••• PLEASE READ THE VERSION HISTORY FOR EACH NEW RELEASE TO STAY •••
••• INFORMED OF IMPORTANT CHANGES AND SECURITY ISSUES •••
As you should already know this app will generate (to a text file) serial/registration numbers (randomizing whenever possible) for various Macintosh software.
It should go without saying, but there always seems to be a few morons out there so said it must be:
••• DO NOT USE OR DISTRIBUTE THIS APP IN NON-ELITE ENVIRONMENTS… •••
••• DOING SO WILL ONLY RUIN IT FOR EVERYONE (THAT INCLUDES YOU) •••
••• THE FIRST TIME I HEAR OF A LEAK OF THIS APP WILL BE THE LAST •••
••• THINK ABOUT IT…ENOUGH SAID •••
••• (DO NOT GIVE THIS APP TO MORONS -- THANKS IN ADVANCE) •••
I ask that you do not include numbers generated by this app (at least not in wholesale fashion) in other reference lists, since: A) This app generates different numbers (whenever possible) each time it is run so that there is no quick/painless counter measure to it; B) doing so would only help to counter its effectiveness (mainly by shortening the longevity of the SN# algorithms staying static); C) it would just increase the file size of the other lists while adding little value beyond the first number.
Future release versions will entirely supersede this release so there is _absolutely no need_ to keep old versions lying around.
SECTIONS:
========
Mission statement
General/customization information
Privacy/security warning
Miscellania for would be CP reverse engineers
List of supported products
Version history
MISSION STATEMENT:
=================
Copy protection (CP) is an annoying nuisance that is ineffective. Serial number generators force software publishers to either: Accept the fact that their CP scheme is useless (possibly/hopefully abandoning it and the overhead of managing serial numbers) or; change their CP method/scheme and issue new serial numbers to their entire user-base for every release of their software. In this way the easy counter-counter-measure (of simply just checking for known elite name/password combos with each new release) that some authors (eg: Realmz's author) currently take is eliminated (since they won't know what names/numbers to target).
GENERAL/CUSTOMIZATION INFORMATION:
=================================
The date and time at which the output file was generated is now included at the start of the file -- this is the zero date that all the chronologically dependent algorithms use in their calculations.
The names specified for 'Owner Name' and 'Macintosh Name' in the 'Sharing Setup' control panel are now the first two user names used for generating serial numbers from. However this info is not saved to the 'Generated SN#s' file for security reasons (see next paragraph) -- instead you will see '<Sharing Owner Name>' and '<Sharing Machine Name>'. This change supports the few programs which require using the 'correct' user and/or machine name to fully enable themselves. (eg: the Dejal products)
Currently you must use a resource editor if you wish to change the user/company names (you may specify up to 20) that are used during generation. You may also change the number of copies to be licensed for (simultaneous users 1…9999, default is 10) and the number of serial numbers to generate (1…50 [this is independent of the number of names you use], the default is 3) for each product. These values are stored in 'STR#' resources that are labeled so that changing them is self explanatory. A future release will probably get these from a separate text file in order to make customizing easier.
The generation of large tables is disabled by default, but you may enable it by changing the 'STR '#129 resource. The only large table implemented so far is for System's Twilight.
Ocassionally you will see output of the form:
Illegal name: '<the illegal name>'
This only occurs when the given user name does not meet all the conditions placed upon it -- this is almost always due to the name being too short or containing only white space. (Don't be a moron -- using white space only, prefixed, or suffixed names is just dumb)
All of the serial number routines were tested with at least two numbers and usually more - however it is still possible that an error may have crept in, or a subtle point may have been missed during reverse engineering that only shows up some of the time --- so if you encounter an entry that doesn't work make sure you've got at least the given version of the product in question. If it still won't work complain with the complete details and it will (probably) get fixed.
If you have new or better algorithms (in some cases there is sufficient ambiguity [not always intended!] in the checking algorithm to allow multiple solutions to the inversion problem, with complete generality being the nicest but hardest to obtain) for current (ie: non-legacy) products feel free to submit them and a few examples of _known valid_ codes. (most useful would be C code that actually compiles - but intelligible pseudo code will do)
Another item that would be useful is the actual _correct_ format of serial numbers for products which this app generates numbers for. (in the case of a discrepancy only -- most of the time it is possibly to fully invert the checking algorithm and thus obtain the format of the serial number, but not always, in which case a reasonable/arbitrary _working_ guess is made)
If there is some _current_ product you wish to see included here that _requires_ (ie: is dependent upon user name and/or number of copies or needs unique network serial numbers) a generator feel free to request it.
