合成器/采样器/音源/音色

  HAPPY NEW YEAR!!!

  * Completely unpacked from MPRESS2. Loads faster and uses less memory.
  * Works without keyfile. Not detectable by their current protection.
  * Homecalling and hosts file scan is bypassed.
  * Does not scan or remove other blacklisted.
  * Includes custom wrapper and solves file access issue.

  ----------------------------------------------------------------------------

  What Tone2 does :

  
  IsDebuggerPresent(), CheckRemoteDebuggerPresent(),
  NtQueryInformationProcess(), VirtualProtect() + Access Violation Exception,
  FindProcess() for famous debuggers and TerminateProcess().
  It will crash the app or call ExitWindowsEx() to shutdown Windowss.

  NOTE : Shutdown function still exists in their Icarus2.

  
  Any known blacklisted Tone2 keyfile will be removed. The installer also has
  deletion function of known blacklisted keys.

  
  Tone2 checks MPRESS2 signature to check unpacking. There are 3 ways used for
  checking. Some apps use few and some others use all ways. For 32bit version,
  PECompact is used.

  [Home Calling]
  Tone2 sends info to byte4.com and gets latest blacklist information.

  [Hosts File Check]
  Tone2 checks system hosts file to find "Tone2" "Byte4" entry. App will crash
  when it is found. Raw IP address is also scanned from hosts file but it is
  not possible define raw IP address in hosts file, so why? :P

  [Keyfile Attribute Change]
  Anti-ReadOnly. Tone2 tries to reset file attribute by SetFileAttribute(). If
  it fails, app will crash.

  
  Add the path of installation directory from the app.
  "HKEY_CURRENT_USER\Software\Tone2\(AppName)" "Path"
  The path is scanned by every Tone2 apps and remove blacklisted keys.

  
  Saved preset file contains the information of blacklisted keyfile. When app
  loads presets, they will be checked.

  [Themida Code Virtualizer]
  Only used in Icarus2 and Electra2. Software Virtual Machine function. Since
  patching Virtual Machine results unpredected error, partial or full de-
  virtualization is required.

  ----------------------------------------------------------------------------

  REViEW :

  1. Anti-Debugging

  It looks like Tone2 is misunderstanding the today's anti-piracy way. Most of
  their tricks don't stop the hacker from reversing, because app will crash
  immediately after the anti-debug code. They are very easy to find and easy
  to bypass even for the beginner crackers.

  2. Protection

  Current keyfile scheme was acquired after the nice attack from Team AiR in
  2009. The current protection is good and it should not be easily bypassed
  by beginner crackers. Many values in a keyfile are required to run the
  software correctly. However, we need to face the facts that legit keyfiles
  for most plugins are already leaked. Most bad guys don't even care the main
  protection and can concentrate on finding a way to validate the blacklisted
  keys. Unlike the main protection, their blacklisting routine isn't an
  advanced one, easy to find and remove.

  Then - you may wonder why Tone2 has been uncracked for about 10 years. The
  only difficult part is PE Compressor they used (32bit - PECompact3, 64bit -
  MPRESS2). Crackers need to unpack the binary before they start modify the
  code. Unpacking DLL is not so easy like unpacking EXE, and regarding the
  lack of 64bit PE tools, crackers may need to code the own unpacker or script
  to rebuild the PE. Solid knowledge about PE should be required. We think
  that's a secret of protecting and that's why even partial crack (bad crack)
  was not appeared for 10 years.

  3. File/Folder Structure

  Obsolete and not suitable in recent system. Since Windows XP SP2, the
  access to the system directory (include Program Files) are restricted due
  to the security reason. Tone2 put all preset, data, config, log to the same
  location to the DLL. It's hard to believe they are still doing this in 2020.

  PS : Our release put redirect wrapper DLL to your VSTPlugins dir and put
       real files to documents dir. Those issue by obsolete folder structure
       does not happen in our release.

  ----------------------------------------------------------------------------

  SiDE NOTE ABOUT "MALWARE":

  - Are Tone2 plugins still Malware?

  While all of their freeware or payware contains resource wasting protections,
  they stopped modifying system hosts file after it was mentioned from AiR.
  But, we found they still call ExitWindowsEx in their latest plugin Icarus2.
  According to the security expert, this can be categorized into Trojan,
  regarding these aspects :

  * Technically, it's not virus. Virus need "infection".
  * The app itself is functioning as legit application.
  * Contains malicious code, coded aimed to interfere some users.

  Actually, those apps which cause unintended shutdown is detected as Trojan
  today. Google "Trojan Shutdown" and you can find Torjan.Shutdowner or
  Win32/Shutdowner.*. These are not detect as "potentially unwanted program"
  but Trojan.

  Let's call it Trojan:Win64/Tone2 :)

  - Is it even legal?

  Depends on the law in the countries. Accoridng to the law expert, that
  shutdown code (not intended by user) clearly violates the criminal law in one
  or more countires. He says distributors also have risk and they are better
  to ask Tone2 and confirm there are no malicious code inside to avoid further
  legal issue.

  ----------------------------------------------------------------------------

  MORE TECHNiCAL NOTE:

  Tone2 anti-debugging crashes legit users.
  https://www.kvraudio.com/forum/viewtopic.php?&t=442754

  From the developer -
  "The  copy protection installs a Windows driver with root access
  to your computer. Furthermore several important Windows runtime libraries
  (dll files) are modified. iLok changes the behavior of the Windows operating
  system. As a result hard and software from other companies can crash or stop
  to operate. The creators of iLok do not provide information about
  incompatibilities."

  > The  copy protection installs a Windows driver with root access
    to your computer.

  Old PACE protection using tpkd.sys to hook INT3 and runs code on the driver,
  so this is true. This is really bad and already abandoned since PACE.Inc
  starts using WrapWarden + Fusion.

  > several important Windows runtime libraries (dll files) are modified.

  No. If PACE does, they are all detected by Windows or AntiVirus because all
  system DLL need to have valid Microsoft signature.

  > iLok changes the behavior of the Windows operating system.

  No. What can be changed are PEB and PROCESSINFOCLASS. Tone2 uses
  IsDebuggerPresent() to get PEB and NtQueryInformationProcess() to get
  PROCESSINFOCLASS, and try to find the debugger. API itself is not changed.

  > As a result hard and software from other companies can crash or stop
    to operate.

  This is true - but normal application (especialy when it comes to audio
  plugin) would not crash. Normal application does not need to use low level
  API provided by ntdll.dll. Tone2 uses NtQueryInformationProcess() which is
  not recommended by the Microsoft regarding the compatibility.

  Quoted from Microsoft Windows Dev Center:

  "NtQueryInformationProcess may be altered or unavailable in future versions
  of Windows. Applications should use the alternate functions listed in this
  topic.]"

  "The NtQueryInformationProcess function and the structures that it returns
  are internal to the operating system and subject to change from one release
  of Windows to another. To maintain the compatibility of your application, it
  is better to use public functions mentioned in the description of the
  ProcessInformationClass parameter instead."

  Sincelery Advice - Never use low level API which you don't even know!

  ----------------------------------------------------------------------------

  https://www.tone2.com/about-tone2.html

  > Save time because our products are reliable and efficient
  > All products offer high-end audio quality and low CPU requirement
  > We offer personal, fast and free support

  We think we did better, with lots of technical information :)