flat assembler
Message board for the users of flat assembler.
Index
> Main > String & Proc Encrypting Goto page 1, 2, 3, 4, 5, 6 Next |
Author |
|
ic2 16 Apr 2008, 06:59
I wanted to post this at http://board.flatassembler.net/topic.php?t=8605 but snify is getting to near to a solution and I don't mess up the title of that thread but itsnobody got me fired up.
I also wanted to post this at http://board.flatassembler.net/topic.php?t=8597 but his main subject is about (AES) and is far more important across the map. (Something even non-programmers would be interested in) itsnobody: Quote: Then it'll be more difficult to hack, there's no such thing as anything impossible to hack, as long as it is encrypted and decrypted by the software itself it can be hacked Keywords: as long as gave me a idea of how I want to start doing things I got a good idea of how to use FASM and I am ready to build a small app from scratch in FASM. It will contains under a 100 string and about 40 procedures. Quote: as long as it is encrypted and decrypted by the software itself I want to encrypt each and every string individually outside of the process with some strong encryption code and I also want to encrypt all the procedures that are not use during start-up. Then I'll place them in a include file and assemble it all together with FASM... than pack it with FSG or other suggested packer. Is this possible? If so, what should I use? Is there some links on the board that has done something like this already? Can I include a One-time-Pad here? I don't know much about encryption and never been good with math but I do know how to follow orders. Alexp: Quote: Please leave the mode of operation to someone who's done it before, if you mean to actually use my AES code then just tell me, don't use that library alone. Encrypting 16 bytes at a time reveals code patterns, which can give away major clues to your data. I guest is AES is use to encrypt files for storage on disk or transferring files over a network and is not really design for encrypting code with-in an app. Is this true? What about Twofish. Tea, blowfish and others? Alexp: Quote: Oh yeah, encrypting your code (like decrypting on every function call?) does not make it invisible to reversers. I'm not worried about professional reversers but I do want to make their job as hard as possible... For starter, the encryption code will not be in the final executionable. It will only contain the decrypting code. Shouldn't this help to slow down the process? Would using macros for decrypting help to obfuscate some of it activity? I also like to include Tommy XOR Crypting Macro just for because it looks good and may obfuscate the thing even more. I need an opinions on this also. I'm just guesting things through. Anyway, this is the way I choose to write and I'm glad to be starting from scratch. I don't know everything but learned a lot through reading in the past three months and if it wasn't for the help from the members of the board it would be many month more before I would understand even some of what I read. Would all please post some information based on what I am trying to do here. All ideas suggestions and links will be greatly appreciated. Thanks in advance |
|||
16 Apr 2008, 06:59 |
|
ic2 16 Apr 2008, 08:27
I'm not really worry about the professionals. I always wanted to learn how to do this anyway. Forget about them. Where do we start?
|
|||
16 Apr 2008, 08:27 |
|
revolution 16 Apr 2008, 09:05
ic2 wrote: I'm not really worry about the professionals. I always wanted to learn how to do this anyway. Forget about them. Where do we start? Does your opponent know how to read/edit the registry? Does your opponent know how to read/edit binary files? Does your opponent know how to use a debugger? Does your opponent know how to reverse engineer? Does your opponent know how to decode and rewrite programs? Does your opponent know how to find another free alternative on the 'net? |
|||
16 Apr 2008, 09:05 |
|
ic2 16 Apr 2008, 09:32
I don't understand. A simple registry key is a long way from what I described.
