Code Encryption

Modern cryptographic mechanisms provide strong software protection.  Encrypting random data is slightly more reliable than reading out data. The data is decoded later and the license is only correctly verified if the two values match. However, this type of protection also requires a simple yes/no decision in the code. This type of encryption can also be simulated by another encryption e.g. an XOR.

A more effective approach involves encrypting either the data or, even better, the executable code essential for the application’s functionality. Before release, the encrypted data is embedded directly into the software. A copy protection system, such as a dongle, then decrypts the data as needed. Without a valid license, the required decryption key is unavailable, rendering the data inaccessible and the software unusable.

A hacker might attempt to manipulate the process, altering the checksum comparison to always return “yes.” However, this software calculates an incorrect value and hence will not run correctly or, in the worst case, crashes. Without the appropriate license, cracking the software becomes nearly impossible, as the hacker would need to correctly guess the encrypted data—a highly improbable feat.

Unfortunately, this type of protection has a major drawback: it can be cracked by intercepting the communication between the software and copy protection. To address this vulnerability, a stronger approach involves embedding multiple encrypted secrets throughout the software and enabling the use of multiple keys. This allows the same data to be encrypted with different keys and stored in various locations within the application. During runtime, the system randomly selects which key to use, making it far more challenging for a hacker to identify and compromise all the encryption checks.

This approach makes cracking existing licenses extremely difficult and costly. The protection can be further enhanced by avoiding truly random key selection. Instead, the key could be tied to the date and the computer data. A hacker might believe they’ve found a working bypass, only to later realize it fails under different conditions or for the end users relying on their “solution.”

Learn more about the best encryption mechanisms to protect your code by sending us an email or submit the form below.