack the disk protection than play some of the games. The disk protection routines got so clever that one of the disk copier utilities built in a 6502 emulator so you could single step the code of the bootloaders and patch that part of the disk. Finally we got "Snapshot" that was hardware that allowed the saving of all the memory to disk (later copied for the spectrum and c64) Happy days ... https://www.bigmessowires.com/2015/08/27/apple-ii-copy-protection/ https://news.ycombinator.com/item?id=17256709 https://mirrors.apple2.org.za/Apple%20II%20Documentation%20Project/Books/Beneath%20Apple%20DOS.pdf Regards Lagi On Wed, 23 Oct 2019 at 11:17, Keith Martin via use-livecode < use-livecode@lists.runrev.com> wrote: > On 22 Oct 2019, at 4:02, kee nethery via use-livecode wrote: > > > it would look for Hypercard itself on their disk and start erasing > > stuff in it > > I applaud the ingenuity and totally understand the reasons for her doing > that, but it should be said that damaging *other* software – beyond > the stack itself – on purpose is a questionable tactic that feels like > revenge, especially if it's designed to be silent. It is the actions of > a virus! Not the best grounds to be standing on if this came out and > lawyers got involved, even if the victim was clearly a thieving hacker. > > However, fascinating idea and impressive dedication. > > k > ___ > use-livecode mailing list > use-livecode@lists.runrev.com > Please visit this url to subscribe, unsubscribe and manage your > subscription preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode > ___ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
Re: My old man vs LC Standalone
On 22 Oct 2019, at 4:02, kee nethery via use-livecode wrote: it would look for Hypercard itself on their disk and start erasing stuff in it I applaud the ingenuity and totally understand the reasons for her doing that, but it should be said that damaging *other* software – beyond the stack itself – on purpose is a questionable tactic that feels like revenge, especially if it's designed to be silent. It is the actions of a virus! Not the best grounds to be standing on if this came out and lawyers got involved, even if the victim was clearly a thieving hacker. However, fascinating idea and impressive dedication. k ___ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
Re: My old man vs LC Standalone
On 22 Oct 2019, at 20:47, Tom Glod via use-livecode wrote: i am counting on his limited willingness to put hours into it. Either way, it will be absolutely fascinating to read about the outcome. Good luck! k ___ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
Re: My old man vs LC Standalone
lol... that may be true...cuz i don't think he'll check the mailing list :) There is only bragging rights at stakeso i just need to add time to his workloadbut not affect the user experience..i am counting on his limited willingness to put hours into it. On Tue, Oct 22, 2019 at 3:02 PM JB via use-livecode < use-livecode@lists.runrev.com> wrote: > And if you tell us what you are going to do > he will never catch on .. .. > > JB > > > On Oct 22, 2019, at 11:57 AM, Tom Glod via use-livecode < > use-livecode@lists.runrev.com> wrote: > > > > yeah... the key is to crank up the difficulty and time investment...much > > like decryption...sure...you can decrypt this in a billion years! > > > > On Tue, Oct 22, 2019 at 2:49 PM JJS via use-livecode < > > use-livecode@lists.runrev.com> wrote: > > > >> Everything is crackable. > >> > >> There was once this version of Cubase 5.1 a audio/midi sequencer, very > >> popular among musicians. > >> > >> People from H2O cracked it. It was protected by a USB dongle. > >> > >> They used 1500 manhours for it. And most of the time was not in the > >> program itself, figuring out when it called the dongle, but on how > >> windows handled the dll's to communicate with it. > >> > >> Eventually they wrote their own dll as software-matic dongle. > >> > >> They also said that it was the only version they would crack, because of > >> the many hours they needed to do it. > >> > >> > >> Op 22-10-2019 om 20:27 schreef doc hawk via use-livecode: > >>> On Oct 21, 2019, at 8:02 PM, kee nethery via use-livecode < > >> use-livecode@lists.runrev.com> wrote: > My wife built a Hypercard stack standalone that was protected by a > >> dongle. But, every call to the dongle was something you could search > for in > >> the scripts. So she had scripts that did hashes of the scripts that > talked > >> to the dongle. And she had scripts that did hashes of the scripts that > >> checked the hashes of the scripts … > >>> > >>> “Those who hashed the hasher, have been hashed!” ??? > >>> > >>> Wait, that’s not quite how it goes . . . hmm . . . > >>> ___ > >>> use-livecode mailing list > >>> use-livecode@lists.runrev.com > >>> Please visit this url to subscribe, unsubscribe and manage your > >> subscription preferences: > >>> http://lists.runrev.com/mailman/listinfo/use-livecode > >> > >> ___ > >> use-livecode mailing list > >> use-livecode@lists.runrev.com > >> Please visit this url to subscribe, unsubscribe and manage your > >> subscription preferences: > >> http://lists.runrev.com/mailman/listinfo/use-livecode > >> > > > > > > -- > > Tom Glod > > Founder & Developer > > MakeShyft R.D.A (www.makeshyft.com) > > Office:226-706-9339 > > Mobile:226-706-9793 > > ___ > > use-livecode mailing list > > use-livecode@lists.runrev.com > > Please visit this url to subscribe, unsubscribe and manage your > subscription preferences: > > http://lists.runrev.com/mailman/listinfo/use-livecode > > > ___ > use-livecode mailing list > use-livecode@lists.runrev.com > Please visit this url to subscribe, unsubscribe and manage your > subscription preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode > -- Tom Glod Founder & Developer MakeShyft R.D.A (www.makeshyft.com) Office:226-706-9339 Mobile:226-706-9793 ___ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
Re: My old man vs LC Standalone
And if you tell us what you are going to do he will never catch on .. .. JB > On Oct 22, 2019, at 11:57 AM, Tom Glod via use-livecode > wrote: > > yeah... the key is to crank up the difficulty and time investment...much > like decryption...sure...you can decrypt this in a billion years! > > On Tue, Oct 22, 2019 at 2:49 PM JJS via use-livecode < > use-livecode@lists.runrev.com> wrote: > >> Everything is crackable. >> >> There was once this version of Cubase 5.1 a audio/midi sequencer, very >> popular among musicians. >> >> People from H2O cracked it. It was protected by a USB dongle. >> >> They used 1500 manhours for it. And most of the time was not in the >> program itself, figuring out when it called the dongle, but on how >> windows handled the dll's to communicate with it. >> >> Eventually they wrote their own dll as software-matic dongle. >> >> They also said that it was the only version they would crack, because of >> the many hours they needed to do it. >> >> >> Op 22-10-2019 om 20:27 schreef doc hawk via use-livecode: >>> On Oct 21, 2019, at 8:02 PM, kee nethery via use-livecode < >> use-livecode@lists.runrev.com> wrote: My wife built a Hypercard stack standalone that was protected by a >> dongle. But, every call to the dongle was something you could search for in >> the scripts. So she had scripts that did hashes of the scripts that talked >> to the dongle. And she had scripts that did hashes of the scripts that >> checked the hashes of the scripts … >>> >>> “Those who hashed the hasher, have been hashed!” ??? >>> >>> Wait, that’s not quite how it goes . . . hmm . . . >>> ___ >>> use-livecode mailing list >>> use-livecode@lists.runrev.com >>> Please visit this url to subscribe, unsubscribe and manage your >> subscription preferences: >>> http://lists.runrev.com/mailman/listinfo/use-livecode >> >> ___ >> use-livecode mailing list >> use-livecode@lists.runrev.com >> Please visit this url to subscribe, unsubscribe and manage your >> subscription preferences: >> http://lists.runrev.com/mailman/listinfo/use-livecode >> > > > -- > Tom Glod > Founder & Developer > MakeShyft R.D.A (www.makeshyft.com) > Office:226-706-9339 > Mobile:226-706-9793 > ___ > use-livecode mailing list > use-livecode@lists.runrev.com > Please visit this url to subscribe, unsubscribe and manage your subscription > preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode ___ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
Re: My old man vs LC Standalone
yeah... the key is to crank up the difficulty and time investment...much like decryption...sure...you can decrypt this in a billion years! On Tue, Oct 22, 2019 at 2:49 PM JJS via use-livecode < use-livecode@lists.runrev.com> wrote: > Everything is crackable. > > There was once this version of Cubase 5.1 a audio/midi sequencer, very > popular among musicians. > > People from H2O cracked it. It was protected by a USB dongle. > > They used 1500 manhours for it. And most of the time was not in the > program itself, figuring out when it called the dongle, but on how > windows handled the dll's to communicate with it. > > Eventually they wrote their own dll as software-matic dongle. > > They also said that it was the only version they would crack, because of > the many hours they needed to do it. > > > Op 22-10-2019 om 20:27 schreef doc hawk via use-livecode: > > On Oct 21, 2019, at 8:02 PM, kee nethery via use-livecode < > use-livecode@lists.runrev.com> wrote: > >> My wife built a Hypercard stack standalone that was protected by a > dongle. But, every call to the dongle was something you could search for in > the scripts. So she had scripts that did hashes of the scripts that talked > to the dongle. And she had scripts that did hashes of the scripts that > checked the hashes of the scripts … > > > > “Those who hashed the hasher, have been hashed!” ??? > > > > Wait, that’s not quite how it goes . . . hmm . . . > > ___ > > use-livecode mailing list > > use-livecode@lists.runrev.com > > Please visit this url to subscribe, unsubscribe and manage your > subscription preferences: > > http://lists.runrev.com/mailman/listinfo/use-livecode > > ___ > use-livecode mailing list > use-livecode@lists.runrev.com > Please visit this url to subscribe, unsubscribe and manage your > subscription preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode > -- Tom Glod Founder & Developer MakeShyft R.D.A (www.makeshyft.com) Office:226-706-9339 Mobile:226-706-9793 ___ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
Re: My old man vs LC Standalone
Everything is crackable. There was once this version of Cubase 5.1 a audio/midi sequencer, very popular among musicians. People from H2O cracked it. It was protected by a USB dongle. They used 1500 manhours for it. And most of the time was not in the program itself, figuring out when it called the dongle, but on how windows handled the dll's to communicate with it. Eventually they wrote their own dll as software-matic dongle. They also said that it was the only version they would crack, because of the many hours they needed to do it. Op 22-10-2019 om 20:27 schreef doc hawk via use-livecode: On Oct 21, 2019, at 8:02 PM, kee nethery via use-livecode wrote: My wife built a Hypercard stack standalone that was protected by a dongle. But, every call to the dongle was something you could search for in the scripts. So she had scripts that did hashes of the scripts that talked to the dongle. And she had scripts that did hashes of the scripts that checked the hashes of the scripts … “Those who hashed the hasher, have been hashed!” ??? Wait, that’s not quite how it goes . . . hmm . . . ___ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode ___ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
Re: My old man vs LC Standalone
On Oct 21, 2019, at 8:02 PM, kee nethery via use-livecode wrote: > > My wife built a Hypercard stack standalone that was protected by a dongle. > But, every call to the dongle was something you could search for in the > scripts. So she had scripts that did hashes of the scripts that talked to the > dongle. And she had scripts that did hashes of the scripts that checked the > hashes of the scripts … “Those who hashed the hasher, have been hashed!” ??? Wait, that’s not quite how it goes . . . hmm . . . ___ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
Re: My old man vs LC Standalone
Yeah...He might call me within 24 hours ..laughing ...and that wouldn't surprise me at all. :D Luckily ...none of it is life or death. On Tue, Oct 22, 2019 at 1:44 PM JB via use-livecode < use-livecode@lists.runrev.com> wrote: > Well considering he writes assembly and other languages > and is communicating with other people he might be able > to do things that would surprise you. > > JB > > > On Oct 22, 2019, at 10:38 AM, Tom Glod via use-livecode < > use-livecode@lists.runrev.com> wrote: > > > > Funny, I just sat down to fire up LC to check on the encryption option. > > That will be the first thing I will do. > > > > My dad will do this using a C++ / assembly debugger, and he finds the > point > > at which the trial limitation is lifted or enforced, and does all his > work > > there. So he'll be looking at memory directly and will try to inject a > > 'simple' workaround. > > > > I'm not sure about this, but probably the arrangement and sequence of > > variables in the applications' memory space will be different each time > it > > starts? I could be wrong but I believe cracks and patches often use a > > specific byte offsets to make changes to specific portions of the > program, > > assuming their location is always the same within the applications > > memory. This is where I think an LC standalone is different, but thats > > just speculation on my part. > > > > With enough time sure...everything can be cracked..., I don't > think > > it will be easy for him at all, given he's never seen LC. > > > > On Tue, Oct 22, 2019 at 11:20 AM J. Landman Gay via use-livecode < > > use-livecode@lists.runrev.com> wrote: > > > >> That was my first thought too, password protecting the stack makes the > >> scripts unreadable. The hacker would have to read the memory directly > and > >> I'm not sure what that would show, but I don't think it would be > >> particularly organized. > >> -- > >> Jacqueline Landman Gay | jac...