Feel free to contribute your points also followups to the postings above - what an amazing and interesting discussion! Posting on the board also has the advantage that you can format your posts and post much longer text than here. General information, organizations etc. Anti Piracy Bulletin just a few tips, but.. Whois tools and others [alt. Also send complainment mails directly to the webmasters - see section "Where to report Just some thoughts.. Software Tools. Hot Links. Make suggestion.
Contact us. How to make cracking your app a little bit harder: tips are not sorted by importance Never use meaningful procedure names such as function RegistrationOK: Boolean; How intelligent and complex your code inside this function might ever be - an experienced cracker will just take about seconds to remove it. Believe it or not. Alternatively, place some required code for your program in such a function. If the cracker disables the function, your program would produce incorrect results, for example.
Avoid nagscreens or "Gotcha! They will never dig through the K ASM instructions of your program - instead, they are first searching the location of nagscreens or your "Your evaluation time has expired! In some cases, it's even enough to remove the form resource from the EXE and it will show no nagscreen anymore - without any bug showing up! If you really need such a nagscren, you should build it dynamically at runtime, and generally, the only method to show the user that he is unregistered should be in the "about" dialog some programmers also have the philosophy that nagscreens might cause your users to hate your app which would then also be very stupid.
Never use meaningful file names such as License.
- Perry Rhodan 588: Die Überlebensspezialisten (Heftroman): Perry Rhodan-Zyklus Die Altmutanten (Perry Rhodan-Erstauflage) (German Edition)?
- Graphite Against a Sharp White Background.
- EXPLORE WHAT ELSE CROWN HAS TO OFFER!
- Follow us out there!
Why, you say? Please start reading here. Just using unusual filenames is often not enough. Good encryption, of course, could keep the cracker busy for months if he likes. Add long delays.
Don't warn the user right after a violation is made. Wait later, maybe until the next day or two crackers hate that. Add short delays.
The Success Codes - With Bonuses!
Pause a second or two after a password entry or to your other checking routines to make brute force cracking unfeasible. Simple to do, but rarely done. Have them check each other. Far away from "safe", but it just makes it harder to crack. Self-heal your software.
The Internet's Best List of Clichés
You know, things like the error correction modems and hard drives use. The technology has been around for years, and no one uses it on their software?
- ALZHEIMER (SENSOJUEGOS TERAPEUTICOS nº 2) (Spanish Edition)!
- FAT IS...;
- Supporting the Whole Child: Reflections on Best Practices in Learning, Teaching, and Leadership.
- Why Ojai | Ojai Energetics.
- Kratom: Fear-worthy foliage or beneficial botanical?!
- Exerzitienhandbuch Liebe Monat 5 Vergebung (German Edition).
The best thing about this is that if the cracker used a decompiler, they may be looking at a listing that is no longer valid. Patch your own software! Change your code to call different validation routines each time. Beat them at their own game. Store serial numbers in unlikely places like as a property of a database field. Often heard and read: ".. Don't use literal strings that tell the user: "Sorry, but Build strings dynamically or encrypt them.
Flood the cracker with bogus calls and hard-coded strings. Decoys are fun. Have fun with Spaghetti-Code simply eats his time and nerves.. Say goodbye to time limits. Don't use a validation functions. Every time you validate the user, write your validation code inline with the current process.
That just makes more cracking for the cracker and bewares of just NUL'ing out your routine. Use "reserved" names. When using hard-coded keys or passwords, make them look like program code or function calls i.
Swansea to renew bitter rivalry with Cardiff in derby laced with hostility
This actually works very well and confuses some decompilers. No "disabled" features.
If your program doesn't save data in "crapware" edition, don't include a "grayed" menu item. No saving means no saving - the code should not be included in the EXE - that's it. This will keep the crackers busy since many of their fellow fans will repeatedly tell them that "crack xy is not working!!!
Either the software pirates would now be forced to create a number of cracks for each "build", to fill up their server space with a complete setup package of one of your builds along with the crack which works on it or simply to give up on your program. Update often. Frequent updates mean: frequently changing code, so the typical simple crack which is just patching hard-coded byte positions, will possibly already be outdated when published. Also prevent uploading them to public servers, so that you have better control about where your app sits around and people don't find older versions the cracks can still use.
Yes, this doesn't prevent pirates from including the version to the crack package, but IF they do so, you can at least contribute to filling up their harddisks. Create special temporary unlock codes, that work only for a limited amount of time say days. Send this code immediatly upon registration..
Only then send the unlimited code. That way, the "cracker" will not know that something is wrong and happilly post his code to the warez sites.
By the time it spreads, the code will have stopped working. Thus making a fool of the "cracker" amongst his friends for distributing non-working codes. This is a method also handy for beta testers or reviewers. Use strong encryption. Just XORing is not really strong - use something with an algorithm that isn't easily reverse-engineered, and don't put both encryption and decryption code in your app.
Some thoughts about hardware-based protection: Many tips concerning software protection include retrieving hardware information from the user's machine like the harddisk number, checksums of certain BIOS areas or other system variables. Once calculated, you could save these numbers and just run your program or enable certain features if they match on the computer.
Everything quite nice from a protection point of view if you also keep the other tips on this page in mind, of course: not even the best technique protects against weak validity checks , however, it requires continuous contacts with your end-users and might not be the preferred method especially of developers who have a bigger number of users.
Every time your user changes his harddisk, buys a new computer or upgrades his system in another way you would have to interact with him, or - if he purchased your program already some months ago - he might even send you an angry mail "why your program doesn't work anymore"..