Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 10-23-2015, 12:59
Spiderz_Soft Spiderz_Soft is offline
Family
 
Join Date: Mar 2015
Posts: 174
Rept. Given: 37
Rept. Rcvd 64 Times in 30 Posts
Thanks Given: 221
Thanks Rcvd at 377 Times in 117 Posts
Spiderz_Soft Reputation: 64
Question Which is Best Protection Software Add License/Key System

Question1: Which is Best Software for Protect your software?

QUESTION 2: Which Are Free & Cracked Best Protector Software.


Please write down your suggestion. also provide me Free & Cracked Best Protector Software Download link.
Want to Add License Key Features in exe,Dll Files etc.
i have try Shielden Protector but its not working well.

Thank you
Kind Regards
Spiderz_Soft
Reply With Quote
  #2  
Old 10-23-2015, 18:59
Spiderz_Soft Spiderz_Soft is offline
Family
 
Join Date: Mar 2015
Posts: 174
Rept. Given: 37
Rept. Rcvd 64 Times in 30 Posts
Thanks Given: 221
Thanks Rcvd at 377 Times in 117 Posts
Spiderz_Soft Reputation: 64
Still Waiting for your suggestion guys.
Reply With Quote
  #3  
Old 10-24-2015, 01:14
QuakeGamer QuakeGamer is offline
Friend
 
Join Date: Sep 2010
Posts: 65
Rept. Given: 2
Rept. Rcvd 8 Times in 6 Posts
Thanks Given: 3
Thanks Rcvd at 50 Times in 27 Posts
QuakeGamer Reputation: 8
Quote:
Originally Posted by Spiderz_Soft View Post
Still Waiting for your suggestion guys.
Not even waiting a day before bumping... but oh well. I'll state my opinion:

Quote:
Question1: Which is Best Software for Protect your software?
For business stuff:

Focus on the quality of the product and not on its protection. Always.

Then use some license management such as RLM or FlexLM. Do not offer a free and complete trial version, only provide evaluations on request. Only deliver watermarked/customer-specific versions of your software to the customer.

For bulk software:
Use any protector. Its hard to say if its worth the buck or not. If your program is shit, and you are not selling it, investing into a protector is useless. So, it comes down to:

Focus on the quality of the product and not on its protection. Always.
Reply With Quote
The Following 5 Users Say Thank You to QuakeGamer For This Useful Post:
alephz (10-24-2015), giv (10-24-2015), ontryit (01-16-2016), Spiderz_Soft (10-24-2015)
  #4  
Old 10-24-2015, 02:41
chessgod101's Avatar
chessgod101 chessgod101 is offline
Co-Administrator
 
Join Date: Jan 2011
Location: United States
Posts: 535
Rept. Given: 2,218
Rept. Rcvd 691 Times in 219 Posts
Thanks Given: 700
Thanks Rcvd at 939 Times in 186 Posts
chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699
Actually, I saw a rather interesting homemade protection a few months ago. The author had the registered features inside of an encrypted dll. A valid license key contained the decryption constant/password to decrypt the file for registered use. Something like this is actually free to implement and would stop crackers in their tracks until they managed to acquire an original license key.

With software protection, you often need to weigh the inconvenience that your licensing scheme creates against the usefulness and convenience that your software provides to the user. If your software is an essential asset to a company or user, they will not mind the inconvenience of hardware locking or dongle use since your application may be the core of their business. However, if your software is only moderately used/nonessential, and there are a lot of other competing products, such inconvenience of your licensing scheme may cause the user to shy away from your application, buy from another company, or simply live without your software. Unless your software is genuinely innovative and can truly be considered an asset to the owner or business, people may shy away from complicated protection.

While naturally, we want to deter our application from being cracked or pirated, we should not always do this at the expense of the legal user. I have a software product that I had to make this decision with myself. I never wanted to limit or inconvenience the end user with a complicated protection. I know as a result that some more skilled crackers would likely be able to crack my application. This does not bother me though since I know that my legitimate customers will be happy with my product.
__________________
"As the island of our knowledge grows, so does the shore of our ignorance." John Wheeler
Reply With Quote
The Following User Gave Reputation+1 to chessgod101 For This Useful Post:
Spiderz_Soft (10-24-2015)
The Following 3 Users Say Thank You to chessgod101 For This Useful Post:
lordnasty (01-04-2016), ontryit (01-16-2016), Spiderz_Soft (10-24-2015)
  #5  
Old 10-24-2015, 03:36
Spiderz_Soft Spiderz_Soft is offline
Family
 
