|
|
When a programer look up for a shareware lock system, one of the first questions are: how sure is it? can be cracked? there are some way to hack it? was cracked sometime?
|
Security while the trial stage
One of the first things that a hacker will try to do is find out about where is saved the trial data information, then manipulating this information trying to break the security strategy, e.g. producing a error to force out the trial or removing this data to reinitiate the trial period.
In the AVLockGold component this can be feasible or not, depending on how you configure the trial behavior through the TrialMode Property.
1. TrialMode=tmRelative
Normally, for massive distribution of inexpensive applications, you would can to use the tmRelative option for the TrialMode property. At this way, when the user runs the app the first time, then the trial period starts automatically from the current system date, immediately the app is in the first day of the trial period. For the next runs the trial status remains unchanged.
This method is very suitable and give you a reasonable level of security against the common user meddlings, but doesn't provide a good level of security against advanced hackers, since the trial period can be restarted deleting all data information into the registry and/or the RegFile.
To implement this behavior it is needed to store data in any place in the hard disk, normally the registry or an ini file, or any other location in the HD. This is the weak side of this method, since anyone may to find this location and delete this data forcing the trial period to the starting point again, the first day of the trial period. In order to avoid this threat you must to use the tmNone option.
2. TrialMode=tmNone
The better way to avoid the above mentioned threat is with the tmNone option in the TrialMode property. Then, the first time the user runs the app, this become expired. No problem, it is a very good opportunity to contact to the new user and request him valuable information in return for a free registration period (equivalent to the trial period). Ask from the user his registration data (InstallCode or Username) and send to him the registration key for an evaluation period. You eventually may to implement an online registration method with php code to automatically generate the RegKey for this initial trial period and collect information from the users.
Now, when anyone deletes the registration data, the application returns to his original status, expired.
Hacking utilities
DateDesist*
DateDesist will temporarily change the date on your PC, launch a program, then return back to the correct date. DateDesist will defeat most expiring programs.
To avoid this threat you should to ivoke the check method into any often called routine, e.g.
avlockg51.check;
Resource Hacker*
With the "Resource Hacker" utility and similar ones it is quite easy to hack any normal exe file compiled with Delphi since all published properties from any component may be easily changed, any event manager deleted and any response to buttons changed. To avoid anyone use this way to crack your application, you can take the following cautions:
1. Don't use the event manager by events like oncreate or onshow to set properties or call the execute procedure, instead locate it into the project (dpr file). See the Demo2 application.
Take a look to the *.dpr file for Demo2 to see how to apply this method (points 1 and 2).
See the AVLockGold section inserted between the application.createform and Application.Run lines.
program Demo2; //Aplicacion Demo
uses
Forms,sysutils,avlockgold, //sysutils and avlockgold added
Unit2 in 'Unit2.pas' {Form1};
{$R *.RES}
begin
Application.Initialize;
Application.CreateForm(TForm1, Form1);
//******* AVLockGold section ***********
with Form1.avlockg51 do begin
encryptionkey:='myencryptionkey123';
execute;
end;
//**************************************
Application.Run;
end.
2. Insert into some often called routines the following line:
AVLockG51.check;
3. Compress your final exe file with any exe compressor like UPX* or AsPack*.
* DateDesist is a shareware utility © 1997 Joel R. Dare. ReSource Hacker is a freeware utility copyright © 1999-2002 Angus Jhonson. UPX is a freeware utility copyright © 1996-2001 Markus Oberhumer & Laszlo Molnar, and AsPack is a shareware utility copyright © 1998-1999 Alexey Solodovnikov.
If you have any questions not answered by this help file, please don't hesitate to contact me at http://valega.com/contacto.php.
| 