Quote: I want to encrypt each and every string individually outside of the process with some strong encryption code and I also want to encrypt all the procedures that are not use during start-up. Then I'll place them in a include file and assemble it all together with FASM... than pack it with FSG or other suggested packer. Sorry if my long post mis-lead. Forget about my reasons why. This is all I want to do. |
|||
16 Apr 2008, 09:32 |
|
edfed 16 Apr 2008, 09:40
revolution wrote: Does your opponent know how to find another free alternative on the 'net? non free programs shall be only for professionnals, specifics, hard to code, original, etc... the only domain where not free is OK is for industry and professionnal programs. for general purpose and public, it is always possible to find free/open source/GPL code, then, there is no reason to focuse on security when coding simple programs. if your code is a special one for NASA, ok, you shall encrypt everything, but at least, this code will never go out of the NASA rooms, never on the net, never at your own home etc... Non free programs are really hard to find in reality (don't speak about the poor sharewares programs on the web (full of bugs, etc...) ) edit: i don't know why, but nowadays (2008) is a year highly focused on security... why? is there a war coming soon? there are many, many forums focused on this shit of security today. like a marathon??? the first to achieve will fuck everybody or what? |
|||
16 Apr 2008, 09:40 |
|
revolution 16 Apr 2008, 10:01
ic2 wrote: I don't understand. A simple registry key is a long way from what I described. Never mind me, you can still go and do all the encryption/security stuff if you like. It will slow down an attacker a small amount, but not by much. |
|||
16 Apr 2008, 10:01 |
|
ic2 16 Apr 2008, 12:20
Quote: Okay, maybe I was off on a tangent a bit, Funny, I grew up only to find it was always the super coders talking that way. I read 10 years worth and that's what keep me from even wanting to be a programmer for year. so don't feel bad. I know this is not your true style on the subject. If it wasn't for you I would have gave up FASM in a week like i did once before when I really wanted to try but was too afraid to ask for help. I saw many never receiving none Quote: but one should still try to equate the extra time and bugs involved with adding encryption/security against the expected return in revenue. I have no worries about time and I never wrote a bug. I debug with MessageBox and check every darn thing I do, as I go, many, many, times ... over and over again. That should give you an idea about the time I have wasted and is willing to give that time to the art of security. Don't change my plan , im just including this--Would you believe I mostly want to protect myself from Windows. It is full of sh*t and most people call it a bug and Vista is a tricky bit*h. See how long I been at it. Quote: Even most large companies decide that encryption/security will eventually cost more in the long term than it provided in extra returns. But they still do it.... Did that stop you from protecting your most important projects. hee hee Quote: Never mind me, you can still go and do all the encryption/security stuff if you like.. I can't go on without you. You don't fool me a bit. You are D Man I don't want no one secret codes. I just want some great tips and a maybe a few strong examples (whole or pieces) that no one really use but know I can build a full un-cut Idea from with some imagination. I check my FASM e-mail everyday if he choose not to post it. Quote: It will slow down an attacker a small amount, but not by much I'll worry about attackers after im finish. |
|||
16 Apr 2008, 12:20 |
|
revolution 16 Apr 2008, 13:37
ic2 wrote: Funny, I grew up only to find it was always the super coders talking that way. I read 10 years worth and that's what keep me from even wanting to be a programmer for year. so don't feel bad. I know this is not your true style on the subject. If it wasn't for you I would have gave up FASM in a week like i did once before when I really wanted to try but was too afraid to ask for help. I saw many never receiving none As for examples, I think it is still not entirely clear what you want to do. You mention including some output from another program so that would seem to require the 'file' directive? |
|||
16 Apr 2008, 13:37 |
|
ic2 16 Apr 2008, 15:53
Code: include 'win32ax.inc' macro macroBITCH { mov eax decrypt BIG_BOY and SHAKE_HIM_DOWN ret } .code start: mov eax, procCHICK Call BIG_BOY invoke MessageBox,0,"Get me a beer baby.. What's for dinner!",0,0 invoke ExitProcess,0 ; ............................................................. ; I been totally crypt by blowfish in another program but some ; how ic2 put me back inside here between two CHICKS ; I dead as a door nail.. That fool name ic2 even crypted ; even what id me as a procedure ... Even IDA can find me... ; I got to wait for my wife procCHICK or my slick ass ; girlfriend macroBITCH to ; turn me On. proc BIG_BOY endp ; ............................................................. ; I am the Decrypt for BIG_BOY entire block of code ... ; Not just what inside the proc but the whole code block ; I think it's my turn to get a piece of BIG_BOY today ; I know he needs if he want to exsist. That macroBITCH ; just jerk him around proc procCHICK. mov eax decrypt BIG_BOY and LOVE_HIM_WELL endp .end start And I want to do the same for some strings. Is this possible or am im barking up the wrong tree? If all is well what are the most recommended encryption tools I should use? And the hardest question of them all is how do I completely encrypt a single procedure. My guest is to place it in a separate asm file, assemble it, encrypt it, than assemble the results in the main file... But that didn't work so for me I think it's more to it than that. So anyway, how can this be done. My 2nd guest is to know the address of the procedure and get or know it size and encrypt it. I really want to do it the first way and I don't want to go into any reason WHY. But since you insist.. I just want to know how to do it all than I can pick and choose and go deeper into it.. To all females repeat after me "it's only a joke" Last edited by ic2 on 16 Apr 2008, 16:29; edited 1 time in total |
|||
16 Apr 2008, 15:53 |
|
revolution 16 Apr 2008, 16:29
The user code:
Code: start: call decode_some_shit call the_shit invoke ExitProcess,0 decode_some_shit: ;put whatever decryptor/decoder here you want ret the_shit: file 'MyEncodedEncryptedBinaryStuff.bin' .end The programmer code: Code: the_shit: invoke MessageBox,0,0,0,0 ret But there is a problem with how to cross over your variables between processes. After you decode the_shit all the pointers to things like messagebox are not properly initialised. You will have to add some sort of translation layer. |
|||
16 Apr 2008, 16:29 |
|
asmhack 16 Apr 2008, 16:29
no imports + xor data/code section with fasm preprocesor + pack with fsg/mew.. should be fine
|
|||
16 Apr 2008, 16:29 |
|
ic2 16 Apr 2008, 16:41
I'm going to try that now.