Join Date: Mar 2015
Posts: 174
Rept. Given: 37
Rept. Rcvd 64 Times in 30 Posts
Thanks Given: 221
Thanks Rcvd at 377 Times in 117 Posts
Spiderz_Soft Reputation: 64
Thank you so much for increasing my knowledge @chessgod101
Reply With Quote
  #6  
Old 10-24-2015, 03:41
giv's Avatar
giv giv is offline
VIP
 
Join Date: Jan 2011
Location: Romania
Posts: 1,657
Rept. Given: 801
Rept. Rcvd 1,283 Times in 561 Posts
Thanks Given: 226
Thanks Rcvd at 562 Times in 240 Posts
giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299 giv Reputation: 1100-1299
In any case the software will be cracked. ALWAYS.
Just take the last Themida case.
All his virtual machines have been deobfuscated (last Eagle VM too).
Quote:
https://forum.tuts4you.com/topic/37469-devirtualizeme-themida-2350-full/
The same will be with VMProtect and others too.
In .NET framework case also.
A dedicated person will always defeat any protection.
The problem is if it will put on the web the deprotecting tool or it will keep private.
So the focus can be on a good product not on the product protection.
Reply With Quote
The Following 2 Users Say Thank You to giv For This Useful Post:
ontryit (01-16-2016), Spiderz_Soft (10-24-2015)
  #7  
Old 10-26-2015, 12:03
atom0s's Avatar
atom0s atom0s is offline
Family
 
Join Date: Jan 2015
Location: 127.0.0.1
Posts: 396
Rept. Given: 26
Rept. Rcvd 126 Times in 63 Posts
Thanks Given: 54
Thanks Rcvd at 730 Times in 279 Posts
atom0s Reputation: 100-199 atom0s Reputation: 100-199
For me, the protections I usually stick to for my things are:
- Any sensitive functions or workflow is not coded in any managed language.
- Any sensitive functions or workflow is not hard-coded into the client at all.
- Validation requires an internet connection and is handled remotely.
- No simple jump/call bypass for the validation because required data is returned if validated.

I use a streaming setup with a client <> server communication approach. My client applications are 'stupid' in the sense that they are just enough to turn on, but they lack key functions and data required to make them operate. When they boot up, a validation handshake is performed with the server where some type of data is collected from the client machine, be it a login (username/password) or other random data like hardware ids etc. and is sent to the server for validation. If valid, the server will send back important information required for the client to run. It could be something basic like a key, or something intense like run-time ready code that can be compiled on the fly and so on.

A client can't just be manipulated with a single byte patch in this case as regardless if you make it assume it validated, it will not have the needed data to run without the server giving it back.

Not a fool proof method but a lot more work is required in order to bypass the protection entirely so it helps keep the skids away.
Reply With Quote
  #8  
Old 10-26-2015, 13:13
TechLord TechLord is offline
Banned User
 
Join Date: Mar 2005
Location: 10 Steps Ahead of You
Posts: 761
Rept. Given: 384
Rept. Rcvd 247 Times in 112 Posts
Thanks Given: 789
Thanks Rcvd at 2,021 Times in 570 Posts
TechLord Reputation: 200-299 TechLord Reputation: 200-299 TechLord Reputation: 200-299
Quote:
Originally Posted by atom0s View Post
....

I use a streaming setup with a client <> server communication approach. My client applications are 'stupid' in the sense that they are just enough to turn on, but they lack key functions and data required to make them operate. When they boot up, a validation handshake is performed with the server where some type of data is collected from the client machine, be it a login (username/password) or other random data like hardware ids etc. and is sent to the server for validation. If valid, the server will send back important information required for the client to run. It could be something basic like a key, or something intense like run-time ready code that can be compiled on the fly and so on.

A client can't just be manipulated with a single byte patch in this case as regardless if you make it assume it validated, it will not have the needed data to run without the server giving it back.
With all due respect, my dear friend...

The technique shown in this post here at :
Quote:
http://forum.exetools.com/showthread.php?t=17080
would defeat all the steps you have advised above, more or less in their ENTIRETY , as the record and replay feature can be used right until all the server handshakes etc are over...
And after that the person can go "live" and use the app as normal !
You can try it out and see..

Of course, if you say that ALL or most of your code for ALL the program and its features would run on the SERVER ONLY, then of course, the program would be really a WEB APPLICATION and hence though "officially" its "installed" on the client computer, it would not be really a desktop application but a client-server app.

