Delphi WWW Sites
Delphi FTP sites
Delphi Tips, Tricks & Docs
Delphi Tools & Updates
Delphi Information resources
Delphi User Groups
Delphi Job Offers
Anti Cracking FAQ
How to make cracking your programs a little harder
- How to make cracking your app a little bit harder... [upd:24-Feb-2k]
- More tips you might take into consideration... [upd:24-Feb-2k]
- Advanced tips given by Assembler freaks... [upd:06-Aug-99]
- Special on Delphi reverse engineering...
- Some notes on registration numbers... [upd:06-Aug-99]
- Some notes on timebombs... [new:14-Jan-2k]
- How to find cracks for your apps... [new:21-Apr-2k]
- What to do if you found a crack for your app... [upd:19-Aug-99]
- Facts and Myths about Software pirating...
- Thoughts and letters from crackers [upd:24-Sep-2k]
- Links of interest... [upd:16-Aug-2k]
- Visitor comments... [upd:22-Sep-2011]
Finding out that the program on which you worked for months or years has been
cracked can really hurt and demotivate.
For me as a Shareware programmer, the reason has never been that I've lost a few
cents (I don't want to do propability calculations here, it might hurt even more..),
no, it was simply that I've always tried to hold my programs as cheap as possible
to make them affordable for everyone, even for students or freeware programmers.
Somehow I can understand the fascination of cracking programs (if you are absolutely
intolerant about software crackers and hackers, please excuse, but one of my educations
is Psychotherapy, and I'm always searching for psychological reasons...) - cracking a restricted
software program must be like solving a (sometimes very tricky) riddle, and you might get addicted to the
feeling of solving them (I've found that when I saw my grandmother doing crossword
puzzles all over the time for some months). The problem is (but at the latest, now we
come to the undoubtedly illegal part of the "game"): it doesn't really satisfy the cracker
if he is the the only one who knows about his "genius"...thus, he has to spread the news.
He has to publish his "crack" (just see most crack packages: in most cases they just consist of:
1. the cracking utility 2. a short description 3. a big text file or even animation containing
claims that the producers are nothing less than the most brilliant individuals on Earth and that
the cracked program is another one which could not stop them due to "its lame protection scheme".)
But now the fun is completely over: by giving out this (let's try to be fair: "study of feasibility")
to other people, by spreading it via Websites, newsgroups, mailing lists, anonymous FTP, CDROM "abonnements"
and whatever, they clearly damage the business of everyone who puts time and energy in their software product.
Even if we assume that typical crackers wouldn't have bought your product under normal circumstances:
spreading the "crack" IS criminal and no one could claim that none of the receivers
or downloaders would never have bought it. It's just like if someone hands out copies of the key
to your car on the marketplace - and it doesn't really matter if he does that for money or not.
In earlier days, I have never put real energy in protecting my programs against cracking, but after
finding several cracks for them around, I thought to myself: why make it too easy?
As a programmer, of course I know that no - really: NO! - program can ever be crack-safe,
and I know that of every interesting program sooner or later cracks (or at least pirated
or illegally copied versions) will be around, but at least I could try to avoid the worst mistakes.
Crackers are not super-geniuses .. they are simple programmers who have learned some techniques
to counteract common protection schemes - and if you know where and how crackers are searching,
you can make them lose *much* time! And that's what it is about: there is no bullet-proof
way to protect your programs, but you can dance on the nerves of those people until they
decide for an easier target to "get the feeling"... or even go outside to enjoy the nature instead
of sitting in front of the monitor the whole day. ;-)
Most of the typical 'high language' programmers don't know Assembler anymore,
so the 'protection ideas' they use are in most cases quite weak.
I don't know much about Assembler myself, so I decided to open my eyes and
started to collect anti-crack protection tips wherever I found them. Also I did my best
to "learn from the other side" .. many of the tips you can find here I've found by studying
the typical cracking techniques, the various "cracking guides" around the web and by reading protection
tips given even by professional crackers themselves (some of them generously give us tips to
increase their challenge). Well, I hope I've learned my lessons well enough, but also want to
share my experiences with you on this page.
Some rules given here were already stated in various essays on other sites, but are listed
here for completeness. Many of these apply especially to Windoze, but can be "ported" to other
OS'es or anywhere else.
But finally, here is..
- This FAQ is just as good as the experiences that are webbed into it. If you think
that I've missed some points or useful tips a typical developer could
easily add to his/her programs to improve protection, please let me know.
If you allow, then I'll add it here, otherwise I'll inform you about my experiences with it.
- Don't ask me questions - might be that I'm simply too overburden to answer.
1) as mentioned, I don't have much knowledge of the low-level stuff.
2) I can't send you demo sources, since I don't have anything ready for a publication. If I have something, you will read it here.
3) finally, I will not provide anyone with any of the URLs where I've found (or found out) some of these tips.
Please understand, but this is a site dedicated to programming, but not to provide "step-in's" to available cracks
or even to generic "Cracker hunting".
How to make cracking your app a little bit harder:
(tips are not sorted by importance)
- Never use meaningful procedure names such as
function RegistrationOK: Boolean;
How intelligent and complex your code inside this function might ever be - an experienced cracker will
just take about 10-20 seconds to remove it. Believe it or not.
Alternatively, place some required code for your program in such a function. If the cracker
disables the function, your program would produce incorrect results, for example.
- Avoid nagscreens or "Gotcha!" messages - this is what
crackers are searching first. They will never dig through the 300K ASM instructions
of your program - instead, they are first searching the location of nagscreens or your
"Your evaluation time has expired!" message and start cracking there (see below for more
tips about that). In some cases, it's even enough to remove the form resource from the EXE
and it will show no nagscreen anymore - without any bug showing up! If you really need such
a nagscren, you should build it dynamically at runtime, and generally, the only method to
show the user that he is unregistered should be in the "about" dialog (some programmers also have the philosophy
that nagscreens might cause your users to hate your app which would then also be very stupid).
- Never use meaningful file names such as License.Dat. Why, you say? Please start reading here. :)
- Play with asymetric encryption. Just using unusual filenames is often not enough. Good encryption,
of course, could keep the cracker busy for months (if he likes).
- Add long delays.
Don't warn the user right after a violation is made. Wait later, maybe until the
next day or two (crackers hate that).
- Add short delays. Pause a second or two after a password entry or to your
other checking routines to make brute force cracking unfeasible. Simple to do,
but rarely done.
- Use checksums in DLL's and in the EXE. Have them check each other.
Far away from "safe", but it just makes it harder to crack.
- Self-heal your software. You know, things like the error correction modems
and hard drives use. The technology has been around for years, and no one uses it
on their software? The best thing about this is that if the cracker used a decompiler,
they may be looking at a listing that is no longer valid.
- Patch your own software! Change your code to call different validation
routines each time. Beat them at their own game.
- Store serial numbers in unlikely places like as a property of a database
field. Often heard and read: "..give it a DLL file name and store it in the System
directory." Too often heard, don't use it. ;-)
- Store serial numbers in several places.
- Don't use literal strings that tell the user: "Sorry, but... (whatever)."
These are the first things to look for. Build strings dynamically or encrypt them.
- Flood the cracker with bogus calls and hard-coded strings. Decoys are fun.
- Have fun with Spaghetti-Code simply eats his time and nerves..
- Say goodbye to time limits. ..find detailled tips in the related section down on this page.
- Don't use a validation functions. Every time you validate the user, write your
validation code inline with the current process. That just makes more cracking for the
cracker and bewares of just NUL'ing out your routine.
- Use "reserved" names. When using hard-coded keys or passwords, make them look
like program code or function calls (i.e., "73AF" or "GetWindowText"). This actually works
very well and confuses some decompilers.
- No "disabled" features. If your program doesn't save data in "crapware" edition,
don't include a "grayed" menu item. No saving means no saving - the code should
not be included in the EXE - that's it. Most programming languages offer you a really
easy way to maintain several versions of your code by simply doing the following:
... no action here ...
... advanced functionality for registered user ...
- Release several, slightly modified versions.
..protection code #36 comes here..
By doing the an adapted variation of the tip mentioned before, you can easily vary your
code and enable/disable it (by defining or undefining the related DEFINE variable) to
create slightly different versions of your program executables. This will keep the
crackers busy since many of their fellow fans will repeatedly tell them that "crack xy
is not working!!!" if they just downloaded the program from somewhere else than the
cracker himself did it.
Either the software pirates would now be forced to create a number of cracks for
each "build", to fill up their server space with a complete setup package of one
of your builds along with the crack which works on it or simply to give up on your program.
btw., this is also a cool method to make a special build for your registered
users or preventing "registered" code to be compiled into the officially downloadable
demo release (which crackers can often "enable" with just a few minutes of works
as explained elsewhere on this page).
- Update often. Frequent updates mean: frequently changing
code, so the typical (simple) crack which is just patching hard-coded byte positions,
will possibly already be outdated when published. Also prevent uploading them to public servers,
so that you have better control about where your app sits around and people don't find
older versions the cracks can still use. Yes, this doesn't prevent pirates from including
the version to the crack package, but IF they do so, you can at least contribute to filling up their harddisks.
- Create special temporary unlock codes, that work only for a limited amount of time (say 15-30 days).
Send this code immediatly upon registration .. then wait a bit (e.g., for the credit charge to be
validated). Only then send the unlimited code. That way, the "cracker" will not know that something
is wrong and happilly post his code to the warez sites. By the time it spreads, the code will have
stopped working. Thus making a fool of the "cracker" amongst his friends for distributing non-working
codes. This is a method also handy for beta testers or reviewers.
- Use strong encryption. Just XORing is not really strong - use something with an
algorithm that isn't easily reverse-engineered, and don't put both encryption and decryption code in your app.
- Some thoughts about hardware-based protection:
Many tips concerning software protection include retrieving hardware information from
the user's machine (like the harddisk number, checksums of certain BIOS areas or other
system variables). Once calculated, you could save these numbers and just run your
program or enable certain features if they match on the computer. Or you could create
an encrypted/mangled list of data containing this data and let the user send it to
you, then create a machine-specific unlocking code and send it back to the user.
Everything quite nice from a protection point of view (if you also keep the other tips on this
page in mind, of course: not even the best technique protects against weak validity checks),
however, it requires continuous contacts with your end-users and might not be the preferred
method especially of developers who have a bigger number of users. Every time your
user changes his harddisk, buys a new computer or upgrades his system in another way you
would have to interact with him, or - if he purchased your program already some months ago -
he might even send you an angry mail "why your program doesn't work anymore" .. you should
take this into consideration before deciding for hardware-based protection.
- Finally, take some time to think about protecting your software. Is it
really worth the protection? Wouldn't it be better to improve your software, rather than improving protections?
The problem of protecting software vanishes if no one will use your software. Don't overestimate your work's "importance
to the world".
More tips you might take into consideration:
- Use a serial which is several KB long of arithmetical transforms, to drive
anyone trying to crack it insane. This makes a keygenerator almost impossible -
Also, brute force attacks are blocked very efficiently.
- Caution with the Runtime libary! Use it fully when writing the beta versions,
in the final release rewrite some functions at least to make crackers life harder.
- Mangle data. Protection that mangles data is usually a good one.
At least a part of your protection should be embedded inside the data manipulation.
Data structures can take ages to understand basing only on disassembly listings,
they also are more error-prone for crackers.
Example: Imagine a charting program .. e.g., just disabling printing and later on enabling it basing on some
registration# is the most often committed suicide. Let your thingo print. When creating data structures for
printing, mangle them in some way. Unmangle them just before printing, using reg# or something other for that purpose.
Even more, make this mangling subtle. Assume that you've got a pie chart to print. Don't alter anything, but add some not too
big random numbers to values of data series - this is mangling then. The chart will look "not that bad", but will be otherwise
unuseable (if the changes are random and on the order of 20%, for example). Finding such protection, if
its connection with reg# is not self-evident can take much time. One has to delve inside your data structures and find that
dreaded mangling and unmangling code.
- Traps. A method I'm not sure about, but I have heard
some apps are using it: do a CRC check on your EXE. If it is modified then don't show the typical error message, but
wait a day and then notify the user using some cryptic error code. When they contact you with the error code, you know
that it is due to the crack. Be aware: such traps could also be activated due to virus infection or incorrect
downloads. Imagine the possible aftereffects if you are blaming your potential customer for software piracy.
- Don't rely on "EXE-packers". For almost any tool which compresses EXE files
(Shrinker, WWPack32, NeoLite, ASPack - to list the most popular ones) there's at least one uncompressor available
(for one of them I know about a total of 8, half of them downloadable with source...) so compressors capable for
software-protection should at least support configurable encryption. Unpackers for the above (and other) tools are
not too wide-spreaded, however, don't rely on them as your program's (one and only) "protection" - typical
crackers usually have their harddisks full of such "tools".
- Recompile and re-release often!
Especially if you are modifying your "anti-cracking" routines often, even more advanced
cracks with code-searching capabilities will be useless (see also the related
tips in the above section of this FAQ).
- Control your own distribution!
Putting your apps on compilation CDs or submitting them to "autonomic" software
mirrors like SimTel, WinSite or HotFiles has two sides to take into consideration:
if a crack is developed for a version that is on 30,000 CDs or downloadable from
50 mirrors worldwide, that version is likely to be pirated, and once a crack for it
is available, every user will not have problems to find a download location of the
version the crack works on. The other side is that from a sales point, you should
make your product as easy as possible to get. You will propably gain more in sales
than you will lose in theft (if your software is good and innovative, of course)!
Fact is: reducing publicity (i.e., distribution channels) of your software will
only guarantee a reduction in sales. My personal suggestion would be to focus on
the various other tips on the page, especially to distribute slightly modified
versions of your app to the various sites and CDROMs which will at least ensure
more work and confusion for potential crackers.
