VMP hwid

Issues related to VMProtect
Admin
Site Admin
Posts: 1605
Joined: Mon Aug 21, 2006 8:19 pm
Location: Russia, E-burg
Contact:

Re: VMP hwid

Postby Admin » Tue Feb 26, 2019 7:24 am

Guys,

Please don't forget that many methods for getting of serial numbers of CPU/HDD/etc. usually require special rights (many of them work ONLY under admin rights) and it seems you have never thought about it.

vmpvmp
Posts: 24
Joined: Sat Jul 26, 2014 11:15 am

Re: VMP hwid

Postby vmpvmp » Wed Feb 27, 2019 12:57 am

Thanks @Admin
Good point about Admin rights, but hardware changes problem is not related to admin rights and could be done.
So there is room for some useful improvements for sure.
Hope to see some nice new features, cheers.
Last edited by vmpvmp on Wed Feb 27, 2019 10:14 am, edited 1 time in total.

Admin
Site Admin
Posts: 1605
Joined: Mon Aug 21, 2006 8:19 pm
Location: Russia, E-burg
Contact:

Re: VMP hwid

Postby Admin » Wed Feb 27, 2019 7:01 am

"ProductID or (and) ProductKey" are you seriously ? :)) Just imagine that the end user installed other version/build of Windows. In this case our HOST method is the best than yours because users usually use same names for their computers.

vmpvmp
Posts: 24
Joined: Sat Jul 26, 2014 11:15 am

Re: VMP hwid

Postby vmpvmp » Wed Feb 27, 2019 10:26 am

I was meaning something other(to check it more advanced way),
actually if we would treat product id it's the same bad as current HOST checking.

All in all no matter what methods will be used, event current CPU+HOST+HDD+ETH could be good
if we'd have choice on WebLM and SerSerialNumber level to decide what mean wrong HWID and what is not wrong.

vmpvmp
Posts: 24
Joined: Sat Jul 26, 2014 11:15 am

Re: VMP hwid

Postby vmpvmp » Wed Feb 27, 2019 10:30 am

Another idea for improvement is possibility to pass UserData or some new "Extrainfo" to Web License Manager via VMProtectActivateLicense function.
So we could pass as argument and WebLM automatically stores it in Current UserData or new extra data field.
Someone already asked about that in the past there as I remember..

ovid
Posts: 14
Joined: Fri Jan 26, 2018 3:30 pm

Re: VMP hwid

Postby ovid » Thu Mar 14, 2019 7:54 am

well proper hwid get is done by digitally signed ring0 driver sys etc.
not read them with windows api or worst from registry.
CPUID need read for example:
__cpuid(CPUInfo, 0)
__cpuid(CPUInfo, 1)
__cpuid(CPUInfo, 0x80000002)
__cpuid(CPUInfo, 0x80000003)
bios
GetBiosDateUniqID
BiosMem = (DWORD*)MmMapIoSpace(li , 0x10, MmNonCached )
hdd serial
GetDiskSN
BOOLEAN GetDiskSN(PDEVICE_OBJECT deviceObject, UCHAR* sn)
this 3 should not change too much in normal circumstances.
I only point this lines since src is available in many app including unwanted one's.
dear developers you can and only need change a bit existing src to match your needs and add in your product, of course sign driver and it should be fine.
with this WMP get hwid api is more safer at least with regular user that used currently to spoof hwid, cpuid not need just use a close similar CPU please check it I done 2 i7 even if different same values, so rest can change and they bypassed VMP hwid. but with this 3 added in this way much harder. and not that much dude's that can do it.
rest windows serial, name's drive C:\ SN MAC they as extra optionally used.

MrLot
Posts: 12
Joined: Sun Feb 17, 2019 8:21 am

Re: VMP hwid

Postby MrLot » Sat Mar 23, 2019 10:12 pm

HWID protection is very inferior as it can be patched relatively easily. 2 of my programs have already been cracked. if the user get a license file its free game and anything is possible.

ovid
Posts: 14
Joined: Fri Jan 26, 2018 3:30 pm

Re: VMP hwid

Postby ovid » Sun Mar 24, 2019 7:54 pm

not quite so

u can use a second protection like:

Sentinel HL dongle / Sentinel Cloud
Codemeter dongle

both used with SDK + VMP envelope.

all SDK dongle calls inside VMP sections, so no one can easy hook them.

time calls
random call
function call
menu calls

50-60000 custom made calls, in all exe all dll.

sure you game slower, but you can't have it all.,

speed means weak protection, strong protection means low speed, but you can bypass use SDK only in some critical areas only !

MrLot
Posts: 12
Joined: Sun Feb 17, 2019 8:21 am

Re: VMP hwid

Postby MrLot » Mon Mar 25, 2019 1:07 am

ovid wrote:not quite so

u can use a second protection like:

Sentinel HL dongle / Sentinel Cloud
Codemeter dongle

both used with SDK + VMP envelope.

all SDK dongle calls inside VMP sections, so no one can easy hook them.

time calls
random call
function call
menu calls

50-60000 custom made calls, in all exe all dll.

sure you game slower, but you can't have it all.,

speed means weak protection, strong protection means low speed, but you can bypass use SDK only in some critical areas only !


That's an interesting solution however that doesn't prove that HWID isn't vulnerable.
By default, VMPs HWID protection is very easily cracked. Using a secondary program really isn't proving that VMP is full proof.

ovid
Posts: 14
Joined: Fri Jan 26, 2018 3:30 pm

Re: VMP hwid

Postby ovid » Tue Mar 26, 2019 6:09 pm

u can use dongle as second lock.
all dongle sdk calls from VMP virtual section. in Sentinel HL hid dongle use WB-Aes encryption you need hook api or extract firmware from dongle to emulate, they can't hook since very hard locate correct place.
use many dongle checks from different places....
trick is to make harder job, 99% will give up. crackers many good one's are commercial people.
time means money, if they can't crack your soft in 30 minutes they give up search another easy target, unless your soft very important.
also some important code protected main and some important but not very big stuff, not to slow down too much...
also change from previous version so no one can compare logic VMP vs plain version.
solutions exist, what you need is to find a reversing business that can help implement from experience new protection scheme. some offer such services.
get it?