|
Create a one bit bitmap and ( from memory ) make the colour you wat to be black the background colour, then blt onto it. There's an article in MSDN, and it's something like that. It's part of how to create transparency masks on the fly. The WDJ site has code to do it from my Sept 2001 article, but it's been ages since I did anything like that, so I'm not entirely sure of the details.
Christian
The tragedy of cyberspace - that so much can travel so far, and yet mean so little.
"I'm somewhat suspicious of STL though. My (test,experimental) program worked first time. Whats that all about??!?!
- Jon Hulatt, 22/3/2002
|
|
|
|
|
Thats sorta what I had in mind.
I figure i'll use the first pixel as the background...and basically floodfill the entire backgrond with a unique color not used in the image. Then replace any color that doesn't match the background with black.
There are assumtions with this method, but overall it should work eh...?
Thanx Christian..
p.s-If it's an old article will it still be there on msdn...?
"An expert is someone who has made all the mistakes in his or her field" - Niels Bohr
|
|
|
|
|
Thomasz has given you the MSDN articles I was thinking of, but I was saying I used the same method in a WDJ article I wrote. It's on the WDJ site, not in the MSDN
Christian
The tragedy of cyberspace - that so much can travel so far, and yet mean so little.
"I'm somewhat suspicious of STL though. My (test,experimental) program worked first time. Whats that all about??!?!
- Jon Hulatt, 22/3/2002
|
|
|
|
|
Christian Graus wrote:
Thomasz has given you the MSDN articles
Actually, I'm Tomasz without the 'h'.
Anyway, being in one pack with Petzold feels great
Tomasz Sowinski -- http://www.shooltz.com
- It's for protection - Protection from what? Zee Germans?
|
|
|
|
|
*grin* you know, I originally didn't get the Petzold reference ( I assumed he wrote the MSDN articles ), then I thought of it myself and finally put together your comment.
Sadly my thought processes when coding are often this convoluted also :P
Christian
The tragedy of cyberspace - that so much can travel so far, and yet mean so little.
"I'm somewhat suspicious of STL though. My (test,experimental) program worked first time. Whats that all about??!?!
- Jon Hulatt, 22/3/2002
|
|
|
|
|
What's the criteria for creation of the mask? Do you want all pixels with given color to be RGB(0, 0, 0) in the mask, RGB(255, 255, 255) otherwise?
Tomasz Sowinski -- http://www.shooltz.com
- It's for protection - Protection from what? Zee Germans?
|
|
|
|
|
I think I figured it out.
i'll assume the first pixel in the bitmap is the background and I will floodfill the back with a unique color. then replace each non-background color pixel with black and I should have a dynamic mask...?
There are some assumtions being made, but I think it'll work for me.
Cheers!
"An expert is someone who has made all the mistakes in his or her field" - Niels Bohr
|
|
|
|
|
HockeyDude wrote:
There are some assumtions being made, but I think it'll work for me.
FloodFill - slow and won't work when you have background areas surrounded by non-background.
'Replacing each non-background color pixel' - very slow, assuming that you want to iterate over bitmap with GetPixel.
Basically, you need to BitBlt to monochrome bitmap having text color and background color set to appropriate values. I can't give you any more advice on this - trade secrets, you know But I'm sure CG will be happy to provide you with the details.
Tomasz Sowinski -- http://www.shooltz.com
- It's for protection - Protection from what? Zee Germans?
|
|
|
|
|
Tomasz Sowinski wrote:
Basically, you need to BitBlt to monochrome bitmap having text color and background color set to appropriate values
If i blit(24bit) to a monochrome bitmap it'll do everything for me...?
"An expert is someone who has made all the mistakes in his or her field" - Niels Bohr
|
|
|
|
|
The keys to nirvana: Q79212, Q149585. Follow the white rabbit
Tomasz Sowinski -- http://www.shooltz.com
- It's for protection - Protection from what? Zee Germans?
|
|
|
|
|
Tomasz Sowinski wrote:
Follow the white rabbit
Haven't seen many expoits of The Matrix, so thought I would point this out.
