SECURE SECURE SECURE SECURE SECURE SECURE SECURE PROGRAM ENCODING ver 2.1b written by G.M.McKay SUMMARY : --------- You can use SECURE to stop people cracking programs you have written. SECURE encodes your .EXE and .COM executable files and installs security checks into them. So when run, your files decode themselves and also check that they have not been altered at all. This makes them extremely difficult to crack. The self- checking routines also protect your files against accidental corruption. SECURE can also protects your files against viral infection - it can detect the change in file size and refuse to run. WHY SECURE ? ------------ All software distributors know the problem of people cracking their software. Programmers go to a lot of trouble to create software the way they want it, only to have others change it after release. These changes might be : - removal of password protection - removal of Shareware "nuisance" screens - removal of Shareware registration messages - replacement of your name or documentation with something else - altering the running of the program - addition of viruses or trojan horses - addition of personal graffiti (like Banners) This is not only counter to your wishes, not only costs you money in registrations or commercial sales, but can also damage your reputation with altered, possibly malfunctioning, versions being distributed in the market place. SECURE comes to your rescue here! Use SECURE to modify your .EXE or .COM executable files to protect them against cracking. In addition, SECURE makes sure that accidental corruption has not occurred, hence corrupted versions are not distributed. This corruption may occur when copying to and from disks, or when transmitting by modem. But wait - there's more! SECURE can also detect if the size of your file increases, and refuse to run. Nearly all viruses that live in files (rather than living in other areas, like the boot sector on disks) increase the size of the file. So if any of your executable files do get infected with viruses they will not be distributed on BBS's , and you will not get a reputation for infected files. DISTRIBUTION : -------------- This program is being distributed as Shareware. This does not mean it is free !!! It is copyrighted and you can only use it under defined conditions. Any use outside of these conditions is a breach of copyright and is punishable by law in all Western countries. I encourage you to give copies to friends and associates, post it on bulletin boards, and distribute it from recognised Shareware libraries (charging only a low nominal fee). You must only distribute it complete, ie. with all files present. When posting to bulletin boards please distribute it as a compressed file including the version number, ie. SECURE21.ZIP. This unregistered version works as well as the registered version, except that if the SECURED file finds that it is corrupted, it prints the message "encoded by SECURE - " before stopping. This of course means that the program is not as secure as it might be. Not only does this tell a cracker how it is protected (he might have come up against SECURE previously), but it alerts the cracker to the presence of the security check. UNDER MY COPYRIGHT CONDITIONS, YOU ARE NOT ALLOWED TO DISTRIBUTE ANY PROGRAM WHICH HAS BEEN PROTECTED BY AN UNREGISTERED COPY OF "SECURE". YOU MUST RECEIVE A REGISTERED COPY OF "SECURE" BEFORE DISTRIBUTING YOUR PROTECTED PROGRAM. The registration fee for NON-COMMERCIAL distributors (ie. Shareware or Public Domain) is $25 plus $6 postage. For this, I will register your copy and send you a registered copy of the latest version. As an additional incentive, I will also send you free of charge, a copy of TSR_IN_BASIC (which allows you to write TSR's in all forms of the BASIC language), and the latest version of a program to play the card game of Five Hundred. You may use this registered copy of SECURE to protect as many programs as you like, as long as you wrote them and distribute them by Shareware or Public Domain. It must not be given to anyone else. The registration fee for MINOR commercial distributors is $150 to protect a single version of a program, and $25 for later versions of the same software. MAJOR commercial distributors (you know who you are), please contact me to discuss fees and support. I have given people who distribute Shareware programs a special deal because they do not make as much money, so they do not get as much benefit from having their programs crack-proofed. In the mega-bucks world of commercial software distribution, it is obviously very important and value- added. If the future of low-cost quality software is to continue, we all must support the Shareware concept. I monitor new files appearing on Bulletin Boards and elsewhere, and can easily tell if you have used SECURE. If you cheat on this payment, may you be constantly cracked. DISCLAIMER : ------------ I have taken every effort to make this program as good as possible. However, you will understand that I cannot guarantee that it will work perfectly for all programs in all circumstances when used on all computers. Hence, I cannot accept any responsibility whatever for unexpected performance. You have the responsibility to fully check out the SECURED program. SECURE does not make a program un-crackable - this is not possible. It does however make it considerably harder to crack. It also gives the program a lot of protection against accidental corruption. It also gives a lot of protection from viruses, by not running if the file size is changed. FILES : ------- The files which should be present with this program are : SECURE.EXE encoding executable file SEC.EXE secondary encoding file README.EXE secure documentation as executable file (this file) SECURE.TXT secure documentation as text file (this file) ALTER.EXE executable file to corrupt a file for demonstration purposes REGO.FRM registration form HOW DOES IT WORK ? ------------------ SECURE works by installing