Log in

View Full Version : Code - *ock


nikolatesla20
August 8th, 2005, 09:08
http://www.chosenbytes.com/challenge.php

Five years as it says on the bottom. And I still have yet to run into a commercial application protected with it.

Blow some more smoke will ya!

-nt20

Polaris
August 8th, 2005, 09:54
Well, surely they are very funny:

Quote:

What they say and what they mean when they decline the challenge:

They Say: It's too easy to crack. I am not bothered to try.
They Mean: I am too scared to try. It will not be good for my reputation if I fail.

They Say: I am busy cracking other programs.
They Mean: I'd rather crack something easier than wasting time trying something I am not sure of.

They Say: I don't think I will be paid even if I cracked it.
They Mean: This is the best excuse I can think of.

They Say: I think this is just gimmick.
They Mean: I know I can't crack it but I must say something to hide that.

They Say: I only crack what I want and I do not want to crack Code-Lock.
They Mean: I am afraid I will not be able to crack it.

They Say: I am intelligent enough not to accept the challenge.
They Mean: I know I can't crack it so I better not try.

Polaris
August 8th, 2005, 09:56
Yes, surely they are extremely funny!

Quote:

Weaknesses of Popular Protections Schemes- Demo protections

* Users are allowed to try the demo version of the program.


HAHAHHAHHA

Silver
August 8th, 2005, 15:05
Yes, as soon as developers stop letting people evaluate their software the world will be a better place.

Next up, buy your next car without a test drive!

*edit* A quick search finds no reference on the forum to that challenge. That's possibly because I have lost the ability to form correct searches, though...

SiGiNT
August 8th, 2005, 15:35
Challenge taken by Foxthree 4/2002 - C0D3-L0C? cracked by Sandworm shortly there after, with promises of improvements by Ryan - so where does he get off saying it's never been cracked? - I got bored and didn't read the entire thread.

SiGiNT

nikolatesla20
August 8th, 2005, 17:23
The whole point of his "protection" was not giving out a complete demo version. Hence, "uncrackable" was only because there was nothing to crack! The full version would't be decoded until you had the license key. But once a cracker would have a licensed version it would be easy to defeat.

Here is the forum link for all to see

http://www.woodmann.com/forum/showthread.php?t=1998&highlight=ryan

Anyway, just thought hey it's been a long time and I still haven't seen it in use.

-nt20

HAVOK
August 9th, 2005, 08:11
Quote:
[Originally Posted by nikolatesla20]The whole point of his "protection" was not giving out a complete demo version.


Well, that explains why there is no anti-debug, etc... I'm gonna join to the group of crackers who perfer to "loose" their time with much worse and cracked protections, like themida, starforce and so on.

0xf001
August 9th, 2005, 17:20
to be honest I think it is indeed not too easy to crack.

one would need working tools first -> see my post how to get wktvbde running with p-code ocx files (http://www.woodmann.com/forum/showthread.php?t=5403)

I worked on it some time ago and found it rather boring as there IS NO software as everybody says and the stupid guy did NOT provide me with what he offered: a demo version. So I stopped the effortts and did sthg productive. I figured quite a lot, if there are ppl interested i can write sth but that would take a bit of time.

ie as a highlight for you I present the modified MD5 init values heheheheehehehheheheehhe

MD5_Control.A=0x69a52b01;
MD5_Control.B=0xef73a064;
MD5_Control.C=0x9750485f;
MD5_Control.D=0x1b025a76;


cheers, 0xf001

nikolatesla20
August 9th, 2005, 17:47
I agree, it is a tough-to-crack protection, but only in the sense that you have no demo version, and to try and decrypt the full version would be difficult. Once one had a full version it would be a simple matter to duplicate and distribute.

I would also like to acknowledge the fact that Armadillo can do this same thing and if you don't have a time demo you need a full version with Arma as well. Although way back a time ago there was a cracker that was able to keygen it (brute force no doubt).

And I agree, the challenge does not provide what is truly needed. A full functional program with Co*eL*c* wrapped on it. That was never provided.


-nt20

0xf001
August 9th, 2005, 18:40
NT20 yes I understand, I am exactly your opinion !

Then when I was playing with it (I think there was a download somewhere here or on his site) I figured some weaknesses in how it verifies some encrypted/hashed data which lead to algorithms and init values, plain and encr text patterns, ... so it is maybe a good theory but in praxis I would not advertise it that much if it was my system

at the beginning i found ryan reasonable (I thought), but he makes promises which he does not hold, and writes some fantasy stories like posted above.

cheers, 0xf001

nikolatesla20
August 10th, 2005, 05:33
Well I cannot blame him since he is only a programmer. Truly, if you have not done RCE you will not completely understand how to make a good protection, or the fact that such a one cannot be totally uncrackable, but merely slows those inexperienced down.

Yes, I always wondered since he knew if the key was good or not before even decrypting the file that it could be a possible entrypoint to attack there. But I go bored with it eventually. It was tough I admit walking thru the p-code. But really if I would have had an actual real demo version program to play with I would have been much more motivated.

Quote:
[Originally Posted by 0xf001]
and writes some fantasy stories like posted above.
cheers, 0xf001


They are not just fantasy but they are inflammatory. For one who has no exprience in reversing (as he himself stated) and then to bring a challenge and assume "this is what crackers mean when they say this" it quite presumtuous and arrogant. The whole thing is just not very professional.

Have a good one,

-nt20