12 replies to this topic

[Victor]

I'm new to this, but I'm wondering if anyone knows a good way to help protect programs from reverse engineering and decompilation. I've seen some software but not all of it looks that good and if it somehow works the exe is no longer working or just too slow to do anything, or freezes the computer completely. Thanks in advance!

[v0id]

First you need to know: A program can never be completely secure.

There's a lot of techniques though, that can help you to protect your program better, and make it harder for peoples to crack it. Everything have its consequences, so if you try to make your program more secure in some way, it can affect the CPU usage, code-size, robustness, etc. of your program.
To protect your program is also hard, because different debuggers or tools, works in different ways. That means you sometimes have to identify which tool your program is running through, and then use a special protection against it. So, let's say there's three working debuggers in the whole world (not quite true...): A, B and C. Some of them maybe works pretty different, let's say A and C. If your program is then running, using one of the debuggers, you've to identify if it's A, B or C. If it's C, you use a special mechanism to protect your program, and if it's A, you use another. There's some techniques that usually works all-around, though.

There's three major ways to protect your code. Each of the ways have several sub-ways to do it, in different ways. The three ways are: Elimination of symbolic information, Program obfuscation and Anti-debugging code.

[Victor]

Thanks, I'll look into that

[Lop]

There are some software packages like Armadillo that are fairly hard to crack. When they are cracked the company releases an update which you get with your package. Keeps the pirates at bay for a good bit.

[TcM]

You can even try file compression, but it is still crackable, instead as easy as 1-2-3 it will be easy as 1-2-3-4, so it won't make any difference. The ONLY most secure and hard to crack method is online registration. Still not crack proof, but it's harder.

[TcM]

Well you will discover it's weaknesses and how it can be cracked. So in that way you can easily 'patch' it. In other words, if you know that from port 1234 a hacker is gaining access of your computer and hacking it then you close port 1234, right?!

[hodge-podge]

TcM said:

You can even try file compression, but it is still crackable, instead as easy as 1-2-3 it will be easy as 1-2-3-4, so it won't make any difference. The ONLY most secure and hard to crack method is online registration. Still not crack proof, but it's harder.

How is online registration any more secure? Crackers will use the same methods to bypass cd keys etc.

Many people have used encryption to protect file formats etc. Also, there is the old security through obscurity.

[hexman]

Found an interesting code obfuscation solution, but i don't know how good it is. Price is not small (
http://morpher.com

[Xitz]

you can also just crypt your code..
You can do both ways, encrypt your source code ( makes it completly unreadable ) and after that compile it and encrypt your program.
This makes your software completly unreadable since they need to decrypt everything wich is not going to work for them..
I can get you a software crypter for a fair price : )

[grisha]

Crypting slows the software greatly - not acceptable for game development, where speed is very important. Some special calculation, analysis, data processing algorithms could be crypted, but usually they need to be fast to be efficient, so still I think it's a bad idea.

In fact, many people simply debug the code disassembled from binaries, sniff the network environment (what the program sends / gets) and are able to overcome any kind of security.

War, war never changes :)

[Sky]

It is offtopic, but i want to just let some people know who don't.

decompiling .net is easy as joke.


Oh, and when you run a program, it unpacks, or whatever you call in memory. You can just analyze that after running it. So, nothing guarantees complete protection against decompilation.