Subj : Re: Reg methods
To   : Jasen Betts
From : Scott Adams
Date : Sat Sep 29 2001 05:14 pm

 -=> Quoting Jasen Betts to Scott Adams <=-

 SA>    Method 1: Paper sent with code on it to enter into some file
 SA>      or program.
 SA>      Advantage: No reg files to break.
 SA>      Disadvantage: Since its obviously a set scheme hackers can
 SA>        break it with enoughw ork an a hex editor.  Even trial
 SA>        and error has been known to crack some of these emthods.
 SA>        If paper is lost then code is lost if game crashes.

 JB> the code can be personalised, EG DOORWAY uses a typed-in personalised
 JB> id code, unfortunately as it's a word there's only 65536 different
 JB> possibilities, and with a bit of immagination it can be cracked by
 JB> "brute force" keyboard stuffing overnight. it they'd used a longer key
 JB> (longint or comp) it'd be much more secure.

        Yeah alot of companies did that in the '80s.
 
 SA>    Method 2: Reg files are sent to the person.  99% of the time
 SA>      its encrypted and unreadable.  Other times it might be
 SA>      a straightforward # in some text file.
 SA>      Advantage: Hackers have to use hex editor alot to try to
 SA>        figure out the scheme so its a bit harder due to length
 SA>        of time needed only.
 SA>      Disadvantage: Hex editors can still crack it in alot of ways.

 JB> yeah this is only slightly better than method 1, but it's easier to
 JB> use longer keys

        And with today's variables imagine keys of say
        double (15-16) digits.
 
 SA>    Method 3: Complete exes are sent out with the imbeeded information.
 SA>      Advantage: Harder to track if its well placed into the exe
 SA>        and not in obvious spots like "Registeration code" found in
 SA>        a hex editor.  A bit tougher to break.
 SA>      Disadvantage: Usually takes up alot of space and expense
 SA>        sending out the files (if by mail-disk).

 JB> You can fit quite a bit on one of those credit-card cd-roms, and
 JB> they'll go in a standard envelope. they don't fit trayless cd-rom
 JB> drives though, and can be hard to load into some tray ones too.

        Credit-card cd-roms?  Maybe I'm missing something.

        You mean the scheme like Microsoft uses?

 SA>    Method 4: Imbed the information encrypted into the disk itself
 SA>      (works with floppies but I suppose CDs could be done with
 SA>      some work).  The only game I saw to do this was a early
 SA>      Wizardy (#3 or 4 I think).  Nothing to this day could break
 SA>      it or crack it.  It could not even be copied.  You could not
 SA>      even get a directory listing on the disk.
 SA>      Advantage: Very skilled encryption on the hardware level.
 SA>        Very hard to break.  Though some modern copy software might
 SA>        be able to do it.
 SA>      Disadvantage: Didn't work in many disk drives adn were limited
 SA>        to set hardware and conditions.  Hard to tell if the
 SA>        disk was corrupted/bad since you saw garbage on teh disk.
 
 SA>    Method 5: The Microsoft Way.  Okok :)
 SA>      Enter name and #s in 4 boxes into the software.
 SA>      Advantage: The encryption scheme was different for each CD.
 SA>      Disadvantage: Well its microsloft :)  Trial and error
 SA>        and combinations and permuations could get it done eventually.

 JB> yeah, it's not actually different for each CD (they can'y make
 JB> individualised CDs in a press yet) it's just that there are many
 JB> different legal registration codes, but microsoft hands out different
 JB> ones so that they can track pirate copies...  this is basically the
 JB> same as method 1

        Yeah.  And pretty much no tech support without the right
        #s gets you in trouble fast :)
        Back in the day bought win3.1 on a machine (came withit)
        and they wouldn't help cause it wasn't mind.  Which didn't
        bother me really.  Eventually bought my own system
        but stuff like that is common.  I mainly wanted to see
        if they would even talk to me without the #s and my
        theory was right :)

        another reason I hate buying software at colleges.  They
        don't do any tech support.  I've not had need of it.
        But that's sucks to own the software (thought at college
        discount) but get no support if needed. 

 SA>    So does anyone know of a general scheme that seems to work
 SA>    most often that you don't see crackers for?

 JB> 4dos detects any good attempt to crack it's registration and pretends
 JB> to be registered but occasionally spits out a cryptic error message
 JB> saying to contact it's makers :)

      Now that's sneaky!  Yes indeed but works.  

 JB> I have't seen any crack for 4dos that actually works.
 JB> 4dos uses a special registration program

        Yeah and that's top secret :)
        So that'd make 2 things then that and Wiz2 could
        not be cracked.  

 JB> write your registration verifying code in such a way that it doesn't
 JB> contain any direct references to the registration code, you may need
 JB> to use assembler

        What you mean I shouldn't put "Registration information"
        in the same sentence as the reg key for easy hex
        editing? :)

        There is another method some have tried over the eyars
        but it never caught on.  Hardware configs where they
        uses serial numbers and such to config the reg key
        based on that.  The exe would have to be sent
        with some data file that held this info for the
        creator of the reg.  Today it'd be using the Windows
        registry stuff.









 








.... "In case you haven't heard, the war is over." - Dodger
--- Fringe BBS
 * Origin: EWOG II - The Fringe - 904-733-1721 (1:112/91)

.