@hyperactivesw.com > >> HyperActive Software | http://www.hyperactivesw.com > >> On October 22, 2019 10:09:40 AM Bob Sneidar via use-livecode > >> wrote: > >> > >>> I'd be curious to know how well simply pass protecting the stacks does. > >>> Given the "hacker" doesn't know the key that was used for the > >> encryption, > >>> it shouldn't be possible. > >>> > >>> Bob S > >>> > >>> > On Oct 22, 2019, at 07:46 , Tom Glod via use-livecode > wrote: > > JB, of course thats true, its just a matter of how long it takes and > how > skilled the cracker must be. Its definitely not a reason not to try. > > Kee, that sounds like quite the scheme a self-destructing stack. > My > initial instinct is to create some trap using hashing also. > > Thanks. :) > > On Mon, Oct 21, 2019 at 11:03 PM kee nethery via use-livecode < > use-livecode@lists.runrev.com> wrote: > > > My wife built a Hypercard stack standalone that was protected by a > >> dongle. > > But, every call to the dongle was something you could search for in > the > > scripts. So she had scripts that did hashes of the scripts that > talked > >> to > > the dongle. And she had scripts that did hashes of the scripts that > >> checked > > the hashes of the scripts … > > > > Plus, she broke up the calculations into various sections of other > >> code. > > When a script noticed stuff was being altered, it would start erasing > >> stuff > > in the app stack. And it would look for Hypercard itself on their > disk > >> and > > start erasing stuff in it. It would hold on as long as possible doing > >> as > > much damage as possible. > > > > Setting the code to do all this protection was a carefully scripted > > process because one false step and it would self destruct and damage > >> her > > Hypercard. It was pretty obvious to me when that happened because the > > cursing would be rather loud and prolonged. > > > > She’d do things like add up all the chars in a script, do a modulo on > >> that > > number, and then go to script ID to execute a line of > >> code in > > that script. > > > > I’m sure someone could have eventually gotten past all that stuff but > > don’t think anyone ever did. > > > > -- > > > > All that said, shareware authors would routinely hang out on crack > >> sites > > and seconds before releasing their app, they would post a crack. No > one > > wants to be the second person to crack an app so the author would be > >> the > > only crack. That crack would allow someone to use the app for some > >> period > > of time (months) and then it would develop some kind of error. Users > >> would > > call in for support on XYZ error and the answer was, the more recent > > version fixes that. It’s a simple upgrade, here’s the URL for users > >> with > > this error. And those folks would become paid users. > > > > Kee >
Re: My old man vs LC Standalone
Well considering he writes assembly and other languages and is communicating with other people he might be able to do things that would surprise you. JB > On Oct 22, 2019, at 10:38 AM, Tom Glod via use-livecode > wrote: > > Funny, I just sat down to fire up LC to check on the encryption option. > That will be the first thing I will do. > > My dad will do this using a C++ / assembly debugger, and he finds the point > at which the trial limitation is lifted or enforced, and does all his work > there. So he'll be looking at memory directly and will try to inject a > 'simple' workaround. > > I'm not sure about this, but probably the arrangement and sequence of > variables in the applications' memory space will be different each time it > starts? I could be wrong but I believe cracks and patches often use a > specific byte offsets to make changes to specific portions of the program, > assuming their location is always the same within the applications > memory. This is where I think an LC standalone is different, but thats > just speculation on my part. > > With enough time sure...everything can be cracked..., I don't think > it will be easy for him at all, given he's never seen LC. > > On Tue, Oct 22, 2019 at 11:20 AM J. Landman Gay via use-livecode < > use-livecode@lists.runrev.com> wrote: > >> That was my first thought too, password protecting the stack makes the >> scripts unreadable. The hacker would have to read the memory directly and >> I'm not sure what that would show, but I don't think it would be >> particularly organized. >> -- >> Jacqueline Landman Gay | jac...@hyperactivesw.com >> HyperActive Software | http://www.hyperactivesw.com >> On October 22, 2019 10:09:40 AM Bob Sneidar via use-livecode >> wrote: >> >>> I'd be curious to know how well simply pass protecting the stacks does. >>> Given the "hacker" doesn't know the key that was used for the >> encryption, >>> it shouldn't be possible. >>> >>> Bob S >>> >>> On Oct 22, 2019, at 07:46 , Tom Glod via use-livecode wrote: JB, of course thats true, its just a matter of how long it takes and how skilled the cracker must be. Its definitely not a reason not to try. Kee, that sounds like quite the scheme a self-destructing stack. My initial instinct is to create some trap using hashing also. Thanks. :) On Mon, Oct 21, 2019 at 11:03 PM kee nethery via use-livecode < use-livecode@lists.runrev.com> wrote: > My wife built a Hypercard stack standalone that was protected by a >> dongle. > But, every call to the dongle was something you could search for in the > scripts. So she had scripts that did hashes of the scripts that talked >> to > the