Protect the Devs
The well known RipDev has announced to offer a sophisticated protection addition to limit software piracy. It is called Kali. As copying of iPhone apps has become sort of simple by using “Crackulous” some developers are confronted with decreasing sales.
RipDev says their own products like iPref, Kate and Installer are already protected using Kali. And they still seem to have not been cracked (properly).
What does Kali do?
Too make a long story short: it does nothing new. It simply uses runtime encryption and server sided authentication for decryption. Whenever parts of the program have been decrypted properly they can be executed otherwise the CPU tries to execute the still encrypted code and thus a program just crashs. Disabled error handling and code design beyond the standards is a must.
Runtime encryption has a long history. From the middle to the end of the 1990’s some talented protection defeaters like fravia (all the power to you bro’) organized annual cracking competitions within the Higher Cracking University (HCU+). In the 1980’s people were printing deadlistings of assembly code and were studying protections to find ways to circumvent them. the motivation was: interoperability and fun. Cracking protections is said is like playing chess. Easy games (thus easy protections) are not interesting. Complicated games are challenging.
Anti-Debugging checks are well known to Win32 experts for years. Also automized cracking programs are not new. Some people may still remember the masterpiece ProcDump. ProcDump allowed automized dumping of runtime encrypted programs (by also fixing the headers with import tables and so on).
Nowadays tons of automizer scripts that allow convenient unpacking of generic runtime encrypted Windows programs are available for assembly debuggers like Olly Debug. Generic protection wrappers don’t live long until getting defeated. On the other hand it seems specific protections (like the one used in Ableton’s Live Mac version) are very challenging to be cracked, since they are designed to be used in only one single program and not in tons of programs.
What do we learn from this? Decide for yourself.
101 of Digital Economy
There are people who say that an operating system like Windows 95 or 98 could only reach such a high societal penetration and thus make Microsoft dominating the market because it was so easy to copy. And nowadays? Almost every user who had an illegal Windows 95 back in the days nowadays uses legally bought Windows XP or Windows Vista. The consumers are trained to use Windows. In the long run this strategy has proved to be successful. Almost the same applies to Adobe’s Photoshop: almost every computer user knows how to use the basic functions, but almost nobody has ever bought it. But Photoshop has become the standard. There is no real competitor. In the long run Adobe’s strategy has proved to be successful aswell. Anyway we really doubt companies’ officials would admit those strategies.
And Apple? Apple knows about the concept of (religion and) market penetration. They are interested in selling their devices. It’s additional business for them to sell software for the iPhone, but their primary intention in the ongoing stage is to extend market penetration. Easily available software for their devices makes the device even more attractive to consumers. They will not be too interested in prosecuting teenage crackers.
What devs can also do
There are many options.
- Design an own protection layer.
- Bug the crackers with updates. As every update needs to be unpacked again this will be boring for half a millions apps every month.
- Check the price for your app. What’s better: earning 100 x 15USD or 500 x 4USD? What did we say about market penetration?
- Think about introductory offers (for every new version)
- Think about free demos with limited functionality
The time is over when developers sold 200,000 apps in one week. This was only possible in the beginning of Apple’s AppStore. Now it is usual software business.
Kali is a good idea for the average developer with no knowledge of protections. Anyway as history shows it will have a limited degree of efficiency. As crackers like challenges a lot, they will really like to defeat Kali (I bed they are right now sitting analyzing RipDev’s Kali protected apps). Another thing might be unforeseeably: some developers are also crackers. They might apply for the Kali offer just for fun to get a better understanding.
Moreover although RipDev’s programs seem to have not been cracked until now this does not imply that this comes from the protection. The market’s demand for his programs might also be just too little.