Yo all,
it's Ryan here, author of code-lock. Why don't you guys try my ocx? Is it because it is really that impossible to crack it? Or is it because it is in VB and you don't think it is worth the time to do so? Don't forget that this ocx can support any programming languages that uses ActiveX...

Com'on, give it a try and tell me what you think of it.
Is it good enough to cost US$200?

Best regards
Ryan

Damn,
forgot the URL for it. LOL
w*w.dreamimpression.com/code-lock.shtml

*grin*
enjoy!

Visual Lame language lol! Its tough for a newbie like me but not for +HCU strainers!

Sigh, another one thinking that a programming language is lame... The fact is, only the programmer behind any language can be lame. He can use C++/C/Java whatever to write a program, but if he is lame, anything he writes is lame. You can't blame the langauge.

Similarly, visual basic is not lame. The only lame ones are:
1) The author (if he can't write a decent program)
2) The cracker (if he can't crack it and says it is because visual basic is lame)

Regards
Ryan

I don't blame you, meaning you can advertise here for your latest protection system and urge rookie crackers to finally test freely your product, so you know what you're doing..

And I'll repeat : I don't blame you for this.

But what's the point ? ocx protection resided in vb, resides in m$ vb api's possible to reverse, even a cv debugger is now available.

The only really hard protections are the ones that you just can't even see, without any tool available.

So why don't you post some amusing crackme's based on your system on newbie's forum ? some people will take the challenge, but please stop your $ advertisements

I think no one will try it until your protection gets so famous as ASProtect

I will take heed your advice. I will make an example out of my programs and let you guys try cracking it. *grin*
Please don't disappoint me. hehe

As promised, I have attached a little crackme for you to try... it will show you what code-lock can do. (or maybe cannot do)

Crack it to your hearts contents.

Regards
Ryan

... might help if it worked.

Well, if you have tried meddling with it, I am not surprised to see that message. LOL

If you haven't done anything to it, and just run it after setup, I would like to know what system you are using. I tried it on Win9x, WinNT and they work fine.

Regards
Ryan

Err... I think I should tell you that the program will not run if you have NuMega SoftIce loaded in memory.

I'm running Windows ME (4.90 - 3000), it happened right after install and SoftIce wasn't running...

i got program.exe runing and saying registered to: Javelin Vastalia

user data:
5644D35319A77CE9B1CB12AD4CBCC9DEE9CD7764

name: Javelin Vastalia

Key:
B66090F61B6ABF468983CE4EA14729ACC12FCBD055380F988D26B7E9DCEA87047026EE6E68A6E17F5740BCFFC2D51FFEE663 093D3E0939145EF744A358DCE6CBA2AB2B86AD0716FB31118C6E

By using the keygen provided by code-lock?

Com'on guys,
is this the best you can do? Use the keygen provided by myself and tell me you make it run? Anyone less lame than that?

I'm still waiting for my app to be cracked.

Yawn...

Maybe no one cares?

My guess is if it was in a piece of shareware, someone would spend the time to crack it. Then want to be the one to release it. I don't think many would want to freely beta test your $200 protection so you could improve it, and *then* find it in a piece of shareware. Sad state of affairs, but that's just the way it is. VB doesn't seem to be that popular a protection target anyway as you can probably guess.

I don't think taunting people helps your case any either.

Kayaker

Well, for one, I think I have enough protections in it to discourage most people... Thus, my decision to make it a demoware. If you have been following this app, you might probably know that it was freeware while I was improving it. This version 2 is going to be there for probably a long long time until I think of something even better to put in the protection. Or maybe when I learn how to code in C++ and make an ocx out of it.

My intention of making people crack it is not so that I can improve it. But to see how strong it is and whether it is worth that amount of money. I don't believe in snake oil.

Regards
Ryan

As said earler there is no big need to use some aditional stuff for visual basic. if you have decompiler it wont help, else it is quite easy to make such thing yourself.

VB is lame because it requires various ocx'ses, dll's they work noticeably slower and uses more memory.

And actualy what the point of that stuff? We usualy crack program that uses these protection dlls, not the dll itself.

You are missing the point of this protection. Well, try cracking the 'program' I supplied. Make it full version. Make it show that it is registered to you. Make it work without the ocx. Download it and see the list of tasks you can choose to do.

Enjoy.
Ryan

Hi all,
still no news? Really? No one bothers to try cracking it? Why? Because it is VB? What if all programs start being protected by VB?

Or is it really too difficult to crack? Maybe I should give a reward for those who crack it?

Ryan

Hi Ryan:

I was browsing the board the other day and looked at your posting(s). What my other RCE fellow members say is absolutely "true". Has anything new been done in CodeLock... Ummm, Errr.. No... I guess not. So, until something new is done and appears in a "shareware", people won't bother to crack it.

In any case, I took a look at your Codelock protection scheme. My observations are below:

(1) It is highly unreliable. Even after downloading your demo program, installing it and running it on W98, causes Page Fault in KERNEL32.dll. (NO!!!! I DID NOT HAVE SICE RUNNING ON IT!!!) So I thought I'll fix the bug I load SoftICE and the usual hider (i wouldn't reveal which one but you know anyways) and run it ... darnn now a new pagefault and this time in MSVBVM60.DLL. ME for a second thinks, it is your tricks !!! But can't be lol.... so reboot load SoftICE and protector, and re-run your app... COOL , it loads? WHY???

Pls.. see my continued post...

(2) Your anti-dumper is a straight rip of the demo "antidump.zip" source code. You didn't even bother to customize this one. No. of Sections FFFF eh? Did you think guys on this board don't know this one *YET*???

(3) I'm just a "learning" newbie. Even I came to know that you're using somekind of hard disk serial no to lock your proggie (with some other stuff added, it doesn't matter, tho' does it) and your user data is a SHA1/RIPEMD hash of some kind. Imagine what "experienced" reversers could do?

Finally, like Kayaker said taunting doesn't take it any where. People must get interested in your protection. Release it in some commercial high-value app and you'll see people ripping it out ...

BTW, I'll have to admit that the protection is slightly tougher "BECAUSE IT IS IN VISUAL BASIC" and SoftICE doens't jell well with VB. But just wait until the time comes my friend, and you'll notice CodeLock is "unlocked"...

Signed,
-- FoxThree

PS: I'll continue to work on this one and keep you posted so don't think I'm just making statements. Also, all my above statements are about the "protection" and not the "person"

(1) It is highly unreliable. Even after downloading your demo program, installing it and running it on W98, causes Page Fault in KERNEL32.dll. (NO!!!! I DID NOT HAVE SICE RUNNING ON IT!!!) So I thought I'll fix the bug I load SoftICE and the usual hider (i wouldn't reveal which one but you know anyways) and run it ... darnn now a new pagefault and this time in MSVBVM60.DLL. ME for a second thinks, it is your tricks !!! But can't be lol.... so reboot load SoftICE and protector, and re-run your app... COOL , it loads? WHY???

Interesting. I have to admit that I don't know why.
Maybe you have to restart the computer after installing it to correctly register the ocx? Does it crash anymore after you restarted Windows?


(2) Your anti-dumper is a straight rip of the demo "antidump.zip" source code. You didn't even bother to customize this one. No. of Sections FFFF eh? Did you think guys on this board don't know this one *YET*???

I didn't code that antidump stuff stuff. My code-lock used to be packed with upx, then I came across tELock and I used it instead. Well, I don't think the protection of code-lock lies in tELock... Just think of it as the first layer to the whole maze... There is no point in hiding which packer I use. Note: I use the word packer and not protector.


