News:

MASM32 SDK Description, downloads and other helpful links
MASM32.com New Forum Link
masmforum WebSite

Anti debugger (disassambler) code

Started by TNick, June 28, 2006, 08:49:20 AM

Previous topic - Next topic

sluggy

Quote from: White Scorpion on June 30, 2006, 05:27:50 AM
The biggest reason i do not like closed source software is because of the potential threaths and vulnerabilities that software may contain.
If its open source then the vulnerabilities are found much faster and there are often patches available instantly.
With microsoft for example you might have to wait for a month or longer until a patch has been released..

This is one of the biggest pieces of FUD ever released. OSS contains as many, if not more, bugs and vulnerabilities as closed source software (CSS). And i would state quite emphatically that very few good developers work in OSS, because there is nowhere as much money in it for them, they get paid far more for producing CSS. In fact, i would go as far as to say that OSS has far more mediocre and junior developers working on it than anything else. I have known people who got involved in OSS projects, and were proud to be involved, but the reality was that they were not that good at coding.

And while we are talking about it, let's dispel another myth - vulnerabilities do not necessarily get found quicker in OSS - they just get made public earlier. It may take MS a month to release a patch, but in that time i can be assured that they have had excellent engineers analyze and solve the problem and identify all the versions it occurs on, and then they have tesed it exhaustively on all those versions. If i was a sys admin, i would be rather sceptical of OSS's ability to rush a patch out overnight - what is the quality of the patch? How much testing did it get? Was the problem properly analyzed? Were all versions fixed, or do i have to maintain a continuous cycle of version upgrades just to stay patched because older versions are not supported?

A lot of the positive stories you see about OSS are just myth, propaganda that is generated by the OSS crowd themselves, and enthusiastically lapped up by all the n00b programmers that work on the project, and repeated by the media that is just keen to fill space in their columns with a story, any sort of story.

Don't get me wrong - OSS is needed, and does play a part in the software industry. It provides competition to established players, which is good for the consumer. Sometimes (but not very often) it increases innovation. For OSS software to take over the world, all programmers would suddenly have to want to work for free, and that isn't going to happen anywhere (except maybe India and China). And apart from a couple of flagship products (like Apache, Linux, Firefox and OpenOffice), and a few good tools (like Nant, CruiseControl, etc), there is very little on offer from OSS.

And one more thing - it is difficult for a company to survive simply on maintenance contracts. To do that, you have to be able to lock a customer into a very long term contract, and they have to need to use your software. Helpdesk and support duties are typically low skilled jobs, if a software product is free then it is more cost effective for a customer to maintain the product inhouse, they can just train their own staff members up to do it. And once again - if your company is surviving on maintenance, how will you pay your programmers? Why would they work for free when the helpdesk staff are getting paid?

Don't believe everything you read about OSS - it isn't the giant killer some people would like you to believe.



 

white scorpion

Quotevulnerabilities do not necessarily get found quicker in OSS - they just get made public earlier. It may take MS a month to release a patch, but in that time i can be assured that they have had excellent engineers analyze and solve the problem and identify all the versions it occurs on, and then they have tesed it exhaustively on all those versions. If i was a sys admin, i would be rather sceptical of OSS's ability to rush a patch out overnight - what is the quality of the patch? How much testing did it get? Was the problem properly analyzed? Were all versions fixed, or do i have to maintain a continuous cycle of version upgrades just to stay patched because older versions are not supported?
You know there are vulnerabilities found in Internet Explorer that have been unpatched for over a year?
And not just one, but quite a few.
Well, at least Microsoft is testing extensively.... :(
I'm not saying everything is perfect with OSS, but once demands change to OSS, the quality will change as well.

Mark Jones

Quote from: White Scorpion on July 05, 2006, 09:57:41 AM
...once demands change to OSS, the quality will change as well.

If the only people programming OSS software are kids and people who are willing to work for free, I don't see how this "quality of change" is going to be anything positive. I love my FireFox and Thunderbird, but nobody at Mozilla made any money off me... in fact they had to pay hosting costs, forum costs, all the fees involved with designing the software, etc. I've thought about trying to help out some OSS products, maybe by writing some plugins or something, but what motivation is there to do so? I'll never get paid for it and nobody is going to forward a user's email saying how great a plugin  is. Why would anyone want to contribute? Just for the fun of it? Because you feel guilty using a nice program that cost nothing?

Bottom line is, OSS software is great for the end-user (because it is free.) Maybe you can make some money with ads or tech support or whatever, but you definately have lots of costs involved, so chances are pretty good you'll end up paying more money to write the thing rather than profit from it. I guess this is fine if you want the "scene" notariety also, but in the grown-up world, money makes the world go around. Without money, there is less value. Maybe even no  value.
"To deny our impulses... foolish; to revel in them, chaos." MCJ 2003.08

white scorpion

QuoteIf the only people programming OSS software are kids and people who are willing to work for free, I don't see how this "quality of change" is going to be anything positive
Luckely that isn't the case...

The advantage on OSS vs CSS on programmer base is that the coders for CSS get payed so their managers will always be pushing to write more and faster. which doesn't improve the number of errors in the final release.
Secondly, since the CSS has a deadline (the earlier released, the more money made), this also doesn't improve the quality since pressure on releasing the software will be much higher then on OSS.

And of course not every opensource program will be created by people who are working for free.
The company behind it can very well pay them, but earn their money in a different way.

Regardless of all these pro's and con's, like i said in my earlier post, i'm willing to pay for opensource software. It doesn't necessarily have to be closed source for a company to sell their software.
Just make everything opensource (free or payed doesn't matter), and the world will be a better place  :dance:


You got a point there ;)
but that won't change my opinion on CSS...

Wistrik

#19
To get back on topic, here are some of my memories of methods old copy protection code used on the Commodore 64 computer...

- Loader overwrites stack with new return address, causing execution to redirect.
  (This was used to make many C-64 programs self-executing; stack was top-down LIFO and was kept in memory page 1,
   from 0100-01FF.)
- Loader takes advantage of 64k memory wraparound to load code into high memory, wrap onto low memory, and overwrite stack.
- Use of stable (6502 barely changed from VIC-20 to C-128) undocumented opcodes to confuse 'purist' disassemblers.
- Use of programmable hardware clock to multi-encrypt code using sequential key. Loader used matching frequency/key to decrypt.
- Heavy use of indirection to throw off/mislead potential code tracers.
- Use of lightweight XOR encryption to keep the curious at bay.
- Reprogrammed floppy drive with custom disk-reading code in order to load data hidden under situations that would normally produce
  read errors and the like. (Commodore drives had their own CPU and RAM so they were essentially a networked computer, and you
  could literally create your own disk format.)

All these things, and more, were put to use in at least one company's software. As I recall, they'd hired a hacker (the "work or be in jail" program) to code copy protection for them.

Of course, the PC has different architecture so some of these methods aren't going to work well. Timers are fairly standard so if you used a timer with a forgiving granularity you could possibly use the sequential encryption tactic. As I recall it was many layers deep; some code had been encrypted 20 times, each time with a different key from the sequence. Of course, encryption has improved a lot since then.

The thing I like about loader copy protection is that the main program is left alone and can be optimized for performance. The downside to loader copy protection is once you get past it, the main program is completely exposed. Entertainment software frequently uses this method, with the main program having to be decrypted at load-time with a key stored on/derived from the software's CD.

Edit: cleaned up the formatting a bit.