by Dan East » Dec 20, 2002 @ 4:48pm
It took 8 months to crack DEXplor, and only then because I left a vulnerability in that I didn't want to spend time working on and delay the initial release. It was more important for me to provide the community with DEXplor than spend too much time trying to prevent warez users from not having it.
Most "cracking" is done using a hex editor and changing various bytes to 0. This can be used to fall through conditional logic branches because an opcode of 0 is no operation. So if you have something like "If not registered GoTo here" then replacing that conditional branch with a 0x00 will cause it to fall through and not branch when unregistered. Obviously you can reverse your logic to require a cracker with more experience (If Registered Goto here). Again, the idea isn't to make it completely hack-proof, but to protect against the trivial hacks requiring no skill and the simplest of software tools (hex editor).
Another example is a MessageBox. If you have a message box that pops up and asks the user to register, then a hacker can simply find that string and replace the first character with a 0 byte. The Win23 MessageBox routine will not display anything if it is passed a zero length string, so the whole message goes away. You can use a basic cipher on your strings to prevent them from being hacked in this manner.
These are simple things a programmer can do to make it much more difficult for a kiddie-hacker to crack. Basically what I did with DEXplor is require at least some degree of intelligence to crack it. And even then they had to create a separate key gen program that works with the hacked version, so they still have to generate and use a key, making it a cumbersome process. A warez user certainly can't just copy the cracked version onto their device and use it. They have to do some contortions first.
Finally, most warez people will not buy the software regardless. Yes, they are very good at coming up with excuses and flawed logic based on the premise that they somehow help software development. While I, as much as any other developer, would like to prevent warez users from having access to something they don't deserve and didn't contribute to (ie purchase), in the end it costs me very little money. Most of them either can't afford the software in the first place, do not have the moral integrity to do what is right, or don't have the intelligence to realize that the only reason programmers are able to work full-time developing new and cutting-edge Pocket PC software is because they get reimbursed by consumers (if their product is worthy).
What comes around goes around, so they will get theirs in the end. I've decided I'm not going to invest undue amounts of time with elaborate protection, because my time is much better spent creating productive and new things for the benefit of the community. [steps down off of soap box]
Oh, if a single post is made to this thread exhorting warez in any way, I will delete the post and see that the poster is banned immediately. If I want to waste my time arguing about warez I will go to the warez community. They can stay in their illegitimate place, which is out of the public light that the rest of us enjoy.
Dan East
