My hardware id protection source code for my Beta CPU miner

[Spoetnik]

I figured i'd share what i wrote last year to protect my beta cpu miner i had released and given to people publicly/privatly.

it's one short c++ header file with a call to activate it on launch of the program.
and it came with a pass through key so if you passed -k secretkeynumber it would avoid doing a hardware check.

this worked by checking peoples hard drive serial number and hashing it with my own made up hash algo.
and then i made a function to check any key passed to see if it was using the correct algo..
if it did not pass then beta functions were disabled in the program.

I figured this might be of use to some other guys to protect their miner beta projects
and show that i am a creative nut case coder and some proof i have done something rather than just talk on the forum.

oh and it would work with a commandline like this.. Note: that is the actual hardware over ride key used in my beta miner(s)

minerd -k 32DRJ2FMD68BDJ3M --shareboost --hashboost -s 30 -q -t 7 -a scrypt -o stratum+tcp://frk.dencoinpools.com:3333 -u Spoetnik.1 -p 666

so anyway here is the main header called Key.h

Code:

#ifndef __KEY_H__
#define __KEY_H__

const char str[] = "32BTFJT7VF6G7WVT9RGH8QJ7Y6PB94MC2C64F37HKTJ322QWKC92DRW8VY9Y4WTDTBFQ6M8KLYK6XVKM6G342DG6YJ48J2VTFM8TFR8X92GV3V7DCP4K2749PBJKB2PV9HWQ278MVDVQB3XQ3KP8WJ2H8R6BD67QJBB7XMQCY9QJXPQ3FVTX8BQ74KTR3NC282P6XKGH24FCPXXQ6YRF2TRJ4C7RDJXR3M4JQTG2XQH2KHGGQ7DD62WCJKR84YCW";

int NU(char ch) {
	switch (ch) {
	case '0': return 15;
	case '1': return 9;
	case '2': return 0;
	case '3': return 14;
	case '4': return 8;
	case '5': return 1;
	case '6': return 13;
	case '7': return 7;
	case '8': return 2;
	case '9': return 12;
	case 'A': return 6;
	case 'B': return 3;
	case 'C': return 11;
	case 'D': return 5;
	case 'E': return 4;
	case 'F': return 10;
	}
	return 0;
}

int HID(char ch) {
	switch (ch) {
	case '0': return 'E';
	case '1': return '9';
	case '2': return '6';
	case '3': return '5';
	case '4': return '7';
	case '5': return 'C';
	case '6': return 'D';
	case '7': return '3';
	case '8': return 'B';
	case '9': return '0';
	case 'A': return '2';
	case 'B': return '8';
	case 'C': return 'F';
	case 'D': return 'A';
	case 'E': return '4';
	case 'F': return '1';
	}
	return 0;
}

char b[8];
char hid[8];
char id[8];
char serial[17];

char* GetHID(char* x) // v3.9.0.4
{
	int i,pos;
	memset(id, 0, 8);
	for (i=0; i<8; i++)
	{
		pos = HID(x[i]);
		sprintf(b, "%C", str[pos]);
		strcat(id, b);
	}
	//printf("GetHID(%s)\n",id);
	return id;
}
/* OLD data
Volume SerialNumber: 951441639 | 38B5D8E7
Beta Activation ID = 2V8RFVR8
Beta Activation Key = 322C6MFMWJJB82QT
*/
char* GetKEY(char* hid) // v3.9.0.3
{
	int i,pos;
	memset(serial, 0, 17);
	for (i=0; i<8; i++)
	{
		pos = i*32 + 2*NU(hid[i]);
		sprintf(b, "%C%C", str[pos], str[pos+1]);
		strcat(serial, b);
	}
	//printf("GetKEY(%s)\n",serial);
	return serial;
}

bool GetHardwareID()
{
	char DeviceName[4]="C:\\";
	char VolumeName[256]="";
	char FileSystemName[256]="";
	unsigned long SerialNumber;

	int result = GetVolumeInformationA(
		DeviceName,
		VolumeName,
		256,
		&SerialNumber,
		NULL,
		NULL,
		FileSystemName,
		256);

	if (result) {
		sprintf(b, "%x", SerialNumber);
		sprintf(hid, "%s", GetHID((char*)b));
		//printf("\n\n\tVolumeName: %s\t SerialNumber: %lu | 0x%X\n",
		//	VolumeName, SerialNumber, SerialNumber);
		return true;
	}
	else
		applog(LOG_INFO, "Get Hardware Info Failed");
	return false;

