Sorry your browser is not supported!

You are using an outdated browser that does not support modern web technologies, in order to use this site please update to a new browser.

Browsers supported include Chrome, FireFox, Safari, Opera, Internet Explorer 10+ or Microsoft Edge.

Program Announcements / AuthentiCode - Protection for your DarkBASIC Software

Author
Message
Shadow Robert
17
Years of Service
User Offline
Joined: 22nd Sep 2002
Location: Hertfordshire, England
Posted: 7th Oct 2002 20:42
I forgot to move it onto my shared HDD before i left this morning... So it'll have to wait about 6 hours

However I was working on something for Kerantree after waking up and came up with a basic piracy protection product.

It works in the same was as C-DILLA does, kinda like a 3rd party program authoriser specifically designed per product.

The setup is governed through a simple popup, for compiling and authorisation.
The program will use a 16 alphanumeric code created at random along the authentication algorithm (which is scripted by the developer) - this will then calculate all possible codes and store them within several encrypted arrays - accessable only from within the program using the decoder, which is again scripted by the developer
This means only the developer has access to the codes once implimented

The Encrypted Arrays are uploaded onto an FTP capable site and access within the program is given (if this is changed then you only have to patch the AuthentiCode NOT the program )

The export also give out a DBA file decoder and a .key file - the .key file contains all the information that is to be read from the system registry that is updated when the product is authorised.

And basically this is (for all intensive purposes) the whole program setup... you may wonder why i've just explained the "whole" setup, well basically I've just explained most of it - there are one or two countermeasures that pirates won't be able to track
And if the product finds that it has been tampered with it will automatically uninstall the key and delete the AuthentiCode program

Oki perhaps not the most advanced, featuring state of the art encryption and such - but to be honest ... its safe enough, and it isn't likely to be hacked in a hurry - plus its versitile. With everyone have personal setups, just being able to hack one will not allow someone to hack another
Holy jumping mother of god NOOOO!!!...
Ahem I mean, I'll think about it
denki
17
Years of Service
User Offline
Joined: 26th Aug 2002
Location: United Kingdom
Posted: 7th Oct 2002 20:48
SUPER SWEET!
Will it be free? That'd be perfect for DB users

denki
Kousen DPB RPG latest - Working on editors!
Shadow Robert
17
Years of Service
User Offline
Joined: 22nd Sep 2002
Location: Hertfordshire, England
Posted: 8th Oct 2002 01:57
read this a lil earlier ...
basically the setup will be this, every product you want to use this to keep safe - you will register it with FMTau Labs. The program is free to download and use, on demos, donationware, freeware, shareware ... however if it happens to make it to retail - then you will be required to pay a licence fee - however unlike C-DILLA and such it is a set fee for the lifetime of the product, rather than per Nth amount of units

sound fair?

I've had a new idea to make it even more secure, probably add it in as patch one after release tonight.

Holy jumping mother of god NOOOO!!!...
Ahem I mean, I'll think about it
Lampton Worm
17
Years of Service
User Offline
Joined: 4th Sep 2002
Location: United Kingdom
Posted: 17th Oct 2002 17:02
..sounds pretty cool - any rough idea as to what the lifetime fee will be though, just a guestimate ?

Thanks.
Dynamo
17
Years of Service
User Offline
Joined: 26th Aug 2002
Location: United States
Posted: 17th Oct 2002 17:22
one milliondollars... :p


A cloud! I found out he's a cloud!
rapscaLLion
17
Years of Service
User Offline
Joined: 29th Aug 2002
Location: Canada
Posted: 17th Oct 2002 23:37
Sounds really great!
Licensing fees are fine, as long as they aren't too high. DB titles won't sell like Half-Life did.

Alex Wanuch
aka rapscaLLion
Get the DB Weekly Newsletter at www.dbwn.cjb.net
Shadow Robert
17
Years of Service
User Offline
Joined: 22nd Sep 2002
Location: Hertfordshire, England
Posted: 21st Oct 2002 22:27
hahaa... if they would Raps then i wouldn't be iffy about publishing them
However as i've seen stuff like ShiftBreak & Star Wraith3 cracked out there it seems that no-one cares how cheap they are as long as they can get them for free!!
I think the setup of non-commercial games getting the same protection as commercial games will deter this ... as the service is free for those who aren't to make any money then its a perfect solution.

i'm figuring out RTF at the moment so that you can create your own ELUA (or use the wizard version). Should have the free version for DarkBasic users up in a few days.
Decided to go with a Visual Setup for the coding, so it compiles the code into a format stored within the DarkBasic EXE which only Authenticode can access
i'm currently haveing a problem with standard DB however Enhanced and Pro work perfectly with it.

Also it still hasn't been hacked, when the 2week mark is reached the test is over
but with this amount of time this gives me good reason to smirk like an idiot

Anata aru kowagaru no watashi!
denki
17
Years of Service
User Offline
Joined: 26th Aug 2002
Location: United Kingdom
Posted: 23rd Oct 2002 00:27
Cool, sounds great...

denki
Kousen DPB RPG latest - Working on editors!
Rob K
Retired Moderator
17
Years of Service
User Offline
Joined: 10th Sep 2002
Location: Surrey, United Kingdom
Posted: 29th Oct 2002 18:08
Any good game will be cracked - guaranteed.

