EXECryptor reaches version 2.3.9
Software piracy! Cracked serial numbers! Thousands of commercial products are posted on the warez sites and become available to all every day! Companies lose millions of dollars every year to software piracy, and faulty protection programs. Shareware developers look for unbreakable protection for their products and create some protection themselves or try many of the ready-made tools. Unfortunately most tools have already been cracked, and self solutions often only take one determined cracked a few hours to bypass. As a result they soon find the stoles keys and product cracks on thousands of hacker Internet pages.
No solution ? Well there is

It is time to turn to time tested, EXECryptor protection product. EXECryptor is a powerful software tool that provide developers with software protection from reverse engineering, analysis and modifications. Its main difference from other protection tools is its brand new metamorphing code transformation technology.

With EXECryptor the protected code block is not just packed or obfuscated like many other packers, but also disassembled into nondeterminate transformations, effectively scrambling the visible logical code structure and making it hard to reverse. After the code transformation, it remains executable and working as it is supposed to but it cannot be analysed, modified, or circumvented.
It is not just a question about code encryption but also code transformation. You can optionally wrap additional parts of your code, at a source code level, in special flags which then transform into virtually impossible code to trace, crack, or bypass. Protected code blocks are never decrypted during execution they remain in their transformed code state. Code restoration becomes an NP-hard problem.
EXECryptor has the innovative very powerful antidebug, antitrace and import protection features to stop the latest cracking software.
EXECryptor allows to use short registration keys of 12/16 characters long, based on a new generation of our HardKey algorithm, cryptographically strong ultrashort digital signature.
The power of software protection with EXECryptor is proved out in practice: despite numberous cracking attempts and challenges, the EXECryptor's 2.x series has not been cracked since its inception in July of 2004.
In addition to its advanced protection features, EXECryptor allows you to compress the code and resources of your application.
EXECryptor is able to protect any 32bit PE executable file (exe, dll, bpl, vxd, wdm). It has been tested with W95/98/ME/2000/NT/XP/2003. SDKs are available for Delphi, C++Builder, Microsoft Visual C++, LCC, PellesC, Visual Basic, PowerBASIC and PureBasic.

EXECryptor is distributed electronically over the Internet; free trial version is available at http://www.strongbit.com for evaluation.

* Operating system: Windows 95, 98, ME, NT, 2000, XP, 2003
* RAM: 32 Mb
* Hard Disk: 2.5 Mb
EXECryptor Web Page: http://www.strongbit.com

Web page broken with result of:

Provider error '80020005'
Type mismatch.
/inc/stat_utils.asp, line 38

Also if your going to post about a product it would be nice if you would list a price instead of just saying that the trial is available at xyz.

Advice: Don't piss your customers with ridiculous protection schemes.
Hint: you are not the size of EA!

Advice: Don't piss your customers with ridiculous protection schemes.
Hint: you are not the size of EA!
LOL Good point Clootie, you know in all of the stuff I've done I've never used nor had the want to use protection. Let them re-dist it as long as they spell my name right!

Web page broken with result of:

Provider error '80020005'
Type mismatch.
/inc/stat_utils.asp, line 38


Thank you for the error report. It has been fixed.

Regards,
StrongBit
http://www.strongbit.com

It's official: Ubisoft dumps StarForce (http://arstechnica.com/news.ars/post/20060414-6603.html)

With EXECryptor the protected code block is not just packed or obfuscated like many other packers, but also disassembled into nondeterminate transformations, effectively scrambling the visible logical code structure and making it hard to reverse. After the code transformation, it remains executable and working as it is supposed to but it cannot be analysed, modified, or circumvented.

lies, you even supply decryptor in every crypted exe. remember: if someone wants to it will break any protection.

The harder you squeeze, the more sales squirt through your fingers.

Wow, it seems like you guys have a real hate-on for EXE Encryption. :)

What alternatives would you guys suggest to this form of protection? Or do you simply prefer the minimalist approach?

