Re: Software protection
- From: clark <clark@xxxxxxxxxxx>
- Date: Sun, 16 Apr 2006 01:31:45 -0700
On Sun, 16 Apr 2006 15:05:40 +1000, "Michael Brown"
On 15 Apr 2006 08:04:15 -0700, johnrthomas756@xxxxxxxxxxx wrote:[...]
Can anyone suggest or recommend methods of limiting software use to
licensed users of a software product?
The product is called EXECryptor
There are theoretical cracks out there for EXECryptor but so far no
one has proven they can unwrap a package, and the guys working on
breaking it are seriously good at peeling back the layers on just
Not quite true ...
No. I think it is true. I believe what you are going on is possibly
unfounded rumor. I think that perhaps you are reading something into
what are actually discussions about "trying" to crack it.
There have also been bogus discussions about it being cracked and
about how the author, Strongbit, is out of business now that is has
been cracked. This is bullshit. They are doing fine by all accounts.
The current version is 2.3.9 and they have been at version 2 for quite
In the last year, their crackme was cracked, an app
called Golden FTP Pro was unpacked/cracked with a detailed tutorial, and a
couple other EXECryptor programs were cracked (can't remember their names).
Prove it, OK?
How about some URL's? Where's the detailed tutorial, if it exists?
Admittedly, I'm not sure which version all these things were using, but past
crack rates are often a good indicator of future revisions. Execryptor
itself has been cracked a few times, though I can't recall if EXECryptor is
protected with itself or not. So it's certainly not unbroken.
However, there are a few things going for EXECryptor. The first is the code
morphing thingee. It generates excellent spaghetti code which makes
determining the algorithm next to impossible. So even simple or
cryptographically insecure algorithms can be used. The second is that,
despite the successes above, EXECryptor is still one of the most hated - if
not the most hated - protectors around. ASProtect is another more-famous
option that still seems to be giving crackers a lot of trouble (the 2.x
versions anyhow). Short of the top fraction of a percent of crackers going
for it to make a point, crackers see them and say "nah, can't be bothered"
and go find something easier to do. And there's nothing you can really do
about that last fraction of a percent anyhow (for example the crack of
Cubase SX3 - 10 man-months of work to break it according to the nfo).
Another feature they have, which is becoming unique in this world of
hugely long hard-to-type serial numbers is the ability to use very
short (12-16 characters) easy typing alpha-numeric serial numbers.
The algorithm they are using (IIRC) is a vanilla HFE-minus signature scheme
with selectable key lengths. IIRC HFE- is secure, though with such a small
signature birthday attacks are possible (which for software protection
schemes aren't a huge issue). One thing I would do before I bought it would
be to double-check that they have secured rights to use HFE (which has been
patented in the US and possibly other places).
So, yeah, another vote for EXECryptor, but I'd recommend checking out
ASProtect (version 2.x, I think it's called ASProtect SKE) as well.
ASProtect doesn't have track record of strength that EXECryptor does.
ASProtect is made by ASPACK.
The stuff from ASPACK has been successfully attacked again and again.
There are dozens of actual programs you can download for free that
will automatically unprotect ASPACK wrapped product.
Just Google ASPACK and unprotect.
- Prev by Date: Re: LibTomCrypt ASN.1...
- Next by Date: Re: authentication (SRP*, DH, TLS)
- Previous by thread: Re: Software protection
- Next by thread: Re: Software protection