News:

MASM32 SDK Description, downloads and other helpful links
MASM32.com New Forum Link
masmforum WebSite

Anti debugger (disassambler) code

Started by TNick, June 28, 2006, 08:49:20 AM

Previous topic - Next topic

TNick

What metods can be used to protect sensitives part of your code?

Tedd

There are so many tricks that can be used, however they have all been seen before and don't really pose much of an obstacle except for the general user who has little interest in cracking your code anyway. Also, simply 'protecting' small parts of your code only gives focus to the area that should be 'fixed' - making the job a whole lot easier. If you must protect your code, then pack/encrypt the whole exe. There are many packers available, though most will also have an unpacker available too :bdg
If your code is really so good that it's worth cracking then it will be cracked - all you can do is make the job a little harder. And if it's not worth cracking, then why bother? :P
(Not to be negative or anything :lol)
No snowflake in an avalanche feels responsible.

TNick


hutch--

Nick,

Its basically a time ratio factor with protection of binary files. The more complex a system is, the longer it takes to be broken but someone wth enough time, knowhow and toys can break most things. Tedd is right here, EXE compress it and you have beaten 99% of would bees, of the remaining 1% you need to start modifying bits of the code with a collection of well known trick to slow things up. Mixed code and data together make disassemblers work a lot harder and they will usually need IDA Pro and a lot of time to untangle it.

You will have the most success with original idea as it makes them have to think, not just do well known things. Nothing beats having to shovel through a maze of garbage to try and get something to work as it is tedious time consuming work.
Download site for MASM32      New MASM Forum
https://masm32.com          https://masm32.com/board/index.php

TNick

Original Idea <- THIS IS THE ANSWER :). Thanks!

white scorpion

TNick,

Take a look at this program.
As you might know i'm working on an encryption utility.
For this program i decided to write my own algo's.
To test the hashing algo i've written above program and challenged people to bypass the security / read the code protected.
No one has done this so far, and i'm still waiting for someone to do.
The idea however could very well be used to protect your program.

Of course this is only useful if you want to protect your program from being distributed illegally instead of protecting your code from being Reverse Engineered since a legit buyer could reverse the program without any problems (besides from the basic packer used).

Unfortunately protecting against reverse engineering is never completely possible since at some point in the program the code must be readable otherwise the program can't execute.
Packing it will help, but only as a slow down option.

Yesterday at work we had a user who got an email containing a worm that wasn't detected yet.
I've reversed the thing to figure out what to do to prevent infection or cleanup.
The program had polymorphic code  / encryption which took me 2 hours to bypass, but i did bypass it.
Once i did, all code was there in plaintext since the computer must be able to read it.
This worm was a new variant of Bagle and was pretty sophisticated.
It got it's own driver and stuff like polymorphing code.
Nevertheless it only took me 2 hours to bypass it's defense mechanism.
If this was a program which is worth cracking then people who are a lot better at Reverse Engineering then me can crack it without a sweat.
If you want i can give you some links to a site with people dedicated to reverse engineering as an artform. They also write their own packers.
I also have some booktitles about this subject which might interest you.
Just PM me with your emailaddress if you want the info.


TNick

I am interested in this subject because I am working at a free program to protect - hide files on local drives. (as soon as it will be finished I will post the program here for testing). The main idea for me is to learn assambly, and I think this is the best way. Anyway, in such a program, I think it's critical to protect the code, also, and that's why I've asked.

I am allways interested in reading, so I will send my e-mail.
Thanks!

Mark Jones

Sigh. It's so depressing. A program can't be made non-steal-able. Nobody even cares to try, because "hackers are unstoppable." Nothing will ever stop them. Not hardware encryption, not government intervention, not all the jails on Earth; nothing. So basically, any program I create must be freely handed away. If I spend a week crafting a stained glass window, nobody insists I give that away free. If I spend a week refinishing an antique car, nobody insists I do that for free either. But programs? They must be free! If I spend a year writing a program, it has no value! As the general programmer population slowly realizes that their skills are losing value, I wonder who then will be writing programs in the future? Who would willingly participate in a very demanding career with diminishing value?

As Einstein said, "If only I had known... I would have been a Carpenter instead."

Oh, and check out http://www.truecrypt.org/
"To deny our impulses... foolish; to revel in them, chaos." MCJ 2003.08

TNick

Dear Mr. Mark Jones,

First of all, thanks for that link.

Second, I'm afraid I have a answer at your question: "Who would willingly participate in a very demanding career with diminishing value?" - the ones for wich programming is a hobby (passion?).


white scorpion

QuoteA program can't be made non-steal-able. Nobody even cares to try, because "hackers are unstoppable." Nothing will ever stop them. Not hardware encryption, not government intervention, not all the jails on Earth; nothing.
It's the same as with encryption, make it hard enough for the attacker to lose interest or make sure that when they've cracked it it has no value anymore.
I personally hate closed source software, but on the other hand, i'm willing to pay for open source software if i think it's worth it.
Actually i think the developers of Suse and RedHat made a clever move.
Distribute the programs for free and open source, but charge people for support.
I think this will be the future if it keeps going like this..

