flat assembler
Message board for the users of flat assembler.

Index > Main > String & Proc Encrypting

Goto page Previous  1, 2, 3, 4, 5, 6  Next
Author
Thread Post new topic Reply to topic
AlexP



Joined: 14 Nov 2007
Posts: 561
Location: Out the window. Yes, that one.
AlexP
Yeah, there's really nothing substantial that you can do to actually protect your code/strings... Just try the checksums/AES or even the xor macro if you want to learn how to do it.

I personally think it would be a fun little trick to learn!
Post 17 Apr 2008, 13:49
View user's profile Send private message Visit poster's website Reply with quote
ic2



Joined: 19 Jan 2008
Posts: 75
ic2
daniel.lewis
I see other have posted after you... I will not read them now because I don't want to change my tune.. You'r posts are interesting all over the place.
Quote:
The act of obfuscating your algorithm will also slow it and bloat it, reducing it's competitiveness. Reversers and customers alike will both lose the feeling that you're a collaborative party, which is damaging on multiple levels.

I wrote a small application with no protection that is being used by a few private businesses. It not a big money venture but the next release will be protected.

This makes me think ... If I ever write and release any big time commercial software as far as competition, they will be NONE and my users would never be interest in reading the Pow Wow party gossip column. I don't need their review when there are thousands of gossip sites on web, including u2.

As long as the code respect other processes and don't invade user privacy I'm not going to be so stupid not to apply every security measure possible at the cost of only one additional second during START-UP. The whole world is doing security while the ultimate coder (ASM people) is expected to sit back and do NOTHING but make executes not to. BULLSHIT
Quote:
That said, if you still feel the urgent need to obfuscate I am able to do so in a way that would prevent a product from being reversed by anyone who uses an Emulator, Debugger or Flat Assembler from understanding the algorithm in less than a month. Encryption certainly won't cut it, and it would be expensive.

"if you still feel"
Of course I do and what you learned I will too shorly. That's why I choose to come to Assembler from Delphi in the first place...

Addition layer ... I will be keeping your number. Obviously, you must be one of the best ...

Thanks
Post 17 Apr 2008, 15:32
View user's profile Send private message Reply with quote
ic2



Joined: 19 Jan 2008
Posts: 75
ic2
Thanks Alexp

The discussion you guys are already having is very helpful. I got to make a run and I'll be back in class and ready to go to work this evening.

FasmClass
Post 17 Apr 2008, 15:50
View user's profile Send private message Reply with quote
ic2



Joined: 19 Jan 2008
Posts: 75
ic2
I'll never get out of here.. I just did a quick read and stopped at this line...
Quote:
You cannot know until you try, so make it and then post it here so we can break it!!!!

AlexP You're Wild!!!

That's a good one. LOL I might just do that upon graduation.
Post 17 Apr 2008, 16:05
View user's profile Send private message Reply with quote
AlexP



Joined: 14 Nov 2007
Posts: 561
Location: Out the window. Yes, that one.
AlexP
Quote:
AlexP You're Wild!!!
Thanks, I don't think I've ever gotten that (compliment?) before Smile. Well, if you need any help at all just ask.
Post 17 Apr 2008, 16:31
View user's profile Send private message Visit poster's website Reply with quote
r22



Joined: 27 Dec 2004
Posts: 805
r22
Code encryption is pointless it will have be decrypted eventually to run, but that doesn't mean you can't make your program virtually Uncrackable.

Just write a Web Service, host it on a private server, use HTTPS,
And have your app work as a client.
-Connect to Web Service on HTTPS
-Implement some login or registration key check
-Send input data to the Web Service over SSL
-Receive output data from the Web Service over SSL
-Show output to the user.

Having your main algorithm run on the web (counter intuitively) makes it more secure.

99.9% Uptime is usually good enough, but if its mission critical host the Web Service on two separate domains and have your client app try both of them.
Post 17 Apr 2008, 19:11
View user's profile Send private message AIM Address Yahoo Messenger Reply with quote
ic2



Joined: 19 Jan 2008
Posts: 75
ic2
AsmHack:
AntiVir is the one most of us here use. I got my set HIGH and it did not any detect vir** but I get the Idea.. LoadLibrary GetProcAddress FreeLibrary does well.

