Home » Support » User Manual » The Software Licensing System » Example of usage » Step #5: Lock code to serial number

Step #5: Lock code to serial number

One of the most popular methods of cracking is to find a conditional jump after checking serial number and replace it with unconditional one. Conditional jump jumps to “correct” or “invalid” branches of code depending on serial number correctness. Hacker replaces it with uncoditional jump to the “correct” branch, so the application will accept any serial number. Let’s “crack” our test application like hacker may do – turn our IF-operator off:

char *serial = read_serial("serial.txt");
int res = VMProtectSetSerialNumber(serial);
delete [] serial;
if (false && res)
{

Now our application will accept any serial number. Of course, it took a few seconds to modify a source code. It will take several minutes to find and modify binary code after compilation. But it may take months to find and modify this code after VMProtect protection. If the application was protected correct, it checks serial number in many places and hacker will need a long time to find and fix all the jumps. But we’ll add more protection.

Lock the code to serial number

Important! Demo-version of VMProtect limits number of protected functions. It allows to protect only one function. So if you try a demo-version, you should add only the foo() function to the project. Otherwise VMProtect may protect main() function instead of foo() and it’s code will not be locked to the serial number.

VMProtect Licensing System allows to lock the code of one or several functions to serial number. They will not work without correct serial number. VMProtect will virtualize those functions and encrypt them using the key from serial number. So even if hacker will replace unconditional jump, it will not be able to decrypt such functions without correct serial number. Let’s try this. Switch to VMProtect, select the foo() function in the project tree and open its properties.

Check the “Lock to serial number” box and protect the application again. Put the any text to serial.txt instead of correct serial number and run the application. You will see the following text in the console:

C:\test>dummy_app.vmp.exe
serial number is correct, calling foo()

As hacker “replaced” unconditional jump, the application will think that it is registered. But when it will try to run foo() function, it will fail with the following error:

As we locked foo() function to serial number and hacker doesn’t have one, VMProtect will not be able to decrypt the function body. So it informs user that it is impossible to continue running the application and terminates it. When you press the “OK” button, you will not see “done” text in the console.

What to lock to serial number?

You should lock to serial number functions that will be called only in the registered version. As the code locking uses virtualization, those functions have to be virtualized (use Virtualization or Ultra modes in VMProtect). Do not forget that virtualisation decreases speed of code execution. For example if your text editor application doesn’t allow to save documents in the demo version, you may lock saving function to serial number. If this function calls other functions while saving, you don’t need to lock them too. Locking the “top” function is enough in most cases.

Please note, that attempt of execution of locking code without correct serial number will terminate the application. All changes will be lost. You need to test the application, so it will never run locked code in demo mode. For the text editor described above, make sure that you disable “Save” menu item, Ctrl+S hotkey and that you don’t ask about saving while closing application. Otherwise customers may think that the application has bugs.

Invalid keys and code lock

When you call VMProtectSetSerialNumber() function, it analyzes the serial number and allows to decrypt locked code only if the serial number is correct. If it is blacklisted, expired, has invalid hardware id or anything else – the licensing module will not decrypt locked code and application will fail if it will try to execute the code.

Some limitations may be activated while running the application. For example running time limit may run out or serial number may expire by date. In that case licensing module will continue to decrypt code blocks until you set serial number again or terminate the application. It is hard for vendor to disable all “full-version” features of application immediately when limitations are activated, so it is safer to continue decrypting code blocks until the application will not find out the limitations and do something with them.