(3) I'm just a "learning" newbie. Even I came to know that you're using somekind of hard disk serial no to lock your proggie (with some other stuff added, it doesn't matter, tho' does it) and your user data is a SHA1/RIPEMD hash of some kind. Imagine what "experienced" reversers could do?

Deriving the Userdata is one thing. Figuring out the code for that userdata is another...

Finally, like Kayaker said taunting doesn't take it any where. People must get interested in your protection. Release it in some commercial high-value app and you'll see people ripping it out ...

I am not taunting people. I just want people to CRACK my program. Weird as it is, I would be happier if someone can crack it. LOL


PS: I'll continue to work on this one and keep you posted so don't think I'm just making statements. Also, all my above statements are about the "protection" and not the "person"

Cheers, I would be very happy if you can break my program. Really. Just remember that there are many layers of protection to code-lock...

Well I deleted your crackme from my hard drive after I got done rebooting - I run Win2K and nope I don't have SI installed on it - your program's installer made my computer reset.

That is the thing I don't like about VB. I used to program in VB all the time, and I would see wierd crap like that. Like a program not work on someone's machine for no reason at all. Sometimes you would get obscure error messages like "Error 15 an error has occured". WTH is that? So I use VB yet for quick projects, but I will say it is fairly unstable sometimes for distributables....

Also, there is a fine line sometimes between "protection" and "virus".

I would say the only thing you may have going for you is some reversers may not be familiar with the details of COM... but still a dll is a dll...


-nt20

I installed and tried out the crackme on a WinXP and a Win2K machine a few weeks ago and it ran perfectly well on both of them.

Sorry if the installer made your computer reset. You may want to tell Bill Gates that his VB installation wizard crashes your Win2K.

Ryan

I just wonder what type of precedent is this setting. Can this request mean that we can now advertise the products and use this msgboard as beta testers inc.?

The issue is not of posting a crackme, or requesting a test check of the software that you have just build. Its the way that it was done that left it feeling so...cold.

It turns out to be a war of words between programmer and cracker rather that simply finding out how tough the protection really is. A better approach would be to simply request the same and politely stand aside while crackers do the job.

I do not think that crackers are a football team who needs a blasting from the coach to get fired up. A simple "please" will go a longer way than "C'mon you wimps, crack this up your a**, ha! ha!

Approach is also important.

I am sure some kindred cracker will crack this thing for you.

Best of Luck.

...Have Phun

And the purpose of cracking it would be _______ ??

Be the first to crack Code-Lock? 8P
Be the first to crack a good VB protection? 8P

Ryan

Howdy,

Perhaps you have coded the worlds first "uncrackable"
protection.

Now what?

Peace, Woodmann

Hi,
if I really coded the world's first "uncrackable" protection, then it would just mean that the crackers in this forum are not good enough to crack the protection. I will have to try somewhere else to get someone to crack it.

I don't believe in "uncrackable". Maybe just very very difficult to crack...

Believe it or not, I stress again that I would be happier to see my protection cracked and to see it "uncrackable".

Till then,
Ryan

PS. foxthree... I hope you have not given up...

If this forum is the only place u releashed a Code-Lock protected proggy, then maybe, just maybe ur right that it's not cracked yet, but if it's spread all over cyberspace then u can be sure that it has been ripped apart,cracked,hacked, and maybe even abused in a way u don't even have the imagination to understand.

BTW, if u really r so hooked on getting ur protection cracked, then why don't u release it elsewhere. We r newbies here, just learning, and ur protection is not that exciting. I rather crack WinZip a few times more that wasting time on ur stupid VB protection.

P.S.
I don't hate u, i just don't like ur childish way to ask for help...
I'm hard but fair,,, u only got what u deserved, no more and nothing less.

Well, for one, my protection is much more interesting than normal VB programs. Check out the anti-smartchecks if you want, although smartcheck is pretty useless in cracking my program. Just a little diversion tactic...

Secondly, my protection is not stupid either. It is far more intelligent than more VB protections I see. You can crack WinZip a thousand times for all I care. But you won't learn anything much after cracking it 10 times. Maybe you are aiming to code a key generator using assemble langauge by heart...

I don't care what you say about the protection because I know you will not be able to crack it since 1) you are a newbie 2) you know next to nothing besides cracking WinZip 3) you will never progress if you just crack WinZip and call yourself a cracker.

Be leet
Ryan

@ first i didnt wanted to respond on this thread, but as continued reading ur childish replys, i just got more irritated as i was and i felt that i just must reply on this.

So so, u made the 'ultimate protection'? Hoera! And u are asking a newbie to crack it? That's lame dude. Ur asking for something that u by forhand know that we cant do it. Does that gives u satisfaction? I think that just proves that ur protection is just above the average noob-level and becoz of that, the newbies cant crack it. Or are u scared that some real cracker cracks it and therefor u ask a newbie to do it?

I suggest that u crack the program ur self and then improve the protection.
And if u are a cool guy, write a tutorial about it so that the newbies can studie it

btw, why code in VB? Vb is from Micro$oft and M$ = Evil, so VB = Evil. So we can make the conclusion: Ryan = Evil, or is it Ryan = M$

So so, u made the 'ultimate protection'? Hoera! And u are asking a newbie to crack it? That's lame dude. Ur asking for something that u by forhand know that we cant do it. Does that gives u satisfaction? I think that just proves that ur protection is just above the average noob-level and becoz of that, the newbies cant crack it. Or are u scared that some real cracker cracks it and therefor u ask a newbie to do it?

I post it here because this is the only messagaboard with a big collection of crackers, from newbies to oldies. It does not give me satisfaction that no one can crack it at all. I repeat again that I am even more happy when someone finally crack it.



I suggest that u crack the program ur self and then improve the protection.
And if u are a cool guy, write a tutorial about it so that the newbies can studie it

Unfortunately, I have limited talents. I can only code but not crack. That's why I am asking the specialists in this area.



btw, why code in VB? Vb is from Micro$oft and M$ = Evil, so VB = Evil. So we can make the conclusion: Ryan = Evil, or is it Ryan = M$

I take it that you are using linux? If you use any of MS's programs anywhere, anytime, then you must be evil too... an also hypocrite as well.


Best regards for even bothering to reply.
Ryan

M$'proggies ? Yeah, only to crack

Hiya,

I don't normally read this forum so forgive my late arrival to this thread ;-).

Rather than indulge in what seems to be a fairly pointless slagging match, perhaps both sides here should consider the following points :

1. To Ryan : if you want us to take your protection or stated aims seriously, take us seriously, produce a crackme or trial with a stated goal, i.e. an endpoint to be reached, better yet give us your end product protector as you might ship to a developer, since ultimately your system has to withstand internal scrutiny.

As I'm sure you are aware, the analysis that you are searching for would cost a lot of $ and might not prove very effective either, so there also has to be an incentive for someone (us?) to sit down for a day just for the hell of it tracing your code, writing code thats boring to trace is easy, writing code thats truly innovative is a different ballgame altogether, the playground pissing contest mentality just won't fly here ;-).

2. Everyone should lose the issue as to what language the protection is coded in, since its pretty much irrelevant, the stated challenge or goal is to assess how effective this product really is. All a runtime protection system buys you, is time, and well implemented encryption might buy you safety from key generators. Don't bet on it though. A very well implemented system might also save you from 'generic' attacks i.e. crack 1, crack them all.

3. Ryan : consider your attaching of a value to your product as a bad thing, asking us to attach a value might be a better idea ;-), there are bad protectors costing thousands of $ and good ones costing tens of $ (and vice-a-versa), its a very big jungle out there, consider whether your product actually brings anything really new to the market and also how it compares with those that are already out there.

I respect you for posting here, or at least for trying not to sell snake-oil. Consider also that unless you are actually prepared to 'HIRE' or incentivise some 'REAL' crackers your software might just have to find out the hard way, when it winds up in the commercial world.