That's what I'm talking about ... Every little bit helps. This will stop all the basic tools and some. The only tools I need is assembler and a IDE. I wish others didn't need more ... Smile

Thanks

r22
Quote:
Code encryption is pointless it will have be decrypted eventually to run, but that doesn't mean you can't make your program virtually Uncrackable.

Encryption combine with many many other known assembler tricks is what this thread is all about. I hope some of this will be addressed also like you and AsmHack have already done.

Thank you
...................................................................................................................
revolution:
Quote:
It will probably take you longer to code and debug it than a good hacker will take to reverse it.

The minimum outcome would be I will finally have a reason to use a debugger. Wouldn't that be great. A tool use for the GOOD and not the EVIL. A tool to help build my Tool Busting program. Wow
Quote:
Just look at the Vista DRM fights, a classic example of wasting time with protection.

The guy played with kernel mode debugging since the age of six. Maybe the next kid will dedicate his life to cracking my project. What a Honor!!!
Quote:
But, as AlexP noted, there is nothing wrong with wasting time as long as you're learning.

To learn how to do anything is NEVER a waste of time. Come to think of it that's is exactly what millions of programmer around the world say about assembler. Do that include you? Unbelievable!!!
...................................................................................................................
Alexp
Quote:
I'd say go for it.

I say only a sucker wouldn't
Quote:
Try it out, learn how it's done,

That's what's it all about!!! People spend years at colleges to learn this stuff regardless of the out-come
Quote:
you might even figure out a new way to do it that will make it much better.

That's what's people here is afraid of!!! No guts no glory.
Quote:
You cannot know until you try, so make it and then post it here so we can break it!!!!

After some thinking I decided to do it a little before gradation (page 6). I am not going to disappoint anyone. I definitely will sign you up for your 40 year FREE tours at Jungle Hell Hallway. No Reservation needed for all who thought impossible... Smile

Disclaimer:We provide the best deal possible so if you find yourself in the nut house don't call us looking for a REFUND. Remember it was FREE. We just did not tell you ONLY IF YOU CRACK IT ... Just pay the fat lady at the desk the $19.95 fee for the discharged papers, and we'll pick you up ... FOR FREE Smile

Quote:
In other words, daniel believes it would be a shameful waste of time.

That because he know how to do it. So that makes all this negativity of it can't be done a total 0 BTW: How did you possible miss that point...


I bet he did and I have no reason to question another code decovery. His words were pure gold at first read and that's all we need to know to continue with this thread.

All we need is tips, basic known samples, ideas on how to apply them and suggestions than maybe even we all can meet the power of his words half way in our final code ... Now your on your own and must use what you already know through years of programming in ASM and apply some imagination and remember those strange things that happen to you in the past while coding and...
Voila!!! it's On...

Nothing personal AT ALL...I had to speak my peace, even if by chance I'm complely wrong. Bill Gates use to say "impossible" all the time. Do a search and and you'll see how many time he said that word than ate his own word with-in weeks.

I rest my case

Go To Why Not ^

FasmClass 2008 continue:


Last edited by ic2 on 17 Apr 2008, 19:52; edited 2 times in total
Post 17 Apr 2008, 19:34
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17663
Location: In your JS exploiting you and your system
revolution
r22: I hope you are just making a joke? That involves a lot of infrastructure, server farms, fast servers, backup supplies etc. The user needs a 100% on Internet connection and the associated problems with their local ISP. Also, with that method, people might as well just use the TV for the 'computer', since it doesn't need any local computing resource. Where is the privacy for the user? All their data is given to some hosting service!
Post 17 Apr 2008, 19:37
View user's profile Send private message Visit poster's website Reply with quote
AlexP



Joined: 14 Nov 2007
Posts: 561
Location: Out the window. Yes, that one.
AlexP
I think r22 was just being sarcastic.