- "Destructive" code in your program - yes or no?
Sometimes developers tell that they put destructive routines in their programs
in case their internal checking routines detect that the app was cracked.
They delete system files on the user's system or mess up the Windows Registry,
let the program create buggy results (obviously buggy or just noticeable after
careful checks) or simply pop up warnings that "a certain patch" leads to
"damage to the system files" or "contains a virus". While this might be a good
way to "shock" sensible novice crackers, I truly don't believe this is a good
(or even effective) method to protect your work. The typical user will think:
"Who knows what activates the virus inside this app -- I'll better delete it
at once!" and decide for an alternative product. After all, destructive functions
or even threatenings like that may result in severe problems with consumer laws
of certain countries. At least your product will be suspicious if something
"happens" on the user's computer - and which professional developer would want that?
..given by assembler freaks.
- The rcr/rcl trick
If a rcr/rcl is performed on a value, it becomes much more of a pain to crack -
you can't reverse it with by negating it's effects without knowing what the value
of the carry flag was before the original operation. If the carry flag is created
as a result of some other pain in the neck operation, you are probably onto a winner.
- Stick conditional jumps in. Everywhere.
Conditional jumps are not fun to reverse engineer. No loops, but jumps which conditionally
bypass/include portions of your wonderful key manipulation code. There is no easy inverse
operation to be performed here.
- Use portions of the code as magic number tables.
(preferably critical sections). You have no idea how annoying this can be, if you're
like most crackers and like to change things around using softice (a popular cracking tool).
- Play with the cracker's mind.
This one is fun :-) Stick series of nops in, as though you were doing self-modifying code
(oh my god! what the heck! nops? Aha! Self-modifying code! Idiot spends next three years
trying to find the code that should be there.). Pepper the code with junk instructions.
Cut the code up into little pieces and put them all over the executable, with (preferably
conditional) jumps between them. - Anything which you would find a pain in the neck.
- Detect SoftIce. Early.
Now crash the computer. You can crash a pentium or a pentium with MMX even without a vxd by
the opcode: F0 0F C7 C8 (illegal form of cmpxchg8b instruction with lock prefix).
Beyond that, we have to resort to the tried and true methods. Using a vxd, take the CPU out of
protected mode. Windows doesn't like that. Wonder why? .. On the other hand,
- Don't loose too much time on writing anything that will kill disassemblers or debuggers.
Doing it is worthless, believe me, people who made them or others will soon find the
way around, so shift your interest to more important stuff. Just do things which are easily
and fast to afford, like the above tip.
Special on Delphi Reverse engineering
Quoted from a helpful cracking tutorial*) - just read and learn from it (useful for other RAD tools, too)!
"Let's learn something about the innards of new Borland's programming tools.
This knowledge will allow us to speed up cracking sessions, as will teach shareware programmers
who use Delphi to be more careful and not to happily expose their 'secrets'
to curious eyes B) [..]
VCL stands for "visual component library", a library used by recent
Borland visual languages as Delphi and BC++ Builder.
These environments use a proprietary resource format, that
appear as 'RCDATA' when listed by Resource Workshop.
These resources contain 'forms'. In Delphi jargon, forms are the windows of
the program. All the info about their design is stored there. When a typical Delphi
app is starting, the initialisation code creates the forms, loading the required
information from the resources. Sometimes this loading is deferred - forms that
aren't used very often are created and destroyed as needed.
This system is the best and the worst of Delphi. It allows a very fast way of programming but,
for full-length apps, it can slow down the loading.
The really interesting part of this information is that the address of the routines
- called in response to user interactions with the elements of the form - are bound
at run time by name. So knowing these names we can find the appropriate addresses!
If you have cracked any Delphi apps, you have surely experienced the long chain of calls
inside the library, from the breakpoints on the API calls to the "do something"
code. I hoped that these addresses could help in pinpointing the relevant code."
[..describes his installation of a quite well-known Delphi-writen application..]
I cracked it completely and without problems, as you are about to see :=)
After first installation the weeks passed and I hadn't had the time to work
on it... when I started it, I found a nasty 'Your evaluation period has expired'
The first step is to gather the information about the target exe with a resource
or form spy tool. You may be tempted to investigate TVALIDATORDLG, the form where the
user name and registration key is obviously input. But all you'll find is a mere dialog.
The real work is accomplished from its caller: TSPLASHFORM. This is the nag window that
appears at the beginning of the program, as well as when it's shutting down and from the
You can select TSplashForm and look at the text representation of it. A lot of
information about the buttons and labels will appear. Let's concentrate on the following part, near the end:
object RegButton: TButton
Left = 200
Top = 176
Width = 97
Height = 25
Caption = 'Register'
TabOrder = 1
OnClick = RegButtonClick
What's that? This is the button with the caption "Register". You can see its size, position...
and something with a suggestive name: "OnClick". "OnClick" tells us the name of the routine
invoked when the user presses this button. Once we have the name (yes, "nomen est omen" :) we can
search for the address of this routine. This is because the routine is bound to the
button at run time by name.
Using a hex editor, I looked for "RegButtonClick" and I found it twice.
The second occurrence is the resource itself, the first is within an address table:
000A4990 ____ ____ ____ BC57 4A00 0E52 6567 4275 ______.WJ..RegBu
000A49A0 7474 6F6E 436C 6963 6B__ ____ ____ ____ ttonClick_______
Now look at the magic numbers before the name. There is a byte ('0E') indicating the length of
"RegButtonClick" (14 characters) and before that an address: 004ABC57.
Some disassemblers seem to think that file is too long and it doesn't disassemble
this portion of the exe correctly - however, with a special tool we can bpx on this and...
right! It stops at the point just when we push the button.
A couple of instructions forward you'll find a CALL. Tracing into it you'll find a "standard stack frame"
0044ECC8 55 push ebp
0044ECC9 8BEC mov ebp, esp
This is the kind of thing expected at the beginning of a high level routine, made by the application
programmer. We have avoided the whole chain of library calls through the VCL from Windows notifications,
and landed in the right place!
From this point, there are some calls you can easily test by setting breakpoints
on them - you'll find that their purpose is to show the dialog asking for the user name and
registration key. Then, the key is calculated from the user name and compared with the one the user entered.
You can enter the name you choose, and anything as the key, after BPXing 44ED69.
Here, a call to a routine compares two strings. D EDX will show the fake key you entered and D EAX will show the
correct calculated key. Easy, isn't it? A ten minute crack by a beginner!!
[description about spying the key generator routine comes next. It's
been an average routine of about 10-20 Object pascal code lines.]
How this way of cracking can be avoided?
Read my tips above. The basics are: don't use automatic methods created by double clicking on
the button or the object inspector. Write your code somewhere else in your program, preferably in another module,
and bind it to the button using code such as:
RegButton.OnClick := RegButtonClick;
Of course you'll need to enter this code after the form is created and
before it's called. Best if it's rounded by a lot of unrelated stuff.
This won't necessarily prevent your program from being cracked of course,
but things will not be as easy as you have seen in the lines above O:)
Notes on registration numbers
(if you can't avoid them) ]-)
- balance between security, feasiblity, programmability and end-user headaches
- Too long, non-alphanumeric Reg#'s tend to be continuously entered badly.
Think about requiring to enter a verification field (as commonly used with passwords) or,
at least, provide a "non-persistent" Reg# entry field so that the user will rewrite
the Reg# each time, possibly correctly at last. Many people will just "glance-compare"
the entered Reg# and the one (possibly) emailed to them, arriving at the final thought
that they did enter it correctly, whereas the font is too small or they are too tired to
notice that this '1' and 'l' have been interchanged (in a reg# like 'l83jjd_0)pH1lTe' )
- Refrain from any user feedback. The Reg# entry box should accept strings of any
length, without any validation. Don't give crackers the knowledge about the type of your
Reg# - if you do "online-verification" which shows that it's 10 chars long or that is contains
only uppercase chars helps - so don't help them!
- Calculate the number of potential users! There's nothing bad like if you have to update
9,999 users because you didn't expect that there might be 10,000 of them and have to shoot
out a new version which is capable for these Reg#'s...
- If your Reg# is 10 numbers long,.. .. there are 10^10 possible Reg#'s. But since your app
might find let's say only 10^4 (10'000) users, you should invent an algorithm that
assigns each one of 10^4 users one of 10^10 reg#'s, and does it somewhat uniformly.
This prevents people and programs (some .vxd based "macro" players, for example)
to be used for brute force approach. If there are only 10^4 users and you allow 10^9 "valid"
Reg#s out of 10^10, on average each 10th Reg# tried brute-force will be valid, whereas on the
case of 10^4 prospective users, that many valid reg#'s and space of 10^10 Reg#s, on average
only each 10^6th Reg# tried brute force will be valid. Ever calculated how much time it would
take to brute-force search 10^6 numbers, even using a fast machine and extremenly fast macro player
(keystroke generator simulating Reg# entry and checking for results)?
- the assignment operator that assigns User# to Reg# shouldn't be trivial, and it's
implementation should be done in Assembler by someone experienced both in Maths and Assembler.
Remember that Delphi still allows you to directly use ASM code in your source! Then, check your operator.
create graphs of how it works. Understand your own work, especially its drawbacks and vulnerabilities
- Be inventive. Don't use anything that seems simple, quick and effective unless you've
come with something like Einstein's relativity theory, your approach is yes, simple,
yes, quick, but no, not effective, and yes, easy to crack. I'm sorry, but we aren't
geniuses and developing a good protection scheme takes some time.
- Don't have a single registration code. Make the key depend on some user-specific info - have a way to get the user info out of the
registration codes. If you find a code on the web, track down the user and harass him.
Threaten to do this when you give paying users their codes. [Ch.Losinger]
- Dynamically create accelerator keys in your "register" dialog box.
These should be for keys used in the registration number entry (0-9,a-z, for example).
Each accelerator could call a different routine, if feasible - this makes breakpointing
tougher - and store the flag that the given char was entered somewhere else.
Also, each keypress could modify some global variable, in a way that is decodeable
for you (and just you, if possible ;). Finally, there should be some kind of
'monitoring' routine that acts accordingly, paining the characters on the dialog
box and taking actions upon backspace and enter, for example.
- Encrypt your good code - never decrypt it.
And encrypt the User-Code to test against your good code... [Ch.Losinger]
Adding timebombs to your program
(if you can't avoid them) ]-)
"Timebombs" usually mean runtime limits of any form developers include in their
programs to limit the time or number of runs they allow before they quit (all
or most) operation - or just opening a registration window anymore. Knowing this
FAQ, you will immediately see the weak point of this protection scheme:
as long as your application is intended to operate fully during its
evaluation period, it must also come with its full code and thus can quite
easily be cracked. Beside that, there are dozens of programs on the web which
do nothing else than faking the system date so that your app thinks it is still
inside the evaluation period.
So, don't just rely on the system date. Get the date of several files, like
SYSTEM.DAT, SYSTEM,DA0 and BOOTLOG.TXT and compare them to the system date. Require
that the time be greater than the last run.
The best, however, is to simply say "Goodbye" to startup/time-limits! There is
simply no way to protect a time-limited demo. You won't believe it - there even
exist patched versions of Windows DLL's (!) which will make your demo think it has
never run before on this computer. At one point or another, you will have to save
your date or program start information on the computer: in a file, in the registry,
somewhere - and Windows provides GREAT ways to spy on any changes made to these
devices. "This is a war that can never be won." (D.Filion)
How can I find out if cracks exist for my program?
- Use the Search engines
Using search engines is one of the best methods. Most software pirates have overboarding
self-confidence and even submit their illegal pages to popular search engines on the web.
If you search Altavista, Lycos or especially Meta-searchers like
MetaCrawler and your software is already present for more than
a few months, you'll maybe have "luck" and find some "Warez Pages" which offer cracks or Registration codes for your program.
- Search pages using Free Webspace
Software pirates, students which think it's cool to offer "Warez" and "Crackz" and other
strange kinda persons especially love the free services offered by sites like
Tripod and others to offer their stuff. Most of them offer
at least 5 MB free webspace, which is enough to provide thousands of cracks. Beside that, those sites
are busy like BIG railway stations and like there, criminals feel quite safe to go after their "hobbies" there.
Good for us, almost all free webspace providers also offer search features which allow you to search
just all pages of their members, which is much more accurate and easier than using the big engines
of which some are not kept up-to-date very good. Just connect to their main portal and
start your search. If cracks exist for your program, you have very good chances to find them on
some of these member pages.
In such a case, you should contact the maintainers of the service (almost all even provide
special email addresses for piracy reports (such as email@example.com).
- Search newsgroups
Unlike what polititians are trying to suggest to the public, it's in most cases quite
easy to track down who is posting cracks, serial numbers or even full licensed copies of
your software in newsgroups like alt.cracks.* and others. Just let your newsreader display
all header fields and check carefully where those people are writing from. Since almost
any news server requires complete authentication before posting, you have good chances
to find out who "hides" hinter strange names like "Hackman" or "Piratez2000". If you have no
success, simply contact the webmaster of the server where the message comes from or forward him
the posting, requesting action against this person.
- Make use of "Crack Search Engines"!
The easiness of CGI and increasing success to powerful webservers leaded to some quite
powerful Crack Search Engines during the recent years. They can be of enourmous help
for finding cracks for your software and then starting action against the responsible
persons providing these pages and cracks. Sorry, I won't provide links for those sites here,
but you can't miss them during your "investigations" in those slippy parts of the web.
- Use Web-Robots
Sites like http://www.netmind.com offer robots
that notify you by email when a page changes. Since you can also define result pages
of, for example, AltaVista searches for
a crack or key to your program, this is a cool way to get "paged" as soon as some
spider hits a website of a child which "-cool, man!-" offers a crack page. You can
even do that for newsgroup searches!