dongle. And she had scripts that did hashes of the scripts that >> checked > the hashes of the scripts … > > Plus, she broke up the calculations into various sections of other >> code. > When a script noticed stuff was being altered, it would start erasing >> stuff > in the app stack. And it would look for Hypercard itself on their disk >> and > start erasing stuff in it. It would hold on as long as possible doing >> as > much damage as possible. > > Setting the code to do all this protection was a carefully scripted > process because one false step and it would self destruct and damage >> her > Hypercard. It was pretty obvious to me when that happened because the > cursing would be rather loud and prolonged. > > She’d do things like add up all the chars in a script, do a modulo on >> that > number, and then go to script ID to execute a line of >> code in > that script. > > I’m sure someone could have eventually gotten past all that stuff but > don’t think anyone ever did. > > -- > > All that said, shareware authors would routinely hang out on crack >> sites > and seconds before releasing their app, they would post a crack. No one > wants to be the second person to crack an app so the author would be >> the > only crack. That crack would allow someone to use the app for some >> period > of time (months) and then it would develop some kind of error. Users >> would > call in for support on XYZ error and the answer was, the more recent > version fixes that. It’s a simple upgrade, here’s the URL for users >> with > this error. And those folks would become paid users. > > Kee >>> >>> ___ >>> use-livecode mailing list >>> use-livecode@lists.runrev.com >>> Please visit this url to subscribe, unsubscribe and manage your >>> subscription preferences: >>> http://lists.runrev.com/mailman/listinfo/use-livecode >> >> >> >> >> ___ >> use-livecode mailing list >> use-livecode@lists.runrev.com >> Please visit this url to subscribe, unsubscribe and manage your >> subscription
Re: My old man vs LC Standalone
Funny, I just sat down to fire up LC to check on the encryption option. That will be the first thing I will do. My dad will do this using a C++ / assembly debugger, and he finds the point at which the trial limitation is lifted or enforced, and does all his work there. So he'll be looking at memory directly and will try to inject a 'simple' workaround. I'm not sure about this, but probably the arrangement and sequence of variables in the applications' memory space will be different each time it starts? I could be wrong but I believe cracks and patches often use a specific byte offsets to make changes to specific portions of the program, assuming their location is always the same within the applications memory. This is where I think an LC standalone is different, but thats just speculation on my part. With enough time sure...everything can be cracked..., I don't think it will be easy for him at all, given he's never seen LC. On Tue, Oct 22, 2019 at 11:20 AM J. Landman Gay via use-livecode < use-livecode@lists.runrev.com> wrote: > That was my first thought too, password protecting the stack makes the > scripts unreadable. The hacker would have to read the memory directly and > I'm not sure what that would show, but I don't think it would be > particularly organized. > -- > Jacqueline Landman Gay | jac...@hyperactivesw.com > HyperActive Software | http://www.hyperactivesw.com > On October 22, 2019 10:09:40 AM Bob Sneidar via use-livecode > wrote: > > > I'd be curious to know how well simply pass protecting the stacks does. > > Given the "hacker" doesn't know the key that was used for the > encryption, > > it shouldn't be possible. > > > > Bob S > > > > > >> On Oct 22, 2019, at 07:46 , Tom Glod via use-livecode > >> wrote: > >> > >> JB, of course thats true, its just a matter of how long it takes and how > >> skilled the cracker must be. Its definitely not a reason not to try. > >> > >> Kee, that sounds like quite the scheme a self-destructing stack. My > >> initial instinct is to create some trap using hashing also. > >> > >> Thanks. :) > >> > >> On Mon, Oct 21, 2019 at 11:03 PM kee nethery via use-livecode < > >> use-livecode@lists.runrev.com> wrote: > >> > >>> My wife built a Hypercard stack standalone that was protected by a > dongle. > >>> But, every call to the dongle was something you could search for in the > >>> scripts. So she had scripts that did hashes of the scripts that talked > to > >>> the dongle. And she had scripts that did hashes of the scripts that > checked > >>> the hashes of the scripts … > >>> > >>> Plus, she broke up the calculations into various sections of other > code. > >>> When a script noticed stuff was being altered, it would start erasing > stuff > >>> in the app stack. And it would look for Hypercard itself on their disk > and > >>> start erasing stuff in it. It would hold on as long as possible doing > as > >>> much damage as