watermark pe

0x58 · May 10, 2010, 09:45:25 PM

hey everyone :bg i'm new to the forum even if i was watching it b4 registering anyway i'm looking for a way to set data to a portable executable will the main idea here is that i wan't to code a signer to protect my files against rippers to watermark my releases if someone could help me out :D and thank's

Neo · May 10, 2010, 10:59:40 PM

Do you just want to be able to identify, using another program by you, whether someone has modified the executable file, or do you want a mechanism to have the executable check itself without you being there? The former is fairly simple (though I need to go check the PE format specs for details), but the latter is quite complicated, and is never perfect, since the person could just modify the app to not check itself.

hutch-- · May 11, 2010, 12:49:32 AM

58h, (asm notation)

The most common way of detecting a modified EXE is a CRC algorithm but self checking tends to be a lot more complicated as Neo mentioned. Most of what I have seen over time has been specific tests on parts of the executable file to compare data to another reference stored elsewhere in the file although it can be a crc algo that is used within a restricted range of data. Different people have tested file lengths but that can be circumvented easily by a hack or virus overwriting parts of the file without changing its length.

Doing a CRC check on the MZ and PE headers is a little more useful as it will pick up modifications common in the older style of binary viruses but the usual warnings apply, it can be found and modified by someone else if they know what they are doing.

BlackVortex · May 11, 2010, 01:11:46 AM

@0x58 :
Are you sure you meant watermark, or maybe self-integrity check ?

Binary watermarking is like a hidden signature/sequence you hide in your file, so that you can detect leaked versions, or expose people that steal your work. Please explain better, so we can respond in detail.

dancho · May 11, 2010, 07:22:28 AM

@hutch
OT
0x58 is perfectly valid in fasm for hexadecimal numbers... :bg

0x58 · May 11, 2010, 08:49:51 PM

it's just the 1st byte of my alias 'X' :bg anyway me as a reverser i find crc32 check lame cuz i've already used it in a crackme and it was easy to break :U so what i really wan't to do is to sign my release by rsa, this means get the release md5 or crc32 whatever the hash is and get some infos about the release for exemple release name, release date, etc... and cancat them and then encrypt these infos to RSA this will be 2048bit and then find a code cave in the release and put this encrypted rsa into it that's all for the signer btw i've already done the ecryption method but how to put it in the choosed pe that i don't know how :lol

sorry for my bad english it's not my default one :red

hutch-- · May 11, 2010, 10:57:08 PM

0x58,

I am sorry but you are in the wrong place. this forum does not allow cracking or any form and will ensure that no data of this type is posted.

News:

watermark pe

0x58

Neo

hutch--

BlackVortex

dancho

0x58

hutch--