- Subscribe to mailing lists
If you don't know how to go on, ask in the Anti-Warez Mailing-list or
other, Shareware-related mailing lists (see my "Delphi Tips" pages for more links).
Their members watch the activities of most popular cracking groups and have been quite active
closing many of them down during the times. They will surely help you if you yourself don't have
success. Shareware developers should join forces - it pays!
What to do if you found a crack for your app
"Blow the whistle!"..
I've heard and read many programmers telling "you can't do everything against them,
there are too many crackers around, too many warez sites on the Net, so that few
people ever get caught."
Fact is, however, that you as a software author would have excellent chances to
win any lawsuit against operators of ISP's awaringly keeping crack/warez sites online or against
the crackers themselves. Hundreds of sites have been closed down during the last years
due to offering or linking to pirated software. In some cases, computers were confiscated,
and the operators are still paying settlements.
So, you don't have just to accept if you find pirated copies or cracks for your software around ..
try to detect where it comes from and get into action against the source!
Where to report cracking pages found thru' free services
- Forget about the BSA (http://www.nopiracy.com, http://www.bsa.org) - these are just
commercial organizations which just take "orders" for their paying clients. No, they don't
work for everybody - usually they only come in to action when the target is a large firm,
using software from one of their biggest clients (no prizes for guessing which one).
Can you say "M$ Militia" ?
- Do internic queries on the crackers site (www.checkdomain.com
or use one of the WhoIs tools linked at the bottom of this page), contact the sysadmin, explain the
situation. If the ISP is a fair and serious one, there are chances that the crackers will receive a
serious warning to remove all the illegal stuff from their sites or that it will even be
closed without delay.
- If the crack was published on on "free" pages like Xoom, Geocities or Tripod, or if
the cracker used a redirection service, send a complainment mail to the abuse complainment
address of the service - just a matter of a few minutes, but very effective.
I've listed the most important addresses in the next section.
- If this doesn't help (seldom seen, but possible), contact the local authorities
of the state where the ISP is located. Most countries even provide email addresses for
reporting crime activities (like childporn, but they are also open for pirated software),
or at least their police administration can be reached by email. There are good chances
that the ISP will be threatened to lose his licence.
- Finally: get yourself a good glass of wine and enjoy it. You have written a good program!
(otherwise no one would lose time trying to crack it)
..if you found a crack on a page hosted by Freespace Providers:
..if you found a crack on a page forwarded by a redirection service:
- //members.xoom.com/??? -> send mail here.
- Geocities.com/??? -> fill out this form.
- ???/Freeservers.com/??? -> send mail here.
- FreeAlways.com/??? -> send mail here.
- Webjump.com/??? -> send mail here or fillout this online form.
- WebAzn.com/??? -> send mail here.
- Tripod.com/??? -> send mail here.
- Yahoo.com site or link: mail here and receive detailled instructions.
- AcmeCity.com site or link: mail here.
- PolBox.com site or link: mail here.
- FortuneCity.com site or link: mail here.
- http://???.to/??? -> fill out this form or send mail here or here or here. Just to be sure you should verify the correct address since there are various redirection services holding .TO domains.
- http://???.tsx.org/ -> send mail here.
- http://???.findhere.com/ -> send mail here.
- http://???.cjb.net/ -> send mail here.
- http://???.da.ru -> send mail here.
- http://???.mainpage.net -> send mail here.
- http://???.Web-Page.net -> send mail here.
- http://???.MainPage.net -> send mail here.
- http://???.GamesPage.com -> send mail here.
- http://???.Main-Page.net -> send mail here.
- http://???.MusicPage.com -> send mail here.
- http://???.SexyPage.net -> send mail here.
- http://???.Biz-Page.com -> send mail here.
- http://???.Co-Inc.net -> send mail here.
- http://???.Co-Ltd.net -> send mail here.
- http://???.Pty-Ltd.net -> send mail here.
- http://???.Pte-Ltd.net -> send mail here.
- http://???.Int-Ltd.net -> send mail here.
- http://???.Intl-Ltd.net -> send mail here.
- http://???.TourGuide.net -> send mail here.
- http://???.Net-Shop.net -> send mail here.
- http://???.Subdomain.de -> send mail here.
..if you found mailing list or newsgroup messages offering or linking to cracks posted from:
Also try to find out the REAL URL of the site the cracker wants to hide behind
the redirection URL (even if it just displays the redirection URL like "http://come.to/supercracks" permanently -
you can easily find out the "real" URL of the cracking site by viewing the Sourcecode of the
displayed page with Netscape Navigator: the URL and/or domain address displays in the title bar
of the Source window..) and also ask the webmaster or uplink provider of this site for assistance -
that way you have good chances to help closing at least one, if not both of them.
Where to report cracking pages found at asean sites
- ???@my-deja.com -> send mail here.
- ???@email.com -> send mail here.
- ???@mail.com -> send mail here.
- ???@gironet.nl -> send mail here.
- ???@chello.nl -> send mail here (Webmaster might need threatening with authorities).
- ???@hotmail.com -> send mail here
- the FSB are part of the (former?) KGB and are told to
have the power to shut down and hunt "illegal" sites ("illegal" has a special
meaning here, it's suggested that - in case you are - you don't tell you're from the States. ;)
Mail can be sent here.
Facts and Myths about Software pirating
Provided by the Business Software Alliance
Myth: "None of the software offered was stored on my site - I only had links to the files."
Fact: You could be liable for anything that you do that contributes to the infringement of copyrighted works. This includes facilitating a download by linking to remote files.
Myth: "I have a disclaimer on my site that protects me."
Fact: A disclaimer cannot shift your liability to someone else. You are still contributing to copyright infringement.
Myth: "I thought it was okay to download programs to try them out if I delete them within 24 hours."
Fact: This is a common Net Myth. You may only use the software as described in the end-user license provided by the software publisher.
Myth: "..there is something called 'freedom of speech' in this country..?"
Fact: Free speech refers to your right to provide opinions and original content without censure. Even so, free speech has limits. You cannot use this right to break the law. Internet sites that provide access to others' copyrighted materials - whether it's on the same site or a remote site - violate the author's right to control distribution of their works, which is against the law.
Myth: "What about "fair use"? I am only providing a service for "educational purposes."
Fact: Fair use is widely accepted to mean the reproduction of a part of a copyrighted work, not the wholesale copying of an entire program or contributing to software piracy.
Myth: "I only post serial numbers."
Fact: Legal software comes with required numbers or keys to install the software. It should not be necessary to get these off the Internet. Providing them for others to use with pirated software contributes to copyright infringement and is illegal."
Myth: What if I lose my serial number or one of my disks is trashed?
Fact: Most software publishers have provisions for replacing media. Contact them to resolve your problems.
Myth: Writing a book about robbing banks and robbing them yourself are two different things, not?
Fact: A better analogy is "robbing the bank" vs. "driving the getaway car." Or, another analogy is stealing software vs. marking the computer store window with an big X and telling people that, if they throw a brick at the X, they can steal the software in the store window. Both are illegal.
Myth: Software is so expensive, and I've wasted a lot of money just to find out that an expensive program is worthless! If it's any good, then I'll reward the authors. If not, forget the compensation!
Fact: Cars are expensive, too, but society doesn't allow people to use them and decide later if they want to pay for them or not. In the same way, you cannot use pirated software and pay for it only if you want to at some later date.
Myth: Isn't everything on the Internet in the public domain?
Fact: An author does not waive copyrights by publishing on the Internet. Pirated software is published on the Internet by someone other than the author or without the author's explicit permission.
Myth: It's not really illegal to distribute warez.
Fact: An author can seek civil damages in the amount of their actual value, or statutory damages of $100,000 per work infringed. (Note that some "programs" are actually bundles of more than one copyrighted work.) Criminal penalties include fines of up to $250,000 and jail terms up to 5 years, or both. In December 1997, President Clinton signed a law called the "No Electronic Theft" (NET) Act that allows for criminal prosecution of copyright infringement, even where there is no profit motive, closing a loophole in U.S. copyright law.
Thoughts and comments from Crackers
Since I've published this FAQ, I've received a number of letters from former and
still active crackers which told me their thoughts about my lines.
"Why the hell should a Cracker provide Richey with tips for his page!", you might ask yourself.. ;-)
As already mentioned, I don't believe that Software
protection is the answer to all sales-related problems (think of the enourmous
-also financial!- success of some popular Freeware products, Open Source projects
and not the least weak protected programs like WinZip and so many others!) ...
in most cases the main reasons why developers don't see money is because they are
producing the 1000'th clone of already popular products, provide poor quality or
simply don't have any idea of 1) really innovative products 2) good design and 3) marketing.
However, there ARE reasons why protection might make sense. One of them might be the
following: you are investing 2 years (or many months) of hard work in a brand-new product with some
new, advanced features or logic no one else on the market has ever offered before.
You have a limited number of potential customers for which your product might be
of real interest - but want to protect some specific parts of your program from being
reengineered or simply copied -> you need a working protection for that...
Well, I have to admit that I've been suprised that at least some crackers accept that
and especially that some of them even decided to provide us all with tips how to
protect our work in a better way. Let me tell those fair guys a big "THANK YOU"
at this place.
Note: I'm keeping all letters from Crackers strictly confidential except there's an
explicit permission to publish them (or parts thereof).
Visitor comments / suggestions:
"General" (posted by Tibbie on Jul 13, 2001)
Thanks for a good site. I am new to Delphi 2 but developed a maintenance package and need to learn a lot on security codings, etc. I found your site a good source of info."Scripts makes it harder" (posted by PeyloW on Aug 31, 2001)
Implement parts of the protection as interpreted scripts. A simple script interpreter is put tigether fast, if not use the VBScript interpreter provided by M$, then you can have calls to COM objects from the script. Trying to trace through that mess will be close to impossible."Commercial tools" (posted by mahmut tufan on Oct 03, 2001)
It would nice if you could include some topics on using commercial copy protection and licensing tools like softlocx, pc guard, softwarekey etc... "Prices for shareware" (posted by Mark Behbehani on Jan 05, 2002)
In the days before paypal when you had to run a credit card no or (egad!) open an envelope and extract a check. It made sense that prices were on the order of $20. But today with the almost effortless transfer of money with paypal etc. why not make the price of the software something like $5. I recently had my virus defs for norton go out of date. When I went to the site the 1yr update was 3.95. End of discussion, I didnt even bother to look for a crack because it was much easier to pay $4 than find a crack. If some of the simpler programs would take this approach, there would be much less use of cracks. People feel guilty about spending time to avoid paying $5. I mean really how cheap are you. I can by a fully legal version of Photoshop for $70 through the university, why pay 25 for a program that only displays (even if it does it very fast). I would say that if the prices came down, sales would go up and cracking would be much less prevalent. Of course you would have to overcome the blow to the ego of selling your hard work for $5"Software Companies - Hypocrytes" (posted by Gabriel/TSS! on Jan 11, 2002)
When I was stationed over in Germany in the U.S. Military in the late 80's to early 90's I knew quite a few people in the (Amiga) Cracking/Pirate groups. I went to a few of the "Parties". A couple of the "Parties" had employees of the some of the Commercial Software companies in a attendance. Reason: They would give "pre-release" copies of their programs out. 1) This way they could find out the weak spots in the protections schemes - and improve them. 2) get feed back on the product from the Pirate community. (If the Pirates thought the program sucked - they would try to re-work it - if it still sucked they would save their money by not releasing it. If it got good reviews in the Pirate community - they knew it would sell. I myself am now a commercial software developer - leaving those "pirate" days behind me. But, it was a good experiance - I learned alot about protection scheme programming and cracking methods. These have come in useful in my professional career. Many of the former pirates/crackers now work for software houses in Europe. "False registration key" (posted by Paul (Deepsmeg) on Jan 13, 2002)
Is it a good idea to make a generic key, and let the app accept it or the real one. BUT after x days if they don't re-register with a kosher key it makes the app fail and unable to be reinstalled without the good key?"CRACKING IS NOT GOOD - WHY ?" (posted by Snil00pher on Jan 14, 2002)
What the hell u think ? can u tell me who wanna pay $30 for a software ??? Tell me who wanna pay for a game ? or who wanna pay for a m$$ OS sucks ?? not all the world is rich $$$ you wanna protect the richs :-( ! think about it ! maybe a day u will find . soo my opinion is MAKE CRACKS and fuck RICHS . " not all the world is rich like you or others " maybe if the price of the software down no cracks ! When you do a crack that is a challenge "Cracking is not good - why" (posted by Paul (Deepsmeg) on Jan 16, 2002)
Try seeing it from the developer's point of view... spend weeks, months, or more on an app and then some d00d makes a crack for it"Mayby adding some very strong schemes?" (posted by I like Anoniminity, even if i cant spell it. on Jan 20, 2002)
I know of a few VERY good schemes. One of these is the FFFFFFF8 one."The FFFFFFF8 one" (posted by Paul (Deepsmeg) on Jan 21, 2002)
What is the FFFFFFF8 one?"Re: The FFFFFFF8 one" (posted by I like Anoniminity, even if i cant spell it. on Jan 25, 2002)
It crashes your computer. It will only happen if the registers are tampered with by SoftICE. Here is a snippet from a different site: If ANY of the "checks" fail, (and there are MANY more than I've mentioned here), the program begins encrypting data against the 12h byte string. Each pass through the encryption process will decrement the FFFFFFF8 monster by "1", so you "could" go through the encryption process 4,294,967,288 times, theoreticaly! Of course, this would never happen because each pass is directed towards a different byte in memory, so eventualy you encounter a "Memory Out Of Range" error message. With Soft-Ice running, you'll never get back into the program to see that message though. And, as I mentioned earlier, even minimizing the Loader window used to load the program will cause a crash. Also, I read here about stuff being written INLINE. What is this and how is it accomplished. Thanks. P.S. to see this site on a different server try: http://fravia.kilrathi.pl/protec.htm"Fravia's pages" (posted by Richey on Mar 17, 2002)
Just to clearify: this is not a mirror or copy of Fravia's pages. Of course, some of his tips are good, and I couldn't make this a good or "complete" Anti Cracking FAQ without mentioning those methods, too (see the related "kudo's" on the bottom of this page). Vice versa, Fravia added some of the tips published in this FAQ on his page, too (but without mentioning it). Not 100% fair, but I can live with that. Kind regards to all readers, Richey"cracks" (posted by crazy on Jan 25, 2002)
It is good site and very usefull"What I'm using...." (posted by CbM on Jan 31, 2002)