multiple encoding and security routines into the secured file. It is not wise to document here exactly how SECURE works - I do not want to help others to crack your program. However rest assured that the secured program is protected by: - the actual programming code is encoded to make any deliberate attempt to change it extremely difficult - the program checks itself when run, and will not run if any part of it has been altered - the complex nature of the encoding means that anyone trying to crack the program will take about one hundred times as long with a secured file than with a standard file - the secured program's self-checking routines are also protected against change - each SECURE encryption is different. This means that a cracker must crack every secured file individually (ie. it stops the cracked-one- cracked-them-all possibility) - if you choose, the program can check its file size to detect extra code added or removed from the file. One of the powerful features of SECURE is its ability to nest. This means that you can keep on running SECURE on a program, and build as many protecting routines into it as you like. Each routine makes it exponentially more difficult for a cracker. So, you can choose your own level of security. SYSTEM REQUIREMENTS : --------------------- To run SECURE, you only need an 8088 or better computer, EGA or VGA, and at least 340 Kbyte of conventional memory. These are not exactly major restrictions for people who like to program! The SECURED program that you produce will run with the same equipment requirements you designed into it, except that you may need a tiny amount of extra memory to run it, eg. 500 bytes extra. OPERATION : ----------- Run the SECURE.EXE program (from within the directory which contains all the SECURE files) and it leads you through the information it requires. This is presented in a menu format. It allows people who are familiar with the program to run through it quickly, while also giving ample help to first time users. Navigate through the menu using the usual TAB, shift-TAB, mouse, or ESC key. Click on the help buttons to get help on each piece of information required. i) program to secure : This is the file you want to protect. It has to be an .EXE or a .COM file. If you do not specify an extension, the program looks for .COM and .EXE files (in that order). The file does not have to be in the current directory as long as a valid drive or path is given with the file name, eg. d:\MYPROG\RUN.EXE Do not try to SECURE files which can only be run through Windows - Windows files have different file headers which are not compatible with SECURE. ii) new file name : This is the name you want the newly secured file to have. You do not have to specify an extension, as the extension must be the same as the original file. This file must have a different name to the original file. This name must be a valid DOS file name and may also be in a different directory if you specify a path or drive. iii) password : SECURE uses a password to encode your file and to perform security checks. This ensures that different algorithms are used to encode every secured file. Hence, if someone does manage to crack one SECURED program, this knowledge is of no help in trying to crack another one. The password has no significance once SECURE has been run. The password may contain any characters (except spaces), but must be at least four characters long. iv) fail option : You can choose the way your program will behave if it detects that it has been corrupted (or tampered with) when it is run. The options are : 1) Print "This file is corrupted" and then stop and return to DOS. 2) Print your own message and then stop and return to DOS. 3) The computer can hang in an unpredictable way (depending on what just happens to be in parts of your RAM memory). 4) The computer can re-boot. Options 1 & 2 are friendly messages warning people not to tamper with the file, or alerting people to a genuine accidental file corruption. Option 3 makes a cracker believe that he/she caused the computer to hang (a common occurrence when you are trying to alter code). The cracker then does not look for security devices. Option 4 delays the cracker to cause frustration. v) file length check : You can choose whether you want the SECURED program to check its disk length before running or not. This is different from checking the content of what has been loaded into memory (which is always part of the SECURE standard program). This option checks whether some extra code has been added to the end of the program (or removed from the end). This detects viruses which add on to the end (most viruses which live in files add on to the end, and increase the file length - the few that don't, over-write useful code, so the files do not work properly, and the viruses are not prolific, Darwinism Selectivity-wise). Choose Y(es) or N(o) for this option. Reasons for choosing 'No' are : - if you want to install several SECURE routines in to the file (as is recommended), ONLY USE THIS OPTION ON THE LAST TIME SECURE IS RUN. Otherwise the extra code added by later SECURE runs, will be seen as a corruption and the program will not run. - if the extra 100 bytes file length is important to you. This is the length of installing this extra check. - if you wish to call the file from within another file (eg. the RUN or CHAIN commands in a BASIC program). Try it out, but installing the file length check is OK when called from the command line (in any directory), from menu programs, from Windows, from .BAT programs, but not if called from within other still resident programs (unless via SHELL). The SECURE program helps you by telling you if you have not put in correct information, eg. it may not be able to find your file, or the password may not have enough characters. TAB or mouse click on the "GO" button when you are ready to proceed. .EXE files have the length of the file to be loaded into memory stored within their file header. Usually, this