Introduction

Thoughts about Hackers, Protection Mechanisms, and Programming

Hackers and developers of protection mechanisms are not just opponents. They are also colleagues. If we assume that hackers are parasitic for programmers, exploiting their inability to build truly high-quality protection mechanisms, then we have to realize that programmers are parasitic for users, exploiting their inability to write programs!

Hacking and programming actually have very much in common. Creating high-quality and reliable protection mechanisms requires the skills of low-level programming, working with the operating system, drivers and equipment, knowledge of the architecture of contemporary processors, the specific features of code generation typical for specific compilers, and the biology of the libraries being used. At this level of programming, the distinction between programming as such and hacking becomes so thin and difficult to differentiate, that I wont even try to draw it.

Lets start by stating the fact that every protection, as is the case with any other software component, requires careful and thorough testing in order to evaluate its usability. In this context, usability is interpreted as its ability to withstand attempts at cracking it done by qualified users armed by hacking tools (protected disc copiers, virtual drive emulators, window and message spies, file and registry monitors ). Protection quality is not evaluated by its strength, but, instead, by the relationship between the man-hours required for its implementation and the man-hours required for its cracking. In the long run, every protection system can be cracked, because cracking is only a matter of time, money, cracker qualification, and efforts. However, expertly designed protection must not provide easy opportunities for this cracking. Here is a practical example illustrating this statement. A protection mechanism that binds to bad sectors (which are actually unique to each storage medium) is practically useless if it cannot recognize their rough emulation by incorrect EDC/ECC fields. Here is another example. Binding to the geometry of the CD spiral track, even if its implementation is bug-free, can be bypassed by means of creating a virtual CD-ROM drive that emulates all of the specific features of the original disc structure. Notice that you dont have to be a hacker to do this, because in this case, it is enough to run Alcohol 120%, which cracks such protection mechanisms automatically.

The design errors of protection mechanisms bear a dear cost for their developers. However, no one is warranted against such errors. Attempts at applying a scientific approach to the development of software protection are an absolutely senseless farce. Hackers laugh at academic-style works with names like Computing trajectory of a spherical cube in vacuum . In fact, practically all of these types of protection can be removed within 15 minutes without any serious mental effort. Here is a rough, but illustrative example. Designing a defensive strategy for a fortress without taking into account air power will allow anyone to occupy it using even the oldest aircraft used in warfare (MS WDB is such an aircraft), let alone modern fighter-bombers (Soft-Ice is a fighter, while IDA Pro is a bomber).

To develop protection mechanisms, the programmer must have at least a general idea about the working methods and technical tools used by his or her opponents. To master this technical arsenal at a level no lower than that of the opponent is even better. Practical experience (actually cracked programs) is highly desirable, since it allows to study the tactics and strategy of the offensive party carefully , thus allowing for the organization of an optimal defense. Simply speaking, it allows us to detect and reinforce the most probable targets against hacker attacks, concentrating on them the maximum available intellectual resources. This means that the developer of protection mechanisms must be inspired by the hacker psychology, and start thinking like a hacker.

Thus, mastering information-protection technology assumes the mastering of cracking technology. If you dont know how protection mechanisms are cracked, what their vulnerabilities are, and have no information about the hackers arsenal, you wont be able to create a strong protection mechanism that is, at once, inexpensive and easy to implement. The books about security that consider this subject exclusively from the protection point of view have the same drawback as storage devices that can only write informationthey have no practical applications.