My 2c and then some.....

Regards

CrackZ.

I have earlier on produced a crackme that is similar in format to some of the crackmes I downloaded and has uploaded it onto this site. It is on the first page and has been download 229 times. My product has already been shipped and ready for download and use. The ocx that is in the crackme is slightly older but anyone can always download the newest and replace the old one.




Well, I think the code won't be too boring to trace and might be interesting... The helpfile available from the shipped package (available on my site) tells you all the functions there are in Code-Lock and I believe it would interest any crackers who are not bias against the language it is written in.




Agreed thoroughly.




Initially, when Code-Lock was in beta stages, I posted a request to gauge how much a protection like this would cost. Well, the response is similar to the postings in this thread... "Vb = bad = lame", "I can't be bothered to crack vb" etc etc etc...

As for whether my product has brought any new ideas in protections, well, only a cracker can find that out. I can only say that I have added some pretty new stuff but am not sure if it has been used before.




I respect you for posting such a decent post unlike some of the newbies. Well, you are one of the oldies and maybe that influences your thinking. Code-Lock is already in the commercial world waiting to be cracked but I have not found anyone showing me that it has been done.

Regards
Ryan

Well,
I had to sacrifice one of my freewares for Code-Lock. Slice-n-Save is now demoware and is protected by Code-Lock. Now that there is a real program, will there be anyone cracking it? Or will I be told that it is not worth the time and effort again?

http://www.rtsoftware.org

Regards
Ryan

Hi,

I've been trying for a few days now and I just cannot connect to your site. Home or work, any browser, with or without personal firewall. The closest I can get is with Opera, there's a small frame at the bottom of the page with a button that leads to an error message page:

Websense Enterprise
"Your Websense policy blocks this page at all times."


I'm assuming this isn't part of the protection , so I figured I'd let you know...

Kayaker

Howdy,

The link works, somewhere you are picking up an internet filter.

I can email the file to you its only 1.04.
Let me know.

Peace, Woodmann

Hi!

Kayaker, i had the same problem some days ago but today i have download the file without any problem.

time to inspect this code_lock....

ZaiRoN

http://www.soundcheck.hostingextreme.com/~rtsoftware/slice_n_save.zip
http://rtsoftware.digitalrice.com/slice_n_save.zip
http://rtsoftware.host.sk/slice_n_save.zip
http://www.maxi-web.net/rtsoftware/slice_n_save.zip

One of them should work...

Slice-n-Save Version 1.05
Last updated 18th July 2002

Regards
Many thanks
Ryan

*This is only my opinion* I think when you guys crack it (I say when cuz I know someone will) Don't tell him how wait till he has a few clients then release the tut so we can all tear apart it protection. and I'm sure everyone here knows the purpose of him doing this cuz he is to cheap to pay someone to test it for him so he wants us to find the weaknesses so he can improve on it anyway just my 2 cents and Ryan your protection will be cracked and reversered and tore apart and put back together again its happen to every protection that has come and yours is no different I aint saying it will happen right away but it will happen

Hey your slice n save program looks pretty cool - I mean I like the GUI and the cool graphic "When it just doesn't seem to fit".

HAHA nice function in the ocx "killFileMon"



-nt20

Hi,
nice to see this is finally getting somewhere.

Do crack it. Good luck.

Regards
Ryan

PS. If you like my programs, feel free to register privately. heehee

damnit ryan, right now your ocx is useless. I can't create a project in VB with the demo code-lock.

The Initialize never returns true, even when I use your own demo files. I'm using vb5. Are there special requirement for this or what ?????!?? (like vb6)

Also, having a registered ocx is not good on your system - for example, I installed Slice It demo, and then installed Code-Lock demo, and both ocx's apparently registered because now I get weird error messages

LOL see this message came up when I clicked the "register" button lol

//webpages.charter.net/nikolatesla20/duh.jpg

tee hee

-nt20

Calm down.

The ocx will not be active if it is run during design time. This is because there are a few traps set and will be "dangerous". So, I deactivate it when it is in design time. Compile the project and you will get Initialize to return TRUE, else, it will be EMPTY. It's all said in the help file. :P

If you compile the "full version", it won't run until it has been converted to a data file and then recreated by code-lock itself. That will create the "full version" meant for your computer.

If you compile the demo, it will run then moment it is compile.

Regards and many thanks
Ryan
Feel free to ask me any questions.

Unlike what one of the crackers think, I am not so cheap that I don't want to employ someone to test out my protection. The reason why I don't want to pay is because I wouldn't know if the one I paid can find the weak areas of my protection or crack it. And I am not ashamed to say that no one had purchased or use Code-Lock yet, pushing me to convert my own freeware to become a demoware (which I hate). If Code-Lock had been paid by programmers, I wouldn't mind sharing the money with anyone who can crack it.

Append:
damn. you are altering your message while I was replying to yours. heehee.

Ya, I thought of that bug after I release Slice-n-Save using Code-Lock. Maybe I should release a full version to the public but include something else to active Code-Lock when the user is registered.

Thanks for the reply ryan.

Actually, I had thought about that design time feature - but I still can't seem to get it to work during run time, I put in a messagebox telling me the result of the INitialize function and it always returns false even during run time (compiled)

I will look into it more later, maybe it was just a problem cause by having the multiple ocx's like I said before. I have to unregister one of them and then see what happens

but I do also have a few ideas for "cracking" it too.. I'd give a few hints but I dont want to give anything away yet until I try my ideas.

-nt20

I still cant get code-lock to initiallize, with the demos or with my own code. It doesn't seem to like vb5? hmm I have no idea. I made a "full" version, then simply made a dat file for it with the code "12345678", and then just removed one text label and recompiled it as the demo version. Both versions had references to code-lock.ocx component. I have a messagebox the displays the return value of the Initialize() call. The demo version always still returns false.

I know your slice-n-save program runs fine, but that was vb6 - I just can't get the ocx to initialize yet for some reason at all.
The instructions are easy to follow, but I swear it just won't work..

Even if I just try to run the demo.exe that comes with the code-lock example files, it does not run at all, it just exits.

I also unregistered the code-lock.ocx that came with slice-n-save so the computer doesn't get confused



-nt20

>The demo version always still returns false.

Hi,
do you mean that the full version you did return TRUE while the demo version returns FALSE? I don't think the problem is that it is vb5 because the ocx itself is vb6.

One thing... did you at any point of time run smartcheck on the program? I am not supposed to tell you this... but if you did, the initialize will always fail. :P

Regards and many thanks
Ryan

No, the full version I made also returns false - actually I'm not sure because you really cant "run" the full version once protected? I thought you had to use the demo version and then enter your code to get the watermark and then you could really use the full version.

Nope - I am not doing any type of debugging at all right now. I don't have SI running at all, I dont have smartcheck or anything like that. Of course the best way to *defeat* a protection is to gain as much knowledge about how it works as you can, so I thought I would USE code-lock and get familiar with it. But for some reason it doesn't like me Slice-n-save runs fine , that's why I wondered if it was a vb5 problem or something like that.

I am going to load vb6 at work today and try again and see what happens.

I'm not very knowlegeable with vb cracking yet, for example, reading vb resources and the like, but I know about ocx's and com pretty well so I do have some ideas I'd like to try, but I wish I could get an app to work first

-nt20

No, the full version I made also returns false - actually I'm not sure because you really cant "run" the full version once protected? I thought you had to use the demo version and then enter your code to get the watermark and then you could really use the full version.

Yup, you are right. The full version will run if you use the demo version to create it from the .dat file. BTW, there is a demo.exe in the sample.zip file... It should run without any problems...


