Hi, Where can I learn something about copy protection & code obfuscation with binaries compiled with C++. What tricks are used to write code that is hard to crack or reverse engineer? Edit: BTW, I always wanted to learn some reverse engineering basics, can you recommend some tools that are commonly used? bye, Chris

Quote:Where can I learn something about copy protection & code obfuscation with binaries compiled with C++. What tricks are used to write code that is hard to crack or reverse engineer?

Start reverse engineering. There is no other real way.

Without understanding the problem, you cannot address it. Books give good overview, but with these topics, the devil is only and only in details.

If you want to develop and use effective protection (not just deter casual script kiddie type hacking), you will need to invest a lot of time.

Generally, obfuscation is not viable, and copy protection only matters as long as its costs don't outweigh the profits. If your product is interesting enough, it will be cracked in a matter of days. Even the best protection schemes out there only last weeks tops. Unless you can benefit from that, you gained nothing, and you just risk additional errors from protection itself.

A large ammount of copy protection can also be bypassed at run-time only, so you can simply use run-time debugger to look at unobfuscated code, or side effects of encryption/obfuscation to bypass it.

Hardware dongles seemed reliable, until people simply create dummy authentication code.

Various challenge/response schemes fail if they don't get called at all.

Embedding signatures and protecting content does not stop run-time attacks.

Some of the most protected software packages with hybrid protection schemes out there apear to be easiest to crack.

Despite that, I still advocate doing reverse engineering yourself is best way to truly understand the problems (not to mention learning assembly, low level system details, compiler specifics, internal workings of applications, and lots more fun stuff). But in the end, make sure to balance the protection schemes to savings they will provide you with.

Online content (not downloadable, but client/server) is the only truly secure option.

Thanks for the great replies!
Well, I think Antheus is right. If even the most clever code (surely made by very experienced people) will be cracked within a few weeks, it seems senseless to brood about how create code which is hard to crack...

You CAN'T stop a real hacker from cracking your code so don't waste your time with fancy tricks unless you have a lot of free time.

You CAN stop Sally Homemaker who doesn't know computers from cracking it. Just do some simple protection and you'll cover 90% of the people. Anything that takes you more than a couple days to implement is too much work.

People have already mentioned not trying *too* hard unless there is a very good (monetary) reason to secure your program. If there is such a reason, however, there was a good article at gamasutra about copy-protection in Spyro (some game I never played). One very good thing that they did was not make it obvious whether the game/software/whatever has been cracked or not: people would play a supposedly "cracked" game halfway through before they realized it was broken in some way. It also involved inlining lots of protection code all over the place, and checking runtime images randomly.

It was a lot of work, and I belive it took some cracking group about three whole weeks to get a working crack out.