A.R.F Intro

The A.R.F Project

Anti-Reversing Framework v2.0

Author: Economou Kyriakos
Contact: kyrecon@anti-reversing.com
Programming Language: C++
Compatibility: Win XP SP1 or above
IDE plug ‘n compile: MS Visual Studio (tested with 2008/2010 editions), Embarcadero C++ builder (tested with 2010 edition).
Release Date: 17d/01m/2011

Note: This project is not actively maintained and it contains code that is poorly written for the purpose of demonstrating how anti-reversing tricks in Windows software work. I am considering, reviewing the entire project and properly re-write a lot of stuff, but until then please make sure that you know what you are doing before using this code in production.

Intro

After having dedicated some years in breaking software protections I have arrived to some conclusions regarding how things work among software developing companies regarding this matter.

A company that produces any type of software has always in mind the quality of the final product to be released. This means that its coders dedicate all of their time in developing the software that is going to be released by searching for bugs and errors and by improving the code of the software.

However, when all this has come into an end, and it is time to release the software, all companies have to, or at least they should, deal with another big decision which is of course the “how” their product it is going to be protected by crackers.

For the big companies that have more money than time in their hands it is more easy to decide because their budget can afford any type of commercial protections and it is only a matter of taste regarding the quality of the protection that it is going to be chosen.

However, even if these companies are able to choose among a variety of protections, the impact of this decision can be destructive in zero time. Commercial protectors offer much more quality than the free of the kind but they have a major flaw.

This flaw relies on the fact that before a company applies a well known commercial protector, others have already done it which means that probably it has been already reversed. So why should you spend money for a protection that you know that it has been already cracked?!?

On the other hand, crackers have usually much more time than money in their hands and this is what makes them dangerous. They will usually try to break the protection by themselves or read a tutorial about it and use it as a guide. In any case it is just a matter of time before they say “Game Over!”

So then, why companies do not create their own custom protections?

The answer is simple, it requires time, money and people who know the basics of reverse engineering, in other words how a cracker would attack the protection of the software. All this would normally require a separate department of employees dedicated to the development of the protection itself, but companies don’t seem to approve this idea and you know the results.

But crackers, won’t they crack that protection too?

The answer is “Yes!” but as we have already said the entire game goes around a more specific and relative concept which is the “time”. A custom protection must be analysed each time from scratch and if it is well designed it could take to crackers much more time than you may think, so the company will have the opportunity to gain time and money before the game arrives into an end.

So what if a company wants to use a commercial protector?

Even if they have the flaw that we discussed before, many commercial protectors are very good and can keep a big amount of crackers especially newbies away. But even in this case, why you should rely just to the protector itself?!?

Well, you shouldn’t and here it is where the A.R.F Project comes into the game. You could use it in order to add an extra layer of protection inside the code of your application itself that will protect your software when the protector will not.

Furthermore, it can be a good solution for single developers and companies that may not afford neither in terms of money the use of a commercial protector nor in terms of time the development of a custom protection from scratch.

The A.R.F Project is Free and comes with full source code and documentation of the available anti-reversing methods.

This gives also the possibility to the developers to modify these methods at will, combine them together and even more get inspired to create something better in less time than ever before.

In addition, through the A.R.F Project you can understand how some of the most famous anti-reversing tricks work and learn how an attacker would attempt to bypass them, which will help you create your own custom software protection.

The available methods will constantly be updated and more methods are going to be added in the days to come.

The A.R.F project offers plug ‘n compile compatibility with MS Visual Studio (tested with 2008/2010 edition) and Embarcadero C++ Builder (tested with 2010 edition).

Greetings: This project is dedicated to all the people that I really respect for their devotion to their passions without thinking about the consequences.

A big salute to my friends Yiannis Marangos , Alexandros Theodoridis, Panos Papandoniou, Kyprianos Vasilopoulos and Anna Manousaki.

Enjoy,
kyREcon

All Rights R3v3rs3d