Ilok busted?

[aMUSEd]

I don't see why it needs an iLok 3 or why this is nothing more than just a minor setback for iLok. Syncrosoft got cracked (or emulated - like this) for a short while, then they updated their protection software, no more cracks since. I don't see why iLok can't just do the same, yeah the crack will mess things up for a short till they do but once the updates have been passed on to the relevant companies the crack will be history because no-one running the crack will be able to install any updates for their stolen goods, just as the Syncrosoft one is. Using cracks like this means perpetually being left behind the people who are legit.

[Compyfox]

The question is still - how long will this take to "regrow another Hydra-head".

Again, for Syncrosoft, it took them several years (the Dongle Emulator was out between SX3 and C5 for sure, unsure on SX1 and SX2). And the initial ilok "cracking" stopped once iLok2 hit.


I'm not saying that we will see iLok3 soon, but this could be the "only route to go" for this company. I mean, they did that before - and what better way to say "hey, we stay up to date, and so should you!"?

Though granted, "updating" is the simpler method in this case. But not financially better for Pace/iLok.


At this point, it's speculation. But, still different sides of a medal...

[Acid Mitch]

Again, for Syncrosoft, it took them several years (the Dongle Emulator was out between SX3 and C5 for sure, unsure on SX1 and SX2). And the initial ilok "cracking" stopped once iLok2 hit.

.

There used to be a thread where someone posted the info file from cracked Cubase 5 or something.
It more or less said that a crack of Cubase 4 was not released to the public because Steinberg/Syncrosoft paid the crackers not to.

I'm pretty sure SX 3 was one of the things where using the dongle emulator gave better performance than the dongle. There should still be discussion floating around the web on it.

[robotmonkey]

Like I said above in reply to Theo, it remains to be seen how this particular crack came out to be. It could be that some kind of a simple bug or oversight by PACE was exploited in the specific combination of iLok software and plugins. Or it could be that some kind of more serious architectural flaw was found. Or it could be that PACE's network was infiltrated and some of their code stolen. In the first case it would probably be as simple as patching the iLok software and plugins that use it. In the second case it could be that iLok3 needs to be rolled out. And in the third case it would mean that PACE is f**ked. But it's too early to tell how serious this is. As per rumors the first talk about PACE being compromised originated from some Chinese speaking forums it might be more serious than it appears. But as those are unverified rumors it also might be that some script kiddie just got lucky.

Anyways it certainly seems like an old school crack team release, and looks like the crackers wanted to make a point, as pretty much every Avid product seems to be cracked and released before everything else. And we all know how close PACE and Avid have been.

Actually maybe it was Urs. He had some negative things to say about PACE and AAX in this very same thread. And I'm sure that now he could sell his own copy protection with even heftier price tag than PACE.

[Compyfox]

I'm pretty sure SX 3 was one of the things where using the dongle emulator gave better performance than the dongle. There should still be discussion floating around the web on it.

I remember this. I think the accusation/think tank was that the random access to the USB key was throttling the performance. Didn't experience this however - or at least not with full awareness.

It could be that some kind of a simple bug or oversight by PACE was exploited in the specific combination of iLok software and plugins. Or it could be that some kind of more serious architectural flaw was found. Or it could be that PACE's network was infiltrated and some of their code stolen. In the first case it would probably be as simple as patching the iLok software and plugins that use it. In the second case it could be that iLok3 needs to be rolled out. And in the third case it would mean that PACE is f**ked. But it's too early to tell how serious this is.

I mostly read about point 2 - months ago already even. I seem to remember reading that there was some kid that made a bold statement that "iLok2 can be cracked" and he found certain indications, he/she/it looked for help. I didn't expect this to happen that soon already - especially after the commentary that "iLok is the strongest encryption on the market currently".

Anyways it certainly seems like an old school crack team release, and looks like the crackers wanted to make a point, as pretty much every Avid product seems to be cracked and released before everything else. And we all know how close PACE and Avid have been.

I don't think that this is a traditional team.

Why AVID however... definitely an interesting point. AVID was in severe criticism recently since "you invest a lot of money and still can't use their software". Actually, even Markiplier (a 10mil YouTube Let's Player) commented on this nonsense. Add to that, the AAX SDK fees, the iLokalypse, etc...

So this could be more than just a simple message indeed.

Actually maybe it was Urs. He had some negative things to say about PACE and AAX in this very same thread. And I'm sure that now he could sell his own copy protection with even heftier price tag than PACE.

Which would bring the debate full circle actually. Urs has been offering that system to developers for years at this point. Might definitely be another pillar of income.


Still... if the Plugin Alliance and U-HE would meet in the middle... and then other devs dragging along, this would be a "best-case scenario" IMO. If C/P then non-Intrusive C/P, no C/R, either serial or USB stick usage for easy activation. Still not save from cracking.

But as this thread clearly shows - it's only a matter of time.

[chk071]

There used to be a thread where someone posted the info file from cracked Cubase 5 or something.
It more or less said that a crack of Cubase 4 was not released to the public because Steinberg/Syncrosoft paid the crackers not to.

And that sounds like a credible information to you?