is the same as the length of the file stored on disk (ie. as you see when you type "DIR"). However, sometimes the whole file is not loaded into memory. For example, this extra information at the end of the file, which is not loaded into memory, can be debugging information. SECURE is designed to work properly in most cases where this occurs, but it also prints out a warning message, to remind you to fully check it. Relax - it should work perfectly. While your program is being encoded, you can safely terminate the program at any time by pressing "Ctrl Q". If you exit this way, the file that the SECURED program is being written to, will be deleted. This makes sure that you do not have any confusing half coded programs. SECURE will display a screen of technical information after it has finished protecting your file. It will also confirm that your file has been SECURED successfully. This technical information is useful to me for debugging purposes, and may be of general interest to you. FILE LENGTH : ------------- The length of the SECURED file is usually longer than the original file. This is because SECURE inserts extra code into the file to handle the multiple encoding and security checking routines. This extra length is most commonly less than 530 bytes. It can be as high as 680 bytes. The secured file can under certain circumstances be smaller than the original - yet work as well. This is all part of disguising the fact that you used SECURE to protect the file. Of course this disguise doesn't work too well if you use the unregistered version which tells the cracker that SECURE has been used. WHEN NOT TO USE SECURE : ------------------------ Don't use SECURE if you only have a few seconds to run it in. The encoding is highly sophisticated and is performed on each byte individually, so it does take a significant length of time. Look on the bright side, computers are getting faster, and you don't want to run SECURE very often anyway. Depending on your CPU, disk etc. a 200 Kbyte program might take 10 minutes to secure. If you want to make it run faster, do not load DOS in high memory. DOS in conventional memory (remove EMM386) will run it in half the time. Do not try to SECURE programs that require Windoze to run. Windoze programs are written differently and have different file headers to conventional programs. SECURE detects these programs, and tells you that they cannot be run. Sorry, you'll have to protect these files some other way (be comforted by the knowledge that Windows programs are harder to crack anyway). You can run the SECURE program through Windows if you want. Similarly, you can run any DOS program which SECURE has protected , through Windows successfully. For extra security you could run SECURE on a file twice (or three, four, five or more times). This would be a nightmare for a cracker because the multitude of security devices do not interfere with each other - they all work if the "check file length" option is only used on the last routine! If you use multiple SECURES on your file, a cracker will get most frustrated and confused if the "failure option" you use each time you run SECURE is the same. Remember, confusion is your friend. If your program already has a security check built into it, it may not like you adding another check to it. But then again, it may be perfectly happy with it because of the way the SECURE code has been written. It may work fine, and both security devices will do their jobs (eg. I tried it on McAfee's virus scanner (v116) and it warns you that extra code has been added when SECURED - but otherwise works without problems). This is a similar situation to using SECURE's "check file length" option. If you do NOT use this option you can nest as many SECURE routines on top of each other as you like. But if you use this option and then add another SECURE routine after it, it will detect the addition of the extra code, see it as a corruption, and stop. So, you must only use this option on the LAST SECURE that you run on the file. I have run SECURE on about 100 commercial and Shareware programs and it works on 95% of them. It works on .COM files (.COM files are simpler than .EXE and must be less than 64 Kbytes long). It also works on .EXE files, whether they are shorter or longer than the 64 Kb boundary, and whether they contain a relocation table in their file headers or not. SECURE adjusts starting positions, memory requirements and Stack positions in .EXE file headers as needed. SECURE can also work without problems on programs run in DOS's upper memory eg. MOUSE.COM loaded high. Programs created by simple, industry standard compilers and linkers have a very high chance of working perfectly when protected by SECURE. Programs which are written much closer to the machine language code may possibly give problems when SECURED. These programs are likely to be more touchy and may suffer if the Stack segment is moved, or extra code is inserted into the program or the program length changed slightly. Try the program - in nearly all cases it will work for you. Don't run SECURE if your program is so large that it is likely to only just fit into the memory available. In practice another half a Kbyte of RAM is not likely to worry anyone. Remember that some programs can actually be smaller after SECURING. SECURE works on programs as small as 1 byte up to programs as large as 600 Kbytes. If you are relying on the "check file length" option to make sure your program is never responsible for virus activity, you may be disappointed. Be aware that file infecting viruses usually add on to the end of a file, but they run before the rest of the program. This means that if your SECURED program is infected, when it runs, it will infect other files (or do whatever the virus tells it to do). However after this, the SECURE routine within the program (with "file length check") will tell you that the file has been corrupted and will not run. This ensures that this corrupted file will