PRIVACY/SECURITY WARNING:
========================
You should be aware of the fact that just because custom names, such as the <Sharing Owner Name>, are not written to the file does not necessarily mean they are not recoverable… in some instances there is sufficient information encoded in the serial number to reveal all or most of the contents of the name. Taken in combination this could almost certainly be used to reveal the hidden names. Thus it is unwise to share a generated text file -- unless you first cut all lines containing closed angled brackets (<>). In any case it is extremely unwise to put any non-anonymous information into any of the following places on your mac:the <Sharing Owner Name>, the <Sharing Machine Name>, volume/folder/file/printer/network device names, the map control panel (ie: don't take out your gps receiver and enter your house or towns exact location - use a large population center in your time zone instead), any Microsoft product, any net-aware product (this could be anything nowadays), any product that you produce (or change) documents with -- this is absolutely critical in these online/networked days… Preferably you should only use a 'clean machine' to access the net -- that is a machine which is only connected to other (priviledged) machines when it is not online, and even then the connection must be one-way; to the clean machine only (that is the clean machine must not have any access priviledges to the accessing machine(s)). If you feel you must put personal info into any of these places you should be aware that every time you share a document or even just log onto a network you are risking the (distinct) possibility of divulging that personal information without ever explicitly consenting to this invasion of privacy… this is an unwarrented and (usually) unecessary risk that most people are totally oblivious too -- no one will protect your privacy for you, the only way to be sure of having any measure of privacy is to simply not provide any unecessary information anywhere, period… for "Those who are willing to trade (their) privacy for security deserve (and will get) neither" (can't remeber this quote's source but it's well known). This issue is the real reason behind this app - its nobodies business what software we run or what we do with it or who we are unless we _directly and explicitly_ choose to give up such information on a per item/per usage basis. After all if you go out and buy a television you don't want anyone to be able to find out what you do or don't watch or that you even have that television unless you explicitly tell them so. Why should software be any different?
MISCELLANIA FOR WOULD BE CP REVERSE ENGINEERS:
=============================================
There a only a few basic non-keydisk, non-HW Dongle copy protection schemes in wide use:
1) Just a SN#/Reg Code (and possibly version#/id) that has certain
mathematical/string properties.
2) A Name/ID (given or enterable) field, a copies_Licensed field, version#,
and SN#/Reg Code which is derived by manipulating and combining the Name/ID
field and the copies_Licensed.
3) A time (date) based/limited SN#/Reg Code of type #1 or #2 above.
All of these protection schemes can in general be circumvented by a process of reverse engineering the SN# checking algorithm(s) during runtime (by using a debugger). In general you try to get an interrupt at or near the beginning of the SN# checking code (this step can require some insight - but 95% of the time placing a local ATrap break on GetIText, StringToNum, NumToString, DisposeDialog, HiliteControl, and/or ModalDialog will work). Once you find the start of the checking code you simply (or sometimes not so simply) symbolically disassemble the assembly code into pseudo or C code (I use a mixture myself). Ninety percent of the time you will see some code which reads in all the user input fields (possibly upper or lower casing them), checks to see if they are within certain length and data type ranges (eg: Name>=4 chars with no digits, sn#=digits and >0). After these preliminaries you get to the actual heart of the method used. Typically you find code that does any/all of the following type of actions in various combinations:
A) Copy/Splice field(s) or subfield(s) to/into new variable(s). (ie BlockMove)
B) Convert a string/character (not necessarily numeric) to a numeric variable
via StringToNum or a custom conversion routine (often the base involved is
not 10 but a prime or power of 2 such as 8,16, and 32). [or, inversely
convert a number to a base b string]
C) Add/multiply/eor/ect... up the value of the characters in a string -
possibly including the length byte in the case of pascal strings.
D) Perform mathematical operations (often via library calls) such as integer
division (/), remainder upon integer division (mod,%), exclusive-oring
(xor,eor,^), oring (or,|), multiplication, addition, and subtraction. (note
be careful to observe the size and sign of the operations - ie byte, word,
long and signed or unsigned).
E) read/load in data from an internal table. (one table of $100 longwords is
particularly popular)
F) do 1 of n manipulations as selected by the value/state of some data.
G) loop over all or some of the elements in a string/number and perform any
of these actions for each element.
The last step in the SN# checking code is almost always the direct comparison of two values (usually longwords, but sometimes character strings) -- although sometimes the comparison is distributed throughout the checking algorithm calculation itself. Sometimes one these values is simply just the numerical value of your SN#, but more often the slightly indirect method of mangling both your SN#/reg code and all other fields into character string or numeric values and then comparing them is used. This second approach and generalizations upon it usually prove more difficult to invert in general -- as it requires reversing (at least partially inverting) a greater number of steps, often with more restrictions on intermediate values as opposed to restrictions on the terminal or input variables.
