flat assembler
Message board for the users of flat assembler.

flat assembler > Windows > Anti dumping?

Author
Thread Post new topic Reply to topic
SC0U7



Joined: 20 Feb 2018
Posts: 17
Hello iam making image protection app i have loader which is store inside memory of my protector and showing decoded image.That works well but i dont know how to i can avoid a Process Dumping.Because who use it then he can load image without any protection is here any technique for make my process undumpable? Smile any link any code i need FASM any documentation or anything which help me?

Thx for any replies
Post 26 Jul 2019, 18:54
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 16737
Location: In your JS exploiting you and your system
SC0U7 wrote:
... is here any technique for make my process undumpable?
Quite simply, no. You cannot ever stop someone from looking at the memory of their own system.
Post 26 Jul 2019, 21:02
View user's profile Send private message Visit poster's website Reply with quote
SC0U7



Joined: 20 Feb 2018
Posts: 17
Post 27 Jul 2019, 08:19
View user's profile Send private message Reply with quote
ProMiNick



Joined: 24 Mar 2012
Posts: 354
Location: Russian Federation, Sochi
Everything located on local machine of user is property of that user. He could explore everything absolutely legal if he not going to publicate results of such exploring. End even if he expect to get money reward for such exploring - he can do it illegal.
All technics by packing & crypting code have serious weakness - code for unpacking is located in exe.
Moreover attacker could inject his code in thours via syscalls (not via api) by making this he is responsible for notating process that it is debuged & of course he wont notify.
There is only way to guaranteed protect thour code - locate it on server and present to thour customers only GUI interface to connect with server.
Post 27 Jul 2019, 23:26
View user's profile Send private message Send e-mail Reply with quote
SC0U7



Joined: 20 Feb 2018
Posts: 17
Yes i currently make a something like a Gate on PHP server which is contacted from my soft and then make request for crypted image via specific id somelike download_protected?uid=bd457eqsfF5Aq4 and then GATE check parameter like VPN or USER agent or Specific Country ... but i think it isn t best idea because someone can track request and change it simple.And when i make that fully working then always is process dumping the most worst method for my protection.Now i am try make a something like containter which which will hold that image and after dumping the person only have that dump container not simple software which show exe.Next i can make some kind of dynamic changing in gate the link will change every x minutes then when someone with reverse engineering have only old link and cannot download encrypted image for breaking it.But this also affect all peoples who have it norrmaly then i dont know if i applied some kind of update.but this is also simple break.Yes webd and cloud server road is best method.But i need it also in simple exe form not browser.Thx for reply
Post 28 Jul 2019, 06:42
View user's profile Send private message Reply with quote
ProMiNick



Joined: 24 Mar 2012
Posts: 354
Location: Russian Federation, Sochi
Never use for sequrity requests over internet standard protocols (exept SSL with certificate authority maybe). Thou could change whole cusom protocol each week for example - attacker will be limited by time to interpret protocol messages.
Look how works goverment programs: users usualy working via web browser, in rare cases via thin client exes(interface and content dinamicaly loaded to them). Users only needed certificate. Users sent hello to server already crypted by their certificate - server checks hello validity (because server has open keys of every registered user) and sends its own hello (temporal open key of server (it could be personal to every connection session)) crypted for client certificate back to client. attacker could trace whatever he want - it will not help.
Exploring thin client will not help attacer too.
And of course no one alien have no access to machine where hosted goverment program. - That is realy antidumping - thou can`t dump that thou can`t access.
Post 29 Jul 2019, 00:00
View user's profile Send private message Send e-mail Reply with quote
DimonSoft



Joined: 03 Mar 2010
Posts: 570
Location: Belarus
ProMiNick wrote:
Never use for sequrity requests over internet standard protocols (exept SSL with certificate authority maybe). Thou could change whole cusom protocol each week for example - attacker will be limited by time to interpret protocol messages.
Look how works goverment programs: users usualy working via web browser, in rare cases via thin client exes(interface and content dinamicaly loaded to them). Users only needed certificate. Users sent hello to server already crypted by their certificate - server checks hello validity (because server has open keys of every registered user) and sends its own hello (temporal open key of server (it could be personal to every connection session)) crypted for client certificate back to client. attacker could trace whatever he want - it will not help.
Exploring thin client will not help attacer too.
And of course no one alien have no access to machine where hosted goverment program. - That is realy antidumping - thou can`t dump that thou can`t access.

Until they solve the factorization problem.
Post 29 Jul 2019, 18:24
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2019, Tomasz Grysztar.

Powered by rwasa.