Respected Software Authors
With so much of my site being dominated by tutorials providing
information on how to reverse engineer software protection schemes
I felt the need to post these slightly edited e-mails I've received
from several authors. In all of these cases I should like to commend
the authors concerned for applying some common sense to their
protection strategies as opposed to outright condemnation of the
reversing community. I'd also like to thank them for taking the
time to e-mail me such lucid responses and I know that all of
these individuals have made or are in the process of making significant
improvements to their protections.
Advanced Disk Catalog v1.20c :- Vladimir
CADWorx Pipe v3.0 :- Anupam Patel.
CrypKey :- Name respectfully withheld.
Marc G. :- General discussion about copy
Markin v1.3 :- Martin Holmes.
Search/Replace v6.1.0 :- Chris Floersch.
Virtual Gibb v5.0x :- Charles W Haden.
VISI-Series :- Marc Freebrey.
Advanced Disk Catalog v1.20c
Sorry, I don't know how to call you -- webmaster, cracker... Anyway,
thanks for your site -- a great information source! Just one thing.
I've found a page on your site, describing how to crack my own program
(Advanced Disk Catalog):
Very interesting! But you've made a mistake :)
First, the program has been compiled with Borland C++ (version 5.02),
not C++ Builder.
Second, cracking ADC is not as easy as you described. It is not
possible to get a valid registration key at all, because all valid
keys are stored in the program (encrypted with RSA), and when the user
enters the key, it is encrypted the same way and compared to patterns.
Furthermore, the program will not work correctly without valid key
(part of key). You haven't investigated what functions Validate3 and
Validate4 are doing; actually, they are being used when
reading/writing database with more than 5 disks. First function
encrypts the data (with public key), and second one decrypts them
(with private key generated from registration code). So, if the
registration routine is just patched, the program will crash on
reading such database.
Besides, there are a few CRC checks for both validate.dll and adc.exe.
So, patched program will not work correctly, until you'll remove these
checks, too. After all, thanks again for your work!
Needless to say, this polite e-mail response
from the author generated a suitably polite reply from me, in
this next e-mail Vladimir discusses ADC's protection scheme (something
which he has obviously thought a lot about).
Well... Sure, it is acceptable. The only problem is: it is not very
easy to find CRC checks (or at least, it takes time), so most (if not
all) ADC crackers just miss that. The result is: they release the
cracks that don't work. Well, actually, they work "somehow", but the
database created with cracked version become corrupted. I hate that!
I'm receiving a couple of mails each week saying "the program is
buggy"; after further conversations, I detect that the authors of these
letters just use cracked version. So, please put a little note about
that, asking crack users not to contact me for technical support, and
crack authors to test their cracks VERY carefully (especially on
databases with more than 5 disks). :)))
And another thing... I don't like what UCF (I think you know who they
are :) is doing). From time to time, I'm receiving fraud: somebody just
buy ADC using stolen credit card numbers and later put his
registration code to Internet/Usenet. I'm "blacklisting" these
numbers, but the "losers" (sorry, I cannot call them differently)
from UCF just patch the blacklist checking. And call that "crack"
(though it still requires valid registration code which has been
So, I prefer honest game. I'm developing the protection, and everybody
can try to *crack* it. It is acceptable. But *stealing* is totally
Here I have to agree with Vladimir, using
fraudulent means to obtain any software because you aren't able
to crack it is VERY lame, something I hope UCF aren't actually
doing although I know many groups sadly do :-(. As Vladimir states
if you use cracks then "on your head be the consequences".
Well, when the first beta of version 1.20 has been made available,
I've got a message from Saltine [PC] that the protection is really
good and he will not try to crack it anymore. But later I've seen some
[incomplete] cracks from Stardogg Champion and others, and I was really
Older version -- not a problem! But cracking them is really easy, and
good cracker can even found a valid registration code.
