I Cracked a $200 Software Protection with Xcopy

Posted28 days agoActive25 days ago

vmfunc

2 points

1 comments

ud2.ripTech Discussionstory

heatednegative

Debate

80/100

Software CrackingCode VulnerabilitiesDecompiler

Key topics

Software Cracking

Code Vulnerabilities

Decompiler

Discussion Activity

Very active discussion

First comment

30s

Peak period

0-6h

Avg / period

11.3

Key moments

01Story posted
Dec 5, 2025 at 9:37 PM EST
28 days ago
Step 01
02First comment
Dec 5, 2025 at 9:38 PM EST
30s after posting
Step 02
03Peak activity
29 comments in 0-6h
Hottest window of the conversation
Step 03
04Latest activity
Dec 9, 2025 at 1:59 AM EST
25 days ago
Step 04

Generating AI Summary...

Analyzing up to 500 comments to identify key contributors and discussion patterns

Discussion (1 comments)

Showing 34 comments

vmfuncAuthor

28 days ago

6 replies

author here. the irony is enigma protector's documentation literally explains how to add runtime checks to your payload. they just... didn't read it

adzm

28 days ago

1 reply

And I'm glad they didn't. Protecting the installer keeps honest people honest. Protecting the runtime after installed means reduced performance and/or support headaches. That said I hope the developer didn't pay too much for this copy protection when some bespoke checks on the installer would have sufficed.

I'm just glad they didn't use iLok. It's been a pain for me as a legitimate user of a few iLok protected plugins.

jquery

28 days ago

Indeed. Some software DRM is so “effective” I’ve been permanently locked out of software I purchased.

fenomas

28 days ago

1 reply

I'm confused, then why does your article throw shade at both the protection software and the VST?

It sounds like you didn't find any issues with either of them, except that the VST vendor chose not to protect the thing you were hoping to crack?

VoidWhisperer

28 days ago

I think he should be mainly throwing it at the VST vendor, as opposed to the protection software, since the main issue in the article comes from the vst vendor protecting the installer but not the actual software (that said, they also show that the protection software is fairly trivial to hook and bypass)

swatcoder

28 days ago

Runtime checks aren't an impossible effort to defeat either. If you're into this stuff, you should build a plugin with them yourself and then figure out how to crack it. It's a great learning exercise.

As another commenter wrote, the protection is there to keep honest people honest, like locking the front door of your house.

It's not foolproof and doesn't need to be. It's role is to make sure respectful users know that you'd genuinely prefer they not steal your stuff (not everyone actually does care about that).

Sophira

27 days ago

Do you have an email address I can use to contact you about this page? There's something I'd like to talk to you about in private.

VoidWhisperer

28 days ago

Question: Why go through the effort of removing most of the key throughout the article just to have it in a chunk of code in the article anyways? I'm not trying to throw shade here, I am legitimately curious about the reasoning

kelnos

28 days ago

Or maybe they knew about the runtime checks, but made a decision not to add them? As others have pointed out, this plugin can be used during live performances. The last thing a plugin author wants is a reputation for their software being flaky at really bad times. A runtime copy protection check might fail for spurious reasons, who knows.

stevefan1999

28 days ago

1 reply

For VST performance and timing is important so you can't protect the actual plugin

charcircuit

28 days ago

It only affects the timing of starting it up.

Nexxxeh

28 days ago

4 replies

Is it not more "VST author just does the bare minimum to keep honest people honest, because more invasive DRM risks ruining a live performance"? I'm not understanding why TFA author has such an attitude about this. Is the VST author a horrible person or running a toxic business model or something?

jrflowers

28 days ago

1 reply

I think the VST author and the DRM vendor are different people and the author is poking fun at the latter. It’s possible that the VST author isn’t aware that the fancy DRM protection they paid for doesn’t cover runtime.

stavros

28 days ago

1 reply

I think the VST author knew that fine, but they figured that:

1) Protecting the installer will take care of most casual piracy

2) Protecting the VST might lead to unpredictable performance and issues on something that needs to run in real-time

So they chose to only protect the installer, which seems like a very user-friendly choice. I both enjoyed the writeup and want to second supporting the developer by buying a license.

jrflowers

28 days ago

That’s also possible, and even if that were the case I don’t see how this article is even tangentially saying that the VST author is a bad person or toxic or whatever the comment I was responding to mentioned.

It’s kind of a rote “this is a bad implementation” post that’s pretty obviously about the DRM vendor and not the guy that made a bass boost plugin for djs or whatever it is.

bigyabai

28 days ago

1 reply

I didn't read it as them having any attitude. They targeted an obviously low-effort VST plugin and found exactly the implementation failure they suspected.

If the Bass Bully developer didn't want the spotlight, maybe they should have programmed their $200 (!!!) plugin better. HN has gotten soft.

polpo

28 days ago

The VST itself is $20 (to the end user). The Enigma Protector is the software that costs $200 (to the developer).

TylerE

28 days ago

1 reply

And furthermore, if a product designed to protect my income was only $200, I wouldn’t expect “serious security”, I’d expect exactly The kind of janky crap that was received.

lmz

28 days ago

They didn't even get into the actual protection itself. It may well be terrible, but it being xcopy-able is not the protection vendor's fault.

ash_091

28 days ago

> I'm not understanding why TFA author has such an attitude about this

To me it reads like an ego trip rather than any kind of righteous vendetta against the author. Implicit in "look at the dumb thing this other person did" is "I'm smarter than them because I noticed the dumb thing".

kaszanka

28 days ago

1 reply

> no winhttp.dll, wininet.dll, or ws2_32.dll. offline validation only. all crypto is local, so theoretically extractable.