Nope - I am not doing any type of debugging at all right now. I don't have SI running at all, I dont have smartcheck or anything like that. Of course the best way to *defeat* a protection is to gain as much knowledge about how it works as you can, so I thought I would USE code-lock and get familiar with it. But for some reason it doesn't like me Slice-n-save runs fine , that's why I wondered if it was a vb5 problem or something like that.

The version of code-lock from the site is a bit older than what I use in slice-n-save. But that shouldn't stop you from using it in your own project. Besides, it is a demo version, should run without any problems at all.


I'm not very knowlegeable with vb cracking yet, for example, reading vb resources and the like, but I know about ocx's and com pretty well so I do have some ideas I'd like to try, but I wish I could get an app to work first


Good luck.

Regards
Ryan

ahhhh Dear Ryan you raised me a good laugh!!!
but ok the fucking froggy will give you some hints:

1/

still wondering why you haven't sold any code-lock??
you seem to be a clever guy, Imagine your a shareware
programmer wanting a good protection for free what do you do ?

You download the demo of code-lock and after you download a software
protected with a registered codelock ocx and thank you Ryan u've got
a code-lock for free!!!!

One solution could be to fuse the ocx with the exe with fusion but you
can only do it on your own productions, seem that u'll have to cripple
the data file creator or advertise more on the fact that registered users will
have a personnalised codelock!!


2/ well if I understand well you compress the full_version exe with zlib
and after encrypt it, then if the user register, the ocx decrypt and decompress
the full exe. This full exe is itself protected by the ocx againts other use
of it on another pcs

ok well done for the first part, didn't even try to decrypt the exe I'm just a newbie
but I'm sorry to say that U're protection is almost totally useless to protect the full
version exe:

Well I cracked your full_version demo program in less than 5 minutes. How ?
I haven't even bothered debugging you ocx, I simply wrote my own codelock ocx, responding what your app whant to hear.... it is so easy...Excepted for the the getstring (moreover when like me u haven't downloaded the full ocx ;-) ) but be sensible, I'm pretty sure no one among your future customers will use it because it's painfull and when a guy spend 200$ for a protector he wants a turn key solution. And moreover even if he is willing to add some code he will use the simplier auth method well simplier for the crackers too...

As a conclusion The getstring is your only rempart against my method so manage to automate
the process for your customers to really use it (sadly however it me refrain newbies but will be piece of cake for more experienced crackers and you beautiful work is sadly compromised, don't waste more time on useless anti-debugging tricks!!!)

Ok, I've teased you a little, hope you won't get angry, because I respect your work. Good luck and good work you seem to be smart u'll certainly find other tricks. And be careful not giving your codelock for free if you want to sell it !!!

ps: Will I receive a reward for this analysis ;-)

lol sucks for you ryan you go sandworm

still wondering why you haven't sold any code-lock??
you seem to be a clever guy, Imagine your a shareware
programmer wanting a good protection for free what do you do ?

You download the demo of code-lock and after you download a software protected with a registered codelock ocx and thank you Ryan u've got a code-lock for free!!!!


You are wrong there... I presume that you have not seen the full version of Code-Lock? There are some inputs that need to be fed into Code-Lock for it to work as full version. Also, do you think a self-respecting, easy to trace company would dare to use a unpaid version of Code-Lock and distribute its own sharewares?



One solution could be to fuse the ocx with the exe with fusion but you can only do it on your own productions, seem that u'll have to cripple the data file creator or advertise more on the fact that registered users will
have a personnalised codelock!!

They do get their persionalised version. Just that I don't declare it loudly to the public.



2/ well if I understand well you compress the full_version exe with zlib and after encrypt it, then if the user register, the ocx decrypt and decompress the full exe. This full exe is itself protected by the ocx againts other use of it on another pcs

ok well done for the first part, didn't even try to decrypt the exe I'm just a newbie but I'm sorry to say that U're protection is almost totally useless to protect the full
version exe

Well analysed. Yes, this is the basic function of Code-Lock.


Well I cracked your full_version demo program in less than 5 minutes. How? I haven't even bothered debugging you ocx, I simply wrote my own codelock ocx, responding what your app whant to hear.... it is so easy...Excepted for the the getstring (moreover when like me u haven't downloaded the full ocx ;-) ) but be sensible, I'm pretty sure no one among your future customers will use it because it's painfull and when a guy spend 200$ for a protector he wants a turn key solution. And moreover even if he is willing to add some code he will use the simplier auth method well simplier for the crackers too...

Well, not quite right. I have already thought of this loop hole which is why I introduced the getstring function. Well, if someone is willing to pay $200 I am sure he will use every single function there is. And will pain-stakingly do it. My own app (Slice-n-Save) is FULL of such functions.


As a conclusion The getstring is your only rempart against my method so manage to automate the process for your customers to really use it (sadly however it me refrain newbies but will be piece of cake for more experienced crackers and you beautiful work is sadly compromised, don't waste more time on useless anti-debugging tricks!!!)

It won't be a piece of cake because, they won't know which string is which for what and getstring can be used in hidden functions not seen on the controls at all.
I didn't put much anti-debugging tricks in Code-Lock. If you are talking about SoftIce detection, it is due to telock and not my code. I have only a few anti-tricks which I would say is quite interesting.



Ok, I've teased you a little, hope you won't get angry, because I respect your work. Good luck and good work you seem to be smart u'll certainly find other tricks. And be careful not giving your codelock for free if you want to sell it !!!

ps: Will I receive a reward for this analysis ;-)

I am not angry at all. I am very flattered someone actually thinks through the whole protection and can come up with a method rather than just watching by the side like Athlon giving useless comments.

But your analysis is based on the fact that you have already got a full version of the program which means that you have already paid of it and is intending to warez it out to the public. If you don't have the full version of the program you intend to release, you will never be able to figure out the getstring functions.

Keep up the good work. If you are a newbie, you will go far. I personally don't think you are a newbie.

As for reward, I am quite reluctant to do so because you only pointed out the loophole that I already know. But how can I point it out to you that I know of it before you tell me without telling you the loophole itself? ;P Well, since you are my first "decent" theoretical cracker, I promise you a US$30 payment the minute I get my first Code-Lock customer other than myself. heh. Now, go figure a way for me to pay you when the time comes without me knowing who you are.

Best regards,
Ryan

Was just some little jokes to tease you,

1/ I don't want any money

2/ Effectively I haven't seen you full version ocx just
some assumptions of my part to tease you. But don't trust
too much in your customers, the world is full of surprises and of
bad intentionned people.

3/ I unterstood you implemented the gettsring because of my method and it was pretty well done.

The reason why I said no one will use it is what I've seen with asprotect:

Alexey have implemented such ways of improving asprotect and it was much much painless than your method, the curstomers just had to add labels to the source code and the app would have been harder to unpack. And finally among the customers who used it ? nearly No one, people just push the protect button and don't take care of the options. that's what happen in the real world. So, automate the process so the customers will have nothing to do!!!

Finally you'r wrong thinking that your getstring will do the trick against the building of a new ocx. once I have the full version running u're dead "if it's run it can be defeated" : sooner or later u'll have to decrypt a string and here is how it will be defeated.

1/find in the exe a routine decrypting a string, the assembler equivalent of secure.getstring(i) that the only difficulty because visual basic is weird to trace and I don't want to waste my time on this but I'm sure it's far to be impossible.

Once done u're dead, the cracker will tamper this part right in memory like blackcheck first did with redirected api of safedisc

here the traduction in vb of what the cracker will do:

for i=1 to big_number

array(i)=secure.getstring(i)

next i

after the last string decrypting there will be a page fault the cracker will land back in debugger and will dump the memory zone containing the array to a file

Now he have a well structured file with all the strings decrypted
and he can emulate your getstring function very easely

Don't dream it's nearly impossible to protect a running program against piracy especially in vb not because you're a bad programmer but because vb is an high level langage and wasn't conceived to take control of what happen at a lower level where the battle take place

To finish you said :

But your analysis is based on the fact that you have already got a full version of the program which means that you have already paid of it and is intending to warez it out to the public. If you don't have the full version of the program you intend to release, you will never be able to figure out the getstring functions.

It's clear but if a bad intentionned guy manage by illegal(false credit card number) or legal way to have the full version of your program he will crack your prot and spread the full version on the net.

There no avantages between your codelock and the old way of doing: sending the full version with a serial to the customer once paid. You claim that your code-lock can avoid the spreading of a single version to other computers but if the full version is cracked it's wrong and your protection is useless or if not doesn't deserve to be paid 200$ because your competitors are more secure and moreover with them the customer can try a fully functionnal trial.

just forgot one thing

i've not seen how exactly the getstring is implemented so just making assumptions but i think you add a section with them at the end a the file. So, I hope that you add them encrypted if not it's even easier

Actually sandworm, this is the approach I was taking. I was creating a Code-Lock.ocx emulator. I wrote my own ocx which responds with the appropriate answers

However, yes, the problem will be GetString. GetString, according to the documentation, takes in an integer and returns a string. What I wanted to do was create a layer in between the app and code-lock. I have successfully done this on the demo program when I compiile it (I can capture all communication between the program and code-lock), BUT it would be more difficult to do on an already compiled program. COM likes to use GUIDS everywhere. No big deal, you can compile your new emulator to be binary compatible, so the interface stays the same. BUT now you need to somehow still create the old code-lock ocx within your new ocx. Since you haven't changed the GUID you are screwed. I tried a few things, I went into regedit and changed the CLSID GUID manually, etc, but then code-lock's Class Factory fails. Really I don't know why it should but it does.

See if you created a successful layer on a precompiled app you could just capture the communication and make a table with the strings so you could emulate it. Right now the rules of COM are what stand in your way - BUT I still have a couple other ideas to try - perhaps use late binding to create code-lock object, this way you can create by name, not hardcoded GUID. The system looks up the guid in the registry. I haven't tested that yet tho.

the ideas behind this protection are good - for example , not having functions at ALL in the demo. That is the correct way to do it. And the full version is encrypted and compressed so there is no way to crack it first off unless you can decrypt it (which, by the way, could be done - look at safedisc).

I think the real answer is that if this protection were used on large commercial valuable programs, it would be defeated quickly because there would be a want to defeat it. Right now it's kinda just practice ?

Ultimately OCX is a dll, and everyone knows "DLL protections are dead !"
-nt20

I applaud both nikolatesla20 and Sandworm... I am impressed with you guys or gals.

And yes, the strings for GetString is encrypted.

And yes, I have been thinking of automating the getstring function. However, I have to admit that I have limited skills in this area and I have limited time to test it out. Programming is my second job after my hard day's of work.

I am very very happy that my little Code-Lock is getting attention from the two of you. If it was to be cracked, I would be happy that it was by either one of you.

Most people will go straight to unpacking it and patch the hell out of it. But little do they know that the moment they unpack it, they land straight into my little trap and will never get a function Code-Lock. :P

Best regards and thanks
Ryan

Tonight, I will be able to sleep with a smile on my face.

first to nikolatesla20:

whaouh well done man you're far better than I, I'm not enough skilled in programming in general and in ocx in particular to follow you on this path!!
But with your approach there's still a weak point: you will have to test all forms all option all buttons etc to find all the strings and with a big app you can miss some strings. for sharewares however it is a very good solution, will be very happy to see the result of your researchs keep us informed!!

Ultimately OCX is a dll, and everyone knows "DLL protections are dead !"

I completely agree!!!!!

to Ryan:

that's too much honour for a little newbie like me and in fact I havn't done a lot , my self code ocx just consist of several subs with only one or two lines of codes in each. The only problem is for getstring but as I said once a piece of code decrypting a line is found in memory it's finished. Don't want to test that because first I don't have a registered codelock ocx and secondly I am not sure to have the skills to find it I explain why :

Here is your big error Ryan you thinked most people will unpack then patch your ocx but you are wrong nobody will even try. Why ? because it's vb6 and it's very very hard to trace a vb prog because you allways shift between msvb dlls kernel.dll user32.dll and the main exe which is a succession of call to vb dlls.

On the contrary making a new ocx is dead simple and all crackers immediatly see it. You thinked it was a pure accident if me and nikolatesla20 both followed the same way ? And I think that's a reason why more experienced crackers don't even take care, they have seen that your prot rezide in an ocx and already knew how it could be bypassed.

Now if you absolutly want your last function getstring to be cracked and if nikolatesla20 fail with his approach I advice you to try to contact acid burn the specialist in vb cracking and he will quickly achieve your dying code-lock by explaining how to find theses famous locations or perhaps with another home made good trick

Finally for the decryption of the full version all you need is a sha specialist try to ask to mike in his forum if he is willing to try to defeat your encryption

Well, well, Code-Lock Create.exe, used to create the .dat file, is packed. No problem, I got it dumped. Found the entry point - (right below the "VB5!" string reference duh). Fixed IAT..

Hmm no crash, it just exits right away..bpx on ExitProcess, yep it runs but jumps right to exitprocess....Hey look I can use VB disassembler on it. Ok WHOA it's P-Code ! Nice. Thankx a lot ! LOL

Running it in a p-code debugger now, found an exe size check at 00417776...... heh heh heh


-nt20

Where do my post's keep going

YES! Code - Lock Create.exe is unpacked and running. After unpacking, address 00417791 needs to be changed to a "BranchT" instruction (reversing the jump to jump if the file size IS different), change from 1C to 1D. Now...how does this thing go about encrypting....or rather, where does it store the "program code"...(the only part we really care about)



OOPs, still a little bit more to do, I see the "create" button isn't enabled now.

-nt20

Grin... and the traps set in...

Why not change it to a 'Branch' ie. 1E ? Then it will jump always?

BTW, good work.

Enjoy
Ryan

good job nikolatesla20, what are the vb dissassembers
and p-code debuggers u use? I wasn't aware of these tools...

nikolatesla20,
I found one wktvdbdebug do u have a good doc explaning p-code and what the opcodes mean, seem that I have to learn a lot on this subject!!!

Abiut the traps I think Ryan use the createmutex trick of telock
quote from telock help file:

[Enable Mutex check]
This option is for software developers only(!). Normal users can't use it because it needs changes in the source code of the file being protected.

Using a named mutex object for protection purposes is rather new stuff and the first Compressor/Protector which uses it is tElock.

It's very simple: At runtime the tElock decompression/unlocking routines create a named, owned mutex in unsignalled state. Read the corresponding chapter in your WinAPI documentation to find out more.

Mutex Objects are usually used for thread synchronizations. You can directly check if such object exists using some lines of own code in your program! That means the protection itself is stored in your application's code and not in the attached decompression/unlocking routines.

You only have to add a few lines of code to achieve this. If your check fails, you can be sure that someone tried to bypass the unlocker or that he tries to run an unpacked version of your program. You decide by yourself what to do then... However, I recommend you to simply EXIT your program, maybe with some random delay. Doing harmful things to someone else's PC is not advised and will probably bring you into trouble.

If the unlocker cannot create the mutex for whatever reason (that's not if the mutex already exists, e.g. when you run 2 instances of your program), it will abort and exit. That's the only disadvantage I noticed. But don't worry, this will most likely NEVER happen.

