Has there ever been a piece of software that couldn't be cracked?

There are countless copy-protection solutions that software developers can use. Some read CD-ROMs, others access USB dongles, a few do internet activation.

Yet I don’t think I’ve ever seen a piece of software more than a few months old that couldn’t be cracked just by changing a dll or something.

It all seems so futile. What’s the point of a software developer licensing the latest SecurROM/USB dongle/etc if it’s all so ineffective in the end? Has any one of these things ever actually worked? It seems so crazy. An entire industry without a single working product.

Well most people that used cracked software are home users. Most Companies wont even think about it because of the trouble they can get into. Many pieces of software are not cracked mainly because their is no demand for it. Cracking something is not easy. I work in the IT field and in theory no how to use a crack if i so choose. I would imagine that their are many cases that applying a crack to a piece of software is a multi-step process and if you happen to make a mistake you must uninstall and reinstall the program and perhaps even a registry clean. Most people wont want to deal with the trouble and just buy the software.

Has there ever been a mass produced lock made that can’t be picked? Then why do people put locks on their doors? As the saying goes, it keeps the honest ones out. I also imagine it gives the software company recourse when their software is pirated.

I read once that Adobe Photoshop CS 3 is supposedly uncrackable.

However, isn’t the point of software protection really to just deter most users from piracy? I imagine software manufaturers factor a calculated amount of piracy into their costings. Certainly retailers do.

CS3 was actually cracked and downloadable through torrents before it was even released in stores :stuck_out_tongue:

Well. That just goes to show the breadth of my vast knowledge :wink:

In order to make something be truly uncrackable, you need to limit access to the user. One way to guarantee this is through tamper-proof hardware (i.e. trying to take it apart will destroy it) and a system of software on top of it which enables you to use the hardware to keep things encoded/unaccessable. The other way is to perform various functions remotely, on a server that send back the results. But so long as the user has access to the software and the hardware, there’s nothing that couldn’t eventually be cracked.

Nothing is truly uncrackable. That could be solved by easy visualization i have Virtual Ubuntu, XP, Vista, on my system now.

I feel that you didn’t read what I wrote.

So just like my Xbox360? Its hardware designed to mess up if you take it apart and the software i am sure has copy protection in it but their are chips all over the internet that allow you to crack it to play burnt games

Right. My point was really that a simple copy protection scheme would keep the same honest people out as effectively as any of the fancy stuff. So why the giant waste of energy on the fancy stuff?

Not really. For example, I’ve been an MS developer 16 years, and I could easily “crack” anything, and so could just about everyone with whom I work. (Except for that one jackass) :))

Would we? NFW. My point: most of the people that could, wouldn’t.

Ghost CS3? Har.

I’m not sure how XBox does their security, so I can’t really comment. Nor can I say whether there ever has been an implementation of something which is uncrackable via the tamper-proof hardware mechanism. All I can say that theoretically it would make it possible, if designed right. Most places are probably more concerned with dissuading than preventing, since it’s easier and cheaper to do.

The military might have some devices. I’ll see if I can google something.

I’ll also note that if you can detach the part and swap it out with something else without causing your system irreparable harm, then quite obviously it isn’t tamper proof.

Hm, well I’d personally guess that the IBM 4758 is pretty well unbreakable unless you’re the NSA and have a few years.

Hey, man. I’m a software dude. :slight_smile: [sub] (Seriously, that’s things a box job. We joke about it.)[/sub]

You might read the little comic at the top of this page:

http://benheck.com/Games/Xbox360/x360_page_1.htm

[hj]Cool stuff! Making a XBox-laptop[/hj]

Box job?

To add a bit of technical “meat” to this, but without falling foul of the mods I’ll explain how cracking used to work, back in the day ™. This is on the Amiga, which is no longer in production and neither are the games. Nothing given here is detailed enough to be much help either.

Amiga games used to load in a pretty standard way. There is a 512 byte sector at the start of the disk which is the boot block. This was read by the OS, checked for some [magic numbers](Magic number (programming) - Wikipedia, in this case DOS0.

If the magic was found and the boot block checksum was good, the OS would start to execute from an offset inside the bootblock. This was raw 68000 machine code.

On a normal disk this would generally hand back to the OS and let the boot run as normal, controlled by the OS. On a game it would initialise the hardware by disabling exec and Intuition (the window based gui) to free up RAM and CPU resource and then to make it tricky to monitor further it would start messing with traps and exceptions.

The way a debugger/monitor lets you see the machine state is by setting breakpoints in memory, letting the code run to the breakpoint and then starting the monitor to see what is going on. Breakpoints use a CPU function called traps, which are illegal instructions that cause the CPU to halt and jump to a memory address provided by a vector table. The monitor would insert addresses to its own routines in the vector table then write a trap instruction to the breakpoint address. So when a trap was reached it would jump to monitor code and start running, showing you RAM, CPU registers and disassembled program code, and letting you modify them.

Obviously the first thing the protection code would do is to disable the traps, often by putting routines of its own in the vector table - routines which were crucial to executing the game. When these traps were overwritten by the monitor the game would fail and crash. If you left the trap vectors as the game set them you couldn’t start your monitor! Other variants would disable traps, or setup nasty tricks such as double-faulting.

Bear in mind all of this is just inside the first 512 byte boot sector! Finally the boot code would load more disk blocks and start to execute them. These would contain the disk loader. As the operating system (exec & Intuition) had already been kicked out, it was necessary to write your own loader.

Whilst the trap tricks were still in place, the next gotcha would normally be timers. The Amiga had a pair of CIA chips which had time-of-day timers. These would count up but also had an alarm mode. The defensive programmer would set the timers to count down from 5 seconds, alarm, loop and repeat. But whilst the monitor is running the timers would still count down. When you exit the monitor and the game code recommenced execution, it would spot that the timers had hit zero without the game code noticing. It would figure that a monitor had been run and would either crash, or subtly alter the program execution - perhaps killing you after 30 seconds of gameplay. There were a number of ways to set the timers, some very cryptic indeed, so finding and patching these was tricky.

Often thrown into the mix was encrypted code. The 68000 had a feature called Trace Vector Decoding. This used traps to decode each instruction prior to execution, often re-encrypting it afterwards. The monitor traps would often interfere with this, especially if the trace vector used the CPU control bits. Sometimes the encrypted code was self-modifying so it would change the state of future encrypted code as it ran. This meant you couldn’t just save out the RAM and try to decrypt the code manually, as it would be junk until the running code modified itself during execution.

On top of this, the game code itself was probably “packed” on the disk. Using an often unique compression algorithm the data would be loaded from disk, unpacked and then executed under the trace vector decoder.

Even with all this to contend with, most games were cracked and distributed before or shortly after the commercial releases. This was almost solely the domain of the computer geek with no commercial aspect. Whilst we now have easy access to good cryptography, client-server authentication systems and tamper proof hardware devices, it’s still a race which is impossible to win. It’s always a matter of when, not if an app will be cracked.

tim

Am I right in guessing that all the icons on a GUI have their own specific code causing them to appear on the screen, and that malicious hackers merely hide nasty .exes behind these ‘innocent’ icons?