As one of my programs uses Internet Connection, I've created another application that listens for connections that are made by my program at some exact time/date. If a connection is done, I'll receive detailed information about that computer/program.It's a kind of a backdoor, the only thing I can do is to send a KILL command to that program, that can unregister the program or 'kill' the system."Microreleases" (posted by Tim on Feb 06, 2002)
I've found the single most effective deterrent is putting out micro-releases frequently and often. If the software is provided through shareware sites, make sure each site gets a different microrelease. Crackers will never be able to keep up, and anyone trying to use the crackz will get frustrated."Don\'t include the serial generator ?" (posted by Chris on Apr 08, 2002)
Hi, Pardon my ignorance, but how do you check if a serial number is valid if you do not include the code to calculate the serial number from the username ? Any help would be greatly appreciated. Thanks."help for file" (posted by ALEX on Apr 21, 2002)
hi i hope you can help me in this way i have 1 monht ago buy one software was armadilo protected and he send me file for calculate key finger file i sell software protected armadillo and when i instal my computer i have there deleted all file and i can not find any file in computer and is not copy in cd or so and from my friend i have software buy calculate file not ( where i have buy in first i can not contack with this people ) can you crack this software and you can after crack write your name this will good reclame for milion people in gsm way ( this software is not illegal this is for unlock phone software and this is not illegal ) if you can do it i will send you software i hope you can undestand me best regards ALEX"Why waste time?" (posted by The Kernal is your weakness! on May 18, 2002)
Ok you dopey downie riddled Developers, 99% of you will have your product(s) pirated one point or other.. are you getting the big picture? no matter how much time/effort you put into creating hardcore algorithms there are crackers who will defeat it within 48hrs.. so in the end you see.. crackers always win >;)"hmmm lets think about that !?! :-)" (posted by NoOne on May 31, 2002)
Hi, I want you only to know that cracks highly pushes your software to the public. and so you can sell more copies if it´s worth ;-) On the other side cracks keep people from buying the software wich is a BIG problem. But people who can afford this software buy it and people like me who use "this" software for private and who have not the big money to effort it download cracks for it ----> where is the problem ??? If there were no crack i wouldn´t buy THE software !!!!! Anyone got problem with that philosophy ??? Ciao PS : Soory for my BAD english but i´m from Germany :-( cya"Re: Why waste time" (posted by eb eip eb on Jun 23, 2002)
Good point!.. I can see that you hardcode developers want's security.. but all you get is the "illusion" of safty.. Wake up and realize the facts; "IF IT CAN BE PROTECTED, IT CAN BE CRACKED". So what i reccomend to all you developers is to imbedd a mail to the cracker in your program and beg him not to crack your software.. that might be a better defence ;-)"Re: Why waste time" (posted by A Developer on Jul 11, 2002)
To 95% of my users a crack is the thing in the middle of your arse.Almost any protection is effective and needed as otherwise they pass CD's around without a thought.As they get smarter we'll have to try a bit harder. This site is a help. Thanks.As long as it's only 5% that are getting the free lunch then the crackers don't matter."Re: Don\'t include the serial generator ?" (posted by MrBeer on Jul 15, 2002)
Use asymetric cryptography systems, like RSA, ElGamal, etc."sshh.." (posted by Intelligent Systems on Jul 18, 2002)
like what you said, THERE IS NO CODE IN THIS WORLD IS SAFE FROM CRACKERS, HACKERS and PHREAKERS!... make a security today, then got it break tomorrow.. haha i agree, that this world is not only for the rich but also for the poor for people that never use or just started to learn computer... cant u understand that???? MONEY IS NOT EVERYTHING"sshh.." (posted by Intelligent Systems on Jul 18, 2002)
like what you said, THERE IS NO CODE IN THIS WORLD IS SAFE FROM CRACKERS, HACKERS and PHREAKERS!... make a security today, then got it break tomorrow.. haha i agree, that this world is not only for the rich but also for the poor for people that never use or just started to learn computer... cant u understand that???? MONEY IS NOT EVERYTHING"How can you compete with free?" (posted by ware share on Jul 21, 2002)
Pirates often say that "I'm not rich enough to buy M$ Office, so they aren't losing any money when I use a pirated copy."That's probably true. M$ isn't losing money. However, the author of CheapWrite, who tries to sell his software for $39, is probably losing a sale. I mean, if the choice for a user is to get a good-enough program for $39, or the biggest program for free, what choice will he make?Thus, piracy hurts small software developers but not large ones. If you want to support the M$ monopoly, by all means, keep pirating.To someone who thinks that paying $39 for software is expensive: how much did you pay for your computer? And do you really think that a computer program costing less than the entrance ticket for an amusement park is "expensive"? If so, please move to a communist state.Oh, I fogot, there are no more communist states. I wonder why that is?"open source your code" (posted by mr gpl on Aug 08, 2002)
open source is the only way, stop sniff the intrails of dying Monopony M$, look at Lindows,Star Office and Suse!Properity software is dyingopen source can make moneyopen source is not socialism"to protect or not to protect" (posted by technobug on Aug 19, 2002)
While writing a program that has taken me a fair amount of time, i had to decide if i wanted to release it as £10 shareware as origionaly planned, or free. being somewhat short on cash myself i figured £10 was a fair sum if a person liked it, at first i tried to protect the registration system and prevent modification of the program, this seemed to work, but then i soon realised this was pretty pointless, as someone would come out with a crack anyway, and my program which would proberly only be used by a small number of users would proberly end up being used by so few 'registered' users that it would not be worth my time even bothering to release it.in the end i decided to remove all traces of protection and registration and just release it as freeware, because its so obvious that theres so few honest users out there. i have not even bothered finnishing the docs and the printing system (it works if you use the preset printing forms, although most users wouldnt want to delve into scripting their own style of printing).maybe someone will be kind enough to give a donation, though its doubtfull.and to 'mr gpl' about open source, yes, open source is good if you have a) financial backing.b) telephone technical support team.c) 'manual/cd printing' servicesd) more than just yourself involved.unfortunately a lot of coders dont have that sort of backing, thus the only way they could make any money is to sell their program, which would be pointless if its open source as anyone could compile it themselves and get it for free."What a great website" (posted by wowzer on Aug 29, 2002)
Thanks a lot for this great website! One technique I use is a library that arbitrarily sends the registration info and computer information to my registration server, logging in who is using it. Often I find users sharing their codes with others. I also have the ability of killing applications across the net, but that's another story."crackz, hackz and warez" (posted by anony mouse bloke on Sep 05, 2002)
i use cracked applications. i know that makes me a criminal. i don't care that much tho. if a company makes software that can be cracked, it deserves to lose the money. if it can't be cracked, and it does something i need to do, then - and only then - i will gather together the (usually prohibitive to the small-time/non-commercial user) funds to buy it. here in australia software prices are spectacularly prohibitive. an application that is well within the reach of a student in the US, UK or Europe is often out of the reach of their counterparts here. mostly, it's to do with exchange rates and comparative earning levels - the A$ is second only to the peso in buying power :) but high-street vendors also stick in a massive price-hike when they can. Furthermore, differential release schedules mean that we can be behind the rest of the world for months (and in the case of some games, we may never recieve them!) none of these are excuses for using cracked software. i don't have an excuse, except that i genuinely can't afford to buy things that i need, for which i can only blame the government and high unemployment rates. does being poor and unemployed mean i shouldn't have the same access to software tools as my more well-off fellows?"Re: crackz, hackz and warez" (posted by on Oct 02, 2002)
Someone said "does being poor and unemployed mean i should not have the same access to software tools as my more well-off fellows?". I would like a new Ferrari but I cannot afford it. By your logic, it is ethically ok to steal one? I do not think the law would agree on that one, I think I would be in prison. I cannot afford the Ferrari, so I drive a Hyundai. If I could not afford MS Office, I would use notepad. Its not like you are stealing food to save your life here... you are talking about a luxury. Its not ok to steal an xbox from Walmart if you cannot afford one, and its not ok to steal software if you cannot afford it. Stop fooling yourself."Cracking software isn’t rocket science " (posted by on Oct 16, 2002)
Cracking software isn’t rocket science and even less so with the different tools now available. Designing and writing worthy software is easily more challenging and involved then simply cracking software. Rather then cracking software, why don’t crackers try to compete for numbers of users by designing and writing a better competitor product (I’m betting they can't)? If learning is the goal then they would learn a lot more building a competing product then cracking an existing one. People who run warez sites are the biggest hypocrites on the planet claiming things like software should be free and such, but then slapping banners and pop-ups all over their warez site trying to make money. They might say that that they are just trying to cover costs, but what about the developer trying to cover their costs. Why is it acceptable that a warez site can make money, but not the developer?"Occupational hazard" (posted by on Oct 22, 2002)
When someone enters a cracked serial into your software, they should be made to worry about the consequences. Will it register the software? Or will it crash the OS, trash files, screw up the registry, ...? A broken system should be an occupational hazard for anyone trying to steal software."cracks" (posted by a.triantafyllou on Nov 05, 2002)
Hello ! At first i would like to congratulate you for your very nice webpage!I am developing an application for the first time and I have some questions.The cracker Bullet is saying something about a 'keyfile' do you know what this is and how to implement it?I want to make an anticrack protection like this. A time bomb for 30 days or 30 uses. The user will receive a registration number which will be encrypted twice , as is mentioned in your webpage. The registration number will be encrypted by a routine twice and then if it is equal to the result of the encryption of the customer name(with the same method) then the program works.What do you think?Another question i have: What do you think about distributing a copy of my program that will not work after 30 days and where you cannot register it. And maybe with reduced capabilieties.And then distributing from a private ftp site after the registration has happened another copy of the program where the user can register it ?Many many thanks !Best regards,A.Triantafyllou"Just what I\'ve been looking for" (posted by JM on Nov 07, 2002)
We're in the process of releasing a niche product, and we're hoping for low cost and high volume -- you know, we could sell it to some at $100, but what if we can sell it to 10x more people for $10? By reducing the cost, we believe we're making the software less attractive to crackers and encourage more users to purchase it. Another strategy we're considering is a renewal-license. Once installed, the software works for 45 days. Every 30 days-or-so (we have 15 days for delays), the user has to connect to our servers to be "renewed". At this time, we collect information about the computer, like serial#, user-name, etc. This information can change from month to month, but should NOT change more than two or three times per month. Once it is detected that the same serial# connects from many different computers, it will be disabled. We may also feed new verification code (DLL) monthly and/or do a check-sum on the exe to verify that it works still.Lastly, we have identified a way to hide information on a windows machine completely invisible to the user, and no using the registry or "hidden files". While we would like to give someone a crack at it (pun intended), we're weary of giving anyone a head-start."A couple of tips..." (posted by Anon. on Nov 22, 2002)
How about basing a user id on the user's hard disk serial number etc. and then getting paying users to send you this number - therefore there will be no way of publishing a serial number/ reg# on a site as it won't work unless on the same hard disk etc. Therefore the only possible way would be to actually make a crack or a keygen. Therefore you also employ some other techniques already mentioned in this page."Piracy" (posted by Anonymous on Dec 14, 2002)
Great page, thanks for sharing your hard earned knowledge with the world.This will help improve my and many others like me's, software against piracy and cracking.This will be a place to return to for more info and help on this topic, please keep updating this page, you have more fans than you know.I have spend quite an amount of time in researching an developing protection schemes for my shareware and commercial apps.Some of these tips I allready implemented others I will most definately will. Thanks to you.. Regards"The Right Balance" (posted by Anon on Jan 04, 2003)
I have come to the conclusion that it’s not worth spending time writing complex anti-crack solutions. Also you want to ideally make some money. My solution is to write a version which expires after a reasonable time 90 or 60 days, enough time for people to be tied into your software. I don’t think you should put a countdown in days till expiry “in their face”, but in the about screen as this will encourage a crack or keygen. Then put some security in the data file to ensure people can’t just copy the data into a new installation.You should sell your software at say £10, to encourage people to buy, then if people want to buy a copy, you can provide them with a personalised copy with the name and details showing. You could also do a basic background check, in the phone book etc. As it’s probably a pipe dream at least in the early life of the software that your going to make a fortune; why not hard code the persons name and email address into the software. I mean who cares if it take you 10 minutes, you’ll have made money out of it. This way, it will make people think twice about passing the full version on to their mates.It’s also going to be a little bit more complication to write a crack unless you include it with a registered version. Then the cracker will have to write something to get round your data file security too.Also you’ve hardly had to spend much time writing anti-cracks. After all who knows whether if it has all been worth it.This is just an idea!!! Comments??"my voice in yahoo chat room" (posted by Keith Trim on Jan 05, 2003)
I lost my voice 5 day ago in yahoo chat room.I have everything to get it back and I can not get it back.I have talk to a lot of people in the rooms and it is not just me.Thank You "The very strange balance" (posted by Panther on Jan 07, 2003)