You can't possibly know that by the mere lack of these DLLs from the import directory.

muststopmyths

28 days ago

TFA is checking those via imports, not copied DLLs.

I suppose they could LoadLibrary/GetProcAddress at runtime, but that'd be a lot of effort for obfuscation.

mberning

28 days ago

1 reply

For $200 how many casual pirates does it have to dissuade to pay for itself. Not many. At that price it doesn’t need to be very good.

rogerrogerr

28 days ago

Technically, it needs to dissuade pirates who then go spend money on the software legitimately.

cocainemonster

28 days ago

1 reply

this reeks of ai even if you bottomified the sentences. do better.

Tiberium

28 days ago

I agree, the writing style is quite weird and there are a lot of AI tells.

HHad3

28 days ago

1 reply

Is this LLM slop? One cannot truncate RSA signatures and still check them. The sample hook code is nonsense, it lacks an address to hook (and would break Enigma‘s self-checks). The sentence structure and all lower-case looks like a bad prompt attempt to hide LLM usage.

hebelehubele

27 days ago

Agreed. I don't know anything about DLL hooks, but code looks like nonsense to me. It's trying to hook into a null pointer.

  #include <windows.h>
  #include <detours.h>
  
  static int (WINAPI *Real_EP_RegCheckKey)(LPCSTR, LPCSTR) = NULL;
  
  int WINAPI Hooked_EP_RegCheckKey(LPCSTR name, LPCSTR key) {
      return 1;
  }
  
  BOOL APIENTRY DllMain(HMODULE hModule, DWORD reason, LPVOID lpReserved) {
      if (reason == DLL_PROCESS_ATTACH) {
          Sleep(2000);
          DetourTransactionBegin();
          DetourUpdateThread(GetCurrentThread());
          DetourAttach(&(PVOID&)Real_EP_RegCheckKey, Hooked_EP_RegCheckKey);
          DetourTransactionCommit();
      }
      return TRUE;
  }

pierrec

28 days ago

1 reply

Personally, I would change the article to anonymize the actual plugin that was cracked. The plugin author seems to be a solo dev/musician, actually more a musician than a developer, which might explain the poorly implemented copy protection*. But they're good at crafting sounds, and that's what they're selling. Or trying to sell. Or taking donations for, by the way: https://ko-fi.com/bassbullyvst

* I highly doubt it was deliberate as some others are suggesting.

KomoD

27 days ago

> actually more a musician than a developer

Yes, they're not a developer at all. They just purchased a tool called "Romplur", you can make VST plugins with it and then export as an installer.

Liftyee

28 days ago

This is definitely just me, but the diagram with "motivation to buy" was amusing to me. I (try to) refuse to be manipulated by these tactics - if I think the software is worth buying, I will purchase and use it, otherwise I will look elsewhere! Nothing sets my "motivation to buy" to zero quicker than aggressive, "uncrackable" DRM. In fact, it usually skyrockets my "motivation to reverse", whether or not I actually need the thing (though usually this is overruled by having better things to do with my time).

Bassbullyvst

25 days ago

Hi, I am the developer of Bass Bully Premium and I wanted to clarify a few things from my perspective.

I chose to protect only the installer with a simple lock-door method because my priority has always been stability and performance, especially at runtime. In the VST and plugin world, heavy or aggressive DRM can cause glitches or failures during a live performance. That risk felt far more harmful to my paying customers than the risk of casual piracy.

I understand that reverse engineering is part of how some people learn, and I am not here to criticize that. But when a post becomes a look-at-how-I-cracked-this thread, especially one that singles out a small independent developer, it starts to feel like a hit piece rather than a technical discussion.

The protection was minimal. It could be cracked. Maybe I should have done more. But this was not about being stingy with security. It was about delivering a stable and reliable plugin to real users without introducing bugs, system conflicts, or performance issues that can come from heavier protection systems.

I appreciate honest technical discussion and feedback. I also hope people understand that not every developer has a large team or a big budget. Many of us have to balance protection with usability, and for me, making music was more important than building an unbreakable DRM wall.

If you like the plugin and it helps your workflow, supporting it by buying a legitimate license goes much further than any crack-test ever will.

Thanks for taking the time to read this.

Josh, Director Bass Bully VST

temp92748374674

28 days ago

Nice going Jean, after you've scammed people out of thousands of dollars, associated with known furry pedophiles, your membership in a skid gang, leeching off your parents money in France to remove your dox and steal even more money from them so you can make a new startup every month while larping about living lavishly. We know what you did.

KomoD

27 days ago

> I cracked a $200 software protection

No, not really. You "cracked" some random guy's $20 VST plugin. You never actually cracked Enigma Protector. The article started talking about cracking it then pivoted at the end to "I wrote a Python script to copy files from the installer" and said "the protection itself works fine"

View full discussion on Hacker News

ID: 46170060Type: storyLast synced: 12/6/2025, 2:55:12 AM

Want the full context?

Jump to the original sources

Read the primary article or dive into the live Hacker News thread when you're ready.

Open link View on HN