Best way to protect my new commercial software.

[Wolfgang Draxinger]

sturlamolden wrote:

> I wrote this in another thread,

And here the HOWTO for the crack:
 
> 1. Put all the compiled Python bytecode in a heavily encrypted
> binary file. Consider using a hardware hash in the key.

Find the part in the binary where the encrypted bytecode is read,
start the binary in a VM to which a debugger is attached (can't
be detected, as it's in a VM) and put a watchpoint for any
access on the encrypted binary.

> 2. Program a small binary executable (.exe file) in C or C++
> that:
> 
>    2a. Reads the binary file.

Debugger intercepts it.

>    2b. Decrypts it to conventional Python byte code.

Record where the decoder puts the decrypted bytecode in memory.

>    2c. Embeds a Python interpreter.

Replace the call of the Python interpreter with a small shellcode
that writes the decrypted code to a file.

>    2d. Executes the bytecode with the embedded Python
>    interpreter.

Execute that file with the standalone interpreter.

> I will not make reverse engineering impossible, but it will be
> extremely difficult.

No. It's just a matter of reading the decrypted bytecode from
memory. Since Python bytecode is independent from any containing
file, it's very hard to test if a certain bytecode runs from a
valid or cracked container.

Any sort of bytecode will sooner or later run through some
interpreter, where it can be ultimately tapped. And unlike some
CPU binary a bytecode also delivers all information to
deobfuscate it. So even self modifying code doesn't help here.
 
Wolfgang Draxinger
-- 
E-Mail address works, Jabber: hexarith at jabber.org, ICQ: 134682867