I believe our friend has asked about INSTALLABLE programs who do a MAJORITY of the processing on the client computer (as opposed to on a server), and hence I am discussing in reference to programs with such functionality. I draw this conclusion as he specifically asked for "software" to protect his software ...

One can argue that the checks can be done multiple times when the pogram is running, but surely, this would interfere more or less greatly with the functionality and speed of the program, and even then, those parts could be recorded and replayed as necessary, once they are known...

I would say that the BEST form of "protection" would be to sell your FULL program only to customers whom you identify and know, in the form a Credit Card that they use to pay etc (A crippled Evaluation version can be given out if needed, to everyone else).

Then you can use WATERMARKS so that you can identify the customers who have "leaked" them and then deny them updates as well as any future sales of programs. They can be legally "charged" as well, as you now know their identity.

Once can also build into their program, a facility to remotely DISABLE or cripple the program, if the "leaked" programs are ever on a computer connected to the internet (easily bypassed, but yet an additional protection).

Only a small minority of such customers have "genuine" issue of a lost program that got leaked, and are easily identified.

Again, these are not foolproof but they work almost 85% of the time or more, in most cases ( we used it earlier and it worked pretty well).
Reply With Quote
The Following User Says Thank You to TechLord For This Useful Post:
SOLAR (11-19-2015)
  #9  
Old 10-27-2015, 02:19
atom0s's Avatar
atom0s atom0s is offline
Family
 
Join Date: Jan 2015
Location: 127.0.0.1
Posts: 396
Rept. Given: 26
Rept. Rcvd 126 Times in 63 Posts
Thanks Given: 54
Thanks Rcvd at 730 Times in 279 Posts
atom0s Reputation: 100-199 atom0s Reputation: 100-199
I'll explain it a bit better since what you are saying is not how it works in my cases.

A client application has several layers of "protection" in my scenario.
1. The client is considered a dummy/stupid client with limited functionality built into it.
2. The client is packed with any given protector(s).
3. The client requires an internet connection to work as it must validate with a remote server.
4. The client does not contain various amounts of code/functionality needed for it to run.

The user downloads the client and installs it on their machine. Afterward they must go through a process of creating a validate license/key for their system. Be it a simple login method of just a username/password, or something more involved with system specific information such as hardware ids, the application is made to be locked down to that specific system.

The user downloads the required license file(s) and places them in the required location(s).

When the user starts the client it begins its validation steps.
1. The client ensures the license file exists and is valid.
2. The client ensures the system has an internet connection and can reach the remote server.
3. The client sends specific data unique the client machine it is running on to the server.
4. The server validates the information sent and ensures the user is a valid licensed user.
5. The server sends back key data required for the client to work.
- This data could consist of a various amount of things:
-- The data could be a simple 'unlock' block of data that is required for the client to work properly.
-- The data could be a block of information that a single part of the client requires to run properly.
-- The data could be literal chunks of code / functions that are needed for the client to run properly.
-- The data could be external files that the client requires to function properly.

This data is encoded/encrypted specifically for the given user and if "copied" will not work on another machine.

The client is not a web application. It is a full installed client on the users machine that requires a server connection to stream required information back to the client in order for it to operate fully and properly.

If the client has no internet connection, the application will not work as it is missing key data/functionality.
If the client is patched to assume it validated fine, it will not work as it will be missing key data/functionality.

The only way to replay the data would be to determine all the encryption points, validation steps and so on to ensure that you can create the block of data to work properly on all machines. Is this impossible? No. But it is certainly more in-depth and involved then a single layer of protection from say, a packer/protector like Themida or similar.
Reply With Quote
  #10  
Old 10-27-2015, 05:18
Jasi2169's Avatar
Jasi2169 Jasi2169 is offline
Family
 
Join Date: Sep 2015
Location: 127.0.0.1
Posts: 280
Rept. Given: 3
Rept. Rcvd 55 Times in 41 Posts
Thanks Given: 33
Thanks Rcvd at 433 Times in 173 Posts
Jasi2169 Reputation: 55
@atomos
What about the offline ? When client dont have internet access u will put some offline stuff user to get some response from internet from other machine and boom bypassed offline
And regarding questions
Many people try to protect it when we find thats HARD then someone talented comes from nowhere and post the stuff and we are like WOW so much talentes all around no matters what protected gets unprotected

I dont use any software but i find that in normal executable if we dont use boolean,conditional checks and putting check with different subroutines and at different places creates problem as i said someone will come from nowhere n will unprotect that as well

Quality does pay off cus user will love to get updates rather then searching here n there for patches so if it worth he will buy and there comes when ppl cant buy seriously then i think there should be some collborations like i see in android apps u download other app u get license for some months or watch ads atleast someone who cant buy .

