View Full Version : ANN: SoftDefense - Industrial Strength Security for Armadillo / Software Passport use
NewsArchive
03-19-2008, 03:20 AM
3-18-2008
LANSRAD is pleased to announce immediate availability of SoftDefense for
Clarion developers.
Available now to Clarion developers only, SoftDefense is an industrial
strength security enhancement for any Clarion developer using the Armadillo
/ Software Passport software protection system.
Using State-of-the-art Code Obfuscation techniques and Dynamic Runtime DLL
loading, SoftDefense gives you the ability to render your Armadillo related
code virtually invisible to Hackers.
SoftDefense leverages Clarion's own ability to write code to overcome the
near impossible task of using these advanced obfuscation techniques at such
a high level.
How does it work?
SoftDefense ****yzes your Armadillo project files and creates an
intelligent interface to them. Then it assists you in building a developer
friendly bridge to the Armadillo environmental Name/Value pairs.
Next SoftDefense actually writes the Obfuscation Code to manage your
Armadillo project and exports it in an include file. The SoftDefense
Clarion templates pick this up and make it available in your application.
Then just a few simple class commands are all you need to harness this
incredible system.
Since the SoftDefense generated code can co-exist with the current way your
interfacing with Armadillo, adding the power of SoftDefense to your
existing Armadillo protected applications is easy and painless.
In just a short time you can dramatically increase the security levels in
your system to a point where even master Hackers have their work cut out
for them!
But wait - there is more!
SoftDefense includes a WEP Key Generator capable of creating 64-bit,
128-bit, 152-bit and 256-bit encryption strings that you can use in your
Armadillo Name/Value pairs. This technique greatly enhances security by
eliminating "plain text" names and values.
Hard to manage?
Not at all!
SoftDefense allows you to "map" these complex strings into "friendly" code
labels for easy use. Then the same Code Obfuscation techniques are used on
these complex strings. While a near impossible (and very error prone)
complex task for hand coding, SoftDefense generates all the code necessary
in less than a second.
Taking API calls to the next level.
SoftDefense templates take the same type of Code Obfuscation and combine it
with Dynamic DLL loading to create a new way for you to communicate with
the Armadillo shell. The result is that it makes it extremely difficult
for a Hacker to jump out or replace your API calls. Both your
environmental data and the code to manipulate it become virtually
invisible!
SoftDefense makes it possible for even a novice programmer to use
techniques that most seasoned coders avoid because they are just too
difficult to do by hand.
Need another reason to buy?
SoftDefense can serve as an advanced console for the Armadillo environment.
It automatically detects the Armadillo shell on the protected applications
and provides a great visual interface to the system. You can add or remove
the shell at any time, run your application for testing and have all the
Armadillo interfaces and help files available at the touch of a button.
What else?
We have some other cool things just around the corner for SoftDefense.
SetupBuilder Integration
We are currently working with Lindersoft to complete the interface between
SoftDefense and SetupBuilder. When this integration is completed, it will
make it possible for SetupBuilder to have complete control of Armadillo
during a build of your installer. This means that you no longer need batch
files or have to rely on not missing a failed application of the shell and
accidentally shipping an unprotected program. SoftDefense will verify each
and every protected file and provide statistical data to SetupBuilder for
inclusion in the build report.
Multi-Vendor KeyCode Generation
Since SoftDefense is "Armadillo aware" it knows and understands the
Armadillo project files. This makes it possible for our new Universal
Keygen to create keys for you without the need for you to build a separate
keygen for each new product. SoftDefense will also automatically link to
the Developer Edition of SetupBuilder and have the ability to create
SetupBuilder keys and maintenance codes for your installer.
The SoftDefense Universal KeyGen will be RegKISS compatible (so it is a
plug and play solution for integration with that product), but you can also
call it from your own custom registration management system. After a code
set is generated it will be written to a file using a flexible template
language. Then RegKISS or your application can pick up the file and run
with it.
Armadillo Test Console
SoftDefense is going to knock down another barrier for developers using
Armadillo by offering the first ever Test Console. With it you will be
able to generate and install a registration code for any certificate
defined in your projects at the click of a button. No more
generate/copy/paste/register. Complete with a logging feature the Test
Console will make it easy to be sure that you have tested your projects
with all possible key combinations.
************************************************** ****
The fine print...
SoftDefense works with Clarion 5.5 and 6.x. Since Clarion 7 is an Alpha
product support for it is not available at this time, but we will be
supporting it when it is a viable option.
The SoftDefense Explorer is an application, but the output that it
generates is all source code (as are the templates of course), so there are
no black box DLL's to worry about.
The class/templates work with either ABC or Legacy.