not be passed around between people or on Bulletin Boards. So your files will get a reputation for being virus-free. HAS IT WORKED ? --------------- After you have created a SECURED program from your standard program, how do you know if it has worked? You won't feel any different, and the program shouldn't run any differently. It should run exactly the same in all respects. You will not notice any difference in the time to load and run the program. The decoding and checking that is done is tremendously fast compared to the time needed to read the program from disk. When your SECURED program is running, the SECURE coding makes no difference at all to its running speed. So, how do you know that something has happened and this is not simply a con? First, you will have noticed the size of the program has changed slightly (run "DIR" and compare the old to the new). Second, do a file comparison of the old to the new file (you can use "FC" in later DOS versions). You will see that almost nothing is the same in the new version as the old - it is totally encoded, but still works exactly the same. Third, included with this program is a file called ALTER.EXE. Run ALTER to either change just one lone, solitary, insignificant, little, 8 bit byte in your SECURED program, or to add one petty, immaterial, irrelevant byte onto the end of your program. It does not actually change your program, but copies your program to a file called ALTERED.EXE or .COM and changes the byte in the ALTERED.??? file. Naturally, it creates ALTERED.EXE if your SECURED file is a .EXE, and it creates ALTERED.COM if your file is a .COM. Now you can run the ALTERED.??? file and see the failure option you selected when SECURING your program, snap into operation. If you used an unregistered copy of SECURE, you will also see the "encoded by SECURE -" message printed. So, you can use the program ALTER.EXE to simulate a cracker changing just one byte of your program, or a virus adding just one byte to the end of your program. If you worry that someone might have tampered with your copy of SECURE, rest easy! All executable files in this package are protected by SECURE. So you can use them with confidence, just as I am distributing them with confidence. COMPRESSION PROGRAMS : ---------------------- PKLite and LZexe are examples of programs which compress executable files and produce programs which decompress themselves in memory when run. Hence the file size is smaller on disk. If you want to use SECURE and a file compressor, you can run them in either order. However, the file will probably be slightly smaller if you compress first, and then SECURE. The reason for this is that the compression program looks for repeated words, and it finds more in structured programs, than in the random SECURED code. Regardless of the order you run them in, SECURE (without the "check file length" option) should still work properly, as it adapts itself to the fact that the file is compressed. Try running the programs in both orders and check them out. I have tested programs with the standard PKLite compression and the encoded compression (-e switch) and they have all worked perfectly. Of course if you want to use SECURE's "check file length" option you must compress the file and then run SECURE - obviously doing it the other way around will make the SECURE routine see the compression as a corruption. REGISTRATION : -------------- As discussed above, if after trialing, you want to use this program to protect your distributed programs, you must register your copy. For a registration fee of $25 plus $6 postage (for non-commercial distributors), I will register your copy, and send you a registered copy of the latest version. I will also send you a free copy of TSR_IN_BASIC (which allows you to write TSR's in all forms of the BASIC language), and the latest version of the program which plays the card game of Five Hundred. The registration fee for minor commercial distributors is $150 to protect a single version of a program, and $25 for later versions of the same software. Major commercial distributors (you know who you are), please contact me to discuss fees and support. Use the registration form below, or it is also kept in a file called REGO.FRM. ---------------------------------------------------------------------------- S E C U R E Name: _________________________________ Date: ____/____/____ Address: _______________________________________________________ City: _______________________ State: _____ Code: __________ Country: _______________________ Version: _2.1b_ My Copy From: ______________________ Floppy (eg. 1.44MB,1.2MB): _________ Type of Distributor : (S/W, P/D, small commercial, large commercial) (please included a justification of your category) (I will contact large distributors to discuss terms) ____________________________________________________________ ____________________________________________________________ ____________________________________________________________ If you are a small comm. distributor-which software and version does this payment cover : _________________________________________ Registration . . . . . . $----- ($25,$150) Latest version + extras $----- ($6) total $----- I will be grateful for any suggestions, comments, or information on problems with the program you may have. ---------------------------------------------------------------------------- SEND THE FORM TO: G.M.McKAY 29 Melissa St. Strathmore Victoria , 3041 Australia phone Aust - 03-3797696 (hm) or Aust - 03-93797696 (hm) Internet Registration --------------------- The Registered Version of this program can be purchased and received immediately on the Internet at Albert's Ambry. Registration at Albert's also eliminates shipping and handling costs. Please go to: http://www.alberts.com Search on: secure Click on the "Buy It" Hotlink to register this software. Thank you for registering this program. ---------------------------------------------------------------------------