article

Copy Protection (LockX) (Copy Protection Scheme)

Email
Submitted on: 1/21/2015 5:51:00 PM
By: Tom Brennfleck (from psc cd)  
Level: Intermediate
User Rating: By 4 Users
Compatibility: VB 6.0
Views: 884
 
     A Discussion of two Copy Protection Schemes offered on PSC. Included are a patch file for the latest LockX project and one for the 'Copy Protection Scheme - A Challenge' project. Both files are a compile of the example projects provided. I then created a patch file which defeats the protection. The Patch File applier will only patch the provided files so if you want to patch a different file you need to create your own patch file. Which is as in the real world. If the Patch File applier is run a second time then the patched application will revert to the original.

This article has accompanying files
 
				LockX and Copy Protection Scheme - A Challenge 

I have decided to write a small copy protection article, mainly to summarise the previous posts and to help me get my mind around the idea, which I will present towards the end of this article.

First lets look at some of the statements made previously,

I will take LockX first,

Statements made were -
* The system is bullet proof

This is one of the comments made for the first version, I thought yes great finally something on the protection side. Before I got the chance to have a look at the code, version 2 came out and its 200 times more secure.

One of the Statements made was -
* LockX 2.0 Software Protection is the ultimate security system

I finally got some time to check the code, it took me all of 10 minutes to figure out a way of bypassing "the most secure ActiveX control ever " yep.

And then there was version 3 with the comment

* LockX 3.0 Software Protection is the ultimate security system (100 times more secure then Version 2.0).

I spent about 5 minutes on version 3 and it was bypassed, my be the authors comment should have read 100 less secure ? .

Version 3.1 was not any better, so we are now at version 3.2. Ok the OCX has been removed, but is it more secure, I don't believe so.

Attached to this article is a patch file, which will patch a particular LockX protected application. In this case the one I compiled, with this version the author can claim that it is 1% more secure than version 3.1 but that is all.

The security of any protection product that relies on the following code is cr.p!!!

If .AppRegistered Then
Do something
Else
End
End if

If the author is as he claims a cracker then I would say that he is not very good if he cannot even crack his own software. Any cracker will see the above code and bypass it in a matter of minutes.

That brings me to the second Solution for a protection scheme "Copy Protection Scheme" this author has at least thought about protecting software, the supplied code still has the above structure and therefore will not work. But the implementation of the protection scheme is sufficiently different to make me believe that he maybe on the right track.

I have been thinking along similar lines for the last couple of years, but never got around some problems. I think Guy Gervais my have just provided a possible solution.

A possible Solution
Guy's Solution
In Pseudo Code we have the following from Guy's code,
1 Load security Script into the Script Control
2 Decrypt the security script
3 Run the security script
4
5 If Me.Caption = TITLE Then
6 "Sorry, key is invalid"
7 End
8 End If
9 Do Something

The above is Guy's code, and that got me thinking if the security code can be placed into a separate thread to the main program thread, my extension to the above idea is as follows,

Main Program Thread
1 Load security Script into the Script Control
2 Decrypt the security script
3 Run the security script
4
5 If .IsDemoMode Then
6 "You are In Demo Mode" // no need to end even if the app has been patched
7 elseif .IsElapsed then
8 Show Registration Screen
9 End
10 End If

{the above block takes care of honest users, and at this stage we still don't care if we have been cracked so just keep loading the program}

11 Do Something

{now anywhere in the program we do the following, form load or form activate, etc.)

12 Start Security Thread // Sprinkled through out the program

13 Do Something Else


Security Thread
1 Load security Script into the Script Control
2 Decrypt the security script
3 Run the security script
4 Sleep for a random time A minutes/Hours
5 If .IsElapsed or .IsPatched or isTimeSetBack then

{this block will know if the App has been patched,Time set back, or has just elapsed.}

6 End Main Program Thread
7 End Random Timer Thread
8 End Security Thread
9 {don't show that we are not registered just stop the program}

10 End If
12 End Security Thread
After all of this Blurb, I come back to the same conclusion we cannot protect a program from being copied, all we can do is make it hard for the attacker.
In the above example if the attacker finds all of the 'Start Security Thread' references and NOP's them out then the protection is bypassed.
I have just gone through Guy's code again and it suffers from the same problems as I have had with the above idea. All the attacker needs to do is to NOP out the

'script.ExecuteStatement sCode' line and the program will never get checked.

The only other change that needs to be made is,

If Me.Caption = TITLE Then -- changed to -- If Me.Caption <> TITLE Then

And the program is useable, no need to worry about registration files, or key.

I have included a compiled patch file to prove the point. With a bit of assembler knowledge the above is not difficult to do.

I will still upload this, someone may find it useful and have some more ideas. I hope that this article spurs on some more discussion in this area.


Tombr...

winzip iconDownload article

Note: Due to the size or complexity of this submission, the author has submitted it as a .zip file to shorten your download time. Afterdownloading it, you will need a program like Winzip to decompress it.Virus note:All files are scanned once-a-day by Planet Source Code for viruses, but new viruses come out every day, so no prevention program can catch 100% of them. For your own safety, please:
  1. Re-scan downloaded files using your personal virus checker before using it.
  2. NEVER, EVER run compiled files (.exe's, .ocx's, .dll's etc.)--only run source code.
  3. Scan the source code with Minnow's Project Scanner

If you don't have a virus scanner, you can get one at many places on the net including:McAfee.com


Other 2 submission(s) by this author

 


Report Bad Submission
Use this form to tell us if this entry should be deleted (i.e contains no code, is a virus, etc.).
This submission should be removed because:

Your Vote

What do you think of this article (in the Intermediate category)?
(The article with your highest vote will win this month's coding contest!)
Excellent  Good  Average  Below Average  Poor (See voting log ...)
 

Other User Comments


 There are no comments on this submission.
 

Add Your Feedback
Your feedback will be posted below and an email sent to the author. Please remember that the author was kind enough to share this with you, so any criticisms must be stated politely, or they will be deleted. (For feedback not related to this particular article, please click here instead.)
 

To post feedback, first please login.