You must enter a string(name) for your mutex object in the Editbox next to the checkbox. It has to be zero-terminated, must be 8 to 63 Characters long and must not contain any Backslashes ('\'). Make sure that this string is exactly the same as the one you will use in your program's source code for the check(s) ! Names are case dependent !

Don't worry about the mutex object after your program quits. It will be destroyed by Windows automatically. During runtime it doesn't do/harm/affect anything. So, feel free to use this feature.

Example codes for your check(s):


ASM (Borland Turbo Assembler):
-----------------------------
.DATA
mymutex db "YourMutexStringHere",0 ;same string as specified in tElock!
.CODE
call CreateMutexA, 0, 1, offset mymutex
call GetLastError
cmp eax, ERROR_ALREADY_EXISTS
jnz ExitProgram

DELPHI:
-------
CreateMutex(nil, True, 'YourMutexStringHere');
if (GetlastError() <> ERROR_ALREADY_EXISTS) then close;

C/CPP:
------
CreateMutex(NULL, TRUE, "YourMutexStringHere";
if (GetLastError() != ERROR_ALREADY_EXISTS) {
YourExitRoutinesHere;
...
}


do a bpx createmutexa and launch your unpacked app to see!

Thanks sandworm, I'll look into it - I see his program does have a string reference to OpenMutexA, and it also uses ReadProcessMemory along with GetCurrentProcess. I need to figure out what the program is reading from itself.

-nt20

Thanks for the mutex tip, sandworm. It is using that! It looks for a mutex named "DICLDC2". You could patch it to not care like so:

I found the program calls "OpenMutex" when you move the mouse over the label to create a file. I managed to bpx into the movement and found the call.

Patch offsett 0041691 to a BranchT from instead of BranchF. Mutex check is gone. !

Or you could create a simple C program the simply creates a mutex with this name (works !) or you can do my next workaround.

If I just run the original Code-Lock Create.exe first, THEN run my unpacked version, the button is now enabled and I can create a file that works.

teLock thinks that this is such a great protection, it is NOT. I can use ProcessExplorer to see all the named mutants the program owns, and compare it with my unpacked app. Also, you could just run the original app like I did and leave it running, which gives you the mutex you need, then start the unpacked app. There are several options.

I've managed to successfully enter the debugger on clicking the label (it's a label, not a button).

Now time to do some P-code reading...

-nt20

Just an interesting side note, teLock uses ReadProcessMemory to make sure you don't have breakpoints set up where it doesn't want you to. For example, if you put a bpx on CreateMutexA this program will not even start up. teLock sees the bpx and exits. A solution on Win2k you can bpx on CreateMutexW, which is called by CreateMutexA, or you could "bpx CreateMutexA + 1", so the bpx is on the line below the "push ebp" of createmutexa.

-nt20

P.S Mutex check is gone, read my post above. Now on to the dirty work.

I already know it takes the program code and changes it to a hex string. ALso, it uses a random number to start a sequence. Then it makes a NICE big number with a bunch of crap and you hex program code in the middle of it. I THINK this is the reg code. not sure tho.

I got Code-lock Create.exe unpacked and rebuilt the iat
but i cant find the Oep

Just open the file in WinDASM (first make sure you edit the sections so WinDasm can read them, use LordPE or PEditor)

Then look at the only string reference, "VB5!" The code line that pushes the string is the OEP. (push xxxxxxxx)


Here is an update :



0041BC50 is the important call, it creates the data file with the "encrypted" data in it. The data is compressed in the temp file, and then this routine finishes it up by encrypting and making a new .dat file.

The program goes on to finish up the data file, for example, it tacks on the strings that you wanted to encrypt.

That's all I'll share for now. You can put breakpoints on these critical areas to track what the program does.


-nt20

ouch you've passed the second speed no one can stop you now!!

Unfortunatly I'm stuck at the beginning, I've rebuilded the exe it seem to work, just exit because of the size check.

But when I want to study it with wktbde it crash when I hit the run button.

Please tell me what p-code debugger you use. if it is this one, tell me what's your oep iat lengh and rva etc to see if it's a pb with my unpacked exe.

concerning the ocx, I've seen it call a mutex with the same name.
Have you ever dumped a packed ocx? I don't exactly know how to proceed

Yep that's the debugger I am using, I have both win98 and win2k

I stepped into the encryption routines, ..but I'm no encryption expert.

Um, just to speed collaboration I've attached a small gift..

Hey, he wanted us to crack it, so get off my back. Group effort !

Load up the file in WTK debugger, Run it, then press GO after it loads. Now put put in a program you want to create the dat for, and a program code. Move the mouse over the create button. Press CNTRL + P to activate the debugger. Click the left mouse to click the button. Boom. You should be in the debug.

Help me oh encryption experts!

NOTE: This is the DATA FILE CREATOR program, not the ocx. If we can figure out the encryption method we can decrypt the dat file without the ocx

-nt20

hello nikolatesla20,

I know, you'r doing all the hard work but please don't get angry
if I'm not helping you, I'm still a newbie and all that is beginning to be very hard to follow for me
I never used a p-code debugger and I don't know anything about p-code

moreover I can't help you for the encryption I don't know anything about it too, so all I can do for the moment is follow the leader

however, I think that perhaps I've found something interesting:

I'm not sure because don't know why code-lock refuse to decompress a .dat for me even with the good serial but, "feeling the code" I wonder if Ryan doesnt simply use zlib to encrypt/decrypt his strings because in the debugger I see my string after a call to zlib and after an encrypted string

Am I right Ryan or is it too good to be true ?

No, don't worry about it sandworm, you helped me on that mutex thing. I forgot to look up the important info like I should have.

Looks like the strings are encrypted too of course, below the zlib!compress call you can see several calls which cultimate in the encrypted string, which is then tacked on the end of the dat file.


I'm starting to get bored with this I think it's time to move on to CuteFTP secure server 1.0. They didn't even pack it, its naked as a jaybird...

-nt20

That's right, I have no life. Maybe I'm slightly obsessed. I've never stepped thru p-code before, it's a nice learning experience.

Anyway, I found a couple of checks for SmartCheck right off. The first checks for <programname>.sup, which is a file SmartCheck would create. If there is a SUP file it won't run. There is also a check for "schkcore.dll" in memory. I just renamed the file it looks for.

The whole form_load event consists of setting the form's caption, and then checking several gazillion crap, using readprocessmemory. It checks to see if you have any bpx's set in "crucial" DLLS. First off, the DLL function names are just byte strings, so you can't see them just looking at the p-code, it builds them dynamically. The debugger will show them to you when the string get built , however. Here is the little loop that goes thru the array of (ReadProcessMemory) bytes, which were read from the DLL functions, and sees if there is a breakpoint. If there is, it sets a flag:




You can code a Branch right after setting the form's caption, to jump to the ExitProcHresult opcode at the end of the form procedure, and the program still runs fine, skipping all of these weird checks. BUT maybe some of them are necessary who knows. I've got p-code on the brain now!

I still can't run it in SmartCheck yet, it exits because of an invalid page fault somewhere. I'm not sure if this is a "protection" in the program, or a problem with SmartCheck not working 100% with my unpacked and rebuilt program. Either way, it still runs in the WKT debugger just fine.

-nt20

For anyone that wants to run the code-lock keygen in a debugger.

NO THIS ISN"T A NEW KEYGEN for CODE-LOCK. I wish I'm not that good at crypto ! THIS IS the keygen that comes with the program demo.


Here is Keygen unpacked. You can run it in WKT debugger.

I still can't get SmartCheck to run either of these. Still don't know if it's a rebuilt file problem or not. "Pretty" sure I've removed all anti smartchecks...