Nick Parker
|
|
|
|
|
Thanx you muchly i'll check it out!
"An expert is someone who has made all the mistakes in his or her field" - Niels Bohr
|
|
|
|
|
I´m writing a program that have a registration form, where the user needs to inform a registration code (that varies from machine to machine). He must contact the company to obtain the reg code, otherwise he will run the program for a short period of time only. The problem is that as a windows c++ programmer I know that is pretty easy to create a brute force program that keep trying to guess the correct registraton code. I´ve implemented some code to prevent that from happening... but I want to ask the opinion of you guys to see if you have a different idea for this implementation than mine. My idea prevents the user from using the app forever. How do you guys would implement this ?
Mauricio Ritter - Brazil
Sonorking now: 100.13560 Trank
My latest article:
Pentominos - A C# implementation of the famous Puzzle Game
|
|
|
|
|
I once thought the same thing.
I figured I could write a quick and dirty util to enumerate/iterate..??? each possible alpha-numeric password, reg code in the book.
At first I thought this is easy...but after alot of thought and some research I concluded...programs that use 128 bit encrytpion or product keys do it for a known reason.
128 bit is a massive number:
18446744073709551616 unless i missed something...
For a program to try each of the possible keys would require some time even if your hardcoded the algorithm into your attack code.
The way I see it, even if you code a 3 try limit, then fail...
If someone gains knowledge of your algorithm and maybe a database or something, they could code a highly optimized version and maybe reduce time required a little, but nothing substantial.
Where there is a will, there will always be a way!!!
Cheers!
"An expert is someone who has made all the mistakes in his or her field" - Niels Bohr
|
|
|
|
|
HockeyDude wrote:
18446744073709551616 unless i missed something...
Don't want to sound picky, but that's a 64-bit value.
8-bit: 256
16-bit: 65,536
32-bit: 4,294,967,296
64-bit: 18,446,744,073,709,551,616
128-bit: ~3.4028236692093846346337460743e+38
I would've been more precise but the calc I'm using sucks. I let my cousin borrow my Text Instruments calc way back when and it has mysteriously dissappeared.
Jeremy L. Falcon
"The One Who Said, 'The One Who Said...'"
Homepage: imputek.com
|
|
|
|
|
Make the code long enough.
Say 12 characters.
That should take several months to bruteforce.
Nish
I am the Keyboard Smasher
|
|
|
|
|
Crackers do not use brute force. They're using kernel debuggers like SoftICE to get insight into your software. So you have to be quite smart and make them tired during this process to avoid creation of patches. And, for God's sake, *do not* put statements like this in your code:
if (daysSinceInstall > 7)
{
MessageBox("Money makes the world go round");
return;
}
because it's super-easy to find/remove the test.
OTOH, you can avoid pirated key generators if you go for strong encryption, like RSA.
Tomasz Sowinski -- http://www.shooltz.com
- It's for protection - Protection from what? Zee Germans?
|
|
|
|
|
Don't most serious software packages use some form of encryption...?
This makes it absolutely nessecary to brute force attack. Unless i'm missing something here???
If you try and protect your code by hardcoding the protection scheme into your exe, like your code snippet above, it's (can be) easy to dissassemble change whats stopping you from using the full package and re-assemble.
The above can be accomplished with a binary search and replace utility, i've done it.
I always thought(or starting too) that programs now incorporate some form of encryption, because then disassembly doesn't do anything and a brute force attack is required, thus the 128 bit thing...takes forever...
IMO there is NOTHING anyone can currently do to prevent the determined from hacking(you call it cracking and I know thats the proper term)any software. So ultimately...
if(DaysLeft == 7)
would suffice under most circumstances. Even if you have the know how to search for a BYTE,WORD, LONG and replace the value with something else...it's pretty tricky finding it and only the determined know-how individuals will try it.
Cheers!
"An expert is someone who has made all the mistakes in his or her field" - Niels Bohr
|
|
|
|
|
HockeyDude wrote:
So ultimately...
if(DaysLeft == 7)
would suffice under most circumstances.