Personally, I don't worry about it at all. I've seen lots of companies and individuals spend litterlly 100's of hours (equaling 1000's of dollars if not more) on protecting their software. In the end if they would have spent the hours adding features or fixing bugs they would have been better off.

Also encryption/decryption of EXE's or compression of EXE's only leads to more of the exe being forced into memory at runtime. Thus bloating the run footprint of the application.

If a hacker or attacker wants your stuff they will get it. Personally if I find a "Hack" copy of something of mine on the web I'm proud that it was good enough to be hacked and hope that the honest people will like it enough to buy a license. Of course I've released very little as pay-ware, usually opting for a freeware license overall.

I don't have a hatred of exe encryption, I just think it's a half-witted method of the DRM crap. If I wanna be a mini-Starforce, then I'd use it.

In point of fact, I used to protect my applications very closely. But lately, with the example of Stardock with their recent game Galactic Civilizations 2, I've seen that protection isn't neccessary. And only the paranoid need it, since if you're going to pirate, then you'll do it anyway. DRM tends to force more people into piracy, because of unworking CDs they purchased, and outright dislike for the company(ies).

Frankly, I think that if I need protection with my work, then I'm doing something wrong. After all, that's kinda like the terrible games that use eyecandy to attract gamers, then leave them furious at the lack of actual gameplay after 5 minutes.

CD in the CD Drive protection is kinda ok, but when you reboot my system at random or decide that what I do with it is "piracy" through your software (ie remote guessing that I'm a pirate) then I'll ask you one question: Can you spell b-o-y-c-o-t-t?

With EXECryptor the protected code block is not just packed or obfuscated like many other packers, but also disassembled into nondeterminate transformations, effectively scrambling the visible logical code structure and making it hard to reverse. After the code transformation, it remains executable and working as it is supposed to but it cannot be analysed, modified, or circumvented.

lies, you even supply decryptor in every crypted exe. remember: if someone wants to it will break any protection.

Care to give some proof of that?

With EXECryptor the protected code block is not just packed or obfuscated like many other packers, but also disassembled into nondeterminate transformations, effectively scrambling the visible logical code structure and making it hard to reverse. After the code transformation, it remains executable and working as it is supposed to but it cannot be analysed, modified, or circumvented.

lies, you even supply decryptor in every crypted exe. remember: if someone wants to it will break any protection.

Care to give some proof of that?

While I'm not Pocus, I know the answer and what he (she?) ment easily enough.

To prove, run an encrypted application :). If its truely encrypted and doesn't contain a decryption routine in its startup or initialization routines, then it can't/won't run, in fact the OS will choke on it.

Now, lets get to the fun part. Once the application has started it starts to push instructions into the processor. Find the right opensource virtual machine and with a few minor tweaks it will save out the regular binary. From this point you can easily reverse the source a bit to see where things are at. Sure it takes a minor bit of knowledge, but its done.

Not into VM's, thats fine the info is also easily available to the right snooping application or ICE. While all of this used to be expensive to do, now its just a matter of time. Believe me when I say that they have more time then you do :).

If you say that you won't let your app run in a virtual machine, then your kidding yourself. Most VM's are transparent to the application, so you don't have any idea your running in one.

Think of it this way; MS and many other companies spend litterally billions of dollars a year (combined) on software protection. Don't you think that if it really worked one of them wouldn't have cracked versions on the market.

Instead of wasting money on making a product "Secure" for you, try using that money to make your product better to your customer.

Personally, I don't worry about it at all. I've seen lots of companies and individuals spend litterlly 100's of hours (equaling 1000's of dollars if not more) on protecting their software. In the end if they would have spent the hours adding features or fixing bugs they would have been better off.

Also encryption/decryption of EXE's or compression of EXE's only leads to more of the exe being forced into memory at runtime. Thus bloating the run footprint of the application.

If a hacker or attacker wants your stuff they will get it. Personally if I find a "Hack" copy of something of mine on the web I'm proud that it was good enough to be hacked and hope that the honest people will like it enough to buy a license. Of course I've released very little as pay-ware, usually opting for a freeware license overall.

I don't agree. I have another experience. Having execrypted my application I have no more loss of money that I had before when my app was available cracked. Now there are much more 'honest' users that pay.

sctually, my own copy protection works fine. when you start the software the first time, you enter your username and software key. then your HD's serial number is stored onto a database. if someone tries to use your key, they will probably not have your HD-serial number, right? so they cant use the software.

Only problem is that if a user experiences a HD loss (of C:\ or other first HD) he/she would have to contact me to get his/hers users HD-Serial removed from DB, so he/she can re-install. this would require him/her to provide me with a secret passphrase.

Of course, anyone can use the customers username/password the first time, but it unlikely that someone would manage to guess a username and password of a user. besides, the real customer would be able to unlock it again and install with almost no problem, rendering the software useless for the person with the pirated copy.

(ofc this is used for my client/server software, so the server would have to be cracked to bypass the HD-serial check. i can still see some holes, but they would be small, compared to checking for a valid CD and so on)

Storing the HD Serial Code is fine for the first install, but it still adds a level of annoyance to the user if the hard disk fails and they have to buy a new one.. Personally, I'd be quite annoyed by that. It'd probably put me off buying further games from the company.. unless it was clearly stated in the EULA.

Hard drives fail. That is a sad fact of our world. They have moving parts and all moving parts break eventually. I've personally suffered 3 of the buggers fail on me.. without warning (mostly) and I've lost a lot of data (due to my poor backup regime).

So I buy a new hard disk re-install windows and all the other apps.. which takes a bloody long time.. then go to install the game again, to relax and wind down after a difficult day.. it's 10pm, I've got a mug of coco and I just want a quick game before I hit the sack.. then I find the game won't install because it thinks I'm a pirate and I have to contact the Tech Support team to re-register.. only they've all gone home because it's 10pm and no-one's answering emails.

OK, It's an extreme, hypothetical scenario, but you can see the point.. the honest user is inconvenienced to the point where they cannot use a product that they've legally purchased in order to prevent a minority of people from illegally obtaining a copy.

The concept of fair use could be built into the system however. like the HD Serial Code expires after 3 months so subsequent installs can register the new code after the crash with out a problem, if this period has expired.

This way, it makes the act of piracy pretty much useless as they can only install a new copy of the game on a new machine with the same logon details every 3 months.. now the pirate is inconvenienced and the average user is good to install the game if their hard disk fails after that time.

well, it could be implemented in the client/server communication, so you would have the option "my harddrive failed" or something like that, and it asks for your passphrase, or some password, and you register new HD-serial and there you go... would be very difficult, kinda like if you forgot your password for some site, and would have to input your passphrase to restore it...

OK, It's an extreme, hypothetical scenario, but you can see the point.. the honest user is inconvenienced to the point where they cannot use a product that they've legally purchased in order to prevent a minority of people from illegally obtaining a copy.

This is not such a hypothetical scenario at all. If you've ever bought an OEM version of Windows XP, you already known what I'm talking about. Apparently its not okay to install your OEM version at one time, upgrade your pc a few months later and then reinstall Windows.

I'm not sure which clown has come up with that idea, but I generally buy new (or upgrade my) pc's more often than M$ is releasing new Windows versions. :? A new/upgraded system is already expensive enough. Why do I need to pay extra for the OS I already own?

OK, It's an extreme, hypothetical scenario, but you can see the point.. the honest user is inconvenienced to the point where they cannot use a product that they've legally purchased in order to prevent a minority of people from illegally obtaining a copy. honest people are punished for the fact that 'bad' people use pirated games.. so they pay for it. They should blame their fellow 'crackers'.

I think we all agree that all copy protection can be cracked; but that dosent mean you have to give your software with not protection at all and think that always will be more honest people that pay for it that people that will uses an illegal copy.

If your software is available for download and it works just changing your computer's date after the trail period or if it just take few minutes doing somthing that makes it run fully with no need to pay anything then a lot people will just do that.

But I am also against to insane copy protections where even the legal owner get so anoyed, protected cds than tend to fail if your cd lector is old or just dusted, programs tied to hard disk serial number so you can only use your software in your computer home or only in your computer office and need to request new sitcode if your disk crash; protections schemes that install drivers that crash your Os or are incompatibles with others drives, etc.

I think the best copy protection is a balance between your copy protection scheme, your selling price and the availability of geting a legal copy; it have to be cheaper to buy and get the legal copy that waste time and effort for a cracked one.

If i can just easily pay $30 in a procces that just take few minutes for get my legal copy than expending two days of hard work disasembling, tracing and cracking then I surelly will preffer to pay the $30; But If the sofware price is $1000 (which is too expensive for what i need it or for what it does) or if the software is only sells in USA ( and i live in Bombay) or if i need an account in whatever bank (which i dont have acces) or i will have to wait for my copy arribe by fedex in one week or if the legal copy is too restrictive than the cracked one (it only runs in one machine i choose for example) then most likely I will get tempted for a cracked copy.

If you google for words like "crack" "keyloger" "keygen" etc, you will get thousand of porno and kind warez sites that when you get into it, then inmediatilly all kind adware, spyware, virus etc tries to get into your computer; your anti-spyware and antivirus software will jump alarmed; so this mean that looking for a illegal copy of any software is a risk for the regular user but they will take that risk if geting the legal copy is too much complicated than that.

I think that average user knows better than to look for that stuff otherwise they get caught out by the spyware and virus traps designed to catch the gullable. Either that or average user doens't know about such things.

There are some people who won't buy a game if they can get it for free.. but I'm hoping that these are a minority.

I think the comment made by tpascal about the price is a relevant one. I know a load of people who use expensive software which they *aquired* They don't use said software professionally but they have it.. are they breaking the law.. technically yes.. are they hurting the companies bottom line? Probably not.. if there wasn't a cracked version available, they wouldn't use it.. they certainly would never buy it.. however, they are gaining valuable knowledge which they could take to a paid job using the real tools paid for by the company.. so in that way piracy is paving the way for ready trained Developers, 3D artists etc..

I think this is one of the reasons why Borland released Turbo Explorer for free.. to provide programmers with an honest entry into an application which they would otherwise have obtained illegally or by paying a fortune, so they can get Delphi jobs as a ready trained developer. More Delphi coders means more Delphi jobs in the long run, which means more business for Borland.. it's a good long term stratergy.

But the big apps, Delphi, 3D Studio, Maya.. they are all tools.. they have an almost infinite shelf life... and they all need trained users to survive.

A game is different. A game is good for a while, then another one comes along. The old game is dropped and sales end. The game dies. Every pirated copy of the game hurts the developer because you don't play games to make money or get a job.. you play for the act of playing, the experience itself. The developers have a fairly short window to collect as much revenue as they can to recoup the costs of writing the game in the first place.

I think there are different sorts of software piracy.
Pirating apps is like Assault.. It hurts a bit, but you get over it.
Pirating games is like GBH or Manslaughter.. the developers are left bleeding, sometimes they recover, othertimes they die.

What do you think about injecting a String resource into the Exe during installation ( like the registered user's Email address or name ) and then adding something to the registry. Then on start-up it compares the internal string to the registry to make sure the Exe is still running on the registered user's machine?

On another point, why do most people ( including developers ) find it acceptable to copy music CDs or DVDs. I would wager that more than 50% of all music on today's iPods has not been legally aquired. I don't own an iPod or walkman, so am taking the high ground on this one :).

A lot of anti virus programs prevet updating of strings in the EXE. Why not have a related file that is encrypted that stores these things.

In the Tuts section is a tut by me on encrypting data files.