Respected Software Authors

With so much of my site being dominated by tutorials providing information on how to "crack" software, I felt the need to post these slightly edited e-mails I've received from several authors. In both of these cases I should like to commend the authors concerned for applying some common sense to their protection strategies as opposed to outright condemnation of the reversing community.

Advanced Disk Catalog v1.20c

Dear sir,

Sorry, I don't know how to call you -- webmaster, cracker... Anyway,
thanks for your site -- a great information source! Just one thing. 
I've found a page on your site, describing how to crack my own program 
(Advanced Disk Catalog):

Very interesting! But you've made a mistake :)

First, the program has been compiled with Borland C++ (version 5.02),
not C++ Builder.

Second, cracking ADC is not as easy as you described. It is not
possible to get a valid registration key at all, because all valid
keys are stored in the program (encrypted with RSA), and when the user
enters the key, it is encrypted the same way and compared to patterns.

Furthermore, the program will not work correctly without valid key
(part of key). You haven't investigated what functions Validate3 and
Validate4 are doing; actually, they are being used when
reading/writing database with more than 5 disks. First function
encrypts the data (with public key), and second one decrypts them
(with private key generated from registration code). So, if the
registration routine is just patched, the program will crash on
reading such database.

Besides, there are a few CRC checks for both validate.dll and adc.exe.
So, patched program will not work correctly, until you'll remove these
checks, too.

After all, thanks again for your work!

Sincerely yours,
  Vladimir
Needless to say, this polite e-mail response from the author generated a suitably polite reply from me, in this next e-mail Vladimir discusses ADC's protection scheme (something which he has obviously thought a lot about). 
Well... Sure, it is acceptable. The onliest problem is: it is not very
easy to find CRC checks (or at least, it takes time), so most (if not
all) ADC crackers just miss that. The result is: they release the
cracks that don't work. Well, actually, they work "somehow", but the
database created with cracked version become corrupted. I hate that!

I'm receiving a couple of mails each week saying "the program is
buggy"; after further conversations, I detect that the authors of these
letters just use cracked version. So, please put a little note about
that, asking crack users not to contact me for technical support, and
crack authors to test their cracks VERY carefully (especially on
databases with more than 5 disks). :)))

And another thing... I don't like what UCF (I think you know who they
are :) is doing. From time to time, I'm receiving fraud: somebody just
buy ADC using stolen credit card numbers and later put his
registration code to Internet/Usenet. I'm "blacklisting" these
numbers, but the "losers" (sorry, I cannot call them differently)
from UCF just patch the blacklist checking. And call that "crack"
(though it still requires valid registration code which has been
somehow purchased).

So, I prefer honest game. I'm developing the protection, and everybody
can try to *crack* it. It is acceptable. But *stealing* is totally
different...

Sincerely yours,
  Vladimir
Here I have to agree with Vladimir, using fraudulent means to obtain any software because you aren't able to crack it is VERY lame, something I hope UCF aren't actually doing. I'd like to stress that if you use cracks then "on your head be the consequences", any unreliability in this case really isn't the authors problem. 
Well, when the first beta of version 1.20 has been made available,
I've got a message from Saltine [PC] that the protection is really
good and he will not try to crack it anymore. But later I've seen some
[incomplete] cracks from Stardogg Champion and others, and I was really
disappointed...

Older version -- not a problem! But cracking them is really easy, and
good cracker can even found a valid registration code.

Btw, if you like ADC and wanna use the registered version -- I'll send
you the key :)

Sincerely yours,
  Vladimir
Good on Saltine, RSA encryption is pretty much irreversable anyhow. Other cracks are always a problem. PhrozenCrew seem to hate cracking ADC, Stardogg Champion's crack fails and only recently I've seen another crack by tKc (founder of PC) which also has some serious flaws. Would you believe Vladimir did indeed forward me the correct key, sadly for you though I lost it inside a Blowfish shortly after registering :).

Markin32 v1.3

>>To: crackz__@hotmail.com
>>From: Martin Holmes 
>>Subject: Cracking my app
>>
>>Hi there,
>>
>>I see you've provided details on how the key in my Markin32 program is
>>generated. Do you intend to keep doing this if I change the system, or 
>>can I assume that you'll have no further interest in my app from now on?
>>
>>Cheers,
>>Martin
>>______________________________________
>>Martin Holmes
>>University of Victoria Language Centre
>>mholmes@uvic.ca
>>76717.2477@compuserve.com
A rather terse but to the point e-mail from Martin at first, but I felt the need to e-mail a response, often software authors think that crackers single their program out, in reality virtually every program on the web has a crack somewhere. 
At 06:52 PM 11/11/98 PST, you wrote:
>Greetings and thankyou for your e-mail.
>
>With regards to your remark, yes I have provided details about the 
>algorithm in v1.3 although before I wrote the tutorial I did try to 
>search the web for v1.2. In virtually all cases I do try to use previous 
>versions wherever possible to minimise any damage to the software 
>author.
>
>Sadly as you are most likely aware, key generators for v1.3 are all 
>around the web and were several months ago. I would like to perhaps 
>change the current document and use maybe v1.2 (even an earlier version 
>- with your consent).
>
>In answer to your question, I certainly WON'T crack a newer version of 
>your software, in fact a newer version housing a different 
>protection/algorithm would please me because losers would be visiting my 
>page to learn not register software for free.
>
>Unfortunately I can't speak for the "warez" community who will most 
>likely rls a crack or key generator for your latest version regardless.
>
>I hope you find my response agreeable.
> 
>Many regards.
>
>CrackZ
.....and the response. 
Hi there,

I wasn't aware that key-generators were all over the Web, actually. I don't
have much contact with the warez community, and I found your page by
accident. I suppose I should make a major change to the system.

I'm going to release 1.4.1 soon, but I don't want to annoy registered users
by forcing them to enter new registration codes; I may wait for version 2
before making a major change. I'll have to think about it. Most of my users
are responsible folks in education, so it may not be a big issue for me --
it's difficult to tell, really.

Thank you for refraining from cracking the next version -- that will help a
lot.

Cheers,
Martin
A nicer response, I think Martin was genuinely surprised any cracker would spend the time beating his scheme, especially when one considers the measly sum of $ he is asking. Of course I have refrained from cracking the new version and would urge "scene" crackers to do the same. 
Hi there,

Thanks for your honesty. I've done a little looking around on the Web, and
found a couple of key generators, as you said. This is actually quite
amazing to me; my app is so transparently only of interest to educators
that I'm stunned that people have put so much work into cracking it.

If I had any money, I'd hire you as a consultant to come up with an
uncrackable registration system. Would you be interested in doing that for
the hell of it? I read through your tutorial and learned quite a lot from
it; now I know about a number of things I can do to make reverse
engineering harder. But is it possible to make it impossible? Would you
like to take up the challenge?

I use Delphi 2, which of course you know.

I must admit I have to admire what you do. Attention to detail.

Take care,
Martin
Needless to say, no matter who you are or what your software is, you CAN protect yourself and your programs better. Now that you've gained an impression of these 2 software authors (and seen it from their perspective), I would hope that if you use any of their software regularly you would forward them a contribution (even if you do not pay the full fee).

Practise ethical cracking, don't damage the small software author out to promote his shareware and make an honest living, wage war instead against genuine capitalist greed - aka M$.

© 1998 CrackZ. 10th December 1998.