Btw, if you like ADC and wanna use the registered version -- I'll send
you the key :)
Well I know now from discussion with Ghiri
that the RSA system used by Vladimir is secure and you better
don't use any of the 3 PC cracks I've seen. Would you believe
Vladimir did indeed forward me the correct key, sadly for you
though I lost it inside a Blowfish shortly after registering
CADWorx Pipe v3.0
From: Anupam Patel <email@example.com>
Subject: How did you crack our product CADWorx/PIPE?
Date: Thu, 10 Feb 2000 14:12:03 -0600
Let me start by introducing myself. I work at COADE which makes the product CADWorx/PIPE.
We discovered a few weeks ago that you had cracked CADWorx/PIPE on September 25, 1999. In
fact, you have a link to our web site (http://www.coade.com/).
At first, all of us at COADE were in shock, upset, annoyed, (the whole range of adjectives)
that one of our products was cracked. After the shock wore off and browsing your web site
for a week or two, I realized that your web site is about information and not about piracy.
In fact, I think you are brave since you must get a lot of flack from lawyers.
While browsing your site, I found a page where you have exchanged information with Software
Authors on how their program was cracked. I would really like to know how you accomplished
this with CADWorx/PIPE. As you mention on your site, we spend a majority of our time making
our program a better engineering program, and only some time on the HASP security. We always
thought that the HASP was not easy to crack especially for Windows EXEs/DLLs. After spending
some time on your web site, I realized that this was a false assumption.
Over the years we have heard rumors of our products being cracked but never got any
confirmations. About 50% of our business is done outside the United States. We have
dealers/resellers all over the world. The Mid-East and China are two countries where our
re-sellers have complained about our products being cracked and then pirated. Our goal is
to make our security better so it would be difficult to pirate.
Let me give you some background on COADE. COADE is 20 person company that specializes in
Engineering Software for the Piping Design industry. Basically, our software is sold anywhere
there is oil to be found. We have 10 people who program and do tech support. The other 10
do sales and shipping and handling stuff. In fact most of the programmers here are Pipe
Stress Engineers and Designers. We have only two people who are pure programmer types. We
are a very old software company. We were founded in 1985 and the original three founders
still program right next to the new guys. I have been working at COADE since 1996. In fact,
I am the one who works on the HASP APIs.
I hope to hear from you soon.
Anupam "Pat" Patel (firstname.lastname@example.org)
Well when I get an e-mail such as this,
I really do feel sympathetic for honest developers like COADE
and yes I do understand their anger and upset. There are a good
many ethical reverse engineers in this world who won't
ever release cracks of protections which they respect, its the
legion of CD copiers that really damages good developers.
If you are using CADWorx Pipe illegally you'd better examine
Thank you for you quick reply on CADWorx/PIPE. After examining the key generator source code,
I think I need to go back to the drawing board as far as our implementation of HASP in
CADWorx/PIPE. Version 3.0, is when we introduced the CADWORX.DLL. I did it so that I could
separate the HASP from the main program Dll (CPM.ARX).
I did everything that a developer should not do as stated in your Anti-Debugging papers.
We have decided to implement more security into both the CADWORX.DLL and the CPM.ARX file.
Version 3.1, which will be released in April 2000, will have most of these enhancements.
I will contact you before our release to see if you are interested in cracking this file.
Anupam "Pat" Patel (email@example.com)
Indeed I shall be glad to help COADE (and
anyone else for that matter) in developing a more secure protection,
if indeed I can help. I will state here and now that any files
entrusted to my care will never make it to any deplorable warez
group or site, I should like also to encourage those 'scene'
crackers who might stumble upon this target from releasing any
ready-made cracks for it.
Earlier this week one of our clients alerted us to your web page...and we have
since checked out with total amazement. Great job---that is an outstanding
effort and solid work.
CrypKey was initially developed to protect a software application in the oil
services category vertical for a company in Calgary, Alberta, Canada. CrypKey
became a separate product line in 1992 and has 2,000+ licensed clients in 60+
countries. In March 2002, we spun out from our parent company into the newly
formed CrypKey Canada, Inc. Despite all the challenges of being a newly
independent company in this weak world economy, we did make a very small profit
in 2002 and hope to repeat that in 2003 as we grow our small business. We work
hard to satisfy our customers, many who tell us on a regular basis CrypKey is
the best solution for their application and company (honest...no delusion...!)
