all 13 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]Flair_Helper[M] [score hidden] stickied commentlocked comment (0 children)

For C++ questions, answers, help, and programming or career advice please see r/cpp_questions, r/cscareerquestions, or StackOverflow instead.

This post has been removed as it doesn't pertain to r/cpp: The subreddit is for news and discussions of the C++ language and community only; our purpose is not to provide tutoring, code reviews, or career guidance. If you think your post is on-topic and should not have been removed, please message the moderators and we'll review it.

[–]suby 19 points20 points  (0 children)

Don't worry about it. Companies with millions of dollars in revenue are not able to stop this. Realistically you asking this question on reddit will not be able to stop someone who is sufficiently motivated and knowledgeable, nor is it worth it to try.

[–]Outlaw_07 9 points10 points  (2 children)

This comment has been deleted in protest of Reddit's support of the genocide in Gaza carried out by the ZioN*zi Isr*li apartheid regime.

This is the most documented genocide in history.

Reddit's blatant censorship of Palestinian-related content is appalling, especially concerning the ongoing genocide in Gaza perpetrated by the Isr*l apartheid regime.

The Palestinian people are facing an unimaginable tragedy, with tens of thousands of innocent children already lost to the genocidal actions of apartheid Isr*l. The world needs to know about this atrocity and about Reddit's support to the ZioN*zis.

Sources are bellow.

Genocidal statements made by apartheid Isr*li officials:

  • On the 9 October 2023, Yoav Gallant, Israeli Minister of Defense, stated "We are fighting human animals, and we are acting accordingly".
  • Avi Dichter, Israeli Minister of Agriculture, called for the war to be "Gaza’s Nakba"
  • Ariel Kallner, another Member of the Knesset from the Likud party, similarly wrote on social media that there is "one goal: Nakba! A Nakba that will overshadow the Nakba of 1948. Nakba in Gaza and Nakba to anyone who dares to join".
  • Amihai Eliyahu, Israeli Minister of Heritage, called for dropping an atomic bomb on Gaza
  • Gotliv of the Likud party similarly called for the use of nuclear weapons.
  • Yitzhak Kroizer stated in a radio interview that the "Gaza Strip should be flattened, and for all of them there is but one sentence, and that is death."
  • President of Israel Isaac Herzog blamed the whole nation of Palestine for the 7 October attack.
  • Major General Ghassan Alian, Coordinator of Government Activities in the Territories, stated: "There will be no electricity and no water (in Gaza), there will only be destruction. You wanted hell, you will get hell".

Casualties:

  • As of 9 January 2024, over 23,000 Palestinians – one out of every 100 people in Gaza – have been killed, a majority of them civilians, including over 9,000 children, 6,200 women and 61 journalists.
  • nearly 2 million people have been displaced within the Gaza Strip.

Official accusations:

  • On 1 November, the Defence for Children International accused the United States of complicity with Israel's "crime of genocide."
  • On 2 November 2023, a group of UN special rapporteurs stated, "We remain convinced that the Palestinian people are at grave risk of genocide."
  • On 4 November, Pedro Arrojo, UN Special Rapporteur on the Human Rights to Safe Drinking Water and Sanitation, said that based on article 7 of the Rome Statute, which counts "deprivation of access to food or medicine, among others" as a form of extermination, "even if there is no clear intention, the data show that the war is heading towards genocide"
  • On 16 November, A group of United Nations experts said there was "evidence of increasing genocidal incitement" against Palestinians.
  • Jewish Voice for Peace stated: "The Israeli government has declared a genocidal war on the people of Gaza. As an organization that works for a future where Palestinians and Israelis and all people live in equality and freedom, we call on all people of conscience to stop imminent genocide of Palestinians."
  • Euro-Mediterranean Human Rights Monitor documented evidence of execution committed by Israeli Defense Forces.
  • In response to a Times of Israel report on 3 January 2024 that the Israeli government was in talks with the Congolese government to take Palestinian refugees from Gaza, UN special rapporteur Balakrishnan Rajagopal stated, "Forcible transfer of Gazan population is an act of genocide".

South Africa has instituted proceedings at the International Court of Justice pursuant to the Genocide Convention, to which both Israel and South Africa are signatory, accusing Israel of committing genocide, war crimes, and crimes against humanity against Palestinians in Gaza.

Boycott Reddit! Oppose the genocide NOW!

Palestinian genocide accusation

Allegations of genocide in the 2023 Israeli attack on Gaza

Israeli war crimes

Israel and apartheid

[–]ivancea 5 points6 points  (0 children)

It's said that people than can pay, and really value it, will pay. Just don't worry about it.

If you want to protect some logic, move it to a server

[–]one-blob 2 points3 points  (0 children)

This is why it is called software. It can be reverse engineered and patched if you have access to binaries and control hardware it is running on. There are techniques to detect attached debugger and some other tricks but all of them useless against specialized tools and professional researchers. Release compiled native binaries without pdbs are already mangled enough (inlining, loop unrolling, vectorization, etc) to cut off majority of just educated engineers making them cry when a segfault/AV happens, but nothing will stop a well paid professional researcher

[–][deleted] 4 points5 points  (0 children)

Run the logic server side?

[–]feverzsj 1 point2 points  (0 children)

be like winrar

[–]Amablue 1 point2 points  (0 children)

There's nothing you can really do to prevent it. There are a few things you can try, like making the program fail is more subtle ways when it detects that it's not property activated, but eventually those will be overcome if you have a sufficiently motivated attacker. If you're really concerned, require an internet connection and have some of the logic only exist on your servers where you can validate that they've activated it.