The best anti-piracy solution is to only make the full version download available to people who have paid for it. Having a trial version unlocked by a serial. no. etc. never works.

However, you can piss crackers off quite easily. The best one is an app that uses polymorphic code, but this is not possible easily with DBPro.

what is a signature?
Shadow Robert
17
Years of Service
User Offline
Joined: 22nd Sep 2002
Location: Hertfordshire, England
Posted: 29th Oct 2002 21:00
polymorphic code has a habit of changing to lock everyone out except skilled hackers hahaa
found that out the hard way about 5years ago... still trying to get information of that hdd

AuthentiCode is done packaged and has now finally been put through its paces. (^_^)
It is a very good reason for me to smirk like an idiot as over the 2 week period it wasn't hacked even once
I have since found a few security loops that could IF capitalised upon eventually allow the someone in, and i'm working on beefing up the security in these areas!

AuthentiCode for Standard/Enhanced/Pro isn't a pickup and play thing i'm afraid, you will have to read the basic tutorial on use and i'd STRONGLY suggest reading the whole help file before developing even a simple algorithm.
It is probably a good point that i've learnt alot from Mete and his Milkshape Serial because it will act like you have unlocked it ... but isn't really unlocked.
It did give me the best idea on howto make this secure

Hopefully in a few day i'll have sometime to code in an online version of the Authentication server. then i can finally release a test version for people to get used to ... the full will be available upon request

Anata aru kowagaru no watashi!
rapscaLLion
17
Years of Service
User Offline
Joined: 29th Aug 2002
Location: Canada
Posted: 30th Oct 2002 05:23
Yay!
Great to hear

Alex Wanuch
aka rapscaLLion
Get the DB Weekly Newsletter at www.dbwn.cjb.net
Rob K
Retired Moderator
17
Years of Service
User Offline
Joined: 10th Sep 2002
Location: Surrey, United Kingdom
Posted: 30th Oct 2002 23:52
One of the things most protections suffer from is that the programmer writes a fantastic encryption system then does this:

If ProgramUnlocked = True Then
CarryOn
EndIf

Or uses an IF somewhere in the system that allows a hacker to get through.

In Assembler IF (JNZ) commands can easily be replaced with GOTO (JMP) commands, bypassing the IF statement. Just be very careful that this doesn't happen (I expect you knew that already.)

what is a signature?
Shadow Robert
17
Years of Service
User Offline
Joined: 22nd Sep 2002
Location: Hertfordshire, England
Posted: 31st Oct 2002 00:52
hehee... trust me i'm aware of most of the hackers tricks
the whole setup allows for alot of checking to happen without any direct access - in otherwords, the program is activated using external sources rather than direct stuff... and the direct computer decryption contrasts and compaires, as for the tutorial Algorithm there are over 2billion possible combinations, however only about 100,000 are actually valid combinations ... the others will unlock it, and to a pirate will seem like they've achieved thier goal - however once they exit the program becomes invalid and the same code won't work again

also everything is in binary level using a dynamic bit string that no one knows apart from the actual AuthentiCode program and Register
Even if one is broken there is a safe guard which shuts down the program when tampered with and reinitilises with the new bit string

there is a way to break the code for a single title, however it would require someone with exceptional skills in algebraic maths ...

what is filling me with confidence is to get into this people will need to think alot harder than, if i change this to this then this'll work because it wont

Anata aru kowagaru no watashi!
rapscaLLion
17
Years of Service
User Offline
Joined: 29th Aug 2002
Location: Canada
Posted: 31st Oct 2002 01:18
Good job Raven Vegeta!
Can we test out a demo? Or at least see the docs?

Alex Wanuch
aka rapscaLLion
Get the DB Weekly Newsletter at www.dbwn.cjb.net
Shadow Robert
17
Years of Service
User Offline
Joined: 22nd Sep 2002
Location: Hertfordshire, England
Posted: 31st Oct 2002 04:26
i get off in a while... i'll see about getting a demo ready for DB use as i need to compile some arrays in DB first, boringly long work but fundimental

lemme know what kinda documentation you wanna see about it and i'll see about writing it up - as right now the help file is alot like the Ciyanna's

< god my headache is getting worse >

i'll talk you through a simple setup of it thou...
first you'll have to make sure you have DB 1.13 (requires RegKey access)

now you'd run AuthentiCode program and you'll have a wizard step setup program - similar to InstallShield crossed with IE.