John

Quote from: White Scorpion on June 28, 2006, 07:25:23 PM
I personally hate closed source software, but on the other hand, i'm willing to pay for open source software if i think it's worth it.
Actually i think the developers of Suse and RedHat made a clever move.
Distribute the programs for free and open source, but charge people for support.
I think this will be the future if it keeps going like this..

To me, that's a flawed business model for almost all companies that develop commercial software. It works for Redhat and Suse because they actually develop very little themselves so it's about the only way they can make money.

Consumers want software that works and if the software works properly, most of the customers will never need to call for support. This means that those who do will need to pay a much higher premium in order for the company to be profitable. You're basically telling your customer that they can have the software for free but don't bother calling for support because it's very expensive. Can you imagine if Adobe Photoshop or Microsoft Office, or <fill in a popular PC game here> was distributed this way? The company would make little or no money.

I guess you could always lower your programming standards, end up with more bugs, and therefore more support calls.

hutch--

I would not yet advise anyone to slash their wrists because of the software market. There will always bee a demand for dedicated software for a company/government agency that needs something that cannot be obtained off the shelf. Then there is general commercial software where companies/corporations absoutely do NOT use illegal or cracked copies of available software because of various legal constraints like software auditing.

The general distinction from many commercial developers is personal software for free, commercial software for money with variations inbetween depending on the complexity ond development costs of the software. Some software is so dedicated that you need an education to use it and many specialised application are so accurately tuned to the task they are designed for that no-one would ever have a use for them apart from that.

Can you imagine trying to talk a gamer into wasting disk space on a dedicated concrete sections and strength testing simulation software. What about trying to pursuade a secretary to waste her time with a CAD program or a PCB visual design program. Thinking about it, what percentage of the world of domestic computer users would entertain the full source code for Linux.  :bg

I suggest that the dedicated software market will be with us for a very long time to come as there are a vast number of things that you just cannot do in Word or Excel or Powerpoint and the like. The generic software market has been dead to private developers for 10 years so its no loss to private developers.
Download site for MASM32      New MASM Forum
https://masm32.com          https://masm32.com/board/index.php

white scorpion

QuoteIt works for Redhat and Suse because they actually develop very little themselves so it's about the only way they can make money.
I don't say i agree, but it is clever.
Even microsoft has it's extended support offers of which companies can benefit because of faster updates etc.
Specialised software will always be a market, and like hutch said, companies with the risk of software auditing will be a market as well.

The biggest reason i do not like closed source software is because of the potential threaths and vulnerabilities that software may contain.
If its open source then the vulnerabilities are found much faster and there are often patches available instantly.
With microsoft for example you might have to wait for a month or longer until a patch has been released..

John

Quote from: White Scorpion on June 30, 2006, 05:27:50 AM
I don't say i agree, but it is clever.

Quote from: White Scorpion on June 28, 2006, 07:25:23 PM
...
Actually i think the developers of Suse and RedHat made a clever move.
Distribute the programs for free and open source, but charge people for support.
I think this will be the future if it keeps going like this..
The only reason I made the above post, I usually just lurk and keep my mouth shut, was because of the part you see in bold there. I don't think there's any way it can be the future because it's simply not a workable business model in almost every part of the software market.

Quote from: White Scorpion on June 30, 2006, 05:27:50 AM
The biggest reason i do not like closed source software is because of the potential threaths and vulnerabilities that software may contain.
If its open source then the vulnerabilities are found much faster and there are often patches available instantly.
With microsoft for example you might have to wait for a month or longer until a patch has been released..
There are good sides and bad sides to both methodologies. Open source software can be fixed quicker but it doesn't always happen that way. You also have to consider that as a general rule open source software is updated very frequently and therefore keeping your computer, or computers if your a large company, up to date becomes a bit of a headache. I believe there was a study done a few years ago which showed that, in terms of total cost of ownership (TCO), linux was more expensive than windows even though it could be obtained for free. I'm sure though that there are other studies that can contradict that as usually these studies are paid for by compaines that are banking on specific results, Microsft, Sun, RedHat etc.

As someone who develops software for a living, maybe my opinion is a little biased. I don't think RedHat or Microsoft have it "right". Instead I think the best way is somewhere in between.

white scorpion

QuoteThe only reason I made the above post, I usually just lurk and keep my mouth shut, was because of the part you see in bold there. I don't think there's any way it can be the future because it's simply not a workable business model in almost every part of the software market
If you take a look at the prices of current software, then i'm not surprised if the majority of the companies will switch to free software eventually.
Even the civil servants in Holland are already switching to *nix.

Take a look at photoshop for example, it costs € 819,91, while you have almost the same functionality with GIMP which is free and open source.
The Open-Office projects are getting better as well. It'll be just a matter of time till Microsoft Office will be traded for an Open-Office version.
I'm not saying that with an OS it will be the same, but eventually people will drop Windows and start using alternative OS's.
What you said is also a point to remember, updates might come too quick and too much, but when people change from Closed-source to open source software their demands will change as well.
I'm sure the open-source communities will reconize these demands and find a mutual agreement.

QuoteAs someone who develops software for a living, maybe my opinion is a little biased. I don't think RedHat or Microsoft have it "right". Instead I think the best way is somewhere in between.
I think you're right. I'm not saying above idea would be best, i'm just expecting it to happen.