possible. > >>> > >>> Setting the code to do all this protection was a carefully scripted > >>> process because one false step and it would self destruct and damage > her > >>> Hypercard. It was pretty obvious to me when that happened because the > >>> cursing would be rather loud and prolonged. > >>> > >>> She’d do things like add up all the chars in a script, do a modulo on > that > >>> number, and then go to script ID to execute a line of > code in > >>> that script. > >>> > >>> I’m sure someone could have eventually gotten past all that stuff but > >>> don’t think anyone ever did. > >>> > >>> -- > >>> > >>> All that said, shareware authors would routinely hang out on crack > sites > >>> and seconds before releasing their app, they would post a crack. No one > >>> wants to be the second person to crack an app so the author would be > the > >>> only crack. That crack would allow someone to use the app for some > period > >>> of time (months) and then it would develop some kind of error. Users > would > >>> call in for support on XYZ error and the answer was, the more recent > >>> version fixes that. It’s a simple upgrade, here’s the URL for users > with > >>> this error. And those folks would become paid users. > >>> > >>> Kee > > > > ___ > > use-livecode mailing list > > use-livecode@lists.runrev.com > > Please visit this url to subscribe, unsubscribe and manage your > > subscription preferences: > > http://lists.runrev.com/mailman/listinfo/use-livecode > > > > > ___ > use-livecode mailing list > use-livecode@lists.runrev.com > Please visit this url to subscribe, unsubscribe and manage your > subscription preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode > -- Tom Glod Founder & Developer MakeShyft R.D.A (www.makeshyft.com) Office:226-706-9339 Mobile:226-706-9793 ___ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe
Re: My old man vs LC Standalone
That was my first thought too, password protecting the stack makes the scripts unreadable. The hacker would have to read the memory directly and I'm not sure what that would show, but I don't think it would be particularly organized. -- Jacqueline Landman Gay | jac...@hyperactivesw.com HyperActive Software | http://www.hyperactivesw.com On October 22, 2019 10:09:40 AM Bob Sneidar via use-livecode wrote: I'd be curious to know how well simply pass protecting the stacks does. Given the "hacker" doesn't know the key that was used for the encryption, it shouldn't be possible. Bob S On Oct 22, 2019, at 07:46 , Tom Glod via use-livecode wrote: JB, of course thats true, its just a matter of how long it takes and how skilled the cracker must be. Its definitely not a reason not to try. Kee, that sounds like quite the scheme a self-destructing stack. My initial instinct is to create some trap using hashing also. Thanks. :) On Mon, Oct 21, 2019 at 11:03 PM kee nethery via use-livecode < use-livecode@lists.runrev.com> wrote: My wife built a Hypercard stack standalone that was protected by a dongle. But, every call to the dongle was something you could search for in the scripts. So she had scripts that did hashes of the scripts that talked to the dongle. And she had scripts that did hashes of the scripts that checked the hashes of the scripts … Plus, she broke up the calculations into various sections of other code. When a script noticed stuff was being altered, it would start erasing stuff in the app stack. And it would look for Hypercard itself on their disk and start erasing stuff in it. It would hold on as long as possible doing as much damage as possible. Setting the code to do all this protection was a carefully scripted process because one false step and it would self destruct and damage her Hypercard. It was pretty obvious to me when that happened because the cursing would be rather loud and prolonged. She’d do things like add up all the chars in a script, do a modulo on that number, and then go to script ID to execute a line of code in that script. I’m sure someone could have eventually gotten past all that stuff but don’t think anyone ever did. -- All that said, shareware authors would routinely hang out on crack sites and seconds before releasing their app, they would post a crack. No one wants to be the second person to crack an app so the author would be the only crack. That crack would allow someone to use the app for some period of time (months) and then it would develop some kind of error. Users would call in for support on XYZ error and the answer was, the more recent version fixes that. It’s a simple upgrade, here’s the URL for users with this error. And those folks would become paid users. Kee ___ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode ___ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
Re: My old man vs LC Standalone