I remember last time i send email to roushal winrar developer for some concern for cheksum stuffs i actually patched winrar on android and then the developer said me that he gets money from ads more then the license

Then i said why dont u remove ads and keep livens eoption he said then people will move to winzip cus it does same thing and bla bla n we dont wanna lose customers and we wont get what we are getting from ads

So moral is that
What protect gets unprotect
Buyers will buy no matters what
Who cant buy can never buy no matters what (if crack not found move to alternate with crack)

quality will surely attracts many people out there

My opinion it has nothing to with anybody dont take it seriously
Reply With Quote
The Following 2 Users Say Thank You to Jasi2169 For This Useful Post:
niculaita (01-11-2016), TechLord (10-27-2015)
  #11  
Old 10-27-2015, 06:36
atom0s's Avatar
atom0s atom0s is offline
Family
 
Join Date: Jan 2015
Location: 127.0.0.1
Posts: 396
Rept. Given: 26
Rept. Rcvd 126 Times in 63 Posts
Thanks Given: 54
Thanks Rcvd at 730 Times in 279 Posts
atom0s Reputation: 100-199 atom0s Reputation: 100-199
There is no offline mode stuff for my things. It requires an internet connection. If you have no internet, it will not work.

I'm not saying its impossible to crack, but its not a simple just 1 patch and its done type thing.

Last edited by atom0s; 10-27-2015 at 07:09.
Reply With Quote
  #12  
Old 10-27-2015, 18:22
Jasi2169's Avatar
Jasi2169 Jasi2169 is offline
Family
 
Join Date: Sep 2015
Location: 127.0.0.1
Posts: 280
Rept. Given: 3
Rept. Rcvd 55 Times in 41 Posts
Thanks Given: 33
Thanks Rcvd at 433 Times in 173 Posts
Jasi2169 Reputation: 55
yes i agree but offline should be there as its disadvantage of ur app cus it relies on activation online now what when people seriously dont have net or any other measures ?

yes it good to keep 4-5 checks out there not one check or nopping or mov al,1 ret etc
Reply With Quote
The Following User Says Thank You to Jasi2169 For This Useful Post:
niculaita (01-11-2016)
  #13  
Old 10-27-2015, 20:59
zeuscane's Avatar
zeuscane zeuscane is offline
VIP
 
Join Date: Jun 2010
Location: In the world and sometimes on the moon
Posts: 272
Rept. Given: 632
Rept. Rcvd 154 Times in 63 Posts
Thanks Given: 674
Thanks Rcvd at 154 Times in 61 Posts
zeuscane Reputation: 100-199 zeuscane Reputation: 100-199
I think it is necessary to understand how the activation occurs and then create a fake server that reproduce sequences of activation.

regards
zeuscane
__________________
"Educate yourselves because we'll need all your intelligence.
Stir yourselves because we'll need all your enthusiasm.
Organize yourselves because we'll need all your strength."
Reply With Quote
  #14  
Old 10-28-2015, 14:07
atom0s's Avatar
atom0s atom0s is offline
Family
 
Join Date: Jan 2015
Location: 127.0.0.1
Posts: 396
Rept. Given: 26
Rept. Rcvd 126 Times in 63 Posts
Thanks Given: 54
Thanks Rcvd at 730 Times in 279 Posts
atom0s Reputation: 100-199 atom0s Reputation: 100-199
Quote:
Originally Posted by Jasi2169 View Post
yes i agree but offline should be there as its disadvantage of ur app cus it relies on activation online now what when people seriously dont have net or any other measures ?

yes it good to keep 4-5 checks out there not one check or nopping or mov al,1 ret etc
The purpose of my applications already require an internet connection, so without one, they have no reason to use my applications to begin with.
Reply With Quote
  #15  
Old 10-28-2015, 18:24
Jasi2169's Avatar
Jasi2169 Jasi2169 is offline
Family
 
Join Date: Sep 2015
Location: 127.0.0.1
Posts: 280
Rept. Given: 3
Rept. Rcvd 55 Times in 41 Posts
Thanks Given: 33
Thanks Rcvd at 433 Times in 173 Posts
Jasi2169 Reputation: 55
oh than it good if its online software
Reply With Quote
The Following User Says Thank You to Jasi2169 For This Useful Post:
niculaita (01-11-2016)
Reply

Tags
protection

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 08:01.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )