1 Never use meaningful file or procedure names such as
IsValidSerialNum (duh.) If you do use functions for
checking purposes, place at least some required code
that your program really needs, in such a function.
When the cracker disables the function, the program
will produce incorrect results.
2 Don't warn the user right after a violation is made.
Wait later, maybe until the next day or two (crackers hate that).
3 Use checksums in DLL's and in the EXE. Have them check each other.
Not perfect but it just makes it harder to crack.
4 Pause a second or two after a password entry to make brute
force cracking unfeasible. Simple to do, but rarely done.
5 Self-heal your software. You know, error correction like modems
and hard drives use. The technology has been around for years,
and no one uses it on their software? The best thing about this
is that if the cracker used a decompiler, they may be looking at
a listing that is no longer valid.
6 Patch your own software. Change your code to call different
validation routines each time. Beat us at our own game.
7 Store serial numbers in unlikely places, like as a property
of a database field.
8 Store serial numbers in several places
9 Don't rely on the system date. Get the date of several files,
like SYSTEM.DAT, SYSTEM,DA0 and BOOTLOG.TXT and compare them to
the system date. Require that the time be greater than the last
A Don't use literal strings that tell the user that their time is
expired. These are the first things to look for. Build strings
dynamically or use encryption.
B Flood the cracker with bogus calls and hard-coded strings. Decoys
C Don't use a validation function. Every time you validate the user,
write your validation code inline with the current process. That
just makes more cracking for the cracker.
D When using hard-coded keys or passwords, make them look like program
code or function calls (i.e., "73AF" or "GetWindowText"). This
actually works very well and confuses some decompilers.
E Finally, never reveal your best protection secrets :-)
Kyodo, 27 May 2006
NTT DoCoMo Inc. plans to make available the flat-rate pricing service
of U.S. online music distributor Napster LLC for its new cellphone
handsets to be marketed from this summer, informed sources said
Saturday. Music distribution has been available for mobile phones at
about 300 yen per track in Japan. In the U.S. market, Napster offers
more than 2 million pieces of music for users at fixed-rate charges
equivalent to about 1,100-1,600 yen a month, they added.