Some time ago I worte a freeware program and got a lot of thanks about it. It was rewarding, morally speaking, and the code is still being used even if strongly outdated at present time. It was a product I put a lot of effort in, but I'm not angry about having got NO donation at all. After all I have learned alot out of it. I think it has been a fair deal. But I need money to live, just like all of you, and have seen myself forced to protect my programs. The experience I have made with another software I built teached me that using serial numbers tied to the hardware is no good at all as there obviously are customers continuously telling you they have changed this or that and/or reformatted the machine and stuff. Apart from the protection point of view, which has already been covered here and on good old Fravia's, it required (and STILL does require) a lot of man work to even answer the customers and this goes well beyond the price of a shareware product. This not to mention the huge amount of silly questions like "I cannot open my favourite archive I have put in the dumpster by mistake. Please help me". No way. I don't agree with people saying that the software should cost few $. Or at least you should provide very little (if any) support to the customers, which will soon get your own program abandoned. No good either. I am lucky enough to know electronics very well and developed my own hardware key for another product. It was a success. Maybe because the project was targeted at industrial audience (and therefore costed $$$). However now I can afford to better support my customers, to do some research for new technologies and to develop better protection schemes. The dongle I have developed myself isn't for sure a monster of security (and in fact it has been cracked 6 months later), but discouraged enough crackers to let me start seriously. And I still get some contracts to sell the product. I don't agree with people talking about dongle costs. It costed something around $180 to develop the key, including the development tools for the integrated circuits, prototyping and stuff. Another good $12 per key and I was up and running. Of course I've been lucky enough. But it was a start. Since when I was a kid cracking games on the good old C-64, the very first thing I learned was that this war is never ending and no one will prevail. Therefore, the only solution is to either get a new job or launch ourselves towards the front, being always innovating and competitive. After all, being true that anything can be cracked, how much time should a protection survive to be effective? Cheers"Tip:" (posted by Multimedia Michael on Jan 10, 2003)
For large, powerfull applications, make a 'lite' version that is either free, or more affordable. This makes cracking the full version pointless because the free one will do the job, while keeping professional features to do the job quickly and more effiecently adds the nessacery value to the complete version."TIP!!" (posted by Brian Hawley on Feb 02, 2003)
The main disadvantage of locking to hardware fingerprint is users will bug you constantly that they have upgraded hardware etc. (Maybe true, maybe not) Get round this by providing automatic on-line webpage where users can generate new lock codes at will. How are pirates kept off? Lock code is sent out by email. User specifies the email address and code only sent if it matches email of registered user. Email addresses are guaranteed unique. Still be a few that have changed email addresses, but this will keep them down to a managable number (so far zero problems in 4,000 sales in my case).."Another Tip" (posted by Brian Halwey again on Feb 02, 2003)
Another one I have not had time to try yet: If it's an on-line app, make it reactivate itself periodically by talking to your server. If you get multiple simultaneous contacts (say from ten different IP addresses within the same day) from a prog. with the same serial number, kill that serial. If a serial number / reg code pair has been seriously pirated, this will happen pretty quickly."Re : Another Tip" (posted by Beowulf on Feb 18, 2003)
That's quite a good idea Brian.. problem is programs like Zonealarm can block connections out of your system and isn't it bad practice anyway? You don't want to be accused (even incorrectly) of writing spy-ware ?!"The Right Balance – Continued" (posted by on Apr 12, 2003)
Well, following my plan, shown above, I hit a problem. If I were to personalise each version embedding the serial number etc, I wouldn’t be able to provide a check for updates feature, as everybody would get a standard version.In the end I decided to provide a Lite 90 day version, where the date was added to the data and to a hidden file. This way any other data set which was opened would be updated with the oldest date. So even if someone deleted the hidden file and re-installed the program, as soon as they opened an existing data set this would update a new hidden file and any data set subsequently opened.Also, I have a separate full version, which people buy on the web and MUST download, then I email the unlock file which includes a serial number and encrypted client details, phone number, email address, postal address etc. With the hope that legitimate users will think twice about giving anyone else their unlock code as this will identify them and pass on their details.Now my only problem is making some money. This was at test product to get some standard code together and iron out the process. I’ve also added some tools to my site which are currently shareware, but as they’re so small I intend to make them freeware, to drive some more visitors to my site."Font size" (posted by on Apr 22, 2003)
god gave us big fonts!Please use it"crackz hackz warez" (posted by rich get richer on May 30, 2003)
Your logic is scewd,Bull $hit, stealing a new Ferrari, it taking a tangible item it is a unique item meaing that if you take it, the real owner will not have it. Copying software is not the same. I am not going go buy you software any way. So, it cost you nothing if someone is poor and want to try it out, and mabe it does some adverting for recommending to other potential customers. There is still free entertainment like free TV, girl watching, etc. So stop being the WHORE-MASTER of money! The government copys or prints money everyday, that why there is inflation, which steal you present value of money.I also don't hear you developers complain about the government SALAVERY(the taken of one sweat)call TAXES(income taxes,etc).They put not effort in the that extortion, a least cracking that some effort. "hotmail account hacking" (posted by Aamir on Jun 04, 2003)
how i can got password of any hotmail account tell me plz i will wait for ur mail "Crack your own (badly)" (posted by on Jun 13, 2003)
If you anonymously "crack" your own software (and broadcast this widely before any other crackers get to it), the software can get well known -- but do it so that the result is buggy (mention this in the crack) and then people may decide to buy the legal version..."Crack of Intrachat 2.0" (posted by loser on Jun 17, 2003)
If you have, please share it to me, thanks alot."Tracing through COM objects" (posted by Anonymous on Jun 20, 2003)
Breakpoint on the API that is called."protecting programs" (posted by yAN on Jun 22, 2003)
If you want to make good protection to your program you must be a cracker.all others protections are shits except pe cryptors.I'm a cracker so i know what i'm talking about anyway I'm now writing one pe protector."Nice site" (posted by Neil on Jul 11, 2003)
This is a very useful site, and really crackers should like developers because without us they wouldnt have much to do..."Crackers... get a life..." (posted by on Jul 11, 2003)
Because your unable to make good software the only thing you can do is attempt to destroy other peoples, you moan about rich people but if you sell your own software you might make some money aswell..."how can i hack a hotmail account" (posted by yasir on Aug 10, 2003)
first of all coooool site keep it up.how can i hack a hotmail account.plz sen me e-mail and tell me"how can i hack a hotmail account" (posted by yasir on Aug 10, 2003)
first of all coooool site keep it up.how can i hack a hotmail account.plz sen me e-mail and tell me"Another point that sucks about crackers" (posted by CrackedAuthor on Aug 11, 2003)
I had the opinion "hey my app got hacked/cracked, so at least it is popular" and I can live with the "they wouldn't buy it anyway" mentality. What does suck is when a crack is released and you web server bill goes through the roof in 2 days because all these cracker guys download the app to crack and try it. Seems like another mentality they have is to just have the software, even if they may one day possibly try it."Mediocre Crap" (posted by Old Programmer on Oct 07, 2003)
You know the internet was NOT intended to be a place for you people to make money. It was supposed to be a global library of FREE information. Now anytime I look for anything, anytime I go to any site I've got you greedy sonsabitches holding your hands out and asking for a credit card number! Well guess what! Hackers & Crackers are the reflection of YOUR GREED!! The more you greedy people want money for every little thing the more hackers & crackers there will be GUARANTEED! Most of you people have SOME NERVE calling yourself programmers in the first place and SOME NERVE asking for money for your mediocre crap. If you want to make money writing programs then learn how to be a professional programmer and get a job! You flood the market with mediocre crap and make it harder for businesses to make any decent money. I write software for a living...for more than twenty years now...and I love hackers & crackers! I hope that they never go away. I've never had a problem with my software being cracked as I have a job with an ISV that sells to vertical markets. I also know a few methods that make it nearly impossible to crack but I WON'T tell you!! You are just in the way. If you studied enough like I have then you'll know how to do it and also most of these stupid little utilities have no business being anything other than FREEWARE!!! You get a life!! Work for a living and quit trying to get rich the easy way...by writing some lame piece of shit and wanting to nickel and dime everyone for it! Software with no support?!! Fuck you! Get out of the market! You are what sucks about computers and software! I will continue to make every effort to help hackers & crackers, especially since they often times produce the best quality programmers!!! Your feeble attempts at stopping hackers & crackers are the source of my and many others continual amusement!!! AHAHAHAHAHAAHA :PpppppPPpPPppPPP"Mediocre Crap" (posted by Old Programmer on Oct 07, 2003)
You know the internet was NOT intended to be a place for you people to make money. It was supposed to be a global library of FREE information. Now anytime I look for anything, anytime I go to any site I've got you greedy sonsabitches holding your hands out and asking for a credit card number! Well guess what! Hackers & Crackers are the reflection of YOUR GREED!! The more you greedy people want money for every little thing the more hackers & crackers there will be GUARANTEED! Most of you people have SOME NERVE calling yourself programmers in the first place and SOME NERVE asking for money for your mediocre crap. If you want to make money writing programs then learn how to be a professional programmer and get a job! You flood the market with mediocre crap and make it harder for businesses to make any decent money. I write software for a living...for more than twenty years now...and I love hackers & crackers! I hope that they never go away. I've never had a problem with my software being cracked as I have a job with an ISV that sells to vertical markets. I also know a few methods that make it nearly impossible to crack but I WON'T tell you!! You are just in the way. If you studied enough like I have then you'll know how to do it and also most of these stupid little utilities have no business being anything other than FREEWARE!!! You get a life!! Work for a living and quit trying to get rich the easy way...by writing some lame piece of shit and wanting to nickel and dime everyone for it! Software with no support?!! Fuck you! Get out of the market! You are what sucks about computers and software! I will continue to make every effort to help hackers & crackers, especially since they often times produce the best quality programmers!!! Your feeble attempts at stopping hackers & crackers are the source of my and many others continual amusement!!! AHAHAHAHAHAAHA :PpppppPPpPPppPPP"Another Thing" (posted by Old Programmer on Oct 07, 2003)
Aside from everything else that I mentioned in "Mediocre Crap" there is this: Some of you are asking for it! Lets take SolSuite for example. First of all...its solitaire...ok...been done MANY times...nice interface ok fine...BUT the demo lets you play ONE HAND!!!! This is asking for it. OK now lets take various Real Arcade games...play for what? Five times?!!! 45 minutes?!!! Are you kidding me? This is SOOO asking for it that sometimes I've cracked it myself!!! Just on general principle. If you are gonna ASK FOR IT...BELIEVE ME...you will get it AND BE HIGH UP ON THE LIST! Microsoft asks for it...in many ways...you figure it out. SolSuite, Real Games and a few others...you provide the motivation, stimulus and desire to crack your stupid shit just PURELY ON GENERAL PRINICIPLE alone! Not even to use your stupid software but JUST to defeat your protection because of your arrogance and greed EXCLUSIVELY!! If your demo aggravates people or doesn't even provide one complete service or function you are ASKING FOR IT!! People outside of US might not understand this following...but for US people: I'm caucasian...if I went walking in South Central Los Angeles at night...alone...with my pockets stuffed with cash...and then got mugged, beat-up or killed...would you feel sorry? Wouldn't you agree that I was ASKING FOR IT? If not then you are just kidding yourself and need to face reality. You made this environment...learn how to accept the realities of the situation...its your baby! (And a little monster it surely is!)"TIP - New Updates" (posted by Chris on Oct 16, 2003)
Have new versions of your software update a list of circulating reg codes...when a user updates to a newr version, the reg code is flagged as a pirated key and the app behaves accordingly..."Different Passcode Idea" (posted by MLong on Oct 26, 2003)
Actually, I liked one of the schemes someone mentioned. You already need a password for most software that's sent when you buy it. Imagine if the permanent pass code was:Fred Smith-Visa-4567-2929-1221-2929-12-03-DFHD-JDJD-EDFEWould you share that software, and that password, with your friends? Or post it on a warez board? "My thoughts" (posted by cpct0 on Oct 29, 2003)
Been coding for years. Had a cracking carreer once. Something I learned is that cracking is sometimes better than the real one. A software we've been using professionally is so bug-prone because of the hardware key used that we decided to use cracks instead of the keys. Computers went from 2-4 crashes each every day to less than a crash every week. So my reminder to software creator: don't piss off users more than they should. Same as for software with insanely long and cryptic keys (*cough*Windows*cough*). What the heck. People with cracks just run it through their code (or copy-paste code)... While me, the faithful customer, is blessed with having to enter one gazillion weird things on small boxes that barely support life's necessities (like backspace). What do you expect? I buy the software, but I still enter the crack/serial. On mac, it's even better organized. I have a small software with all the codes there. I own Quicktime, but it's easier for me simply to go to my app, enter Quick[cr] and copy-paste a forged serial. Real software vendors are definitely not as organized as this. On the topic of weird softIce codes, thing is: all these bad mo'fos might crash on any new Wind0ws software update because they'll somehow detect a bad instruction... many software I used to own have this problem: too cryptic software protection, won't run anymore. When it happens, I crack the software (even with my serial properly entered) and it sometimes helps resolve my problem. So for the last time, coders, do protect your code, have fun, but don't shoot yourself in the foot with creating something that is harder to use when you are legit than when you are not!"Re: Different Passcode Idea" (posted by John on Nov 01, 2003)
This is a good idea, and it's tried before, problem is that you don not get users credit card number, unless you have a merchant account or something. Also in general I would never buy a program where I would have to enter my credit card number on the developer's web site. "You\'re a cheater yourself, Richey, aren\'t you?" (posted by careful reader on Nov 02, 2003)
Why would anyone have a "[Updated: 11/3/3903]" tag on his site (second last line on the bottom) if not because he tampered the date of his system?"to \"careful\" reader" (posted by Richey / Inner-Smile.com on Nov 03, 2003)
... ever heard of different timezones across the planet? Why should I "cheat" here in any way... ok, 'nuff said - back to topic. Regards, Richey"Which is the real software?" (posted by Sumner R. Andrews Jr. on Nov 18, 2003)
I came across ACProtect and Code Coffer. I can't find any reviews on either except for one on a suspended website. The graphics are almost identical. I want to buy the software but I can't figure out who is real. Has it gotten this bad?"One site where tricks how to crack" (posted by cybernicus on Nov 20, 2003)
http://www.woodmann.com/crackz/Vb.htm,I saw two months ago one site which is open source anticrack software site with serial number generators and i cant find it anymore, and there was link to your site, i now have to protect my code. thanks"Counter measures for cracks" (posted by Ross H. on Nov 25, 2003)