ALso there is a check for ProcDump in code-lock create.exe, it checks for a window title, "Procdump Request" which is the title you get if you try to do a scripted dump. This is also in the Form_Load event. Theoritically, you can skip the whole form_load event and be check free.

ADDITIONAL: I was thinking about this program over the weekend and I thought, there is possibly one "weakness". When you are running a protected app, and you click "register", the code -lock register window comes up. Now, you enter your info. OK now you click "register". If you code isn't right, the register window exits pretty quick. If it's right, it takes a LOT longer, because it's decrypting the *.dat file. SOOOO, it somehow must know if the code is right BEFORE it even tries to decrypt the dat file. What I mean is, it's not just decrypting the *.dat file with the info you give it, and if you have bad info, the decyption is just junk. It DOESNT EVEN TRY to decrypt UNTIL your code is right. So I am thinking it must know what the program code is somehow. There must be a way to find that maybe by bruteforcing. Like I said there is obviously a decision being made as to whether to even bother to decrypt the dat file at all. The data that decided this has to know the correct usercode, your name, and most important, the correct reg key. The program somehow combines these and checks whether they are correct in some way before it even bothers to decrypt the dat file. I am thinking it also must know the "program code". so this must either be in the dat file (unlikely) or in the user code (also unlikely) or in the reg key (very likely).


THE IMPORTANT PART of this is that to decrypt a dat all we need is the PROGRAM CODE, which is most likely a "private key" of a public key system. We already have the keygen to generate our user code then. Once we have a full version *dat file decypted, it is simple to create a code-lock emulator remove all protection checks if desired.

-nt20

Not that I plan on being able to decrypt the *.dat file AT ALL, but this is valuable info for any attempt:


The "session" key is first created by calling MSVBVM60!rtcRandomize and MSVBVM60!rtcRandomNext - this may be a weak point in the protection, perhaps VB has a weak RNG. I appears that it is then mixed with your "Program Code".

The temp file that gets created is simply the original file zlib
compressed. I sucessfully can uncompress this file to restore the
original. This means that the data fed to the encryptor is a simple zlib compressed data. For a normal executable, the header is "MZ" this is a short string obviously, but could allow room for a type of plaintext attack. The compressed bytes at the beginning of exe's for zlib from this program are always:

78, 9C

I tried a couple different programs and got the same bytes. Hey, its a start

I traced three different programs thru the encryption file creation
process, and the encrypted data starts at offset 17 hex in the file, after the file is completed with headers and all. Ciphertext comparisons can begin at this offset then

So if you knew the encryption method you could search for keys until the plaintext matched. Hey, it's only 2 bytes I know but it would be cool to try.

It is also good to know first what the length of the key may be, this may lead to a clue...this is the output from the rand generator, my "Program code" (NIKOLATESLA) and a bunch of more calcs. and string concantenations.



Obviously, if that last string is the whole session key, I would say it would be almost impossible.

Alternatively, you could simply compress the Demo version program with zlib and use some of the bytes at the start as the plaintext. Chances are between the two programs those compressed bytes may not change all that much. In fact, I think this would probably be a very viable option.

Not sure yet on the encryption method itself tho. Sorry.

-nt20

cracking freeware , man i luv this board

Hello!

I'm can't beleave when at start this thread was not killed..

I performed search on my HDD & archives for VB6-apps and found nothing.
(:& in feature will nothing

As I know, thet VB is made for non-programmer people. Or I'm wrong?

Here my 3 Q:

1. Hey nikola20, why you trash on this time!? Letz do something crazy..
2. Hey, bart! Is something new on protectorz scene?

3. Hey Ryan, do you know any programming language!?

Woodmann had to see a good reason to leave it what that reason is has still got me

Being fair to people in a community messageboard?

What's this all about? Being open-minded, learning, reversing, watching someones efforts, or is it simply about attacking the ENEMY for the sake of it? Read it or don't, the thread is a valid one.

Kayaker

You have my fullest respect, Kayaker.

To Evaluator,
Yes, I know programming languages like assembly, C++ and Java. And in addition, VB. Do you? The best of all is that I know the REVERSE of all the above languages too. Do you? Why do I choose VB to program Code-Lock? 1) How many people are like you, shunting VB? (To my advantage) 2) How many people are proficient in cracking VB? (To my advantage again) 3) How many people shiver at the sight of pcode and complains about the lack of tools for pcode cracking? (To my advantage again) What's so special about assembly or C++? Yes, they can do lower level protections but how many of them cannot be bypassed? If you still don't see the point, you will never see the forest for the trees.

Regards
Ryan

The part is he is doing this for financial gain now if some actual reversers come along and released anything VB i wouldnt mind and im sure there wouldnt be as bad a replys as there was but its like he is using us for testing his software so he can improve it let me ask you this would anyone here help alexy improve asprotect?

Easy Athlon,

We are all aware of whats going on here.

We asked Ryan to step up and he did. I would think that was obvious from the earliest posts.

Alexy is no stranger to this place. We respect him greatly

Peace, Woodmann

Hiya Ryan,Kayaker,
Just ignore evalutar,he just doesn't know how to joke

Ok,

<------------Chilled

Im always willing to learn new things, that's why I was looking at this little project.

In my opinion, this protection is pretty good. You wont ever recover the full version unless you can figure out the encryption. BUT of course you get it from someone that already has it, and use a dummy code-lock.ocx to use it anywhere.

The fact that the only tool I can use is the WKT debugger DOES hamper some progress. It would be nice to get these to run in SmartCheck but oh well. Maybe I'll figure it out sometime.

I attempted to unpack the code-lock ocx, I got most of it, but I am actually tiring from this right now sorry to say, it's taking too much of my time - the biggest reason is I think the ocx is ALSO p-code and I have no way to debug it at all then. I also need to come up with a good tool to give me COM object function pointers, so I can get the function offset in the file of each function. I actually think such a tool would be useful a lot, for in the future if more COM style protections come about. It would mainly help in creating layer dlls, etc. I am going to work on that some other time tho.

I am going to move on for a while to practicing keygenning, it's a skill I need to improve upon. Code-Lock has been interesting !

-nt20

Thank you to all that has supported this little project.

As seen, one reason why I coded Code-Lock in VB and in pcode is because of what I mentioned earlier. It hampers cracking if you code it well. This is partly due to the fact that there is not a lot of tools for pcode cracking. Smartcheck and SoftIce are useless. Imaging cracking with just Win32asm and nothing else...

Instead of seeing this point, some of the crackers with narrow minds jump to the conclusion that VB stuff are useless. The only useless thing is their mind, unwilling to learn new things.

You can code low level protection stuff in Assembly etc but all can be bypass. You can add in obfuscation but to me, using VB pcode itself is obfuscation. ;P

Like I said in my first few posts, Code-Lock consist of many layers of protection. First of which is unpacking. Then there is pcode tracing and understanding how pcode works. I believe nt20 learnt a lot about pcode after Code-Lock. There is also a layer of anti-stuff that nt20 manage to detect too. Then, there is a layer of encryption, one for watermarking etc etc.

I believe that if a group of crackers come together, they will succeed in cracking Code-Lock. However, as seen in this little project, most crackers shut their mind the moment VB is mentioned. The only reason I can see if that they are no capable of cracking VB because they are too lazy to learn.

Like what CrackZ has said, one should look at the protection and not the language. I use VB because it allows me to convey my protection idea easier too and also makes it more difficult to crack.

In some cases, one might think that I am taking advantage of the crackers to test my protection without paying. But like what I said earlier, I will pay if someone can point out to me something that I miss and when I get my first customer for Code-Lock other than myself.


Thanks and best regards to all
Ryan

Thanks all for replies

Before continue Logical fights (I love them),
maybe will good to make POLL about VB?