Good luck IC2, and I'll keep working on my end to make RSA as nice as possible. Right after homework Smile. It'll be a few months before my ideas are realized, and I hope I can contribute something to your project if you need it.

BTW: How about this to block a reverser?:
Code:
if (Debugger has been detected || decompiled) {
    WipeRegistryKeys();
    DeleteMBR(); 
SendTheirFilesToYourComputerUsingAlexP'sRSAcodeThenWipeTheFilesOnTheirHDD():
    MessageBox("THat's what you get for trying to void a copyright bitch").
    ChangePassword(rand());
    Shutdown();
}
    

How's that for copy protection?
Post 17 Apr 2008, 20:44
View user's profile Send private message Visit poster's website Reply with quote
ic2



Joined: 19 Jan 2008
Posts: 75
ic2
I would have never thought about this until I read revolution post. So now I'm happy because I see Fasm people do have a since of humor allowing even noobs to get there roles off without any animosity.

There are only 16 ASM Kings on this planets.

Thanks REVOL

...............................
...............................
sarcastic... Maybe, but the words "host it on a private server" mean if you are not into your own, others would be dangerous but, FYI ...

He is not rookie in no kind of way. We are only a hand full. Most ASM people came from other worlds and that's what makes it so wonderful; A person who build from freeBSD or BSD likes and maintain it personally (monitoring everything daily professionally ) and do all the things that revolution warned about, properly, only than it can work. I read a lot about that kind of thing early last year and now I have 4.65 gig worth of document including BSD's all it in the waiting. See why I'm so concern. The trick is to protect your user information as good as you protect your code from being hijack, infect with vir** or from simple lost of packet.

If I'm wrong I am still happy that even the heavy's drop in to spit some knowledge to help us think. Who can ask for more...


Anyway, Alexp your right I'll be back after I do my homework too.

the_shit:
file 'MyEncodedEncryptedBinaryStuff.bin'

.end

Yes, it is called file, and you can use it like any other data definition directives (that means it can be preceded with label without a colon). It also allows you to specify the offset in file and count of bytes you want to include. For more information look into the section 1.2.2 of the manual.


Last edited by ic2 on 18 Apr 2008, 00:28; edited 1 time in total
Post 18 Apr 2008, 00:07
View user's profile Send private message Reply with quote
daniel.lewis



Joined: 28 Jan 2008
Posts: 92
daniel.lewis
I'm not one of the best in practice, I just know the theory, and it's helped me to make better choices than average in the reverser/obfuscator diametric.

Yes, I believe it's possible to obfuscate an algorithm to the point it'll take a reverser roughly a month to crack it. It would take an incredible effort and basically be a walk through every obscure oddity in x86 pmode.

I personally have a few dozen tricks in the bag that would choke most tools but I'm sure there are at least hundreds more.

hooking the debugger and leveraging various faults as part of normal flow control, page remapping multiple code streams into the same addresses, multi-push/ret/ret/ret, movups [ESP+3] XMMX, cycle-count timing a device to check for emulation, interlaced Beale Cipher masks, loading up DLL's and linking them yourself in some obscure fashion, avoiding windows API calls as much as possible...

Most people use existing debugger toolchains to reverse, so much of the above will confuse them for a bit. I've got my own system, and only one of the above would prevent my script from succeeding, and only if it was used correctly.

The problem with AlexP's suggestion is that someone simply trying to file a good bug report could get waxed; and it's criminally illegal while copyright infringement is civilly illegal.

I swear by Beale Ciphers as the ultimate in encryption technology. The algorithm can be any reversible algorithm, and the data can be anything readable, and the ciphertext doesn't have to be the same size as the plaintext, nor does it have to be a linear block. Leveraged fully, a Beale Cipher is not a matter of computing power, I would contend it's theoretically impossible to crack without knowing at least one of the reversible algorithm or the data and the order it is used to encipher.

