I have written a VB5 program which I eventually want to sell. As an advertisement for the program I have created an EXE demo version to distribute freely. The only difference between the full and demo versions are few Constant values which are changed in the demo version. Is it possible for anyone to get into the EXE demo version and change these constants and anything else for that matter ? Thank you in advance for your comments.
09-29-2001, 09:08 AM
It would be extremely easy for even a novice cracker.
I would strongly suggest actually removing the functions/subs which aren't accessable in the demo versus using variables that can be easily hex edited.
A cracker cannot hex edit a function/sub that doesn't exist.
I am not sure how to implement what you have suggested. How can I hex edit a sub/function? Keep in mind that the demo and full versions are totally identical except for few constant values, which are declared globally in a module in both versions. Can you please shed more light on this matter? Thank you.
09-30-2001, 05:10 AM
Basically he is saying that a cracker could easily change the value of a constant in your application. A better idea would be to remove the functions you don't use altogether. If, however, your application is time limited, then it will never be very secure.
09-30-2001, 05:44 PM
Put all the "special" functions into a separate module. Make another module with the same function declarations but with no code. Compile with either module as required.
Alternatively, compile each module into and activeX DLL. Then simply ship the good one when they register.
"I have a plan so cunning you could put a tail on it and call it a weasel!" - Edmund Blackadder
09-30-2001, 10:59 PM
I hate HEX editing! My friend alwse takes the programs i make, hex-edit's them to change the credits part of the prog to say his name as the maker instead of mines, and distrubites it! i know he's only joking but its so annoying. So from now on i use a picture on a picture box for the credits, and since its a picture stored on the EXE it's self, he cant edit it! I suggest that you take the variables, encrypt them, and store them on a seperate file like DemoDat.dat or something so if the cracker tryes to edit the DemoData.dat it'll be encrypted. Of course if somehow the cracker guess the encryption passwords, he'll get access, so i sugject encrypting it twice or more so he'll have to go through alot. I included a file that i downloaded from oogle.net (i site that made of of the many AOL tools, this one was a more popular one Rampage toolz, made in VB. He had alot of source code for VB on his site, so i found this Encryption Example made by the AOL Police.) It's manly an example and a encryption class module. I use it alot, it works great.
10-01-2001, 01:59 PM
1. A picture is as easily hex edited as text... almost. Actually, you don't even have to hex edit it, just resource hack it.
2. Encryption is good but make sure that the keys are not stored in the application.
10-01-2001, 02:07 PM
You can resouce edit a picture? NOOOOOOOOOOOOOOOOOOOO images/icons/frown.gif. Sigh at least the kid doest know this yet. I use to do Q-basic but that kid too my progs and put his name (which was alot easyer). So i switched to VB for the sole purpose of no-editing.Acually he uses some java applet to edit my progs in VB, not raw hex editing. So he probibly wont find out easly unless he seaches it, but he probibly never head of it either. But anyways how do you resource edit pictures? i've never heard of it.
10-01-2001, 08:47 PM
Sounds like a great friend...perhaps you should do a check in code (hard-coded) that if a certain value isn't recognized (like string length, concatenated values, ascii code algorithms, etc.) a substitute string is used degrading and denouncing this particular individual (which can be checked via the registry).
HOOOaaaaa! Semper Fi!