I'd be curious to know how well simply pass protecting the stacks does. Given the "hacker" doesn't know the key that was used for the encryption, it shouldn't be possible. Bob S > On Oct 22, 2019, at 07:46 , Tom Glod via use-livecode > wrote: > > JB, of course thats true, its just a matter of how long it takes and how > skilled the cracker must be. Its definitely not a reason not to try. > > Kee, that sounds like quite the scheme a self-destructing stack. My > initial instinct is to create some trap using hashing also. > > Thanks. :) > > On Mon, Oct 21, 2019 at 11:03 PM kee nethery via use-livecode < > use-livecode@lists.runrev.com> wrote: > >> My wife built a Hypercard stack standalone that was protected by a dongle. >> But, every call to the dongle was something you could search for in the >> scripts. So she had scripts that did hashes of the scripts that talked to >> the dongle. And she had scripts that did hashes of the scripts that checked >> the hashes of the scripts … >> >> Plus, she broke up the calculations into various sections of other code. >> When a script noticed stuff was being altered, it would start erasing stuff >> in the app stack. And it would look for Hypercard itself on their disk and >> start erasing stuff in it. It would hold on as long as possible doing as >> much damage as possible. >> >> Setting the code to do all this protection was a carefully scripted >> process because one false step and it would self destruct and damage her >> Hypercard. It was pretty obvious to me when that happened because the >> cursing would be rather loud and prolonged. >> >> She’d do things like add up all the chars in a script, do a modulo on that >> number, and then go to script ID to execute a line of code in >> that script. >> >> I’m sure someone could have eventually gotten past all that stuff but >> don’t think anyone ever did. >> >> -- >> >> All that said, shareware authors would routinely hang out on crack sites >> and seconds before releasing their app, they would post a crack. No one >> wants to be the second person to crack an app so the author would be the >> only crack. That crack would allow someone to use the app for some period >> of time (months) and then it would develop some kind of error. Users would >> call in for support on XYZ error and the answer was, the more recent >> version fixes that. It’s a simple upgrade, here’s the URL for users with >> this error. And those folks would become paid users. >> >> Kee ___ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
Re: My old man vs LC Standalone
JB, of course thats true, its just a matter of how long it takes and how skilled the cracker must be. Its definitely not a reason not to try. Kee, that sounds like quite the scheme a self-destructing stack. My initial instinct is to create some trap using hashing also. Thanks. :) On Mon, Oct 21, 2019 at 11:03 PM kee nethery via use-livecode < use-livecode@lists.runrev.com> wrote: > My wife built a Hypercard stack standalone that was protected by a dongle. > But, every call to the dongle was something you could search for in the > scripts. So she had scripts that did hashes of the scripts that talked to > the dongle. And she had scripts that did hashes of the scripts that checked > the hashes of the scripts … > > Plus, she broke up the calculations into various sections of other code. > When a script noticed stuff was being altered, it would start erasing stuff > in the app stack. And it would look for Hypercard itself on their disk and > start erasing stuff in it. It would hold on as long as possible doing as > much damage as possible. > > Setting the code to do all this protection was a carefully scripted > process because one false step and it would self destruct and damage her > Hypercard. It was pretty obvious to me when that happened because the > cursing would be rather loud and prolonged. > > She’d do things like add up all the chars in a script, do a modulo on that > number, and then go to script ID to execute a line of code in > that script. > > I’m sure someone could have eventually gotten past all that stuff but > don’t think anyone ever did. > > -- > > All that said, shareware authors would routinely hang out on crack sites > and seconds before releasing their app, they would post a crack. No one > wants to be the second person to crack an app so the author would be the > only crack. That crack would allow someone to use the app for some period > of time (months) and then it would develop some kind of error. Users would > call in for support on XYZ error and the answer was, the more recent > version fixes that. It’s a simple upgrade, here’s the URL for users with > this error. And those folks would become paid users. > > Kee > ___ > use-livecode mailing list > use-livecode@lists.runrev.com > Please visit this url to subscribe, unsubscribe and manage your > subscription preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode > -- Tom Glod Founder & Developer MakeShyft R.D.A (www.makeshyft.com) Office:226-706-9339 Mobile:226-706-9793 ___ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