Regards,
Daniel

_________________
dd 0x90909090 ; problem solved.


Last edited by daniel.lewis on 18 Apr 2008, 00:48; edited 5 times in total
Post 18 Apr 2008, 00:28
View user's profile Send private message Reply with quote
ic2



Joined: 19 Jan 2008
Posts: 75
ic2
While Im here I tell you I simply love to give credit where credit is due. Ask anyone at masm32. You are a strong speaker. It's toooo late my mind have been blown... AlexP's was just kidding

Now I'll go back to read to understand your post.
Post 18 Apr 2008, 00:33
View user's profile Send private message Reply with quote
AlexP



Joined: 14 Nov 2007
Posts: 561
Location: Out the window. Yes, that one.
AlexP
ic2: You do realize the ironic-ness* of your situation. If you make your code obfuscated with newer techniques, encryption, checksums, something that would take longer and more skill to crack, then all you're doing is teaching the person who'll be cracking your code (if any). All you're doing is keeping the cycle going...

daniel.lewis: I've heard you talk so much about Beale, but have you ever thought that it is crackable (if you base it off of something such as english literature?). It's no more than an OTP (but not as secure) for a lazy person who doesn't want to remember the key Smile.
Post 18 Apr 2008, 02:48
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17663
Location: In your JS exploiting you and your system
revolution
AlexP wrote:
BTW: How about this to block a reverser?:
Code:
if (Debugger has been detected || decompiled) {
    WipeRegistryKeys();
    DeleteMBR(); 
SendTheirFilesToYourComputerUsingAlexP'sRSAcodeThenWipeTheFilesOnTheirHDD():
    MessageBox("THat's what you get for trying to void a copyright bitch").
    ChangePassword(rand());
    Shutdown();
}
    

How's that for copy protection?
I think you will find that is called malware. It's been done many times before and is the main reason I never use obfuscated code. One can never know what nasty things have been coded.
Post 18 Apr 2008, 04:01
View user's profile Send private message Visit poster's website Reply with quote
ic2



Joined: 19 Jan 2008
Posts: 75
ic2
I guest that's why most people most people talk about the "why not" when a thread pops up like this one. As far as the "why nots" I have been totally convence not only by the posts here but I did a quick scan through 256 bit SSE aka AVX thread, than reality kicked in... everything got to go through the processor and with all that power and machine with multi processors the code don't stand a chance anyway to be hidden. But I still learn something good about fasm. I like the FILE directive and it's more fun learning how to use FASM than worrying about a piece of code that can be crack anyway no matter how much I curse and fuss.

Quote:
...then all you're doing is teaching the person who'll be cracking your code (if any). All you're doing is keeping the cycle going...

There are more cracking forum than coding forum. Do a search. Cracking been going on since the beginning of time. They learn the latest tricks everyday. The only dummy are people like me. Your fact is in reverse. I need to learn what they already know and we are not allow to hang at hackers site. The world have given assembler a bad name as it is. To show you how stupid they turned out to be with-out knowing it even today, assembler was the first language when the computer was born, all others were just for conveniences of weak minded programmers. They needed something in baby language (human readable). I love this stuff to much to NOT break the rules and tarnish my rep. Asm people trained me well. It's not good to even joke about crashing someone machine.

The only difference is I use it for the good. To detect my code weak points. To fix that weak point. To understand why things works as they do.

On the other hand I see your point and is about to trash the idea. I want to listen to what people are saying but for some reason something keep telling me it's better to know how to do thing than not to know regardless if it works or not.

Alexp, BTW, I know you were just kidding but for the record in some countries it is illegal to even crash someone machine because they may have other programs open and would loss their work.


But where do ‘decompiled' come in. Does the code shipped has an embedded compler or something. if (Debugger has been detected || decompiled) {
Quote:
One can never know what nasty things have been coded.

oooo revolution, you just fired me up again... can that also be the other way around ... One can never know what WONDERFUL things have been coded.
When I catch statement like this which is everywhere it make me wonder and keeps me trying. Do you blame me?

Keyword: NEVER KNOW

Also, wouldn't Alexp idea be ok to use if it wasn't so brutal? if OK would it still be consider as a Trojan? If so, why? I was thinking... saving the detected information than simply jmp to exit your process.