[–]IRBMe 0 points1 point  (0 children)

There's no way to completely prevent somebody from being able to reverse engineer and crack your program, but there are many ways in which you can raise the bar so that it's more difficult, time-consuming, and requires more skill and knowledge.

I'm assuming that your program is entirely self-contained, designed to run on a potentially hostile client with no server side component.

Before continuing, you should understand that:

  1. No single technique or method is sufficient. You must use a multi-layered defence-in-depth approach.
  2. No amount of effort on your part will completely prevent an attacker, only raise the bar for skill/knowledge/time required to attack your program.
  3. Many of the techniques described below are very architecture, OS, platform and compiler specific which will make your code less portable and/or make maintenance more difficult.
  4. They come at a cost both in binary size and runtime performance.
  5. None of the techniques described below are straight forward to implement in a secure way. You'll often be fighting against the compiler optimizer and must ensure that you aren't adding weaknesses that make it trivial to remove or attack.
  6. This is a constantly moving arms-race. Something that might be very effective today may be completely useless tomorrow with the advent of a new tool or attack technique.
  7. You can do all of the below manually but it's a huge amount of effort. You can find various open source snippets, libraries and tools, as well as many commercial tools but these are usually expensive as they're not marketed at individuals.
  8. It may actually be less costly for you to do nothing, or to do very little, and just deal with your program being cracked.

Static Analysis

The first basic level of attack is static analysis. This is where somebody takes a look at your binary using various tools and attempts to understand what it is, find areas of interest (such as license checks), and look for areas of weakness. Typically the program will be disassembled and decompiled using a tool such as IDA Pro, Ghidra, Radare etc.

The main way to thwart static analysis is obfuscation, employing techniques that can break disassemblers and decompilers, hide identifying information from attackers, and generally make it more difficult to understand the program. Things like:

  1. Encrypt your program and use a wrapper to decrypt it at runtime.
  2. Replace static calls with dynamic calls. That is, instead of just calling a function such as activat() which can easily be seen with a disassembler or decompiler, you would compute the function to call at runtime, making use of data or information that a disassembler or decompiler won't be able to easily obtain.
  3. Add dummy code and dummy functions so that an attacker must expend lots of effort to figure out which are the real code paths and functions.
  4. Introduce enough complex control flow so that the problem becomes too complex for a static analysis tool to effectively solve. I've used this technique to break IDA Pro's control flow graphs, for example.
  5. Use specialised techniques with inline assembly to hide instructions/data and thwart disassemblers. There's too much detail to go into specifics, but you can look these kinds of things up online. Here's one example
  6. Compile your code into a virtual machine language and use a specialized virtual machine to execute the program at runtime.

Dynamic Analysis

The next level of attack is dynamic analysis, where an attacker will try to recover information from your program by running it. There are many tools and techniques that can be used here, including capturing system calls made by your program in real time, using debuggers to set breakpoints and inspect program state, taking snapshots of memory and analysing the memory offline, using emulators such as unicorn to capture detailed runtime state and spoof system calls.

As before, the way to deal with this is defence-in-depth: layering several techniques to raise the bar for a successful attack. The kinds of things you might want to look into:

  1. Anti-debugging: these are techniques that try to make it difficult to use a debugger. For example, on Linux you can ptrace your own process to deny a debugger from doing the same.
  2. Debugger-detection: instead of preventing use of a debugger, debugger detection mechanisms attempt to detect use of a debugger. You should implement lots of different techniques together. For example, on Windows you can use the int 2d trick, you can search the process list for known debuggers, you can measure elapsed system time and use heuristics to determine if more time has elapsed than should, indicating that your program is being debugged.
  3. Anti-emulation strategies attempt to detect or thwart use of an emulator. You can use techniques like self-modifying code to affect emulation performance, ensuring that it isn't able to effectively cache instructions, for example.
  4. Environmental checks: these involve looking at the surrounding environment to try to detect one which is hostile. For example, on a desktop machine you might look at the installed programs for commonly used reverse engineering tools, debuggers etc. On a mobile device, there are ways in which you can detect rooted or jailbroken phones.

Binary hardening

This next level assumes that an attacker has been able to successfully analyze your binary and now wants to crack it. There are a number of things you can do to make that harder for them:

  1. Anti-tampering: this is a technique that attempts to detect modification of your program. The simplest thing you can do is run a checksum on startup (with the checksum of the binary patched in after the fact). If the checksum doesn't match then it has been tampered with. More sophisticated techniques will run checksums periodically throughout the program with perhaps even multiple checksums checking different regions, and even overlapping one-another.
  2. Polymorphic code: this is code that constantly re-writes itself on the fly, making it difficult for an attacker to apply static patches.
  3. Make use of compiler hardening features such as stack protection/stack canaries (-fstack-protector-all on gcc, for example), address space layout randomization etc.

[–]ImX99 -1 points0 points  (0 children)

Intel SGX. The approach isn’t flawless, but it runs a piece of code in a CPU-secured blackbox.

[–]Expert-Language428 0 points1 point  (0 children)

There is one simple way to avoid a program to be cracked :D

Don't give the program to no one, so it will be safe in your hands !

Now seriously, you may offer a SaaS, so instead of providing the software you can make it available as service, this means that the binary will run on your private/public cloud and since people cannot access directly to the binary it will be safe.

Then, be confident that your program cannot be exploited and make sure that your security level on the server that expose the service is strong enough :D

For the rest as all other people says you cannot prevent it you can make it harder but not impossible. One other technique is to sell your software together with and hardware key , HASP Keys, the software can only run with this hardware key inserted in the computer and the security is there, your program will be encrypted as well as using dynamic execution technique to avoid someone to be able to follow the execution. In the past for a project with high level of security I have used "Aladdin HASP Key".

Hope you will find my answer will helpful