flat assembler
Message board for the users of flat assembler.

Index > Heap > Vatari

Author
Thread Post new topic Reply to topic
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
you're gonna love these guys: www.vatari.com. Site probably exists in your native language too, eg. vatari.sk for slovakia etc.

To me, it sounds like someone liked Dan Brown's Digital Fortress and Mutation Strings too much.

Also, they are looking for ASM coders in Slovakia, so if you are seeking nice job, you could ask them. It should be work at home, so I believe you can be virtually in any country.

Interesting thing is that they seem to have some kind of code mutation.


Last edited by vid on 28 Nov 2006, 22:03; edited 2 times in total
Post 28 Nov 2006, 18:46
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
got more info from them.

they operate on 32bit PE binaries
Post 28 Nov 2006, 21:58
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17247
Location: In your JS exploiting you and your system
revolution
The website claims a lot of things, most of them untrue. The authors are not thinking outside the box with regards to hacking/cracking.

It is basically a downloader for software. Anyone with a decent virtual machine could break this without too much effort.

This is also the same problem with things like DRM. The problem is fundamentally unsolvable. The basic principle of computers make these protections inherently insecure. The only real path to protection is by legal means.
Post 28 Nov 2006, 22:50
View user's profile Send private message Visit poster's website Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
of course, it's the mutation that interests me. i have already asked about it, waiting for answer.
Post 28 Nov 2006, 23:11
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
more news. they claim to have "different code every time" without any analysis at all, performing on binary files. Executable is somehow divided to blocks.

Only way i can think of, is that every such block is encrypted and whenever code reaches that block, it is decrypted on-the-run.

also they state that they can replace API call with direct hardware I/O code, so the app won't run on another hardware.

?
Post 01 Dec 2006, 02:05
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
Quote:

also they state that they can replace API call with direct hardware I/O code, so the app won't run on another hardware.


Supposing that they really provide such replacement then it means that the code needs admin privilegies to run or at least a helper service driver (in both cases actually but an admin account can load the driver on the fly like CPU-Z does).
Post 01 Dec 2006, 03:47
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17247
Location: In your JS exploiting you and your system
revolution
If it needs admin privileges then it will never run on my system, or any system in my office. They seem unaware about any real working environment related to computers.
Post 01 Dec 2006, 12:26
View user's profile Send private message Visit poster's website Reply with quote
RedGhost



Joined: 18 May 2005
Posts: 443
Location: BC, Canada
RedGhost
If this gets popular it will get cracked, like everything else Cool

_________________
redghost.ca
Post 01 Dec 2006, 15:39
View user's profile Send private message AIM Address MSN Messenger Reply with quote
DustWolf



Joined: 26 Jan 2006
Posts: 373
Location: Ljubljana, Slovenia
DustWolf
vid wrote:
more news. they claim to have "different code every time" without any analysis at all, performing on binary files. Executable is somehow divided to blocks.

Only way i can think of, is that every such block is encrypted and whenever code reaches that block, it is decrypted on-the-run.


It could be the tricks utilized by polymorphic and metamorphic virii. Basically take one independent procedure and replace it with a variation of the code that does the same thing (e.g. different mix of registers used, etc). I don't see how this stops a reverse engineer, but alright.

Anyhow, the company offers what?

A program package that pokes holes into the executable code, making slots for downloadable user-hardware optimized blocks. Can anybody imagine debugging this?

Government and military use? Has anybody considered the effects of the software instalation / update being done while the system is being secretly subjected to a network redirect... any downloaded code directly inserted into legitimate software from the internet without as much as a hint about what is being done? Norton Antivirus network updates anybody?

And then there is that funny comment about crackers having to reprogram "ten thousands and ten thousands of assembler instructions"... I don't remember anybody doing the replacing work in ANY copyprotected EXEs manually... a scripted, search and replace style job works magic tho.

I guess this thing will be taken care of much the same way Battle.Net was.
Post 01 Dec 2006, 22:29
View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar.

Powered by rwasa.