Hi Richey,Some semi active counter measures for cracks when you discover you have been violated.1/ After registration keys are entered, actively look for the crack - search top windows for window text for known KeyGens, do a disk search for files and look for your app details there. All these crackers are proud to show off thier identity - easy to find.2/ If a cracker is found, quietly mark your app as bad, and next run time, from now on remain in demo mode only.3/ Have a second registartion scheme accesible only by the key board typying blindly into a non visual component. This allows you to register payed up users who fall into the trap, or honest users who pay up in the end.4/ With this - most users who try a crack will be found (and they were not going to purchase anyway), the cracker wont know how to get around it, or that it even exists, if you delay the test and negating of reg.3/ Crackers have no control over the end users using the exexutable to generate the keys, and I'd say 90% will be caught when they own just one computer."ULA\'s" (posted by Mick (UK) on Nov 27, 2003)
I like this page.I consider myself a 'normal', everyday type person. But, what REALY gets up my nose is ULA's!! Have you read them?, of course NOBODY READS MORE than a few lines, who would have time to use the program(s) if they did?there should be only ONE SENTENCE IN ALL ULA's:This software can be used as a BOOK (or a tool), would be used.What else is required??i.e. if ONE PERSON uses a utility, like for eg. Drive Image, they should be able to use it like a 'tool', on ALL HIS PC's. For eg. a screwdriver, to be able to use it on as many screws as he feels like. Not to read the ULA and find he can only use it on the first repair, or only use it on brass screws, or stainless steel screws. To find that the use would have to buy another screwdriver for EACH screw he wants to tighten, maybe make the ULA so that a the screwdriver can ONLY be used for un-tightening screws. And then provide, various colours of screwdrivers for various permutations of screws!!! THIS IS an analogy which DOES happen in software. In software it is ALL the same CODE, but with bit enabled/ disabled to get more money.So yes, software people get greedy!! they want money for every computer you may use. Dosnt seen fair or logical or moral to me!"To the community" (posted by FK4 on Nov 29, 2003)
Greetingz from Brazil. Excellent piece of paper, very nice hintz for a programmer commited to software quality. Carpathia's comments were also appreciated, adding much of a value to Richey's innitiative. Oh, another not to 'careful reader', Richey might be using stardate notation..."Nagware Spyware and the like" (posted by Sophie on Nov 29, 2003)
I dont get it. This moral high ground against cracking. When a lot of commercial developers and "Shareware" developers get up to some pretty nasty tricks themselves. Spyware? you try before you buy, but you pay a fortune given that information is currency. "Freeware" as opposed to freeware. You know you go to the website advetising freeware and as soon as you have wasted bandwith downloading it then you get the nagscreen. I think the underhand behaviour of many commercial developers is reprehensible, and quite frankly they are not in a position to complain about crackers. And this hostility towards freeware, what is that about? cant some of the commercial developers take a bit of competition. Over the last 6 months while finding useful freeware tools mainly for educational use. I have been tricked into downloading shareware, spyware, adware and nagware. I have had to clean my hard drive from all sorts of nosey parker code that slips in via the installers. And now I read of some E.U. patenting laws designed to allow commercial developers to pinch open source released on things like the GNU licence, and to patent it for themselves. If what I have read is true, can you justify what is tantamount to legalised theft. So where is the moral high ground? When I choose to buy something I pay for it. When I choose to use open source I do so. That is an uncomplicated approach. Were it not for the devious behaviour and small print tactics of some developers you would not have crackers. If you are such a commercial developer then you have only yourself to blame. You want my email adress at the bottom of this submission form, that is information, that is currency! I will be watching this account closely for spams. "Besides all that this is nice website " (posted by Sophie on Nov 29, 2003)
Despite my bitter complaints about shareware. I do like your website, the links are helpful and I have found a lot of what I am looking for. "Reverse Encryption = Decryption?" (posted by Leroy on Dec 06, 2003)
Hello,first of all, English is not my first language.There was a post telling people not to add a decyption routine in there programs.but if you don't decrypt you have to encrypt the code in order to compare.and in my eyes: when you are reading an encryption routine, you just have to reverse the routine to have the decryption routine.Am i wrong in this?"RE : Reverse Encryption = Decryption?" (posted by Celal ERGUN on Dec 22, 2003)
Hi Leroy,English is not my native language, too. First, do not add decryption. Only add encryption. For example, if you want to store reg keys (serial numbers) into somewhere (a file or registry) just encrypt the serial then save it. Next time (when you have to check if the entered serial is correct) all you have to do is to encrypt new text and compare two encrypted strings/characters. Try to find information about HASH algorithms and you'll see that sometimes you cannot find the 'original' text easily. You can use 'brute force' algorithms for this kind of code. But it takes too much time. Believe me :)"protection in general" (posted by ultrasound on Feb 01, 2004)
i think it is important to realise, that although however much an app is protectected it is not 'uncrackable' but you should add as much protections as you feel necessary to rule out the lelel of cracker required to break your protection. If it would take a very experienced cracker to break your protection, then the chances of them using the software is less than if all the newbie and intermediate crackers could break it."Plea to the hacker" (posted by jim on Apr 07, 2004)
We moved to Brazil to be close to my wife's family and so I could pursue my dream of building a business based on innovative software development. But it is a different reality here, one that brings ethics into sharp relief. Just feeding and clothing and educating your children is an everyday worry. Believe me, the question of property is far less theoretical here. There are no Ferrari's here. The banks (and shops) getting robbed are real ones and the hostages killed very much real people. There are no "books about robbing stores" and hardly anyone can afford a "getaway car."My world is much more tangible than the business-model-worlds of Microsoft or Oracle (businesses that also have far more resources than me for handling piracy). If I come up with a good idea and risk a year developing it and am able to sell it at a fair price, with each sale I can buy a new shirt for my 4-year-old son, some diapers for my soon-to-be-born daughter, or some food for our next meal. When somebody "cracks" the idea and release it to the wild, it may be true that not EVERYBODY who uses the crack would have bought it. But it's also fair to say that SOME of those would have, and that passes directly, in a very non-theoretical sense, to the plate on my table.I believe that crackers are by-and-large frustrated adolescents (or adults stuck at an immature phase of development) still under the care and influence (real or otherwise) of mommy and daddy, pursuing their craft for the sake of pride and vanity. People who have matured beyond adolescence, who love and are concerned with the welfare of at least one other being, invariably try to become productive, contributing members of society. To those of you stuck in adolescence, I offer the following fervent wishes: may you someday discover the joy of finding others in life more important than just yourself; may you meanwhile respect the basic rights of your fellow human beings, however great or small; and may you ALWAYS sleep well at night knowing that at least if you're not helping your fellow man/woman, you're not hurting them either."Developers vs Hackers" (posted by Kyle Kepley on Jun 08, 2004)
I can't help but notice that there are two distinct type of people posting on this discussion: mature, ethical contributors to society who have a sound understanding of economics and the way the world works, and juvenile, socialistic self loathers who are completely ignorant of how the free market works and who choose destruction over creation. The former has a tendency to make money, while the latter has a tendency to complain about being poor and has a deep rooted, envy based hatred of anyone who has managed to make themselves rich. The first group works hard to make products people want, the second group works hard at thinking up convoluted justifications for undermining the hard work of others. The software developer vs the hacker. The producer vs the looter. The capitalist vs the communist. The people who make the world a better place vs the sad, sorry sacks who's own abilities are restrained by a disgusting display of moral bankruptcy."Crackers are a--h---s" (posted by JJ on Jun 10, 2004)
I write software for a living. I have a disease which physcially makes it impossible for me to work for a business. So I work from home. Most of the software I write, I offer as freeware. The few applications I sell are $5 programs. Mind you, these are still applications I've worked for a *long* time on (sometimes even years) before I make them available. I don't want to get rich with these program, I just want to be able to feed my family , put my kid through school and pay my medical bills. And even though these are $5 programs, crackers still find it necessary to write cracks (or key-generators) for it. The result? Sales drop, my income drops, I can't support my family, I can't give my kid everything she needs, I can hardly pay my (medical) bills. And all because these f------ crackers think it's "l33t" to destroy other people's hard work. These programs are used *a lot*, download numbers on crack sites are in the (tens of) thousands, yet salesare minimal. And are they perhaps not worth the $5? They absolutely are, judging by all the (very) positive reviews they have gotten on the legit software sites. But when you do a search in a search-engine for these programs, you first get tons and tons of sites that offer the cracks before the legit sites are listed. So to all those crackers reading this: you have no f-----g clue what the effects are of your cracks. You have no f-----g clue what you are doing to the hard-working guy who is just trying to make a living. Yes, I despise crackers. The first person that will tell me to my face he's a cracker, I will rip his head off."RE: Reverse Encryption = Decryption" (posted by samual on Jun 19, 2004)
You say encrypt but never decrypt. Then to compare two encrypted strings/characters. When your code goes to do the comparison it can be seen by the cracker. Also where will you keep this string safely to compare, inside of data structures?"Cracking software" (posted by ProgrammerKamen on Jun 20, 2004)
Ok. So you can crack a piece of software. What's the big deal? So you're big and bad, and striking against these 'corporations' that seek to deprive you of your hard-earned money. *rolls eyes* Unless you're M$, you put a lot of time and effort into a program, and you want to see the time invested be rewarded. (If you are M$, then all you worry about it making money, and providing complete crap to your customers, but I digress...)I write programs that are meant to be used. But protect your hard work. If asked, by sending an e-mail to tuxedokamen1999[NOSPAM]@sbclobal.[NOSPAM].net[NOSPAM], I can tell you how I managed to secure a purchase-only program I wrote, using resources provided by my employer. This solution may not be for everybody, but I hope you will glean something from it.On a final note, I myself have managed to crack a couple of programs, that was back in my younger days. (Yet, is 24 that old?). However, after cracking it, (and if it was weak enough, I found my way in), I usually sent the crack, along with possible ways to nullify it to the program creator. In was by doing this that landed me the job with the company I am still with today. But be careful doing it, as some companies will prosecute and press charges for doing stuff like this.Note: Anti-spam is in place. To send e-mail, remove what ->obviously"crackers get rich by sucking on developers" (posted by Robin on Jun 27, 2004)
Thanks for a great, informative webpage. As a developer whose app. has been cracked, I've first hand experience how crackers make money with my app. We sell software that enable a PDA to replace electronic gadgets that are 2x to 10x the price of our software. So there is no reason to accuse our software to be too expensive. But they are being cracked anyway. Many of the warez sites of p2p sties use a membership system with paid subscription as platform to exchange warez and other copyrighted material. I've found one having crack of my software with over 20,000 members and charge about US$10 a year, amounting to over US$200,000 a year. Strange these 20,000+ people don't complaint that they are poor guys when subscribing to such servers. Some others, normally operating locally, charge $2-5 per copy of cracked software. Yet another kind of web sites give out warez free but include other things they sell for money. Unfortunately, our software is attractive enough to get the attention of the above 3 types of criminals. I discover your site too late, and have to figure out other ways of making a living at the moment. In general, the current state of cracks and warez lead businesses to create hardware products if they have an option so as to ensure their revenue. Buyer of hardware feel OK to pay twice when they replace or upgrade their hardware, but expect software to be upgraded continuously free of charge. This leads more businesses to engage in hardware products to get a fair deal instead of providing a software solution with a lower cost of ownership and more convenience (often even better results due to the higher UNIT cost of designing, optimizing, and producing hardware that are sold in low volume. ) for the user. As a result of their behaviour, consumers help criminals to kill good software developers and get higher cost of ownership for their solution. By cracking down on cracks, apart from saving the life of good intentioned software developers, we are doing planet earth and the consumer world a favour. Congratulations for bringing us closer towards this worthy goal."\"crackers get rich by sucking on developers\"" (posted by Thiez on Nov 23, 2004)
Robin: I dont think you can compare hardware with software. Buying something you can 'touch' just feels better than buying a lot of ones and zeros ;)As for crackers being evil thieves: I've been cracking some stuff (I'm not good at it, though), and I do this just for the fun of it. I never spread any of my cracked stuff on the internet. It's just like the guy who made this page says: 'cracking a restricted software program must be like solving a (sometimes very tricky) riddle, and you might get addicted to the feeling of solving them'As for the poor developers who write the software: I understand you dont like it when your software gets cracked and you're losing money that way, but the only programs I've ever tried to crack are programs that I wanted to use for like 10 minutes, then never again. I'm not paying for those 10 minutes, even if the program just costs $1, when I can try to crack it and have lots of fun that way. =)"You want to help out people and they steal from you as a result" (posted by Pete on Dec 03, 2004)
