Why are you surprised? No effort was made to make it difficult to pirate the Aquarium. There was only one group of people affected by the new keycodes, and it wasn't the warezies. Not only have the pirates given out keycodes, but they were able to watch, with a debugger, how the Aquarium decodes the keycode and make their own keycode generator!
Reichart and I had a discussion in the chatroom about various techniques that could be used in the future. He is familiar with the methods crackers use (don't ask
).
I would like to see the Aquarium run a checksum on the keycode parsing algorithym, the elements of the keycode parser strewn throughout the EXE and themselves encoded, and the Aquarium phoning home to check the validity of the keycode. And if 5+ IP addresses report in with the same keycode, turn that keycode off. Also, having rotating EXEs at SereneScreen.com wouldn't be bad. Have 10 slightly different versions of MA2, and they rotate every 2 hours.
If someone really wants to use the Aquarium in a pirated condition, that's fine, but it will deactivate itself if they forget to get off the Internet before running it.
And once a keycode is turned off, the Aquarium would write a key to the registry in one of the "bird's nest" regions.
I consider the protection in CuteFTP and WordZap sufficiently complicated such that the average person would give up and either buy it or delete it. They both phone home, among other steps.