RobinSchmidt / RS-MET

Codebase for RS-MET products (Robin Schmidt's Music Engineering Tools)
Other
56 stars 6 forks source link

Your keygen was cracked quite a while ago it seems #128

Open elanhickler opened 6 years ago

elanhickler commented 6 years ago

https://audioz.download/software/win/136643-download_soundemote-prettyscope-v120-incl-keygen-win-and-osx-r2r.html

https://audioz.download/software/win/136641-download_soundemote-mushroom-generator-v100-win-osx-incl-keygen-r2r.html

https://audioz.download/software/win/87622-download_rs-met-straightliner-v1003inclkeygen-r2r.html

https://audioz.download/software/win/87621-download_rs-met-echolab-v906inclkeygen-r2r.html

Seems like your method of key generation is pointless, i.e., having a key generation algorithm, the fact that it's an algorithm is the problem. Might as well have no algorithm so it can never be cracked, and generate a completely arbitrary set of characters, whitelist those in the plugin, and send those out to customers. If I did that I could already automate the key generation process.

Ok for example...

1: Generate 100,000 arbitrary set of characters (a hash or something that can be looked up fast because it can be translated into a 64-bit integer, like 2348fgf7d28dfa849fk3f7b48fc9d7ea)

2: White list those in the plugin.

  1. On plugin startup, check user key to see if it matches one in the whitelist.

  2. You have to update the plugin when you run out of keys, or just generate more for every update

  3. Once a key gets cracked, you blacklist it. And of course, once it's cracked, that specific version is cracked forever. But if you find a pattern to which keys get cracked (like you keep blacklisting a key given to a specific e-mail or something) then you know to ban that person from buying your products.

Robin, can you think of any way to crack this? This seems like a solid way to do things. There's only one guarantee, the software will be cracked. IMO, the best way to combat this is to make every new version be incompatible with the crack, plus frequent updates. This will keep paying customers happy and cracking customers frustrated and eventually want to just buy the product, for the guaranteed updates.

The next step to this would be to send the user information to a server to see how many IP addresses are using a key. If the IP addresses for a specific key seems odd, time to blacklist.

Edit: Crap, wait a minute, those keys would be embedded in the program, so a cracker could just extract those keys from the binary... maybe...

elanhickler commented 6 years ago

ooooo! Just came up with an idea.

  1. Generate 100,000 keys.
  2. As you send out keys, keep track of these as "used keys".
  3. Every time you update the plugin, re-generate unused keys.

That way, any cracker will have to re-crack every update unless they happen to use a "used key". In that case, then you blacklist that one next update.

RobinSchmidt commented 6 years ago

any cracker will have to re-crack every update

hmm...ok, yes - but i guess, they will have no problem doing so. maybe you could store them in a somewhat scrambled format. this way, the cracker would additionally have to figure out (or extract) the descrambling algorithm

elanhickler commented 6 years ago

Yeah, we'll just have to try things until some works.