YU-HUU!

I catch you, Ryan, on LIE!!

Eustace asked to you:

>if u are a cool guy, write a tutorial about it
>so that the newbies can studie it

then your answer was:

>Unfortunately, I have limited talents. I can only code but not crack.
>That's why I am asking the specialists in this area.

!!!!!!

Now you wrote to me:

>Yes, I know programming languages like assembly, C++ and Java.
>And in addition, VB. Do you?
>The best of all is that I know the REVERSE of all the above languages too.


YOUR COMMENTS, pLEAsE!

waouh this thread has warmed up since my last visit

Evaluator although I respect you a lot as one of the unpacking kings, I think you're not fair with nikolatesla He has done a great job till now and it was far from being useless:

I agree with Nikolatesla when he say that the protection is pretty well though. Instead of speaking and speaking to know if Ryan can use another language than vb (who cares) or if he want to use us to make money (Isn't fravia site dedicated to help shareware programmers to write better protections?) please help Nikolatesla to find a way to decrypt the archive I unfortunately don't have the skills

Ryan you didn't answered me, do you use zlib to encrypt your strings or do you use a encryption algorithm of your own? If you use zlib better switch to the second option
Moreover I would like to dig around that getstring function, can you make another demoprogram using the getstring function?

sandworm,

I walked thru the string routines too and they are compressed and then encrypted and tacked unto the end of the *.dat file. So sadly, yes, they are encrypted too. But like I said I didn't really spend too much time in the encryption routines.

-nt20

To Evaluator:
Never look at things on surface values. I thought you should know that as a cracker... I did say I have limited talents and that I can only code and not crack. Do I mean that I can only code but can't crack Code-Lock or do I mean I can only code but not crack at all? And it doesn't really matter which is which. Also, in a crackers' forum what do you think a POLL about VB will be?

To Sandworm:
-nt20 has answered your question for you. What I suggest you do is to slowly work your way up to the level of -nt20 and then later learn about encryption. Start by unpacking again.

Regards
Ryan

to nt20:

"I walked thru the string routines too and they are compressed and then encrypted and tacked unto the end of the *.dat file"

Yes but after the decryption+decompression of the dat file into the full version exe are they still compressed+encrypted or only compressed in the full version exe? If they are only compressed you can use zlib to decompress them
And if they are still encrypted+compressed perhaps the encryption algorithm is weaker on the strings than on the file if not it would take years to be print them ...
This is what I wondered, hope I explain myself good enough with my poor english.

To Ryan

Following nt20 advices I can now unpack your files too (just had problem with the oep, you thought a poor sizecheck and openmutex trick were enough to prevent unpacking? )

But as unpacking is usefull to try to defeat the encryption algorithm it is useless for the way I choosed to defeat the ocx

As I keep saying to you I don't want to focus on the encryption, it's the strongest part of your protection and perhaps will be impossible to crack (although for me it's not really software protection it's only a matter of encrypting a file it can be done by any programmer, the protection part what add value to code-lock is the ocx).

On the other hand the ocx is the weak part and I wanted to focus on getstring to finish the cracking but if you don't want it to be tested, after all it's your baby. I know that you prefer to see us spending a lot of time to defeat all your tricks and improve them later but if we can't choose by ourselves the way we want to crack I prefer to stop, you piss me off.

Interesting... In what way did I stop you from analysing the getstring function? My baby is in your computer. Do what you wish. I thought you gave up because you didn't post anything for a while. So I thought it might be too difficult for you thus advice you to work your way up.

Regards
Ryan

my english must be really awfull, nobody understand me

Like as said earlier I can't test your getstring function because the example vb program you furnished with your demo code-lock don't use the getstring function !! So, that's why I asked you to write another little demo program but this one using getstring. Anyone understood ?

hello Ryan are you finally willing to give me a demo program using all the functionnalities of code-lock including the famous getstring?

nt20 :

I have time to loose this night and I though about the serial generation. Playing with Ryan's keygen, suddenltly a light as fired!! For the same informations, if you push several times generate key,you get another serial why the hell? I think I understood why:

I agree with what you say nt20, the program code must serve as a key for decryption. So as foxthree has seen SHA-1 in the code this is what I think Ryan does:

serial1= SHA-1 hash of mangle(name and user data)=>first part+SHA-1 hash of mangle(program code)=>secondpart

When you type your serial, code-lock compare the first part of your serial1 with the SHA-1 hash he has done himself with mangle( name and user data) if it's ok it decrypt the .dat with the second part of the serial.

but there's a problem: once someone as a valid serial he can make a keygen: from the second part of the serial he has the private key for decryption and by figuring how name and user data are mangled he can easily reconstruct the first part of the serial for any name/user data. Conclusion he can easily keygen it!!

So to avoid that, Ryan encrypt the serial1 with a random key (this key change each time you push on the generate serial)
to make serial2 that you see on the screen. But for code-lock to retrieve serial1 from serial2, the decryption key must be somewhere in serial2:

serial2=serial1-encrypted+decryption_key

So if I'm right, I think the best method to make a keygen for a code-lock protected app is:

1) Have a valid serial2 for this app

2) Figure out what is the method used to encrypt serial1 into serial2 and where in serial2 is the decryption key

3) Figure out how are mangled(name and user data) to construct your own first parts

YOU CAN NOW MAKE A KEYGEN FOR THE APP!!

Well this is what I thought, I can be wrong! What do you think of this analyse, hope you've understood what I meaned perhaps it's not very well explained!!!

In all case if I'm Right it's rather good news because it means that a keygen for code-lock protected program is technically feasible!!

SO PLEASE GUYS READ THIS POST AND TELL ME IF I'M DREAMING OR IF I MAY BE RIGHT

hi,
the code-lock.ocx which comes with my Slice-n-Save has that function. Why don't you use it?

Your theory about the key... Well, you have got the demo version with the keygen.exe. Try it and see.

Regards
Ryan

Ryan, to see slice and save use getstring I need the full version
off slice and save. I think you'r not willing to give it to me just to test the interaction with getstring, that why I proposed that you coded a demo program using getstring

sandworm - the ocx that comes with the slice - n - save demo HAS the full function of getstring.

Just unregister ( "regsvr <path to old ocx> -u" ) the old ocx ( the ocx that comes with the code - lock demo), then register the ocx that comes with slice- n- save instead . YOu can either ("regsvr <path to slice-n-save ocx> or just run slice-n-save. I see that it seems to register the ocx automagically if it sees it's not registered already.

Now use THAT ocx in your own demo, and use getstring in your demo to see how it worx.


-nt20

"Now use THAT ocx in your own demo, and use getstring in your demo to see how it worx."

well this is what I first tought but sadly it isn't that simple

As Ryan explained in an earlier post you need to feed the registered ocx with some values to use it or it won't work!!!
Nevertheless I tried to be sure (after unregistering the demo code-lock) and it defenitively don't work

so two solutions ryan give us the info needed to use the registered code-lock (I don't think so ) or he make himself a little demo-program using getstring. I think he understood well but don't want to do it perhaps he his afraid to see that his ocx isn't secure...

In all case I'm very bored of this attitude from Ryan and want to take somean holiday break. He will manage himself to improve his protection

congratulations for your good work nt20 you learned me a lot!!

There is a third solution... as a cracker, crack it and make it use getstring...

I am no afraid that my ocx is cracked. I will be very happy.

The reason why I don't respond sometimes...
My working hours are like this:
Monday: Work from Monday 7 am to Tuesday 3pm
Wed: Work from Wed 7 am to Thursday 3pm
Friday, Sat and Sun: Work from 7am to 7pm

Regards
Ryan