You always have 2 Frames ... on the left the option tree and on the right the information input.

the first option tree has 3 icons "New","Open","Online Help"

they do basically what you'd expect, you'll have to remember you need between 25-150mb free to save and build databases

for a new project ->
you'll get several AuthentiCode Types to choose from...
Offline, Activation, Install, Plugin, Open

these determine basically how many options are available to you - also for particular situations suchas if you making a plugin for Milkshape but you want a key because you wish to sell it, you'd use Plugin Key.

below that is the save directory and filename, browse for both - this is the base directory which can be changed later.

the final option is language used - because each language needs to be accessed differently, and an appropriot reader export requires to be built there are several options
DarkBasic - C - C++

more maybe added later ... but these are the ones i've made it for sofar
< Please not C/C++ ARE different and are OS dependant >

the option tree changes to something more complex...
now you have
> General Information
> Application Dependacies
> Key Generation
> Database
> Build Options

don't worry if you have no experience with windows registration keys - as it generates it automatically for the program (and can regenerate with a click), it will also export upon build the key required for upgrading ... althought this is mostly for the installer which accompanies it, also makes AuthentiCode compatible with other installers which are also proffesional level.

General Information is basically just for AuthentiCodes use to make sure what is being installed is exactly what it says on the box ... is almost literally translated into a barcode for the product. It is then used for your own ELUA, product info, blah blah

Application dependacies is for all those files you need to register with AuthentiCode under the key set - suchas update codes, automatic service packs, internet connections and such which AuthentiCode might prevent access to due to its setup. There will be a full list when I finally figure out exactly what

Key Generator is well probably one of the most complex parts of this... to keep it viable within C++ for the DLL creation of the actual algorithms, you use the main box to place down the code which would be
a = small letter
A = capital letter
# = number
? = symbol (other than -)
- = new group
P = phenetical letter (2-bit letter)

you then click on export template next to the box and it'll export a template MSVC++ project
from that i'd suggest you take time to come up with something smart on howto setup...
also not that you can exlude certain letters in the box below which are seperated by a - this is because it is the only non-legal character already.
The letters supported are full ANSI - i'll be adding support for other languages if/when i can understand them ... but for now just european languages
here you can activate and deactivate alot of options, in certain modes your locked out - however in open you get the full range of options here.

the database screen allows you to manage the database but it also allows you to manage the CURRENT users database provided from the FMTau Secure Server
and the information can be exported to allow you to bulk email and such - basically a crude customer database, it can be exported for external use.
it also allows export of the activation calculator, which if you choose and activation project then you can setup that based upon the generated key

hope that all sounds nice and friendly enough...
the emphasis is on to try an allow the program to do more than the developer - whilst not taking away from the core of what it actually is ... an anti-pirate tool!

it should probably be noted that to build a project isn't a simple nor quick task and will take the program around an hour per 10 keys + activation codes for the most complex 256-bit security setup.
That is on a 2.5Ghz Pentium4 - so i mean more security does cost timewise

well later off home now

Anata aru kowagaru no watashi!
rapscaLLion
17
Years of Service
User Offline
Joined: 29th Aug 2002
Location: Canada
Posted: 31st Oct 2002 23:03
OMG! An HOUR???
Oh well, I'll just get one of my other comps to plug away at it
Anyway, if it takes an hour to compile 10 keys/codes etc. How long will it take for the end user to activate the program?

Alex Wanuch
aka rapscaLLion
Get the DB Weekly Newsletter at www.dbwn.cjb.net
Shadow Robert
17
Years of Service
User Offline
Joined: 22nd Sep 2002
Location: Hertfordshire, England
Posted: 1st Nov 2002 00:05
The activation take a matter of a min or two to fill in thier customer info
the key is sent to the server whilst they're messing with the menus so they don't notice it - and activation take about 20-30secs ... its just actually calculating keys in the first place is the killer.
it returns a multiple bit key though which allows several layers of protection - i mean 60min per 10keys & codes is for something quite complex like a 16 alpha numeric code ... something simple like a full number code and with a set string somewhere will obviously take far less time

Anata aru kowagaru no watashi!
rapscaLLion
17
Years of Service
User Offline
Joined: 29th Aug 2002
Location: Canada
Posted: 1st Nov 2002 22:50
ahh
cool

Alex Wanuch
aka rapscaLLion
Get the DB Weekly Newsletter at www.dbwn.cjb.net
joshualimm
17
Years of Service
User Offline
Joined: 12th Sep 2002
Location: WA, Australia
Posted: 6th Nov 2002 09:20
What if the user has firewall installed?

Game resurrected Imagination and Creativity.
Shadow Robert
17
Years of Service
User Offline
Joined: 22nd Sep 2002
Location: Hertfordshire, England
Posted: 7th Nov 2002 11:10
Well i'm not able to comment on all firewalls, however Microsoft and Norton will both be side tracked
I'm not gonna say how, because it will allow people to intercept it - but it masks the use.

I'm pretty sure it'll also be able to use the same transmission method on any machine with a firewall - but i can't be sure.

Well anyways Ciyanna BIDE XP is almost done now for proper testing actual coding wise - and everyone will get thier first taste of AuthentiCode on this... but i'm also going to see about releasing a pure DB Standard/Pro code version (not as secure but will help any dev thier own) probably tonight

Anata aru kowagaru no watashi!

Login to post a reply

Server time is: 2019-10-21 16:37:55
Your offset time is: 2019-10-21 16:37:55