SoftDefense comes with an 8000 word illustrated help file that will be
expanded as the product grows.
Example applications are provided (including the matching Armadillo project
files for them).
Since we are still working with Friedrich to finalize the interface with
SetupBuilder we are officially releasing the product in "Beta" status, but
in case you are wondering - "we eat our own dog food"!
Our new PageSnip product and yes - even the SoftDefense Explorer itself are
all using WEP encrypted Keys and Obfuscated Code generated by SoftDefense.
Ok - so how much???
During the Beta status period, we are offering SoftDefense at a discounted
price of only $59.95.
Since this is a source product (except for the SoftDefense Explorer) there
is no downloadable demo, but it does come with our usual 30 day
satisfaction guarantee.
Where do I get it?
The SoftDefense website is http://www.softdefense.com
The site is still very much under construction, but since so many folks
have been bugging us to get this released we are opening it up for purchase
today. Over the next few days we will be working on the website (as well
as continuing our work with Friedrich), but we did not want to make
everyone wait on that to get their hands on the product.
What now?
Whip out your credit card, go to the website and buy your copy NOW!
Also be sure to check our small Flash animation and learn how to "Stealth
your 'Dillo"
Thanks!
Charles
--
-------------------------------------------------------------------------------------------------------
Charles Edmonds
www.pagesnip.com - "Print and Save the Web, just the way you want it!"
www.clarionproseries.com - "Serious imaging tools for Clarion Developers"
www.ezround.com - "Round Corner HTML tables with matching Banners, Buttons
and Forms!"
www.lansrad.com - "Intelligent Solutions for Universal Problems"
www.fotokiss.com - "World's Best Auction Photo Editor"
-------------------------------------------------------------------------------------------------------
NewsArchive
03-19-2008, 03:47 AM
Charles
Is armodilo absolutley needed for SoftDefense?
--
Dan Scott
C55-C6.3 9053 Clarion Templates (NOT ABC)
<www.garagepartner.com>
Credit card Processing in your software
www.x-charge.com
NewsArchive
03-19-2008, 03:47 AM
> Is armodilo absolutley needed for SoftDefense?
Hi Dan,
Right now one of the most significant things that SoftDefense can do is
write obfuscated code that literally makes a programmers interface to
Armadillo invisible to hackers.
Currently it generates Clarion code, but we have other languages in the
works as well.
That being said, we are looking into the possibility of extending the same
techniques to other software protection tools (such as SecWin). But we
haven't had a chance yet to really dig into that to see if it would be
viable.
Beyond Armadillo, one of the things on the shortlist (as we finish the
integration with SetupBuilder is what we refer to as the Universal Keygen.
This will be able to function interactive with SetupBuilder and of course
our up and coming RegKISS product.
In essence you'll be able to use it to generate registration codes
(initially Armadillo and SetupBuilder - others will follow), maintenance
keys for SetupBuilder, etc (all at one time). Then those will be merged
into a text file (your format) and optionally placed on the clipboard as
well. Then RegKISS (or your application) can consume them, email them, etc
as needed.
Of course SoftDefense will serve as the conduit between SetupBuilder and
RegKISS, so there are some other exciting things coming into play as that
happens.
But right now (as of this release), the biggest benefit is for Armadillo
users.
Does that help?
Charles
--
-------------------------------------------------------------------------------------------------------
Charles Edmonds
www.pagesnip.com - "Print and Save the Web, just the way you want it!"
www.clarionproseries.com - "Serious imaging tools for Clarion Developers"
www.ezround.com - "Round Corner HTML tables with matching Banners, Buttons
and Forms!"
www.lansrad.com - "Intelligent Solutions for Universal Problems"
www.fotokiss.com - "World's Best Auction Photo Editor"
-------------------------------------------------------------------------------------------------------
NewsArchive
03-19-2008, 03:48 AM
Charles,
What about the long awaited Setup Builder MP checking function please ?
Good luck to this new product :)
--
Thank you
Cordialement - Best regards
Jean-Pierre GUTSATZ
CGF
Data Management Center - A tool to let you Migrate Import Export Transfer
all your Data very easily
www.dmc-fr.com
Certified by Microsoft : "Works with Vista" & "Works with Windows Server
2008"
NewsArchive
03-19-2008, 03:48 AM
> What about the long awaited Setup Builder MP checking function please ?
Hi JP,
I think what your looking for there is coming in on the RegKISS side of
things. But it is actually all connected<g>.
When RegKISS Pro comes online, as a SetupBuilder built application does a
normal "Check for updates" the web updater will be able to interact with
RegKISS. Then if a Maintenance Plan is expired or needs to be renewed (or
cut off - say for a chargeback), the effect can take place immediately.
We are also experimenting with a new feature for Armadillo users that would
allow an "upgrade license" to be delivered and automatically installed.
This will work great for folks using a two-code registration system.
It will also open up a lot of other possibilities.
> Good luck to this new product :)
Thanks!
;-)
Charles
--
-------------------------------------------------------------------------------------------------------
Charles Edmonds
www.pagesnip.com - "Print and Save the Web, just the way you want it!"
www.clarionproseries.com - "Serious imaging tools for Clarion Developers"
www.ezround.com - "Round Corner HTML tables with matching Banners, Buttons
and Forms!"
www.lansrad.com - "Intelligent Solutions for Universal Problems"
www.fotokiss.com - "World's Best Auction Photo Editor"
-------------------------------------------------------------------------------------------------------
NewsArchive
03-19-2008, 03:48 AM
Charles,
How would you compare armadillo-softdefense to secwin please (IF they are
comparable) as far as licencing only is concerned ?
--
Thank you
Cordialement - Best regards
Jean-Pierre GUTSATZ
CGF
Data Management Center - A tool to let you Migrate Import Export Transfer
all your Data very easily
www.dmc-fr.com
Certified by Microsoft : "Works with Vista" & "Works with Windows Server
2008"
NewsArchive
03-19-2008, 03:48 AM
> How would you compare armadillo-softdefense to secwin please (IF they are
> comparable) as far as licencing only is concerned ?
LOL - nothing like putting a guy on the spot 'eh?
;-)
Well as everyone knows, I am perhaps Capesoft's biggest fan<g>.
I like Secwin and use it for access level control in my own apps as needed.
But I got started using Armadillo back in the days when SecWin was a
younger product.
At that time I felt like Armadillo was the best security that I could buy -
so I did.
Later on, when Digital River paid about 12 million dollars (I think that
was the amount) for Armadillo in order to use it on the global system of
software delivery systems they provide - I felt that I'd made a good
decision.
Secwin has grown up now and is a much more mature product than it was the
last time I looked at it in depth (with regards to licensing). The SOS
server has added more potential and Bruce and the gang keep making it
better and better.
No system is perfect by any means and at the end of the day I think it all
comes down to who your clients are and how important security is to you.
For some users, Secwin offers them flexibility to do things (internally) in
an app that they might not be able to do otherwise.
For others that is not as important as it is for them to feel they are
covering as many of the bases as they can.
I like Armadillo because of the way the shell travels on the app and of how
you interact with it.
Of course it is a bonus if you decide to sell your software on any of the
sites in the Digital River empire. Armadillo (under the new interface name
of Software Passport) is built in. In cases like that, using Secwin is not
even an option.
My new PageSnip product is about to be sold on Amazon alongside the other
software there. To be able to facilitate this with the company that will
actually put it there I simply provide them an Armadillo encryption key and
they generate permanent codes that ship with the orders.
But again - all these points aside, it really all depends on what works
best for you and where your comfort level lies.
That being said, I am reasonably confident that Bruce would indeed sell
Secwin if a 12 million dollar offer came along<vbg>
;-)
Take care,
Charles
--
-------------------------------------------------------------------------------------------------------
Charles Edmonds
www.pagesnip.com - "Print and Save the Web, just the way you want it!"
www.clarionproseries.com - "Serious imaging tools for Clarion Developers"
www.ezround.com - "Round Corner HTML tables with matching Banners, Buttons
and Forms!"
www.lansrad.com - "Intelligent Solutions for Universal Problems"
www.fotokiss.com - "World's Best Auction Photo Editor"
-------------------------------------------------------------------------------------------------------
NewsArchive
03-19-2008, 03:54 AM
> 3-18-2008
>
> LANSRAD is pleased to announce immediate availability of SoftDefense for
> Clarion developers.
Charles,
Congratulations on this amazing new product technology for
Armadillo/SoftwarePassport users!
For others, while Charles does plan to look at other products he might
integrate his product with -
the amount of usefulness, productivity, automation and outstanding features
-
that he has planned for the integration of RegKISS PRO (not released),
SoftDefense, and Lindersoft's SetupBuilder Developer Edition is -
TRULY staggering!
> The SoftDefense website is http://www.softdefense.com
> What now?
>
> Whip out your credit card, go to the website and buy your copy NOW!
Definitely BUY IN at this initial offering level! What is yet to come is
phenomenal!
I truly believe what Charles Edmonds of LANSRAD has planned for the
combination of RegKISS PRO (not released), SoftDefense, and Lindersoft's
SetupBuilder Developer Edition -
WILL eventually put his company on the fast track record of success similar
to what SetupBuilder series of products have brought to Lindersoft!
MANY years of HARD Work are finally beginning to see public release, and
the Roadmap for the integration will well be worth watching, buying into
the technology, and will fill HUGE gaps for many software developers on how
to handle their order and maintenance plan processes!
David
--
From David Troxell - Product Scope 7 - Encourager Software
Clarion Third Party Profile Exchange Online
http://encouragersoftware.com/profile/clarlinks.html
http://www.encouragersoftware.com/
http://www.profileexchanges.com/blog/
NewsArchive
03-19-2008, 04:01 AM
> Congratulations on this amazing new product technology for
> Armadillo/SoftwarePassport users!
Thanks David!
This product set has been a long slow cycle for sure. But the good news in
that regard is that there have been more emails between Friedrich and I as
we brain stormed all this out over the years than I would care to admit<G>
It has been interesting to see what ideas made it through to the final cut
and what ones wound up on the floor, but one thing is for sure:
"You ain't seen nothing yet!"
;-)
Charles
--
-------------------------------------------------------------------------------------------------------
Charles Edmonds
www.pagesnip.com - "Print and Save the Web, just the way you want it!"
www.clarionproseries.com - "Serious imaging tools for Clarion Developers"
www.ezround.com - "Round Corner HTML tables with matching Banners, Buttons
and Forms!"
www.lansrad.com - "Intelligent Solutions for Universal Problems"
www.fotokiss.com - "World's Best Auction Photo Editor"
-------------------------------------------------------------------------------------------------------
NewsArchive
03-19-2008, 04:01 AM
Somebody get this man a towel. Pronto!<g>
Jeff Slarve
NewsArchive
03-19-2008, 04:02 AM
> Somebody get this man a towel. Pronto!<g>
Yes - one of us needs some sleep!
It could be me, but I am too tired to remember<g>
Charles
--
-------------------------------------------------------------------------------------------------------
Charles Edmonds
www.pagesnip.com - "Print and Save the Web, just the way you want it!"
www.clarionproseries.com - "Serious imaging tools for Clarion Developers"
www.ezround.com - "Round Corner HTML tables with matching Banners, Buttons
and Forms!"
www.lansrad.com - "Intelligent Solutions for Universal Problems"
www.fotokiss.com - "World's Best Auction Photo Editor"
-------------------------------------------------------------------------------------------------------
NewsArchive
03-19-2008, 04:02 AM
> Somebody get this man a towel. Pronto!<g>
A little toooooo enthusiastic, perhaps <g> But I suggest we re-visit this
early prediction -
after the integration of RegKISS PRO (not released), SoftDefense, and
Lindersoft's SetupBuilder Developer Edition has matured a bit, and see how
well it shapes up as I see it from this early stage...
David
--
From David Troxell - Product Scope 7 - Encourager Software
Clarion Third Party Profile Exchange Online
http://encouragersoftware.com/profile/clarlinks.html
http://www.encouragersoftware.com/
http://www.profileexchanges.com/blog/
NewsArchive
03-19-2008, 04:03 AM
> Somebody get this man a towel. Pronto!<g>
Jono has one:)
--
Mark Riffey
http://www.rescuemarketing.com/blog/
The Wall Street Journal staff reads it,
maybe you should too.
NewsArchive
03-19-2008, 04:03 AM
>> Somebody get this man a towel. Pronto!<g>
> Jono has one:)
There are even photos<g>
Charles
--
-------------------------------------------------------------------------------------------------------
Charles Edmonds
www.pagesnip.com - "Print and Save the Web, just the way you want it!"
www.clarionproseries.com - "Serious imaging tools for Clarion Developers"
www.ezround.com - "Round Corner HTML tables with matching Banners, Buttons
and Forms!"
www.lansrad.com - "Intelligent Solutions for Universal Problems"
www.fotokiss.com - "World's Best Auction Photo Editor"
-------------------------------------------------------------------------------------------------------
NewsArchive
03-19-2008, 04:03 AM
> There are even photos<g>
IMO, they're odd<g>
--
Mark Riffey
http://www.rescuemarketing.com/blog/
The Wall Street Journal staff reads it,
maybe you should too.
NewsArchive
03-19-2008, 04:04 AM
Charles,
Kudos! You and your team are such a big encouragement to the Clarion
Community.
I've blogged the announcement.
http://clarionfolk.com/2008/03/18/softdefense-industrial-strength-security-from-lansrad/
--
Stu Andrews
Clarion Tech Evangelist
http://www.clarionfolk.com
NewsArchive
03-19-2008, 04:04 AM
> Kudos! You and your team are such a big encouragement to the Clarion
> Community.
>
> I've blogged the announcement.
> http://clarionfolk.com/2008/03/18/softdefense-industrial-strength-security-from-lansrad/
Thanks Stu!
BTW - Nice to see the new blog site up and running.
Well done!
Charles
--
-------------------------------------------------------------------------------------------------------
Charles Edmonds
www.pagesnip.com - "Print and Save the Web, just the way you want it!"
www.clarionproseries.com - "Serious imaging tools for Clarion Developers"
www.ezround.com - "Round Corner HTML tables with matching Banners, Buttons
and Forms!"
www.lansrad.com - "Intelligent Solutions for Universal Problems"
www.fotokiss.com - "World's Best Auction Photo Editor"
-------------------------------------------------------------------------------------------------------
NewsArchive
03-19-2008, 04:05 AM
Charles,
Well, you finally did it!!! Since I use Armadillo, I immediately
placed my order. What a bargin! Not that I am complaining, but I was
expecting a much higher price.
-- Thanks, Roger Due
NewsArchive
03-19-2008, 04:05 AM
> Well, you finally did it!!! Since I use Armadillo, I immediately
> placed my order. What a bargin! Not that I am complaining, but I was
> expecting a much higher price.
Thanks Roger and thanks for the order!
Of course I can charge you more if it makes you sleep better at nights<vbg>
;-)
I don't mind giving folks a break on the price when introducing new
technologies. It helps get the word out quickly and get a lot of people
using it.
Actually I am hoping by the time we complete the integration with
SetupBuilder to have the code generation in place for C/C++, Delphi and
maybe even Visual Basic.
That will push SoftDefense (and it's "Built with Clarion" technology far
beyond our Clarion community.
;-)
Charles
--
-------------------------------------------------------------------------------------------------------
Charles Edmonds
www.pagesnip.com - "Print and Save the Web, just the way you want it!"
www.clarionproseries.com - "Serious imaging tools for Clarion Developers"
www.ezround.com - "Round Corner HTML tables with matching Banners, Buttons
and Forms!"
www.lansrad.com - "Intelligent Solutions for Universal Problems"
www.fotokiss.com - "World's Best Auction Photo Editor"
-------------------------------------------------------------------------------------------------------
NewsArchive
03-19-2008, 04:05 AM
Hi Charles,
>LANSRAD is pleased to announce immediate availability of SoftDefense for
>Clarion developers.
Congrats on the release:)
Best regards,
Arnór Baldvinsson
Icetips Creative, Inc.
San Antonio, Texas, USA
www.icetips.com
Subscribe to information from Icetips.com:
http://www.icetips.com/subscribe.php
NewsArchive
03-19-2008, 04:05 AM
>>LANSRAD is pleased to announce immediate availability of SoftDefense for
>>Clarion developers.
>
> Congrats on the release:)
Thanks Arnor!
Your excellent development tools and fantastic support (as well as help
above and beyond the call of duty) certainly had their part in making it
possible.
;-)
Charles
--
-------------------------------------------------------------------------------------------------------
Charles Edmonds
www.pagesnip.com - "Print and Save the Web, just the way you want it!"
www.clarionproseries.com - "Serious imaging tools for Clarion Developers"
www.ezround.com - "Round Corner HTML tables with matching Banners, Buttons
and Forms!"
www.lansrad.com - "Intelligent Solutions for Universal Problems"
www.fotokiss.com - "World's Best Auction Photo Editor"
-------------------------------------------------------------------------------------------------------
NewsArchive
03-19-2008, 04:07 AM
Great news, thanks Charles!
Will RegKiss be a part of the product, or sold separately?
Thanks,
Ben Morehouse
NewsArchive
03-19-2008, 04:07 AM
> Great news, thanks Charles!
> Will RegKiss be a part of the product, or sold separately?
Since RegKISS can also appeal to developers who may not have an interest in
SoftDefense, the two products will be sold separately. But there will be a
bundle deal as well.
Additionally anyone who buys SoftDefense now will be able to take advantage
of the bundle pricing (by simply paying the difference when it is
available).
Thanks for your interest!
Charles
--
-------------------------------------------------------------------------------------------------------
Charles Edmonds
www.pagesnip.com - "Print and Save the Web, just the way you want it!"
www.clarionproseries.com - "Serious imaging tools for Clarion Developers"
www.ezround.com - "Round Corner HTML tables with matching Banners, Buttons
and Forms!"
www.lansrad.com - "Intelligent Solutions for Universal Problems"
www.fotokiss.com - "World's Best Auction Photo Editor"
-------------------------------------------------------------------------------------------------------
NewsArchive
03-19-2008, 04:07 AM
Congratulations on releasing SoftDefense
Cheers
David
NewsArchive
03-19-2008, 04:08 AM
> David Podger wrote on 19/03/2008 :
> Congratulations on releasing SoftDefense
Thanks David and thanks for the order!
Charles
--
-------------------------------------------------------------------------------------------------------
Charles Edmonds
www.pagesnip.com - "Print and Save the Web, just the way you want it!"
www.clarionproseries.com - "Serious imaging tools for Clarion Developers"
www.ezround.com - "Round Corner HTML tables with matching Banners, Buttons
and Forms!"
www.lansrad.com - "Intelligent Solutions for Universal Problems"
www.fotokiss.com - "World's Best Auction Photo Editor"
-------------------------------------------------------------------------------------------------------
NewsArchive
03-19-2008, 08:38 AM
Charles,
Cheers and wotnot. I've just done some "coloring" ..
--
Stu Andrews
Clarion Tech Evangelist
http://www.clarionfolk.com
NewsArchive
03-19-2008, 09:02 AM
Hi Charles,
Very interesting product... just a few things pop up in my brain...
1) Is there something wrong with Armadillo now that requires another layer
of protection? I'd be curious to understand this a bit further.
2) Can I still use my payment processor that automatically generates ARM
keys? Will they still be valid?
3) I use a script to automate distribution. Simply put, I focus on
development. Once I do a build, a script is run to brand with new version
#'s, code-sign, wrap with armadillo, create setup, and ftp up to site. Is
your product capable of "being included" in such a script?
4) Armadillo version - does it matter which?
I would definitely consider using this if it fits....
Thanks!
Dave Hlavac
http://www.wingnutsolutions.com
NewsArchive
03-20-2008, 02:45 AM
> Cheers and wotnot. I've just done some "coloring" ..
Cool beans<g>
Keep up the good work Stu!
;-)
Charles
--
-------------------------------------------------------------------------------------------------------
Charles Edmonds
www.pagesnip.com - "Print and Save the Web, just the way you want it!"
www.clarionproseries.com - "Serious imaging tools for Clarion Developers"
www.ezround.com - "Round Corner HTML tables with matching Banners, Buttons
and Forms!"
www.lansrad.com - "Intelligent Solutions for Universal Problems"
www.fotokiss.com - "World's Best Auction Photo Editor"
-------------------------------------------------------------------------------------------------------
NewsArchive
03-20-2008, 02:46 AM
Hi Charles,
>Your excellent development tools and fantastic support (as well as help
>above and beyond the call of duty) certainly had their part in making it
>possible.
Hey, that's what friends are for:)
Best regards,
Arnór Baldvinsson
Icetips Creative, Inc.
San Antonio, Texas, USA
www.icetips.com
Subscribe to information from Icetips.com:
http://www.icetips.com/subscribe.php
NewsArchive
03-20-2008, 02:46 AM
>>Your excellent development tools and fantastic support (as well as help
>>above and beyond the call of duty) certainly had their part in making it
>>possible.
>
> Hey, that's what friends are for:)
Check your E-mail.
;-)
Charles
--
-------------------------------------------------------------------------------------------------------
Charles Edmonds
www.pagesnip.com - "Print and Save the Web, just the way you want it!"
www.clarionproseries.com - "Serious imaging tools for Clarion Developers"
www.ezround.com - "Round Corner HTML tables with matching Banners, Buttons
and Forms!"
www.lansrad.com - "Intelligent Solutions for Universal Problems"
www.fotokiss.com - "World's Best Auction Photo Editor"
-------------------------------------------------------------------------------------------------------
NewsArchive
03-20-2008, 02:47 AM
> Very interesting product... just a few things pop up in my brain...
Hi Dave,
Thanks - always interested in feedback.
> 1) Is there something wrong with Armadillo now that requires another layer
> of protection? I'd be curious to understand this a bit further.
Without a doubt Armadillo is the most secure product I know of.
However there are people who use it and still have their applications
hacked and distributed on some crack site.
Does this mean that Armadillo is ineffective or broken?
No - not at all.
It means that the program was popular enough (or someone took enough
interest in it) to have Hackers go after it.
But more importantly, 8 out of 10 times it means the programmer was lazy or
did not bother to look closely at how to use the tool.
At the lowest level of protection, you wrap the Armadillo shell around your
application and your good to go.
This gives you the software copy protection, the peer licensing support
(being able to detect and suppress multiple copies of the same license
running at the same time on a machine or LAN) and the registration
services.
Most of the Armadillo users who get cracked use this level of protection.
They get cracked because they are using a public build of Armadillo and
because they have no interaction with the shell.
The public build (the one that anyone can download and install - then
purchase and get a registration code for) is the one that is Hacked at by
legions of Hackers.
After all, anyone can download it and they can spread the task around
between themselves to try and crack it.
Every once and a while (but not very often) some group breaks the public
version. When this happens, there is a very brief moment in time before
Silicon Realms releases an update. Then that hack is no longer effective.
So as a developer, you need to watch your emails and when you get a notice
from SR of a new version, you need to pay attention. Then (especially if
you were using the version that got cracked) you need to update your own
app and release a new version (protected with the update).
The fix for not getting caught in a hack of the public build is to use what
Silicon Realms refers to as a "Custom Build". It is free to all Armadillo
owners (you just download it and install it over your public build
install).
This Custom Build gives your individual copy of Armadillo a unique
fingerprint (so to speak), so the hacks that break a public build usually
have no effect on your app.
Now - the next level, interacting with the shell.
Wrapping your program in the Armadillo shell and not adding code inside
your app to interact with the shell is like assuming you had safe *** just
because you put a condom on ... but never bothered to check afterwards to
see if it broke.
A rather crude example (sorry about that) but it makes the point.
Occasionally I see a post in the SR forums by some person who was cracked
and almost always it turns out that they had simply applied the protection
(maybe even with a custom build), but stopped there and never bothered to
put code in different places inside their app to test the shell and
interact with it.
Now ... that brings us to the important part of answering your first
question<g>.
Hackers know the simple technique that is used to interact with the
Armadillo shell. In fact anyone can download a 30 day trial copy of
Armadillo, read the docs and know exactly how that interaction works.
In a nutshell, one of the main things you do is store strings as Name=Value
pairs in the Armadillo shell. Then you use the API call for
GetEnvironmentalVariableA to query those strings.
A common use for this would be a Armadillo project with two certificates:
Demo and Purchase.
Then in the environmentals of the two certificates you have Name/Value
pairs.
One says "ProgramVersion = Demo"
The other says "ProgramVersion = Purchased"
By querying the shell for the "ProgramVersion" in your code you can tell if
the license issued for it was the Demo or the Purchased version.
Simple enough.
So what is a Hacker going to do?
Well they are going to use high end hacker tools to look for static strings
in your code "ProgramVersion", "Demo" and "Purchased".
Then they are also going to try to find your calls to the API and either
intercept or block them.
If they can do this, they can apply a patch to your program so that when
you query for "ProgramVersion", they always return the value of
"Purchased".
Again keep in mind that Armadillo is well known, so Hackers have a general
idea of where to go and what to look for.
SoftDefense changes all that.
It uses advanced techniques that are not published in any Armadillo docs or
are any of their websites to literally make your environmental variables
and also the API calls to interact with them.
While not absolutely foolproof (nothing is!) the code that SoftDefense
produces totally changes the dynamics of how you interact with the shell.
I won't be publishing the details of this on our website (neither will the
help files be published online) because there is no point in educating
hackers without at least requiring that they buy something<g>, but you can
ask anyone who has already bought SoftDefense and they will tell you that
it is a very clever bit of coding!
Also keep in mind that without a code generator like SoftDefense, it is
literally impossible to hand code for this.
If you use the 256-bit WEP key strings that SoftDefense generates instead
of plain text, that helps a lot and improves your odds, but it also makes
it virtually impossible to hand code the obfuscation for the techniques we
use.
In the example above, if you used three of the 256-bit strings instead of
plain text, SoftDefense will generate over 200 lines of code in order to
obfuscate it.
This does not slow your app at all, but the nature of what needs to be done
would be so error prone and time consuming that it would be nearly
impossible to do by hand.
BTW - the techniques used came directly from the man who invented Armadillo
(I know Chad Nelson pretty well0.
When he told me about them he also said that while these were some of the
best things you could do to prevent hacking in this area - that the sheer
complexity of getting the job done without errors was what kept most
programmers from doing it.
But with SoftDefense - anyone can use this level of protection with no
problems at all.
;-)
> 2) Can I still use my payment processor that automatically generates ARM
> keys? Will they still be valid?
Yes, nothing changes there at all.
In fact if you already have API calls in your app, the SoftDefense code can
co-exist without errors.
However by simply adding what SoftDefense generates and then making OTHER
calls to the shell in your app (in different places) you can dramatically
increase your security level.
Leaving the old API calls in place can even serve as a "Red Herring" for
Hackers. They could defeat those API calls and totally miss the dynamic
runtime calls by SoftDefense.
Keep in mind that SoftDefense is not only using runtime dynamic DLL loading
(instead of static library declarations), but it is also obfuscating even
the API calls themselves.
So you have invisible code calling for invisible environmental strings.
;-)
> 3) I use a script to automate distribution. Simply put, I focus on
> development. Once I do a build, a script is run to brand with new version
> #'s, code-sign, wrap with armadillo, create setup, and ftp up to site. Is
> your product capable of "being included" in such a script?
Yes, no problems.
What SoftDefense generates and how you use it is "inside" your compiled
app.
> 4) Armadillo version - does it matter which?
No.
> I would definitely consider using this if it fits....
Great - looking forward to having you join the ranks of the many developers
who have already bought it!
We will be adding other tools for Clarion developers (class and template
stuff) that make it easier to interact with the shell for all the Armadillo
API stuff in the next release.
BTW after adding SoftDefense, you can use a simple bit of code like this:
IF IsShellPresent( DEMO )
...your OK
ELSE
...your not OK
END
to test that the shell is viable anywhere in your app.
In the code bit above, DEMO is the "friendly name" code label for one of
the obfuscated strings.
The IsShellPresent method actually tests the shell using that particular
Name (of a Name/Value pair).
Repetition is the hackers friend<g>
Being able to use obfuscation when combined with variation (checking for
different things, in different places and at different times) makes for a
strong defense.
SoftDefense makes it easy!
;-)
Charles
--
-------------------------------------------------------------------------------------------------------
Charles Edmonds
www.pagesnip.com - "Print and Save the Web, just the way you want it!"
www.clarionproseries.com - "Serious imaging tools for Clarion Developers"
www.ezround.com - "Round Corner HTML tables with matching Banners, Buttons
and Forms!"
www.lansrad.com - "Intelligent Solutions for Universal Problems"
www.fotokiss.com - "World's Best Auction Photo Editor"
-------------------------------------------------------------------------------------------------------
NewsArchive
03-20-2008, 02:47 AM
Charles,
Thanks for explaining it a bit further. Quite an interesting read too. :)
For 60 bucks - what the heck.
I'm in.
Cheers!
Dave
NewsArchive
03-20-2008, 02:48 AM
> Thanks for explaining it a bit further. Quite an interesting read too. :)
Glad you enjoyed it.
I'm going to set the new website up so that I can regularly add useful
content like that.
A lot of developers don't realize that successful software protection is
more of a process than a single event.
Having flexible tools like what we are doing with SoftDefense allows you to
be nimble without requiring a lot of extra work.
In fact a really good idea is to move around the checkpoints in your app
when you do a new release.
With our IsShellPresent() method it should not take more than a couple of
minutes and it helps keep the hackers off balance.
> For 60 bucks - what the heck.
>
> I'm in.
Thanks for the order!
;-)
Take care,
Charles
--
-------------------------------------------------------------------------------------------------------
Charles Edmonds
www.pagesnip.com - "Print and Save the Web, just the way you want it!"
www.clarionproseries.com - "Serious imaging tools for Clarion Developers"
www.ezround.com - "Round Corner HTML tables with matching Banners, Buttons
and Forms!"
www.lansrad.com - "Intelligent Solutions for Universal Problems"
www.fotokiss.com - "World's Best Auction Photo Editor"
-------------------------------------------------------------------------------------------------------
NewsArchive
03-20-2008, 02:48 AM
Dave,
Obviously Charles will need to give the more definitive (AND most correct!
:-D) answers, but here are some comments:
"SoftDefense makes it easy to use advanced code obfuscation
techniques...are not unique to SoftDefense, implementing them in code is
very difficult and there is a high error factor. SoftDefense automatically
generates error free code in a second and without any risk of error."
So, think of this as using ADVANCED techniques most developers don't choose
to pursue because of the difficulties involved.
>
> 2) Can I still use my payment processor that automatically generates ARM
> keys? Will they still be valid?
From what I have read, this does not affect those areas.
>
> 3) I use a script to automate distribution. Simply put, I focus on
> development. Once I do a build, a script is run to brand with new version
> #'s, code-sign, wrap with armadillo, create setup, and ftp up to site. Is
> your product capable of "being included" in such a script?
I believe that once your EXE is prepared with SoftDefence code, you can run
the script as you have described - however, Charles will need to confirm or
correct in this area.
> 4) Armadillo version - does it matter which?
Good question - not sure what Armadillo versions he is supporting.
David
--
From David Troxell - Product Scope 7 - Encourager Software
Email - mailto:C3P_Remove_@_Me_encouragersoftware.com
Clarion Third Party Profile Exchange Online
http://encouragersoftware.com/profile/clarlinks.html
http://www.encouragersoftware.com/
http://www.profileexchanges.com/blog/
Powered by vBulletin® Version 4.2.5 Copyright © 2024 vBulletin Solutions Inc. All rights reserved.