Re: My old man vs LC Standalone
My wife built a Hypercard stack standalone that was protected by a dongle. But, every call to the dongle was something you could search for in the scripts. So she had scripts that did hashes of the scripts that talked to the dongle. And she had scripts that did hashes of the scripts that checked the hashes of the scripts … Plus, she broke up the calculations into various sections of other code. When a script noticed stuff was being altered, it would start erasing stuff in the app stack. And it would look for Hypercard itself on their disk and start erasing stuff in it. It would hold on as long as possible doing as much damage as possible. Setting the code to do all this protection was a carefully scripted process because one false step and it would self destruct and damage her Hypercard. It was pretty obvious to me when that happened because the cursing would be rather loud and prolonged. She’d do things like add up all the chars in a script, do a modulo on that number, and then go to script ID to execute a line of code in that script. I’m sure someone could have eventually gotten past all that stuff but don’t think anyone ever did. -- All that said, shareware authors would routinely hang out on crack sites and seconds before releasing their app, they would post a crack. No one wants to be the second person to crack an app so the author would be the only crack. That crack would allow someone to use the app for some period of time (months) and then it would develop some kind of error. Users would call in for support on XYZ error and the answer was, the more recent version fixes that. It’s a simple upgrade, here’s the URL for users with this error. And those folks would become paid users. Kee ___ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
Re: My old man vs LC Standalone
rumor has it.. .. Anything Can Be CRACKED! JB > On Oct 21, 2019, at 7:39 PM, Tom Glod via use-livecode > wrote: > > Hi guys, > > My father and I have gotten to talking recently and I shared with him the > product I will the launching (shortly). My dad father is a kind of white > hat hacker and loves the challenge of it. > > My software will have a 30 day trial. He wants to help me by testing how > hard it will be to produce a cracked version of my software. > > He told me some hints about his approach.. he is an expert at assembly > language and keeps it simple..he's kept up the skill even though he > uses C++ and PHP for his work. > > But he has never seen livecode before. > > He challenged me to stop him. I know that if he spends enough hours, it > can be done. > > My target market is not people who would have the skill to hack the > software. THe price point is not worth the effort.My target market, in > general, would not bother. So I haven't bothered to go nuts in securing my > trial mechanism. > > But..I feel like I have to at least try and win. :D > > I'm not asking for advice on how to do it, but my question is more general > about LC. since its not widely known does it put me at a > disadvantage or an advantage or neither? Standalione will be 9.05 indy. > > I'm having a great time so far ...lol..this is gonna be fun. > > -- > Tom Glod > Founder & Developer > MakeShyft R.D.A (www.makeshyft.com) > Office:226-706-9339 > Mobile:226-706-9793 > ___ > use-livecode mailing list > use-livecode@lists.runrev.com > Please visit this url to subscribe, unsubscribe and manage your subscription > preferences: > http://lists.runrev.com/mailman/listinfo/use-livecode > ___ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
My old man vs LC Standalone
Hi guys, My father and I have gotten to talking recently and I shared with him the product I will the launching (shortly). My dad father is a kind of white hat hacker and loves the challenge of it. My software will have a 30 day trial. He wants to help me by testing how hard it will be to produce a cracked version of my software. He told me some hints about his approach.. he is an expert at assembly language and keeps it simple..he's kept up the skill even though he uses C++ and PHP for his work. But he has never seen livecode before. He challenged me to stop him. I know that if he spends enough hours, it can be done. My target market is not people who would have the skill to hack the software. THe price point is not worth the effort.My target market, in general, would not bother. So I haven't bothered to go nuts in securing my trial mechanism. But..I feel like I have to at least try and win. :D I'm not asking for advice on how to do it, but my question is more general about LC. since its not widely known does it put me at a disadvantage or an advantage or neither? Standalione will be 9.05 indy. I'm having a great time so far ...lol..this is gonna be fun. -- Tom Glod Founder & Developer MakeShyft R.D.A (www.makeshyft.com) Office:226-706-9339 Mobile:226-706-9793 ___ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode