Hello,

I'm new here. I'm a programmer who came up with a serial protection that I think has never been implemented to the level I have. I have made a small software that is still in Beta but should work well and I have protected it with my protection which I call "Yarr Buster".

I would like for some people to try and crack my protected software and tell me if it is a good protection and how you cracked it (in the event that it is cracked).

You can read more details on Yarr Buster here: http://software.collectionsbp.com/YarrBuster/

For the first challenge, I will provide a copy of my software and not give you the serial that goes with it. Technically, without the serial, it should be impossible to crack as far as I know. But I could be wrong and that's why I need your help.

If you are interested in trying to crack my software, please contact me and will email it to you and wait for the results of your efforts.

Thanks.

Well, the "impossible to crack" protection suffered the same fate as the many, many other uncrackable protections out there:

2506

I hold the belief that the author is a good coder - but unfortunately lacks knowledge in assembler.
The main drawback is imho that it's a protection for VB .NET only.

@YarrBuster
please keep coding anyway. Your intention is honorable.

Regards
darkelf

Nice words Darkelf.

Yarr, persevere in your efforts.
Keep posting here and help you shall receive.

Woodmann

Interesting comment. Without necessarily exposing anything, what led you to that conclusion? - other than the obvious that it's always good to understand ASM whether you're protecting or deprotecting.

Someone else made the same observation, that knowledge of assembly language would help improve this protection, so I'm curious as to what you saw. I glanced at the example code and on the surface it seems complex enough (explode a serial number into a large array and use the scattered elements in some dependant fashion on protected code, or something like that).

So what happens when you take what seems like a complex idea in a high level language and reduce it to its base components in a low level language? Does it become more understandable at some level, assuming you're well versed in assembly?, more intuitive as to what is occuring and how to defeat it?

Sort of like, maybe I can't pronounce a big word, but break it up into syllables and I can understand it...

Or was it just Zen-Reversing at its finest?

Cheers,
Kayaker

Hehe, exactly that!

No, seriously. I guess I was a bit inaccurate when I said that about the lack of assembly knowledge. What I really meant was that many coders don't know what one can do with a debugger. I had once a conversation with a programmer who didn't believe that debugging is possible without sourcecode. I thought the author of this protection lacks this knowledge, too. Now I know I was wrong, since I exchanged some emails with him where he told me about his background. I promised to send him a detailed description about what I found out. In short, it is possible to "see" and trace the needed serial values in the debugger. And I'm really not a good .NET reverser. That's why I asked him for a native binary at first. I then learned it's VB .NET only.
So, actually I can't tell you if the weakness is due to the .NET framework that makes something like that possible. If there were a native app I could tell
I don't know if that answers your question Kayaker, but that's all I can say about it.

Best regards
darkelf

That sort of answers my question Darkelf, thanks. I'm not familiar with .NET at all and I was wondering if what might seem like a good idea in that framework, might not be by the time it executes in assembly. So yeah, I was curious if you felt that there was a weakness in coding such a protection idea in .NET. As you said, you could trace the s/n in a debugger, though it's a matter of degrees as to how easy or hard that usually is in any case.

Good work to both of you anyway.

Kayaker

I must say that I'm very impressed by what Darkelf has accomplished. Since the serial is nowhere in the code I thought that it would be about impossible to find it. But I was obviously wrong. I am now waiting for Darkelf to explain the logic behind how he found the serial. Or if someone could explain what is Zen-Reversing (if this is what was actually used).

Still, the protection has not been cracked as such. The serial can normally be obtained by someone who buys the software. Being able to find it only allows someone who would steal the software to use it without having the original serial.

Now, I would like to know if someone can remove traces of the serial from the software (Challenge 2). Having references to the serial in the software allows the author to know who spreads it illegally and allows the author to block updates to the users of this serial. So a potential cracker would have to remove of modify the parts of the code that use the serial code. So if anyone is interested in trying to do so, please contact me.

Thanks,
Benoît

Hi Benoît,

I will put together the description at the weekend. Promise!
As for your second challenge. You're right. A potential cracker has to reconstruct the parts that use fragments of the serial - but that is way less complicated than you might think. Actually the cracker "only" needs to run the program. Without the correct serial the program crashes. Now all that's left is to go to the place where the crash happend and fix the code there. Even if the code lacks complete instructions or statements. The cracker knows what the program was expected to do, so he/she just rewrites code that does that. Some software authors out there release there programs as crippleware which means vital functions are missing such as saving or printing. Well, that is no protection at all. A cracker can just rewrite the code in-place or inject a .dll with the needed functionality and redirect your function call there. An experienced reverser can make any program do whatever he wants. He may even let it bark like a dog.
Now to Zen-reversing.
Zen-reversing is a dark force. It's powers can only be divined and therefore Zen-reversing itself can't be explained, but only experienced
No seriously, you call it Zen-reversing when you look at some deadlisting and suddenly you "feel" where the right place (the place where you have to look for the solution) in the code is. Sometimes that happens to newbies. They are not experienced enough to "know" where to look, but somehow magically they hit the right spot. If you're in the game for a long time you can get such magic moments on purpose. Actually, I'm not kidding.

Have a nice weekend
darkelf

Damn Darkelf,

I wish I had the eloquence with words that you have.

As for the second part of the challenge,
There is almost no way to stop those who really want it or feel
the need to become "famous" buy releasing a crack/keygen/patch.

Stopping a "call home" check or other form of authentication is really
no challenge. It's done all the time and even in its most basic form you
only need to add to your host file or just block access to the internet and
dont allow updating.

What you really need is a "call home" that cant be caught by a firewall.
But, that in unto itself will cause the firewall to scream stop.

So how would one go about avoiding firewall detection to get access
to the internet to verify if the program is legit?

Ahhhhh.........zen reversing. No way to explain it really.
I have tried quite a few times but I cant.
Fuck, I could never even write a tutorial .

Woodmann