Thanks revolution asmhack, that do mean I use LoadLibrary GetProcAddress.for all my API calls. Just want to be sure. I got all the pieces going to try that too. Thanks |
|||
16 Apr 2008, 16:41 |
|
asmhack 16 Apr 2008, 16:53
take a look at this:
http://board.flatassembler.net/download.php?id=3658 |
|||
16 Apr 2008, 16:53 |
|
revolution 16 Apr 2008, 16:59
ic2 wrote: ...I use LoadLibrary GetProcAddress.for all my API calls. |
|||
16 Apr 2008, 16:59 |
|
asmhack 16 Apr 2008, 17:59
revolution wrote:
i remember one time i had made a vb application with "virus" or "trojan", don't remember now, caption on the form and the antivirus blocked it from loading XD |
|||
16 Apr 2008, 17:59 |
|
AlexP 16 Apr 2008, 22:17
IC2: I will be glad to make you whatever you want. I do suggest either EFB or OFB for modes of operation. Just tell me what you want, and how well you want it done.
Also, I'd recommend AES (I like 256 ) for a strong encryption, and I do believe performing checksums of the encrypted/decrypted code or data sections will help a hell of a lot to stop mid-debug tampering to get your code. I can also do this. Also @ Ic2: The AES algo (even the much slower versions) have out-performed the Twofish/Blowfish by quite a bit of speed. I would definitely suggest using it. AsmHack: I've heard of "V1ruz" or something very odd and obfuscated like that, (more than that above) be picked up by a virus scanner. |
|||
16 Apr 2008, 22:17 |
|
daniel.lewis 17 Apr 2008, 00:53
If your program consists of a set of finite buffers of data which must, when transformed as described in the x86 documentation, perform some algorithm; then that algorithm can be Beale Ciphered or AES encrypted or XOR'd or any other similar means you may devise. It won't take me more than an additional 0.5 seconds to reduce it to pure assembler.
Allow me to posit that anyone capable of reverse engineering an executable with any margin of understanding it at all, is only just shy of understanding the above. I would argue that encrypting your algorithm will only prevent a very slim population from successful deobfuscation. The act of obfuscating your algorithm will also slow it and bloat it, reducing it's competitiveness. Reversers and customers alike will both lose the feeling that you're a collaborative party, which is damaging on multiple levels. That said, if you still feel the urgent need to obfuscate I am able to do so in a way that would prevent a product from being reversed by anyone who uses an Emulator, Debugger or Flat Assembler from understanding the algorithm in less than a month. Encryption certainly won't cut it, and it would be expensive. _________________ dd 0x90909090 ; problem solved. |
|||
17 Apr 2008, 00:53 |
|
AlexP 17 Apr 2008, 13:36
In other words, daniel believes it would be a shameful waste of time.
I, on the other hand, think that if you would like to encrypt your code/data, it's all up to you. Place it on a crackme site, the full code will probably be given back to you within hours. I'd say go for it. Try it out, learn how it's done, you might even figure out a new way to do it that will make it much better. You cannot know until you try, so make it and then post it here so we can break it!!!! PS: As I said in my last post briefly, I don't see much of full process encrytion. Usually you just see checksums performed (in a discrete way) on the code, to find any 'int 3's. It is useful, and helps against a debugger. It would take a pretty good reverser to crack it then. (or they would just nop-out the hashing function ). |
|||
17 Apr 2008, 13:36 |
|
revolution 17 Apr 2008, 13:44
AlexP wrote: In other words, daniel believes it would be a shameful waste of time. It will probably take you longer to code and debug it than a good hacker will take to reverse it. Just look at the Vista DRM fights, a classic example of wasting time with protection. But, as AlexP noted, there is nothing wrong with wasting time as long as you're learning. |
|||
17 Apr 2008, 13:44 |
|
Goto page 1, 2, 3, 4, 5, 6 Next < Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.