Can Symbian signed crack proof an application?

[singhgupi]

Well..This is an interesting discussion.
I recently finished coding trial version of my CallBlackList application, and was thinking of posting it in Handango.
After visiting:
http://crackteam.ws/get.shtml?213717
I found out that these so called cracker guys are posting only one code to unlock this particular application.
I assume this works as follows(symbian signed is nowhere involved):
There are two ways to protect your application and generate activation keys:

1.You have just one key, to unlock any app. I think this is what Handy Blacklist guys have done. Now, anybody can use this key, and unlock App. Crackers normally read the assembly code to generate this key(it's not that difficult...you can find lot of a help in google).In the end you are just comaparing an activation key against a const String(Descriptor).

2. You can create a dynamic key. Now dynamic key is nothing but a key which is binded to your IMSI or IMEI. Now this is quite secure(but still hackers r hackers). So, nobody can post just one key for all phones. Key will depend from phone to phone. So to make hackers life difficult, make a complex dynamic code calculation algo....

jus a few thoughts....

Br
Gurpreet
http://www.mobisy.com

[mayur_24]

Ok here is the output :

Code:

Primary:
Issued by Symbian.
Issued to 79df02ed0744e58c61c59c184d80bb7e.
Valid from 07/02/2007 to 06/02/2017.
Issued by VeriSign Testing-Based ACS Root for Symbian OS.
Issued to Symbian Limited.
Valid from 13/10/2003 to 27/08/2023.

Can make any sense?
Man I need to really brush my Symbian security related info .
--Mayur.

[alammi]

I've seen a 3rd s60 Navigation Software cracked and distributed, which supported Location Acquisition API. Yes, it was unsigned, but the problem was that there was a very good step-by-step instruction how to sign the software by registering to www.symbiansigned.com. I also read the forum, and it seemed that many were willing to go through these steps to sign the software. Many comments were that this was surprisingly easy to do.

So symbiansigned.com was actually becoming a method of distribution until they closed up the new registerations for "server capacity reasons". I don't think the problem is gone away, until the dev.certs are limited somehow. This is a complex issue of course, and actually I'm not too keen about the whole signing thing, I think symbian would be better off without it all together. But since we do have it, and it's not going away, I don't like loosing one of the only benefits from it.

I would be very interested on learning some key points how to make crackers / reverse engineering harder. I'm not expecting any theoretical lectures here, but some points what you should be considering, and maybe links to commercial/non-commercial copy protection libraries to symbian.

[cdavies]

Judging by the signsis output, looks like they haven't modified the thing at all... presumably it's just the registration algorithm that has been cracked (or at least, a copy has been registered with a stolen card and that serial number redistributed...)

[singhgupi]

exactly cdavies-nokia...This is what i meant..
Br
G;p

[mayur_24]

I would be very interested on learning some key points how to make crackers / reverse engineering harder. I'm not expecting any theoretical lectures here, but some points what you should be considering, and maybe links to commercial/non-commercial copy protection libraries to symbian.

So am I.
If someone can provide an example of a commercial application which has not been cracked,I think that can serve as a good case study for guidelines to produce applications which are "hard" to crack.
--Mayur.

[peter_k_john]

Yes as mayur said we need to find out a strong method to get out from this cracking people. If any body have a valuable findings please share here for protect our applications.

Regards,
Peter

[singhgupi]

If someone can provide an example of a commercial application which has not been cracked,I think that can serve as a good case study for guidelines to produce applications which are "hard" to crack.

Well, when I was making my application, I had the same question in mind. I personally feel that dynamic registration model is quite secure, at least "theoritacally".See
http://www.codeproject.com/ce/Revers...asp?print=true

But, I'm also new to application selling, so don't know how secure is the Dynamic registration practically. Will let you know, if I get some data on this.

Also, I've made trial version creator class in S60 3rd edition
- Creates a trial version on date basis, time basis or usage basis
- Makes callbacks to application, when trial status changes or lock status changes
- Calculates activation code from devices IMEI, and compare it against the user entered one. Unlocks if it's same.
... will distribute it once I'm finished my testing.

If some body have better ideas on making strong unhackable RPN Strings, pls contribute.

[mayur_24]

Also, I've made trial version creator class in S60 3rd edition
- Creates a trial version on date basis, time basis or usage basis

Seen them hack many times,so ruled out.

- Makes callbacks to application, when trial status changes or lock status changes
- Calculates activation code from devices IMEI, and compare it against the user entered one.

Again have seen many keygens which just take IMEI and produce the registration code.So it has been proven to be not effective.
--Mayur.

[singhgupi]

Hi Mayur
Is there any link which suggests how keygen works?
In simple words,I want to find out....
"How a hacker, gets a RPN string out of my sis file, and generate activation code? Is it really that easy"
If by some means we get to know, about their reverse engineering, we can develop stronger ways.
BTW, in the end, I also believe that everything can be hacked, its just making hacker sweat while hacking

[mayur_24]

Well there are some tutorials about S60 reverse engineering,one of the better organised & presented, one is this one(first link - Primer On Reversing Symbian S60 Applications):
http://arteam.accessroot.com/tutorials.html
Am not sure if it purely defeats RPN,but have seen many apps which have used IMEI for registration and have failed spectacularly,they in turn may or may not have used RPN.

Hi Mayur
"How a hacker, gets a RPN string out of my sis file, and generate activation code? Is it really that easy"
If by some means we get to know, about their reverse engineering, we can develop stronger ways.

If you have heard of IDA,then you would know how easy is it really crack most of the algorithms.
Also I think if some kind of code encryption can be put in then static code analysis can be defeated to certain extent.
--Mayur.

[cdavies]

In many ways, using the IMEI actually makes it *easier* to crack a program, since it gives the cracker something to look for.

People cracking Symbian programs have somewhat of a disadvantage compared to their windows cousins, in that they have to rely on static analysis, and can't run programs under a debugger and watch the flow of control easily.

So, the key thing is not to make the code that implements your protection obvious. Make use of things like calculated long jumps, exceptions and the active scheduler, and most importantly, don't display warnings at the same point in the code as the actual authentication takes place.

[singhgupi]

Make use of things like calculated long jumps, exceptions and the active scheduler

Any code examples....??

[alammi]

How about having a RSA public-key on the binary, and use a RSA private-key to generate keys from customer's IMEI (encrypt with the private key)? This way the registration can not be cracked without changing the binary, or stealing your private key.

I understand the point about IMEI, it could make cracking easier. But if they could not change the binary, let's say I'm using restricted API's and symbian signed dev certs are not misused. It is a big benefit that IMEI can't be changed too easily.

[cdavies]

It's no more secure than anything else, since they'll either replace the key or patch out the check routine.