EXECryptor software protection

[Jean5]

Hi all

I'm looking forward to purchase ExeCryptor (www.strongbit.com) to protect my shareware. But before I'd like to know independent opinions/experience if any.

My question is: Anybody uses execryptor? Can you tell me smth about? Are there some problems? Is it cost-effective?

Thank you in advance for any reply

Jean

[LLXX]

Easily unpacked just like Armadillo and Asprotect.

But it'll be enough to scare away the n00b crackers

IMHO all software protections do not really "protect"... they just serve as challenges for the crackers and reversers

"What man creates, man can destroy"

Also, if your users are very pleased with your software, you need not encourage them to pay... they will do it automatically

[HyperHacker]

IMHO all software protections do not really "protect"... they just serve as challenges for the crackers and reversers

For that matter, if a given "protection" software is particularly popular, they'll probably be able to crack it that much easier simply because they've done it a few times.

[BillyColl]

However ExeCryptor unlike Armadillo and others remains unckracked 2 years. It uses a sort of obfuscation called 'Code Morphing' that is conceptually different form other packers.

The main cores are:

A program is obfuscated on machine code level (not on just the source code)

The original source of a protected by execryptor program is never restored in its original statement even when an app runs.

Really its analysis is NP-hard problem for crackers and remains still open question for them

[RogueSpear]

My organization purchased software using this protection. The short story is that we promptly returned the software. The long story is that the computer that the software was installed on died shortly after installing the software. Ok, good excuse to get a new computer and upgrade. Installing it the second time was a real pain in the a**. It ended with a tech support call that was aggravating to say the least. So we returned the software and took our $7,000 elsewhere. In fact we ended up saving $5,500 and got better software with no silly protection.

After that fiasco, I'm generally consulted on software purchases now and I always give a thumbs down on anything with protection like this. So you may prevent a certain amount of piracy, but you may also be turning away a certain number of potential customers. I suppose it depends on what market your software is aimed at. I think certain markets have a larger propensity for unauthorized usage than others.

[LLXX]

However ExeCryptor unlike Armadillo and others remains unckracked 2 years. It uses a sort of obfuscation called 'Code Morphing' that is conceptually different form other packers.

The main cores are:

A program is obfuscated on machine code level (not on just the source code)

The original source of a protected by execryptor program is never restored in its original statement even when an app runs.

Really its analysis is NP-hard problem for crackers and remains still open question for them

ExeCryptor is not "remains uncracked", because it doesn't need to be cracked. It's only an obfuscator and packer, and it doesn't matter whether or not the original program code can be restored, as long as it works.

[Emulator ®]

You can try to use upx with "--strip-loadconf" option + Yoda Protector, is more difficulty unpack this!

[LLXX]

You can try to use upx with "--strip-loadconf" option + Yoda Protector, is more difficulty unpack this!

You must've never tried to unpack that combination before, because Execryptor is MUCH more difficult than both of those combined. UPX unpacking takes at most a few seconds, y0da cryptor maybe a minute. Execryptor... 10 minutes to an hour to "unprotect" Edited July 22, 2006 by LLXX

[Scubar]

Bottom line is that all forms of exe protecting type programs can be got around, Its pointless why companies do it , if it can be done it can be undone, its that simple.

[fly]

Can someone explain to me what this software does and what it protects exactly?

[LLXX]

Can someone explain to me what this software does and what it protects exactly?

It's *supposed* to make software harder to crack.

[ripdajacker]

You could also make a shareware version with less functionality compiled into it, so by letting the users by it, they get the full version. In that way they can't crack it, since it quite hard to add functionality to binary code.

[#rootworm]

yup, limited functionality is the way to go. some companies make the mistake of allowing a registration code to "unlock" the limited version, but this will always be easy to crack. true limited functionality is a good measure.

making software "call home" to check a registration number can be very secure as well, but sometimes it isn't feasible to require your customers to have internet access. and of course this method can still be cracked, but at least it's harder than just cracking the check-digit algorithm for the reg code.

a software developer who is -expecting- his software to be cracked can make life hell for the crackers. it's no fun tracing code for hours on end and getting nowhere. instead of having one single protection on your software, it's wise to have many failsafes distributed throughout the code.

a supremely skilled programmer can add checks into his software to see if his code is being debugged. that combined with a check for known debuggers adds to the difficulty for crackers.

but like ripdajacker said, limited functionality is perhaps the best way to go, because some people are just driven to break protections, even if it takes days.

[RogueSpear]

a software developer who is -expecting- his software to be cracked can make life hell for the crackers. it's no fun tracing code for hours on end and getting nowhere. instead of having one single protection on your software, it's wise to have many failsafes distributed throughout the code.

a supremely skilled programmer can add checks into his software to see if his code is being debugged. that combined with a check for known debuggers adds to the difficulty for crackers.

And before too long you've almost doubled the size of your code, possibly introduced multiple bugs, slowed the whole thing down, etc. I've managed to find open source and / or free software for just about anything out there. For the very few titles that I have found worth purchasing, they all share a couple of common characteristics. They are fairly priced and they don't have any excessively rude or intrusive copy protection.

Dameware NT Utilities is a perfect example of this. It's outstanding software that works better than it's competition which all cost double or triple depending on volume. And their support is outstanding to boot. I think in the end if you make a good product and don't attempt to gouge your customers, you won't have to get Machiavellian with your copy protection.

[#rootworm]

doubled the size of my code? what an ignorant thing to say. you clearly have no experience in software protections. they are neither large, slow, nor buggy.

with -extensive- protection i would expect my compiled exe to grow by no more than 1% for a standard utility. for a sizable application, the size difference would be inconsequential....we're talking 20-25k max, and that's a lot of code.

it's very easy to have effective software protection that has ZERO impact on usability or performance. In fact, the majority of effective copy protection tricks i know of are done in assembly, which lends itself to fewer bugs and faster execution.

nothing i've talked about is "rude" or "intrusive". In fact, the only type of "intrusive" copy protection i can think of is rootkit based, and i would never recommend such a scheme. Copy protection can only be "rude" to those trying to break it.

It's fine to have an opinion, but classifying all software protection as bloated and buggy is just inaccurate. I have found that programmers who develop effective copy protection tend to be the most talented in the business.