No, you're wrong here. While there's no 100% protection, you may greatly reduce the risk by being smarter than that. Detemined, best-of-breed crackers can break into anything, but your scheme is crackable even by 9-year old with basic cracking experience.
There used to be a cracker's site called fravia.org containing lots of tips on protection against cracking, but it seems they went underground now.
Tomasz Sowinski -- http://www.shooltz.com
- It's for protection - Protection from what? Zee Germans?
|
|
|
|
|
I just think ts so funny that when a company spends so much money on a new protection algorythm and then after 1 day it is cracked and the world can get it for free.
I'm not late, I'm just not as early as I could have been.
MSN Messenger address: jonathann4@hotmail.com feel free to chat!
|
|
|
|
|
By far the most secure and reliable way to implement security that i've found is a system which involves an interactive registration process, over the internet. You can make your client app have some kind of key exchange over the network. This is fairly hard to beat.
If you do choose to go for an encrytped product key, a good way of doing this is to use data from the executable itself as the key for the encryption. This is a lot harder to change.
ie, rather than use "myp4ssw0rd", somewhere in a data segment of the program, as a key, use CFile to open the executable file, go forward X bytes and read from there.
|
|
|
|
|
Jon Hulatt wrote:
By far the most secure and reliable way to implement security that i've found is a system which involves an interactive registration process, over the internet. You can make your client app have some kind of key exchange over the network. This is fairly hard to beat.
Microsoft did that with Office XP and within 2 days someone had cracked it. Windows XP is one of the harder though. Has anyone cracked it yet do u know?
I'm not late, I'm just not as early as I could have been.
MSN Messenger address: jonathann4@hotmail.com feel free to chat!
|
|
|
|
|
as a defense against that, you can do a CRC on your EXE. if that fails, you know someone has tweaked your app. yes, they can disable the CRC code too, but they probably won't even know it's doing a CRC until their first few crack attempts fail.
and, if you're clever, you can use the CRC check to do subtle failures; don't just pop up a message box and quit, do something strange - allocate huge (100MB) chunks of memory for no reason, put a random delay in a message pump, disable random controls - make it look like the crack attempt has broken something vital inside the app. you don't have to worry about annoying valid users - at this point you know the app has been tampered with somehow - either by a virus or a cracker.
the way they're going to discover the CRC is to watch the files that your EXE opens (by intercepting file open calls to the OS). so, make sure your EXE reads itself a lot, for many different reasons. also only do the CRC once in a while (only on odd-numbered days or something). there's no point in making it easy to discover.
beside CRC, you can use the results from your key checking code as vital parts of your app's functionality. encrypt important numbers (like the number of days in a year, the value of pi, or something else your app uses a lot) in your user keys - use the value from the key. that way, without decrypting a valid key, the app won't work as planned.
do the key check in many places.
don't use a function to do it. write a macro. this way, there isn't a single place to break, they have to find every place you've used the macro. even better, write many different macros that all do the test in a different way, and use them all. this adds yet another step they have to go through to crack your app.
as everyone is going to say , you can't really stop people. but you can try to make them give up in frustration.
use public key encryption if you can. it's easy to find the encryption keys in your code, so all they have to do is find the keys and start testing the key in various symmetric ciphers till they find the one that gives the same results as your app. then it's just a matter of arranging user data to get a keygen. this ain't gonna happen with public key encryption.
-c
Ah, but a programmer's reach should exceed his grasp, or what are late nights for?
Smaller Animals Software, Inc.
|
|
|
|
|
Chris Losinger wrote:
allocate huge (100MB) chunks of memory for no reason, put a random delay in a message pump, disable random controls
Is it just me, or does anyone else get that "don't piss Chris off" kinda feeling from this post?
Jeremy L. Falcon
"The One Who Said, 'The One Who Said...'"
Homepage: imputek.com
|
|
|
|
|
nobody's gonna get my $29.95 without a fight, that's for damn sure!
-c
Ah, but a programmer's reach should exceed his grasp, or what are late nights for?
Smaller Animals Software, Inc.
|
|
|
|
|