See ya latter
Post 18 Apr 2008, 10:13
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17663
Location: In your JS exploiting you and your system
revolution
ic2 wrote:
One can never know what WONDERFUL things have been coded.
If it was so wonderful it would soon become apparent. People would want to use the program to get the "wonderful" benefits. If you protect it then people think "Hmm, why so secretive, perhaps it is naughty code".

For some (expensive) programs used in my work, they are protected. So before I started using them I made sure I fully reversed it and understood it beforehand. I cannot risk my data being lost due to some overzealous programmer that thinks he/she owns my machine just because I bought his/her software.

This is where the time wasting come in. The programmer spends time coding some protection, and the user spends time breaking it to make sure nothing bad is in there. End result: lost time and effort for no gain.
Post 18 Apr 2008, 11:02
View user's profile Send private message Visit poster's website Reply with quote
AlexP



Joined: 14 Nov 2007
Posts: 561
Location: Out the window. Yes, that one.
AlexP
Smile I do know the consequences of my actions above (if they were taken), it was just a little over-exaggeration... Well, go ahead and play around with your protection, but I'd like to recommend:

DON'T BOTHER WITH THE VERSION THAT MATTERS.

I think you're fine and free to play around with all of the protection on something that you keep to yourself (or us?), but I don't think that it will have a significant effect on the release.

If the code is in use for, let's say, six months, and a cracker gets a hold of it right when it comes out, and he crackes it in a maximum of 1 month, then that protection code will be serving no purpose but to slow down the software for 5/6 of the time that it will be in use.
Post 18 Apr 2008, 11:48
View user's profile Send private message Visit poster's website Reply with quote
ic2



Joined: 19 Jan 2008
Posts: 75
ic2
Now that I finally had a good sleep, I'll just say nothing is impossible.


Last edited by ic2 on 19 Apr 2008, 13:47; edited 2 times in total
Post 18 Apr 2008, 12:51
View user's profile Send private message Reply with quote
AlexP



Joined: 14 Nov 2007
Posts: 561
Location: Out the window. Yes, that one.
AlexP
I do hope you know what I mean about the non-protection thing, apparently I worded it wrong. Do what you want, I just believe you shouldn't do the in-process computations and such if they would be wasted later. I do not know how your code is to be used, if it is supposed to be speed-intensive or just safe. Good luck, it would help us a lot more if we knew what your code was about.
Post 18 Apr 2008, 14:13
View user's profile Send private message Visit poster's website Reply with quote
ic2



Joined: 19 Jan 2008
Posts: 75
ic2
Quote:
it would help us a lot more if we knew what your code was about.

I figure you can place a ton of bricks on any application under 1MB and it will open well under 1.5 second and run well ... Is this about right.

I don't think the user would even notice any decrease in speed if this program was running the strongest encryption possible packed with more obfuscation code then any one have ever seen . I read you guy talking about 100MB files. Under 1/2 MB is all I been worried about. As far as disk space and ram, the saving come because it was written in assembler and not c. Would all of this be near correct?

Size on Disk:
Total size = 348KB
New size = 500KB Add up to 152kb additional code space if needed for obfuscating process
Memory Usage = 6368
New Memory Usage = Add up to 15000kb if needed for obfuscating process

speed-intensive:
Add up to 1 second to ShowWindow ... no matter how much obfuscating is done. This Window must open in 1.5 seconds max.

Add up to 1 second for button process.
At the click of any button it must complete the obfuscated procedure in under 1.002 second

just safe:
It better be safe or I am in big trouble.

Something about my code:
It's It's a modified version of QIKPAD from masm32 with an extra row of buttons pointing to customized functions that meets my clients needs.
As a programmer you would think of it as a IDE without the tabs, nothing more, nothing less...

Why Max Protect:
Well if no one want to debate this the answers are
1) I always just want to
2) I always gone to the breaking point
3) I got plenty of room
4) just because I can.

Good night
Post 18 Apr 2008, 19:44
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2, 3, 4, 5, 6  Next

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.