As you well know, we provide security tools for developers to implement copy
protection and license security into their applications. We are in the "fence
building tools business" --- and while we know our tools have been proven in the
market many times over, we never say we are "unhackable" because fences may be
broken or scaled or bored under---depends on so many variables.
We also are battling FlexLM, Aladdin and Rainbow...but in the marketplace (not
courtroom)...with the prize being their clients' business. Even though we are
less than 1/100 of their size, we have been making some inroads with some long
term FlexLM clients to switch to use CrypKey for their Windows platform apps.
Our pricing model also scares FlexLM---and they appear very vulnerable in the
windows platform segment.
If we are sometimes guilty of using somewhat exuberant marketing language,
blame it on me---my bad.
We have an annual marketing budget the size of the Macrovision weekly coffee
creamer fund, so we do our best with our keywords, small trade mag ads, etc---
and try to to go close...but not over... the top with our message & positioning
to get noticed and considered by prospects and clients.
We are small, private and self-funded (= no VCs), currently with ten team
members who believe in each other. Many on our team have kids, some have cats, a
few could be categorized as borderline crazy...however, we all have:
1. bills to pay today
2. dreams for tomorrow.
3. a moral compass that reminds to "do the right thing"
When you choose to post the detailed hack information on older versions of
CrypKey, you produce and publish a message that has a direct negative effect on
our CrypKey team, our families, our cats, our customers.
If that is your desired outcome, we are puzzled.
There is a contrary view that your hack information on older versions of
CrypKey is actually an incentive for our clients to upgrade to our latest and
greatest...and to a degree that may be valid, but only for a few unique clients
can this ever be an effective sales tool.
For the more common, less-technical executives who often control company
budgets and make software security tool buying decisions, and to those who are
technical but do not review all the complete detailed information, the message
can morph into the three word sound bite suitable for the 7pm news:
"CrypKey got hacked"
...in my very subjective opinion, that's not unlike screaming "FIRE" in the
Freedom of speech is a right (and a good one at that); but this 'rights thing'
is a two way street---not one way---- rights come attached with the
responsibility on how to apply and exercise those rights, especially when
considering the effect on others.
the responsibility = do the right thing.
We are not here to attack you folks personally or your world...on the contrary,
we respect the awesome focused work. simply...a great job!
We have no plans to hire some 'esquire dog fighter attorney' that will charge
us $250 an hour to exchange some threat letters. (rather invest that $ into
promotion). We could maybe hassle your current ISP over their TOS, but that is a
time killer and will not solve anything long term for anyone.
We are making only 2 requests.
(not intended as quid-pro-quo....but we hope you can understand our
1. Please do the right thing---respect our team, our families, our cats and
clients---please remove the CrypKey information from your site so we can focus
our company efforts to continue to battle FlexLM, Aladdin and the other goliath
vendors in the software security marketplace.
2. Please consider to join our team and do some kick-ass consulting to help
make our new version 6 even better, therefore stealing even more FlexLM clients
(after all, the less they sell, the fewer attorney geeks they can afford!)
Thanks for reading,
CrypKey Canada, Inc.
After a careful reply CrypKey decided to
let the document discussed above stand untouched on my site,
this I give them some credit for ;-). Since the technology has
now moved on several versions I see no harm in publishing this
feedback now, hopefully CrypKey has also moved on and been considerably
I read a lot of your web page and you seem to be motivated by a inner sense of justice.
Therefore, I would like to tell you about my need and maybe you could give me some
advice. Also, if this is the type of project you are interested in, I would be happy to
hire you for your services.
