Results 1 to 8 of 8

Thread: How NOT to protect your app.

  1. #1

    Talking How NOT to protect your app.

    Sanitized to protect the guilty.

    Attn software authors. Javascript is NOT a good language to write your licensing protection in. Since it has to be run from it's source state, that makes removing your protection trivial. See example below:

    function licenseCheck()
        try {
            gInfoSvc = Components.classes[";1"].
            while (!licenseValidOnStartup()) {
                if (licenseTrialCheck()) {
                    // first time install of a trial license
                    return gInfoSvc.licenseValid;
                // fall through, the invalidLicense dialog will handle showing
                // the apropriate information.  The trial is now expired.
                var args =  Components.classes[";1"]
                var paramBlock = 
                paramBlock.SetInt(0, Components.interfaces.ILicenseCallback.LICCB_ABORT);
                openWindow(null, licDialog,
                if (paramBlock.GetInt(0) == Components.interfaces.ILicenseCallback.LICCB_RETRY) {
                return false;
        } catch(ex) {
            // We've already shown a dialog for this error.
            return false;
        return true;
    So, what does it take to COMPLETELY disable your elaborate scheme?

    function licenseCheck()
        // Return TRUE that the license is good.
        return true;
    I think that should be self explanatory. If not, feel free to ask your questions.
    There, I've done my community service for the week.

  2. #2
    there are some programs out there which converts readable java script codes to unreadable ones which yet are executable by the browsers. I think the critical parts of java script codes should be hidden that way unlike the above example
    that's a shame some authors know nothing about security.

  3. #3
    Thanks for the info nanobit, I was unaware of that. But, it seems that someone has already taken care of that:

    It decodes the encoded scripts. (the jscript.encode stuff).

  4. #4
    nice! I wasn't either aware of existence such a program.

  5. #5
    Super Moderator Shub-nigurrath's Avatar
    Join Date
    May 2004
    Obscure Kadath
    A note: you can also use malzilla to decode scripts with most common obfuscating techniques..
    (`._.[*~-.,.-~* ŜħůβŇĝŕřāŧħ ₪*~-.,.-~*]._.)
    There are only 10 types of people in the world: Those who understand binary, and those who don't

  6. #6
    umm, something new to play with.

  7. #7
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Ring -1
    Blog Entries
    "Give a man a quote from the FAQ, and he'll ignore it. Print the FAQ, shove it up his ass, kick him in the balls, DDoS his ass and kick/ban him, and the point usually gets through eventually."

  8. #8
    Quote Originally Posted by Shub-nigurrath View Post
    A note: you can also use malzilla to decode scripts with most common obfuscating techniques..
    You are welcome to send me the script which can't be de-obfuscated.
    I will de-obfuscate it for you.

    bobby (Malzilla's developer)

Similar Threads

  1. How To protect my VB2008 App??
    By Drigo in forum Advanced Reversing and Programming
    Replies: 7
    Last Post: May 28th, 2009, 22:30
  2. !protect on....
    By SpeKKeL in forum Off Topic
    Replies: 13
    Last Post: August 16th, 2004, 03:24
  3. a little program protect with HASP m1 and sn,somebody help me
    By helloman in forum Malware Analysis and Unpacking Forum
    Replies: 17
    Last Post: June 19th, 2002, 09:04
  4. section .protect ,what it does?
    By box in forum Malware Analysis and Unpacking Forum
    Replies: 2
    Last Post: June 30th, 2001, 16:20
  5. How is protect Solid Edge 9?
    By mssmsoft in forum Advanced Reversing and Programming
    Replies: 1
    Last Post: April 24th, 2001, 09:27


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts