I launched Ad Muncher 15 years ago. In that time, I've paid myself much less than the market rate for my work, but was powered to continue by a passion for what I was producing.
It was therefore hard to see the rampant piracy of Ad Muncher, with cracked versions often being released the day after a new version became available, with their own pirate list update servers and thousands of posts across forums discussing how to use them:
My intention in addressing this was not to stop all piracy, but just to increase the time between a new release and a cracked version being available, so that truly passionate users could be motivated to support further development.
My solution was a proprietary obfuscation system I named Pro Hart, as it made such a mess of the code I'd worked so hard on.
The process worked as follows:
Here's an example before and after of just one obfuscated instruction:
Before: mov eax, offset szMyString After: call ?PH_OPUSH_5 dd offset szMyString + PH_OPUSH_5_ALGORITHM_RETURNSIGN ($ - offset codeStart) + PH_OPUSH_5_ALGORITHM_RANDOM pop eax ; one of many randomized push handling functions, ; each with randomly selected code paths and constants PH_OPUSH_5_ALGORITHM_RANDOM equ 2966022664 PH_OPUSH_5_ALGORITHM_RETURNSIGN equ <-> ?PH_OPUSH_5: push edx push ecx push edi mov ecx, dword ptr [esp + 8 + 4] lea ecx, [ecx + 4] mov edi, dword ptr [ecx - 4] lea edi, [edi + ecx - 4 - codeStartAddress - PH_OPUSH_5_ALGORITHM_RANDOM] mov dword ptr [esp + 4 + 4 + 4], edi pop edi mov dword ptr [esp + 4], ecx pop ecx ret
The kind of obfuscation applied had many different variations and they were applied in different ways to all applicable instruction types.
The end result of all the different code changes were:
- Static analysis was made harder by hiding references to functions, values and data locations.
- Live analysis was made harder by making code tracing extremely time-consuming.
- Anti-debugging checks could be hidden more easily.
- Self-verifying code functions could be hidden in enough places, each with different triggers, that an attacker would find it difficult to be certain they were all disabled before releasing their modified version to other users.
ProHart increased the time between our releases and pirated releases to around two months, which achieved our goals and produced a new and noticeable spike in sales whenever a new version was released.
To any software cracker that managed to make it through the hoops: Kudos for your skills and persistence, I hope the extra complexity was an enjoyable challenge for you.
To any Ad Muncher users who have ever supported development by registering: I appreciate your support hugely. I hope you understand the need for this slight diversion in development and the net positive return it had on development resources.
After 15 years, last week I announced that Ad Muncher will soon be released for free.
Nobody will ever need to download another cracked version from an untrusted source, and I'm able to do this thanks to the support of 100,000+ people who have contributed their hard-earned money to Ad Muncher's development.