I own a small software company -- I am the only employee. I am completely self taught
in programming and definately not the corporate type. I have created a software package
used by environmental engineering firms to analyze the amount of pollution in soil and
groundwater. The software ultimately helps these firms clean up environmental problems
more quickly making our drinking water safer. I sell the package for $750. I also
donate $50,000 worth of software to universities each year because the professors love
it as a teaching tool and because I hope the students will eventually purchase it when
they join a firm.
I want to continue to sell my software for $750 per user since this is affordable for
small engineering firms. However, large, corporate engineering firms end up purchasing
1 copy of my software and then placing it on several computers even though the license
agreement states that this is not permitted. I did one study where a small firm used
my software 50 hours in a year while a large one used it 4000 hours. A marketing person
would probably tell me to concentrate on the larger firms and sell my software for $3000
or more. But, that would screw the small firms (in some cases rural firms). My revenue
is dwindling -- I need to maximize it to continue to upgrade and support this product.
I now have a license management solution in my software that checks a web server at the
startup of my software to see if the license is in use. Therefore, the client is
restricted to 1 user per license at a time. I can sell my product for $750 to the small
firms and get the large firms to pay in relation to the number of users.
My Questions for You:
If I use a product to protect my source code from being reverse engineered, would it be
much more difficult (or impossible) to crack? I've seen a product that claims to protect
source code from being cracked: www.ultraprotect.com. Does this product work? Do any
products like it work? I figured that if my software gets data from a secure server and
my code cannot be cracked, my solution would be fool proof. What do you think?
If you like, I would hire you to crack my solution then tell me how it can't be cracked
(or at least not as easily).
Any help is greatly appreciated.
First of all, thanks for taking the time to respond. I actually wrote to a code
protecting software company the same day and they said the same thing as you -- there is
no 100% protection from crackers reading and changing your source code. They claim that
their product can make it harder, though.
My aim in talking to you was to protect my software but also to possibly help other
firms in my field. As you advised, I'm not that worried about crackers going after my
program. However, if I ever end up selling my protection solution to others, I wanted
to find out how to make it a secure as possible.
I replied to Marc with my honest opinion
that there doesn't exist any completely foolproof protection
system from cracking and that it was probably unlikely his specialist
software would even fall into the hands of any dedicated attackers
(hence no need to hire me ;-) ), I wish him every success with
his software. |
From: Martin Holmes
Subject: Cracking my app
I see you've provided details on how the key in my Markin32 program is
generated. Do you intend to keep doing this if I change the system, or
can I assume that you'll have no further interest in my app from now on?
University of Victoria Language Centre
A rather terse but to the point e-mail
from Martin initially, but I felt the need to e-mail a response,
often software authors think that crackers single their program
out, in reality this is hardly ever the case as virtually every
program on the web has a crack somewhere.
At 06:52 PM 11/11/98 PST, you wrote:
Greetings and thankyou for your e-mail.
With regards to your remark, yes I have provided details about the
algorithm in v1.3 although before I wrote the tutorial I did try to
search the web for v1.2. In virtually all cases I do try to use previous
versions wherever possible to minimise any damage to the software
Sadly as you are most likely aware, key generators for v1.3 are all
around the web and were several months ago. I would like to perhaps
change the current document and use maybe v1.2 (even an earlier version
- with your consent).
In answer to your question, I certainly WON'T crack a newer version of
your software, in fact a newer version housing a different
protection/algorithm would please me because losers would be visiting my
page to learn not register software for free.
Unfortunately I can't speak for the "warez" community who will most
likely release a crack or key generator for your latest version regardless.
I hope you find my response agreeable.
I wasn't aware that key-generators were all over the Web, actually. I don't
have much contact with the warez community, and I found your page by
accident. I suppose I should make a major change to the system.
I'm going to release 1.4.1 soon, but I don't want to annoy registered users
by forcing them to enter new registration codes; I may wait for version 2
before making a major change. I'll have to think about it. Most of my users
are responsible folks in education, so it may not be a big issue for me --
it's difficult to tell, really.