}
/*
RF3Q3F32 32DRJ2FMD68BDJ3M
*/
bool CheckActivation(char* k)
{
	char z[17];
	z[0]=str[141];  // 3
	z[1]=str[51];   // 2
	z[2]=str[156];  // D
	z[3]=str[17];   // R
	z[4]=str[227];  // J
	z[5]=str[193];  // 2
	z[6]=str[202];  // F
	z[7]=str[79];   // M
	z[8]=str[85];   // D
	z[9]=str[195];  // 6
	z[10]=str[55];  // 8
	z[11]=str[162]; // B
	z[12]=str[63];  // D
	z[13]=str[171]; // J
	z[14]=str[108]; // 3
	z[15]=str[135]; // M
	z[16]='\0';

	if (strcmp(k, z)==0)
		return true;

	if (GetHardwareID())
	{
		GetKEY((char*)hid);
		if (strcmp(k, serial)==0)
			return true;
		else
			applog(LOG_INFO, "Check Activation Key Failed");
	}
	//else
	//	applog(LOG_INFO, "GetHardwareID Failed");

	return false;
}

#endif /* __KEY_H__ */

and then *some code in cpuminer.c

Code:

#include "key.h"

bool opt_beta = false;
bool have_beta_cmd = false;
static char *beta_id;
static char *beta_key;
bool opt_hash_boost = false;
bool opt_share_boost = false;

int main(int argc, char *argv[])
{

	char console_title[256];
	sprintf(console_title, "%s v%s --scantime %i",
		CONSOLE_TITLE, PROGRAM_VERSION, opt_scantime);
	SetConsoleTitleA(console_title);

	if (have_beta_cmd) {
		if (CheckActivation(beta_key))
			opt_beta = true;
	}

	if (opt_beta)
		applog(LOG_WARNING, "Beta Mode: Activated");
	else {
		applog(LOG_DEBUG, "Beta Mode: Unregistered");
		applog(LOG_INFO, "To activate please read beta.txt");
		applog(LOG_INFO, "or send an email to: spoetnik@outlook.com");
	}

	if (opt_hash_boost && opt_beta)
		applog(LOG_WARNING, "Hash Boost Mode Enabled");
	if (opt_share_boost && opt_beta)
		applog(LOG_WARNING, "Share Boost Mode Enabled");
}

static void parse_arg(int key, char *arg)
{
	char *p;
	int v, i, r;

	switch(key) {
	case 'k':
		have_beta_cmd = true;
		free(beta_key);
		beta_key = strdup(arg);
		break;
	case 'w':
		for (i = 0; i < ARRAY_SIZE(color_mode); i++) {
			if (color_mode[i] &&
				!strcmp(arg, color_mode[i])) {
					opt_color_mode = i;
					break;
			}
		}
		if (i == ARRAY_SIZE(color_mode))
			show_usage_and_exit(1);
		break;
}

[Spoetnik]

i also coded two small tools that checked a persons hardware id and another was a keygen for it all..
i can upload those source codes too if people are interested.

[Spoetnik]

this got buried fast so i will bump it once to see if any coders are interested in this

[smolen]

GetVolumeInformationA

That's well visible in PE import table and cry for patching
IMHO the best protection for a miner is tying it to the pool, as 1GH did.

[Spoetnik]

oh yeah i know i'm an experience cracker myself so
it would prob taking patching one jump in OllyDBG lol

i knew if someone wanted to crack it they would..
although if you look at the code patching that API call would make the check fail..
if it couldn't get the volume id then the activation check would not succeed.

i didn't mention it earlier but people had to send me their hashed volume id and then i would email them a key.
reversing the hash system would require knowing your own volume id etc.
the easier way to crack it would be patch the checks on whether it's activated.. the bool variable.
when i used the variable i wrapped protected functions around whether the beta enabled bool was set true or false.
so the most vulnerable aspect of all this was simply patching those check and not the activation system itself.

for example i have for years been cracking Tag & Rename and Valve's steam and many other app's for many years and i don't go after their algo's
i simply wait until the algo is done and attack the variable etc that stores the result of what the algo was checking for.. see what i mean ?

In Steam for example all i did so many years ago was set a register and return.. wrote 3 lines of asm that defeated the protection.
and on Tag & rename it has always been as easy as patching a couple jumps and running the program.. no key needs to be entered its just regged an launch.

What i did for my firewall where i reversed all the parts where it hashed and encrypted stuff and then keygenned it by recreating what the hashing etc was doing
is pretty rare.. i wouldn't usually bother going to that much trouble when a simple quick one or two line patch kills all the protection crap.
and i DID do that too on the firewall.. and it REALLY REAAAALY pissed the dev off big time when i laughed at him and posted screenshots of how i did it to him publicly on a forum
he flipped out and said it was not need to post them and i was a jerk etc for posting and i said buddy.. you just called me a liar and said i couldn't patch it so i proved it LOL
and he figured i coudln't because his program was coded in c sharp .net ..and yeah i can patch that easily lol
This is the exact picture i posted to the firewall dev that pissed him right off lol


anyway i think your saying "Server side protection" ..
and when you shared your miner way back i considered trying to crack / patch it.. i am not sure what you did is secure.
Valve uses some advanced server side protection systems that are exploited and yours i got the impression was rather weak compared to many out there.
Want me to try and crack your program ? lol

[shedapu]

I have a problem cracking a program blocked with processor ID code.
I cannot retieve my processor id anymore (bought a new desktop).
Is it possible for me to open the code from the program and delete the id code security?