First. Nice site, I wish I had read this a couple of years ago.Some of the remarks read here make my blood boil. It's sad that people actually have no problem with stealing your program.I think I read this here as well, but I can only repeat it,by hacking all these smaller but often innovative programs they only strengthenthe imperium of large companies that charge high $ prices and kill all possible competition.One could almost argue that the hackers actually work for MS and the lot.Take me for example. I thought of a unique way to help people deal with a certain issue and I spent (+)two years of my life developing a solution after work.Because it's not about the money really, that was definitely not why I developed it, I left 80% or more of the program entirely free (no nags, no nothing).And I deliberately kept the price of a license low (then $20, now $25,95 to be able to maintain it ($ vs €).The program is popular, Especially the free part, so 2 days after release of the 20% payware part there was a Serial Key Gen. out.They didn't need it for the free part but still ... they wanted a keygen.So what happens is that the few would-be paying customers now have an easy way out.And that is frustrating because what they forget is that bandwith is expensive, that ecommerce is expensive and that time needs to be compensated or the effort will dry up.The challenge is to be able to sell enough copies to get some financial freedom and try to make it a full time job with as a result a far better product because much more time can be invested.Ít's the chicken and the egg, and what these hackers often do is trash the egg ... and the chicken has to die sometime.You can get a self-sustaining program, where the licenses pay for bandwith, ecommerce etc. but if the people behind the program don't get paid and need to find other ways to feed their children it ends sometime.I LOVE the idea of $5 dollar software. If it were possible I'd do it right away. But fact of the matter is that the program would STILL be hacked. And fact of the matter is that the license income would not cover the costs anymore.In retrospect I made a capital mistake by making my software so cheap. I was hoping on the fairness of people.Another blood-boiler I read here was "make your protection better so that it can't be hacked".So what ? ... we should spend two years deveoping THE protection that can't be hacked and what about the real innovative functionality then ?That's not a wise statement people !"some thoughts" (posted by Cj. Evil on Jan 06, 2005)
I have just two things to mention: First things first: if you let your programs to be cracked, then they WILL be cracked. What I mean is, that today the best prot. scheme is definitely the Crapware.The second one: every real cracker is a programmer too, and every real programmer has cracking experiences. Otherwise the "cracker" would be script-kiddie and the "programmer" would be simply a mathematician.Ohh, anyway how can you make a program(which detected that it had been cracked) NOT to register?? The cracker will rip those algo-s in hurry, in 70% of cases in the way he did with the reg. algo. ...That is for now. BYEZ!"Common lies about software piracy" (posted by Joel (from France) on Jan 18, 2005)
Theses advices are based on my experience with a shareware i have been selling for 2 years and a half. I'm not saying the name of the shareware because crackers would spend the next year trying to ruin my business if i did so. I won against crackers, and you can win too. They are so weak and stupid. You can easily beat them only with a custom keygen encoding, plus a call-home system. (1) You can't stop crackers. --> False, you can make the cracker spend more time than he has to spend, and then you just won. Don't believe shareware programmers telling you it's worthless to protect your program. It's not because they don't have skills that you should listen to them. Just make a better protection than these loosers. (2) Programmers are greedy. --> So are crackers, they earn money some way or the other. And what if someone is really greedy ? What is the problem ? There's nothing to be ashame of. Everyone wants to get rich. Not everyone can. If you can do it, just do it. (3) Don't spend time on your protection before improving your product. --> Actually this is completely false. I have spent 2 years improving my software and i sold 150 copies in 2 years. Since i have come accross this page and Fravia page, and spent all my time protecting my software, i sell a 100 copies per month, and it's going to be a lot more in a few months. My software's code is composed of 75% of protection, and 25% of real software. And I am getting rich by now. (4) Be honest and have low prices for your products, and hackers will not try to crack your software. --> Hackers are criminals, they steal your money. They don't care about your morality, they do it for money (just like you do). (5) If your software gets cracked, it will be popular, and your sales will be increased. --> Hell no! Are you so stupid to believe that ? Will you pay for something you can get for free ? This is only true for very large companies, and it's getting less true theses times. Even M$ is working on greater protections. Times have changed. (6) As a shareware author, you lose money because of cracks, although you deserve that money. --> No, you don't. You deserve money if you write a good protection scheme. Otherwise you deserve to change your job. Be pragmatic. Life is not like a Disney picture. (7) Don't put your full version downloadable on internet. Make a demo version. ---> It changes nothing, anyone can get your full version on p2p or warez sites. Write a great protection scheme, that's all you can do. (8) You can make a crack site closed by reporting it to its ISP. --> True, but worthless in pratice because it's so easy to re-upload. This never works. Never, never, never. Believe me, i have tried. (9) As most hackers say, you should release a freeware and ask for donations. --> HA HA HA, this is the most funny. Wake up my friend, you are living on a planet called Earth. :)"Full ack" (posted by ElGamallo on Feb 11, 2005)
@Joel: full ack to you guy. I have written some shareware tool together with a friend of mine some two years ago, and i invested more time developing a tiny but effective copyprotection scheme than we did in developing the "real" code for our initial release. pages and articles like this one from richey, lazarus or fravia helped me a lot to succeed in this, but some few crackers helped me out as well, by giving me hints and explaining their way-to-crack to me.those "we crack just for our sense of fun"-guys are very seldom, yeah, but they DO exist, and if you're lucky and meet some of them, from a developer's point of view, make some use of this chance and try to learn from them as much as you can about preventing them from their doings.the success of my friend and me with our tiny program proves itself - our tool is uncracked to date, in spite of the fact that we went deep into the scene and endorsed the crackers to try to crack our software - and all of them who tried have failed (and that, dear friends, on a VB6 program which is a pain in the ass to protect!! ;) ). more than 30.000 downloads from our website, and more than 300.000 copies published on several CDROMs of computer magazines should have been enough encouragement for at least SOME so-called 1337-cracker to give it a try cracking our 15-EUR-piece-of-"coder's-greed", but obviously it didn't.so, my message to each and every shareware coder who does not believe in the effort of developing some good and strong protection scheme: GIVE IT A TRY, YOU WILL SEE IT'LL HELP YOU!"Even freeware with option to buy a license (just to show support) gets hacked" (posted by Pete on Feb 12, 2005)
>... That is obvious nonesense. Look at IrfanView for instance. GREAT and FREE software and if you Google a bit you get tons of keys and KeyGens. Hacker communities want us to believe that they do it for the greater good. That's absolute nonesense, if they truly would support developers that do an effort to provide low cost software this wouldn't do this. They're simply into it for their own benefit, beit money or "fame" or ...> .... GOOD for you ! But isn't it sad it has to be like this ?> ... NONESENSE ... It's always about the product, not about the protection behind it. A good protection is a must-have, agreed, but it should never be about the protection in the first place. > ... I think there is dose of luck involved. Custom encodings can be hacked as well. A lot depends on how wanted the software is. For a 100 sales-per-month-interest they might not bother, but for 1000 or more copies per month things change and "better" hackers start getting involved. It all depends who (and how many) want it badly. And calling home is often not accepted when the software has little to do with the internet to do what it is designed to do (e.g. a txt editor doesn't need to call back, so people will block it via firewall)."Previous post not complete" (posted by Pete on Feb 12, 2005)
It seems that the way how I formatted the text has caused the script to remove parts. I hope it still makes sense."Dudes?!" (posted by Ron on Mar 02, 2005)
Hello! Great site. I've never seen so many developers and crackers come together without yelling at each other (almost). I'm a programmer and personally almost none of these posts offended me. Maybe only the ones where the crackers talk about taking from the "rich". I am by no means rich! But that is besides the point. It has to take you at least a couple of hours to crack some software. If you spent that time a little more wisely, you could easily make twice the price of the software writing your own. You know you're smart enough! I know you are if that helps. If you can crack a program you know you can write the stuff too! It's infinitely harder to crack a program than it is to write one. I just hope to motivate the crackers a little bit to do something more cool with their talents. I don't mind people stealing my software if they're "poor" but when you release it to the general public you're helping those "rich" greedy folks too. There's no discerning there. In many cases you're taking from the poor folks and giving to the richer folks! I know lots of rich folks (even a few millionaire's) who will crack a program to save 20 bucks. I personally have written a freeware program and had someone rip my own name off the software and put their name on instead!! What's up with that? But I can take it. I remember when just about everything on the net was free and those were the good old days. I'm just asking to please put your cracker heads together and write something of your own (even if it's free) that will REALLY benefit everybody. Talent should never be wasted and most of the people who download cracks don't appreciate you anyway, and I'm sure they forget about you when the next better crack comes along. Take care."My oppinion on this" (posted by Zipplet on Apr 02, 2005)
I'm a software developer - I haven't yet actually released anything as shareware - only some freeware. My point of view on this is - if the software is sold for a reasonably low price (say, £5-£10?) people that REALLY like it should pay for it. Those poor people that genuinly cannot afford to pay for it should feel free to use cracks, but then should NOT contact and ask for tech support. The honest people need to pay up. One tip: make sure you release plenty of freeware on your site too, and have nice "non-garbage" lite versions of your paid software available. An example of non-garbage may be a game with only one third of the storyline (the same as having 1 book out of a series of 3 books), or a word processor that is fully functional but missing the spellcheck or template features. I must agree with a lot of the crackers views here - which is that a lot of paid-for software is CRIPPLED unacceptably in the demo/lite versions. Such things would piss me off and deter me from buying the full product too. The solution is to either release everything freeware - people will thank you greatly for it - or release low cost shareware with nice "lite" versions available."Few thinks about cracking" (posted by NiTr0 on Apr 12, 2005)
I'm software developer. Most of my projects are freeware. And I'm beginner cracker. I live in ex-USSR and I haven't enough money to buy, for example, M$ Windows for $80. Or something else for $100-$500, because in my city monthly payment $100 is VERY good, many of people works for $50/month, and students gets grants for $25/month. So I think that even $10 for something useless like screensaver is a very high price for peoples of my country.And I think that the ONLY way for anti-piracy is the FREEWARE to single users (or Lite versions) by I-net or on the media with cost near to the media cost (pirates will not reproduce CDs that don't get them a BIG MONEY) and reasonable prices for organisations with the government control of used software - low payments forms an good society opinion for the piracy (it's usually to go to the friend with hdd to give/take an game, film, MP3 etc) and it's no chances to fix this except to increase the payments for peoples - or back to the totalitarism.And REALLY single chance to protect your software in x-USSR now - hardware key. Not simple key, but the part of the algorythm that is implemented in hardware. And result of it's work is checked only by CRC (no software duplicate of hardware key). With software protection of course. Now it's present a very cheap solution - using generic MCU: Atmel ATTiny/AT89, Micrchip PIC, etc. This solution is good for corporate clients and software that is oriented for special clients - CAD software, special databases etc. For mass software sometimes there is more effective solution - AdWare or FreeWare from the site with banners. Or make FreeWare hard-to-use-and-understand software and make money with tech support. Example of this method is Linux - RedHat makes big money on the support and customizing of the Linux while commercial Unixes makes much less money for their developers.So IF you think that your program is interest for MANY peoples and it costs money, REMEMBER: there are not only lamers and users who like your program, there are also a programmers and crackers. So if your software has Lite (free with enough functions for most users) version and GOOD protection, the chances of cracking it are much lower - cracker don't want to spent hundreds of hours at the disassembler/debugger for nothing (or practically nothing - expert features are useless for many users). Example of this method is Compass 5.1 (engineering CAD) - Lite version (free) can produce only one detail, full version can produce assembly of the details, and many other features. Full version is protected by the hardware key. It's already cracked because it uses usual hardware key that can be emulated on the driver-level. But I think that it was hard work."Ur the only one to answer" (posted by Vikramjit R.Rai on May 28, 2005)
Hi, This was a really cooool page. I have been searching everywhere to protect my small work. But this page gave me some real genuine tips. Thanks a lot to Richey. Great work, keep it up."Software Piracy" (posted by Javelin on Jul 01, 2005)
The tips on this site are right on. I use to enjoye cracking and learned alot. But now, i have more important things to do and the protections schemes are getting exponentially more difficult to reverse engineer. I could say alot more but the bottom line is this. Writing good code that accomplishes something useful requires alot of blood, sweat and tears. There is simply no excuse for piracy i don't care what angle you look at it. If you think a developer is charging too much for his software, then write your own. Plain and simple. You don't have to buy it, but don't exploit it. Or, sit down, create some software that does the same thing or maybe even a better job and offer it for less. Or is it that you are too lazy and rather shred another mans hard work. Anyone with a brain knows that there really is no excuse! "Suggestion" (posted by on Jul 08, 2005)
I believe that at the moment we have a fight among those programmers that we develop software and the hackers, don't care if our application is not hacked if the similar application of another developer if this.I would want to compete with other honest developers, in a fair competition.I believe that if ite is not solved this situation, difficultly I will pass years developing another application.I believe that we need the collaboration of the antivirus makersas Norton and MacAfee to solve this situation.An application hacked should be considered as a virus and eliminated."Pro anti-debugging" (posted by enki on Aug 07, 2005)
Hello All,I'm a former scene member with quite a bit of anti-debugging experience. It keeps surprising me to see everyone make the same mistakes over and over again.It really comes down to a couple of simple points. First off, there's no good encryption for this type of problem. Even an assymetric RSA does you no good. Let me tell you why. Say I've got an RSA encrypted license file.Great, that means that the decryption key is inside the distributed exe. Which means the hacker can simply generate his own keypair, then changethe key in my exe and still generate a valid license ..So, a strong encryption will only protect against "outside hacks", thatdon't involve changing the code.An RSA encrypted license is a good starting point, but it puts all thestress into protecting your embedded key.And that's my next point. IMHO, the only way of idling any hacking attempt is to make sure that hacking tools out there won't work ..The only reason that hackers can locate the right place in huge binary listings is because of good tooling. If you takeaway those tools, all is left is millions of assembly instructions to wade through ..I've had very good experiences with the following techniques :1. Write and use your own dll-loader. Put as much code as possible in dll's, and load as much dll's as possible dynamicly. Everything loaded with thisloader will just look like a big binaryblob in the debugger. (Which will notrecognize it as a dll, and not find anyof the functions ..) .. I've done this even for system32.dll .. (making it impossible to break in say 'isdebuggerpresent')2. Vary the addresses where you loadthese dll's (every run everything shifts)3. Do UPX these dll's, simply destroythe header a bit so that they cannotbe decompressed. (compensate in the loader for what you destroy)4. Put them all in a virtual file systemthat you put behind the upx'ed main loader. (this way, they think the exeis upx'd, but decompressing it destroysit completely ..)5. Mix calling conventions.6. User several checking functions (inline), choose with a random ..7. If possible, have your program behaveexactly the same, but produce invalid output. (so that a seperate test is required) (I do this for my compilers..)(This way one cannot trigger on behaviour)8. Use multithreading, or even multiprocess .. a bitch to debug ..9. you could debug yourself .. (start your real ap from a 'pseudo debugger', this extra indirection makes it a lot more difficult ..)It all comes down to taking away the tools .. no hacker wants to read a million lines of assembly .. get yourself a coy of softice, oledbg, .. and play around untill it wont recognize a single function ..GL !e."New concept in software protection" (posted by SoftComplete on Aug 11, 2005)