Thank you for refraining from cracking the next version -- that will help a
A nicer response, I think Martin was genuinely
surprised any cracker would spend the time beating his scheme,
especially when one considers the measly sum of $ he is asking.
Of course I have refrained from cracking the new version and
would urge "scene" crackers to do the same.
Thanks for your honesty. I've done a little looking around on the Web, and
found a couple of key generators, as you said. This is actually quite
amazing to me; my app is so transparently only of interest to educators
that I'm stunned that people have put so much work into cracking it.
If I had any money, I'd hire you as a consultant to come up with an
uncrackable registration system. Would you be interested in doing that for
the hell of it? I read through your tutorial and learned quite a lot from
it; now I know about a number of things I can do to make reverse
engineering harder. But is it possible to make it impossible? Would you
like to take up the challenge?
I use Delphi 2, which of course you know.
I must admit I have to admire what you do. Attention to detail.
Needless to say, no matter who you are
or what your software is, you CAN protect yourself and your programs
From: Chris Floersch <firstname.lastname@example.org>
Subject: Cracking Search/Replace v6.1.0
Date: Mon, 09 Oct 2000 20:34:21 -0700
Good luck is all I have to say about that. I helped him write the damn
thing and although it uses very rudimentary encryption on the key the
seeds will be very difficult to find.. :-).
Oh and I'm sure you've figured out that the reg code is specific to a
machine / OS instance.
Enjoy pulling your hair out.. :-).
This feedback is pretty old news (as in
fact is the program), the feedback however is polite nonetheless.
Virtual Gibbs v5.xx
From: "Charles Haden" <email@example.com>
Date: Sun, 7 Nov 1999 02:49:19 CDT
I have a question that I have been wanting to ask you for some time now.
What got you interested in cracking the Virtual Gibbs product? How did you
even hear about the product?
You may be wondering why I would want to ask you these questions. Simple,
I am the guy who (up until 5 months ago) was writing the security code for
Gibbs. I have agreed with your conclusions that the security was/is
extremely weak. The only defense that I can offer is the fact that I was
only given 1-2 weeks per year to make any changes to the security routines.
The reason that I am no longer in charge of the security routines is that I
no longer work for Gibbs.
Thank you for your time.
Of course this e-mail generated a polite
response too, however, if you are selling a $15,000 product you
shouldn't really be allowing just 1 or 2 weeks to stop lamers
stealing it, its like buying a very expensive car without investing
the extra $200 in security, then being surprised when someone
steals it and lets face it we don't live in an ideal world.
From: "Marc Freebrey" <firstname.lastname@example.org>
Subject: Deskey crack for VISI-Series
Date: Sat, 21 Oct 2000 18:31:40 +0100
I am an applications engineer that works for the company that makes the VISI-Series software
that recently appeared on your site. I have read much of the site and as far as there is a
kind of philosophy to it, I think it can be said that I understand it.
The company here is a small group of twenty or so people trying to make mechanical design and
manufacture software for the mould industry. I would have said we are honest application
programmers trying to make a living by selling our software where we can.
I understand your yearning to provide information (and very good it is too) and break the minds
and products of the security makers but it seems to me that in exposing a way in to our software
you are damaging the very people that you seem to have some respect for.
I would have thought that it would be sufficient to publish a way around a specific dongle but
you have gone a step further in providing the download. A potential sale just downloads your
work and bingo - one more in the eye for "the honest programmer". You could go one step to make
amends by withdrawing the download. You have proved the point now so why go further and take it
out on us?
Please feel free to reply, I would be interested to hear what you have to say.
Indeed I did reply to this as Marc makes
some quite valid points and as a direct result I have removed
from my site the dll he speaks of. What my site endeavours to
highlight to the honest developer is how very little their protection
is actually worth and how much better it might be to dispense
with the dongle and concentrate on making a better end-product.
Yet I'm fighting a losing battle :-), the dongle industry continues
to boom, aided by sites like mine.
Return to Disclaimer Return to
1998-2005 CrackZ. Updated 12th December 2005.