[V0RT3X]

Actually maybe it was Urs. He had some negative things to say about PACE and AAX in this very same thread. And I'm sure that now he could sell his own copy protection with even heftier price tag than PACE.

If this is a joke, i don't think it's appropriate, especially given the current circumstances. U-he would'nt sink that low.

[2ZrgE]

..

See, this is a topic I still don't quite understand. By that I mean - what is cracked, not to mention "why", and what is not? Is it the popularity of the company or the tools? And why are some tools still not "cracked" or "warez'd" and others are up and down? I kind of don't understand the selection.
...

Actually that's quite easy: What can be cracked (within a reasonable amount of time and effort) will be cracked - the tools which are not cracked yet just happen to have a very good protection (Cubase, Reason, Nexus 2, U-he for example).

Those crackers even crack 10 dollar plugins, just because they can.

Sorry, but I can't agree on that end.

There are tools on the market that use a serial number system and not C/P, between 50 to 150bucks as full bundle and they are still not cracked. One of these tools are Jamstix - and yes, while there are elder/cracked versions circling around, v3.x (I think we're on 3.7 at this point, haven't checked my account in a while) and the upgrade packs still aren't.

Sometimes there are cracks of even the most crippled demos, sometimes there are never cracks of even the currently most popular tool. So is there a "code of honor" after all if a developer says "don't crack this" or "please remove the crack"?

The selection is kind arbitrary - and you can't colour everyone with the same brush.

...

A serial number protection does not mean that a tool is easy to crack - just take a look at U-he. And of course someone has to provide the stuff to be cracked - that's another reason an 'easy' target is not cracked (yet). There may be a "code of honor", but not every cracker cares about that.

[robotmonkey]

Again, for Syncrosoft, it took them several years (the Dongle Emulator was out between SX3 and C5 for sure, unsure on SX1 and SX2). And the initial ilok "cracking" stopped once iLok2 hit.

There are several factors that have probably influenced why some of the protection schemes have been uncracked for so long. There's certainly was a qualitative jump in complexity of protection at one time that made it much harder to circumvent eLicenser and iLok. But also at some point the scene disbanded for various reasons and so there's not been much interest and talent in challenging the protection. I think this actually is the main reason, and not that the protection itself has been unbreakable, why iLok 2 has had such a long time. Also there's been a huge jump in cheaply available computing power that makes brute forcing cryptographic keys and such much more viable than for example 5 years ago.

[Compyfox]

Then I give a counter argument, 2ZrgE.

"Warez groups" are in need of source material. We pretty much understand the concept. But riddle me this... why invest hundreds of USD for a hard to crack plugin, if alternatives (decent priced even) are easier to access?

Unless we're part of this... scene... or developers that are actually in contact with such groups, we will never fully grasp what's going on.

Again, for Syncrosoft, it took them several years (the Dongle Emulator was out between SX3 and C5 for sure, unsure on SX1 and SX2). And the initial ilok "cracking" stopped once iLok2 hit.

There are several factors that have probably influenced why some of the protection schemes have been uncracked for so long. There's certainly was a qualitative jump in complexity of protection at one time that made it much harder to circumvent eLicenser and iLok. But also at some point the scene disbanded for various reasons and so there's not been much interest and talent in challenging the protection. I think this actually is the main reason, and not that the protection itself has been unbreakable, why iLok 2 has had such a long time. Also there's been a huge jump in cheaply available computing power that makes brute forcing cryptographic keys and such much more viable than for example 5 years ago.

I am agreeing on that end (teams loosing interest).

However... the lost head of the hydra finally regrew once Syncrosoft/Steinberg released a re-code of their license engine. At least this is how I understand it. So that is also an important point in this whole thing.

Like - do the devs even have the manpower/interest/resources to close the gap and improve on things?


It's like a game of chess. And I'm really curious what the next move will be.

[robotmonkey]

Actually maybe it was Urs. He had some negative things to say about PACE and AAX in this very same thread. And I'm sure that now he could sell his own copy protection with even heftier price tag than PACE.

If this is a joke, i don't think it's appropriate, especially given the current circumstances. U-he would'nt sink that low.

Yeah, it was a joke, and a bad one I know. But my mind jumped from Avid to Urs immediately. After all becoming more like PACE could be a good business opportunity for Urs as his protection is still uncracked. Anyways I apologize to Urs for making that joke.

[billcarroll]

Actually maybe it was Urs. He had some negative things to say about PACE and AAX in this very same thread. And I'm sure that now he could sell his own copy protection with even heftier price tag than PACE.

If this is a joke, i don't think it's appropriate, especially given the current circumstances. U-he would'nt sink that low.

I'm pretty sure u-he gives their copy protection scheme away for free to other devs. Or, that's at least what I remember reading at some point.

Unfortunately, all copy protection can be cracked. No copy protection is immune if the hackers are willing to spend the time and effort.

[Sampleconstruct]

I don't think it's a very good idea to mention more companies which have been cracked, in this thread.

[chk071]

No copy protection is immune if the hackers are willing to spend the time and effort.

I think so too. Also the challenge of cracking something which is supposed to be "hard to crack" will probably be a driving factor for many crackers.

[billcarroll]

I don't think it's a very good idea to mention more companies which have been cracked, in this thread.

Thanks for the thought. Edited my post.