LIST OF SUPPORTED PRODUCTS: (see the version history for version specifics)
==========================
4D Online Help
Aladdin Desktop Tools
Apeiron
AXS Online Reader
Barrack
BeHierarchic
BrainHex
CalcWorks
CD Directory
CD Namer
Chiral
ColorSwitch
Compact Pro
Conflict Catcher
Custom Menus
Cyber Finder
DeBabelizer
Dejal QuickEncrypt
Dejal SndCataloguer
Dejal SndConverter Lite/Pro
Dejal SndPlayer
Dejal Text Utilities (TextConverter/TextMerge/TextSplitter)
Developer VISE
Developer VISE Lite
DeskPicture
DiskDup Pro
DiskTools Collection
DiskTracker
Dome Wars
DropStuff /w EE
Eclipse
Escape Velocity
File Buddy
FontBox
Giza
GraphicConverter
Installer VISE
Internet Memory
MacSki
Maelstrom
MathType
MultiClip Pro
NetDoubler
Nisus Writer
Now Bundle
Now Contact
Now Quick&Easy
Now UpToDate
Now Utilities
PacMac Deluxe
PowerBar Pro
PowerReplace
Ram Disk Saver
Realmz
Realmz - Assault on Giant Mountain
Realmz - Castle in the Clouds
Realmz - Prelude to Pestilence
ScrapIt Pro
Sleeper
Smaller Installer
Snapz
SoundEdit 16
Stuffit Deluxe
Stuffit InstallerMaker
Swoop
Systems Twilight
TechTool Pro
TheZone
Ultima III
UltraFind
Updater VISE
URL Manager
Versatile Pro
Virtual
VERSION HISTORY:
===============
?.?.? (DNE yet… this is a 'to do' list for me)
-----
include arbitrary length longint library and implement generator for LoanPro
interface for user options such as copies.
1.1.0 (Major security enhancements and internal restructuring, now in CW9)
-----
now generates and uses both 'Random Names' and 'Random Common Names' in order to further thwart any efficient/realistic name based countermeasures - please use these names or (preferably) your own list of custom names instead of the (fixed) standard names in order to (virtually) guarantee safe operation. I have encountered several attempts to counter any/all of the standard names - some of these can be quite subtle and nasty, such as deleting/corrupting files or games cheating against you --- you have been warned… [please read the new section 'Privacy/Security Warning' above if you have not already done so]
Realmz 3.0.x (3.0.2) [name countermeasures - only uses random or custom names]
Ultima III 1.x (1.3) [name countermeasures - only uses random or custom names]
TheZone 1.x (1.4)
1.0.9 (another incremental update that satisfies some requests)
-----
New generators…
Custom Menus 1.0.x (1.0)
DeskPicture 4.0.x (4.0.2)
Escape Velocity 1.0.x (1.0.1)
Sleeper 2.0.x (2.0.3)
Smaller Installer 2.0.x (2.0)
Virtual 1.x.y (1.5.1)
1.0.8 (large table generation made user configurable)
-----
added a switch for the generation of large tables ('STR '#129), thus;
the "System's Twilight Passwords" file is no longer included.
updated the supported products list to include the 1.0.7 additions… (whoops!)
New generators…
MacSki 1.6.x (1.6)
Nisus Writer 4.1.x (4.1.3)
PowerReplace 4.5.x (4.5.5)
1.0.7 (another minor update with some tweaking)
-----
added finder icons and balloon help string.
output TEXT file creator made user configurable. (change 'STR ' #128)
Added yet more generators still…
Conflict Catcher 3.x.x (3.0.4)
MultiClip Pro 3.2 (3.2alpha)
Ram Disk Saver 2.0.x (2.0)
URL Manager 1.1.x (1.1.4)
1.0.6 (added header time stamp and a few new generators)
-----
As a aid to maintenance I'm changing the format used to list new generators to include, in brackets, the latest version actually tested.
Added Generator for:
CalcWorks 1.5.x (1.5.1)
CD Directory 1.0.x (1.0.2)
FontBox 1.7.x (1.7.1) [only 3 unique SN#'s are possible per day]
SoundEdit 16 2.0.x (2.0)
1.0.5 (in case you were wondering 1.0.4 only lasted a couple of hours…)
-----
Changed some of the default names to coincide with the names that BookWorm is using so that it is easier to (further) verify the code against (a greater number of) known valid serial numbers.
Added Generator for:
DiskTracker 1.0.x (1.0.2)
1.0.4 (a few new generators plus major internal restructuring)
-----
Sharing Setup Owner/Machine names are now used as the first two user names.
Reordered output so products are listed in _mostly_ alphabetical order.