Most of the protection schemes available uses so called mounted scheme i.e. protector adds to your application some code that is executed before the program start and make an unpacking, decrypting and adjusting of the application. Some antidebugging actions are also taken.Cracker's actions are pretty obvious - to suppress antidebugging tricks and dump unpacked and encrypted application's code. Disassemble and analyze the code received and after a little fixup work he gets a fully functional unprotected copy.Weaknesses of such kind of protection schemes are obvious:• Protection code added to an applications are more or less constant and soon or a later it becomes a subject to detailed analysis. After analysis job is done reverse engineering of the applications protected with such protections becomes a snap. There are also a known facts about full automatic deprotectors have been written.• Protected code is encrypted. But before the execution protector has to decode it and pass the control to it. This moment can be intercepted by the intruder so he can get the access to the original code for analyzing/modification. EXECryptor 2.x uses conceptually new approach to protect software applications. The essential of the protection technology is a brand new concept of the code transformation calling "Code Morphing". The code block to protect is disassembling and becomes a subject to a nondeterminate transformations which destroys the visible logical code structure. It is important to note that after the code transformation it remains executable and working as it is suppose to but it size will increase by a couple of dozens times, thus it becomes a really paintfull to analyze transformed code.There is no concept of the code decryption with EXECryptor unlike the others. Protected code blocks are always in the executable state and they are executed as a transformed code. Code restoration is an NP-hard problem.Below is a code sample generated by the Delphi and a partial (the full listing contain above 500 instructions) listing of the transformed code.Source code>writeln('Test OK'); After compilation:>mov eax, [$ 004092ec]>mov edx, $00408db4>call @WriteOLString>call @WriteLn>call @_IOTestAfter the code transformation (partial)>xchg [edi], dl>db 3>add al, $30>xlat>call +$000025b2>jmp +$00000eec>call +$00000941>or al, $4a>scasd>call -$304ffbe9>rol eax, $14>mov edi, [ebx]>jmp +$00001738>mov ebx, eax>shr ebx, $03>push ebx>jmp +$0001b5e>call -$000001eb>jmp +$00003203>jmp +$00005df8>call +$00000910>adc dh, ah>fmul st(7)>adc [eax], al>les eax, [ecx+$0118bfc0]>stosbhttp://www.strongbit.com"Open source your code..." (posted by MV on Sep 21, 2005)
As open source is becoming more and more common, your precious application will be eventually replaced by an open-source one. You can make some money writting open source, and if you don't, at least your work won't be lost in oblivion. I know writting code is hard, I do it all the time and make some money from it."marketing rulez" (posted by ripper on Sep 22, 2005)
interesting to know if othervise successfull sales was ruined by crackers? i mean winzip iz a very successful program and it's codegens are known since very old days , but the company never changed the generation routine ,wonder why?you better invest in marketing "A Little Protection Goes a Long Way!" (posted by MonsterManager on Nov 17, 2005)
I've always taken the view that in most cases if crackers crack my team's product who cares??!The fact is that 99% of our customers don't use cracks and for the 1% that use our cracked software illegally, I doubt they would have bought it from us anyway if a crack wasn't available.Before you design some really stong protection algorithms ask yourself the simple question - is the time I put into this going to cost me more than the business I'd lose due to crackers. 99% of the time the answer is yes.What's more is that strong protection usually increases legitimate customer frustration with the product! At the end of the day all you really want to do in most cases is keep your customers honest by making it difficult for them to use the product without a license - so simple protection mechanisms are the way to go. If you must have stonger protection use a hardware protection route and propriatory software protection.A little protection geos a long way! Who cares about crackers - let them crack away!"Hackers need to go study how capitalism works" (posted by Jimbo on Nov 22, 2005)
Most hackers think they are clever. While this may be true, they are very sheltered. It is easy to be an expert in a small field. Being an expert in a large field is altogether a different matter. I recommend hackers spend some time learning how capitalism works as a side project. Once you've done that (if you do it properly), id suspect you may then decide to spend your time on more worthwhile things."Some Comments" (posted by Error404 on Jan 03, 2006)
I'm developing for 5 years, making some freewares and cheap sharewares. I don't want to defense from developers and attack to crackers, only have some fairly comments: (plz excuse my bad english)"To shareware authors (1)" (posted by Error404 on Jan 03, 2006)
Release bogus cracks for your own program!?! yes, it works great! just suppose that a user searches for a crack or serial for your app and finds a long list of them. he gets first and uses it, what happens? maybe a crash or a strange error! (it depends on you!!!) he gets second and third but only errors and crashes! now he may be disappointed from crackers and hate them. hence: make non-working cracks and serials for your app and spread them on the net and mess-up warez site, use name and logo of famous crackers to hurt their position (I don't think its illegal!). Its better to make your cracks work for some days (to fool them) and then punish the violator, in this way your bogus crack-serial-keygen will spread automatically on the warez and serialz sites!!! if all of authors do this, it has some advantages: 1) Cost of warez and serialz sites increases and they start to get f----d. 2) Users would find it cheaper to buy the app in compare to searching hours and hours for a working serial or crack. 3) We can punish everyone that uses this cracks by ourselves method. 4) By passing the time, almost all of the users will be frightened from any crackz ]:-)>"To shareware authors (2)" (posted by Error404 on Jan 03, 2006)
Try to make more powerful and feature-rich program! the experience has shown that if a shareware worth its cost, users with enough money in pocket would buy it instead of illegal using. Spend your time to develope more and better features instead of making a hard-to-crack protection. I have some free programs on my PC that I would buy them if they was even $50, but I have also uninstalled some cheap sharewares because they wasn't nothing than junk. We must encourage users to buy our program, not to stop the crackers. If we do our job good enough, potential customers know what to do. Another thing is that if people can't or don't want to buy our shareware, they also wouldn't do that if there is no crack, and they will search for a freeware-alternative one and you know that they would find."To crackers (1)" (posted by Error404 on Jan 03, 2006)
You crackers!!! some of you claim that shareware authors are greeder and want to get rich quick, so we must hurt their business and crack their expensive programs to help poor people! Now I have a question from you: Do you fire a taxi to stop the taxi driver getting rich??? Doesn't developers need to make money? If you think that a developer with a small business can get rich quickly and easily, then you are free to make cracks more and more. Another question: Suppose that you have worked hard to crack a complex protection and finally you success and release it to public, after a few days you find that another guy has released your crack with his name on it!!! what do you do? obviously you must do nothing against him, because your goal is helping poor people !!! :-> >"To crackers (2)" (posted by Error404 on Jan 03, 2006)
You make richs richer - want or not, you are making richs and huge software companies richer than before by cracking sharewares owned by individuals and beginner programmers. Big companies spend a lot of money to advertise and promote their software, they pay to download sites to get a higher rank and more downloads and to include their product on newsletters, always their product (that is often expensive) is in the view of users, they have enough money for supporting services and having a good-looking website, so their sale is excellent and more money is going to their acounts. Does M$ loses many sales when there are easy access to serial and crack for all builds of Windoze??? They never lose mony when you crack their program, but what happens to an individual or small business? Most of then lose almost all of their sales and can't compete with the powerful competitors, so they go out of business and make more room for huge companies. BE AWARE OF WHAT YOU ARE DOING AND WHAT HAPPENS!!!"To crackers (3)" (posted by Error404 on Jan 03, 2006)
Write your own free software - Do you have ever tried to write a good software? if yes, was it freeware? You are talent, you are clever and you are genius. So only for God's sake, try to write free softwares like those expensive ones that you crack. I'm sure that you can afford it. Make a nice freeware and then you can proudly claim that you are supporting poor people, not adding another one to poors population. ;-)"Right and wrong" (posted by terminator on Jan 08, 2006)
It is WRONG to crack software from a small company because it is depriving an often lone author from making a living.It is NOT WRONG to crack a program froma major publisher that sells its' waresat outrageous prices. If only to allow people to try out the software and avoidbeing ripped off, it should be tolerated.90% of the pirated programs would never have been sold anyway because the peoplewho use those cracks can't afford them in the first place (students, kids learning computers, poor people).It is only FAIR to let these people have a chance to improve their skills in a democratic fashion and not just in a capitalistic fashion (the rule of the rich).Micro$oft has used illegal means to force PC makers to include its' crapproducts with their machines. Might makes right in this world and thesooner you realise it the better.Copyright was originally for 10 yearsin the first US constitution. Ever wonder why it has been extended repeatedly since then up to 90 years after the author's death ? Because bigcorporations have paid and lobbied fornew laws to make sure the public domain doesn't become a threat to their amassing ever more wealth.Why do you think M$ is buying up contentproviders or going into games ?They want to OWN CULTURE and from thereyour brain !Wake up ! Fight the PIGS !!!Authors should be rewarded but not megacorporations for abusing their IP rights acquired by screwing the original authors (employees) and crying crododile tears over "lost sales" that would never happen.End of line."crackers get rich by sucking on developers" (posted by m42d on Apr 04, 2006)
errrr.. wtf, tell me how please.. i crack software and dont have a penny left in my wallet. i just crack for the fun of it.. protection on software is like a puzzel to me. even if all software is open source i would still crack stuff just for the fun of it.. yarrrr...."Money trail" (posted by 90h on Apr 05, 2006)
Personally I don't think M$ would lose sleep over a crack or two. It was a tactic to get the software out there to the masses and leverage their own product ("What? you can't open a .doc file?.. EVERYONE can!.. Just get M$-Office!"). It's the small developers that end up losing. If cracking is for fun - then it stays personal. If it's for a political stance, then only pick on the big boys. Just my take.. besides, small dev's protections probably aren't as challenging as the big boy's multi-million dollar investment. "RE: Mediocre Crap" (posted by Craig Miller on May 25, 2006)
hahahahaha, if it's such crap software, why are you downloading cracked versions of it, or even cracking it yourself?And what makes you think those who write software don't deserve to be paid for their work? If you don't want to pay for it, write your own and quit whining about the high cost of "mediocre crap". I think $30 is a small price to pay for something that would take me months to write myself (and I am poor as hell). In most cases, I can find something just as good that is free.Personally, I don't mind people cracking my apps. I make self-checking methods using md5 checksums and throw in many of the above mentioned tactics. I figure if someone is capable of cracking it, they've earned it. I just don't think they should distribute it once it's cracked.The best (imho) method of protection is crippleware. For a crack to be successful, it will have to write in all of the functionality your demo left out. Then all you have to worry about is the distribution of your full version (I leave the issue tracking the origin of pirated software for you to figure out)."Freemongers" (posted by Smitten Kitten on May 31, 2006)
How do poor people feel about their employer making them work for an unfair wage? Just as a developer! We get just as tired of going to school for 16-18 years just to get minimum wage. If it weren't for M$, we wouldn't have the inexpensive PC's to hack on. And Linux/Free BSD would only be available to university mainframes. Take "free" out of your vocabulary. You don't work for free so why should someone else work for free just because you like the "challenge" of cracking. Fine. Crack all you want. Just don't distribute the cracks if that's really what you're in it for. I think the same thing motivates the crackers that motivates M$ - MONEY!"Reply to \"Different Passcode Idea\"" (posted by cvd on Aug 18, 2006)
""Different Passcode Idea" (posted by MLong on Oct 26, 2003)Actually, I liked one of the schemes someone mentioned. You already need a password for most software that\\'s sent when you buy it. Imagine if the permanent pass code was:Fred Smith-Visa-4567-2929-1221-2929-12-03-DFHD-JDJD-EDFEWould you share that software, and that password, with your friends? Or post it on a warez board?"Yeah, because at that point you would obviously had registered the program with stolen creditcard information."Free Lunch" (posted by SamSpade on Aug 25, 2006)
Interesting that the people who demand that such-and-such should be free always view it from the angle that they'll be receiving the free such-and-such as opposed to making it. The fact is, nothing that is useful or entertaining is free. Time and resource are expended in the process of making the thing. People with this mentality are in a state of perpetual childhood. When you're a kid, food appears on the table, clothes in your closet, a computer on your desk, all as if by magic. Some people are unable to switch out of this mode. They end up as perpetual children, with corporations, the government, their bosses -- take your pick -- cast in the role of parent.
Your comment / suggestion:
Would you like to suggest another method, comment one of the mentioned ones or just tell about your experiences?
Sorry, the posting feature was removed due to SPAM abuse, but:
To ease discussing the complex aspects of this topic, I've set up a new discussion board and already started a first thread about Cracking Prevention. Feel free to contribute your points (also followups to the postings above) - what an amazing and interesting discussion!
Posting on the board also has the advantage that you can format your posts and post much longer text than here.
Enter the board HERE ..
Links of possible interest
General information, organizations etc.
Find out who pirates your software
Online forms to report software piracy
click here if you want to see your sponsored link at this place!
Thanks to Fravia+, Carpathia and BuLLeT (all of them crackers),
who allowed me to quote some of their experiences and knowledge on this page.
Just some thoughts..