Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 12-04-2004, 20:46
taos's Avatar
taos taos is offline
The Art Of Silence
 
Join Date: Aug 2004
Location: In front of my screen
Posts: 580
Rept. Given: 65
Rept. Rcvd 54 Times in 19 Posts
Thanks Given: 69
Thanks Rcvd at 133 Times in 36 Posts
taos Reputation: 54
make a crypter

Hi!!
I'm making a simple packer but I need your help.

When I encrypt a file, the decrypter code is in the EXE but I'm coding a Dll that decrypt the EXE.

EXE program are encrypted with key A.
EXE OEP is changed to make a call to a function (B) in a dll pasing a parameter.
The parameters are all the encrypted bytes of the code section in a loop.
If you have registered the APP then the function B use this unlock code to return the right decrypted byte.

But can be possible?
How can I determine wich could be the unlock code in the PC to previously encrypt the app?
In EXECryptor if you don't have the right unlock code you can not unpack the EXE. how they do it?.
Ideas???
Regards
Reply With Quote
  #2  
Old 12-04-2004, 21:20
Michel Michel is offline
Friend
 
Join Date: Sep 2004
Location: France
Posts: 66
Rept. Given: 2
Rept. Rcvd 6 Times in 1 Post
Thanks Given: 0
Thanks Rcvd at 1 Time in 1 Post
Michel Reputation: 6
Hi Taos,
It's nice to see you so obstinate
You want to do a protector, not a packer.
It seems your idea looks like what Pc-Guard did. I sujest you to read their commercial docs in order to understand, as generic approach, the mechanism of generating and using keys to register a particular app on a particular pc.
Reply With Quote
  #3  
Old 12-05-2004, 02:04
taos's Avatar
taos taos is offline
The Art Of Silence
 
Join Date: Aug 2004
Location: In front of my screen
Posts: 580
Rept. Given: 65
Rept. Rcvd 54 Times in 19 Posts
Thanks Given: 69
Thanks Rcvd at 133 Times in 36 Posts
taos Reputation: 54
Quote:
Originally Posted by Michel
Hi Taos,
It's nice to see you so obstinate
You want to do a protector, not a packer.
It seems your idea looks like what Pc-Guard did. I sujest you to read their commercial docs in order to understand, as generic approach, the mechanism of generating and using keys to register a particular app on a particular pc.
Thanks, I want to make a protector but I need powerfull crypter to avoid cracking the algorythm in minutes.
I've tested PC-Guard (last version) but I've unpacked PCGWIN32.EXE and all his schemes are on my IDA disassembler
In any crypters, if you don't have the key, you don't have the code, how it works?

Regards.
Attached Files
File Type: rar unpacked.rar (175.8 KB, 13 views)
Reply With Quote
  #4  
Old 12-05-2004, 03:36
Michel Michel is offline
Friend
 
Join Date: Sep 2004
Location: France
Posts: 66
Rept. Given: 2
Rept. Rcvd 6 Times in 1 Post
Thanks Given: 0
Thanks Rcvd at 1 Time in 1 Post
Michel Reputation: 6
Pc-Guard is not a sample of very strong protector : there are tools to unpack automatically protected apps : even pcgwin32 wich is protected by itself is easilly decrypted, as you know
Nevertheless, if you trace manually the decrypt process you become aware of this generality : All is needed to decrypt must be in the distributed exe, exept one key wich may not be hardware nor username dependent. This key must be the same for all users and all machines.
Of course, the app vendor dont send this key (let name it "A"), but a combination of A, UserName, HW-id, etc

So, in two words, encrypt your app with key A. When some user want to register your app, he send to you his HW-id, name, mail or what you want.Then you return to him a key "B" (some complex combination of A , name, etc). In your app, there is a routine wich decode key B, (knowing his name, HW-id etc), and restore key A wich can decrypt your app.

On another pc, decoding key B will give a wrong key A.

Is that more clear for you ?
Reply With Quote
  #5  
Old 12-05-2004, 05:22
taos's Avatar
taos taos is offline
The Art Of Silence
 
Join Date: Aug 2004
Location: In front of my screen
Posts: 580
Rept. Given: 65
Rept. Rcvd 54 Times in 19 Posts
Thanks Given: 69
Thanks Rcvd at 133 Times in 36 Posts
taos Reputation: 54
Michel,thank you, I understand, it's very clear.
I'm thinking to use RSA private/public key or hashing keys.

Regards.
Reply With Quote
  #6  
Old 12-05-2004, 19:22
dyn!o's Avatar
dyn!o dyn!o is offline
Friend
 
Join Date: Nov 2003
Location: Own mind
Posts: 214
Rept. Given: 1
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 8
Thanks Rcvd at 0 Times in 0 Posts
dyn!o Reputation: 1
The problem is not about the encryption based on a public key algorithm.

The problem is the moment when your code gets decrypted. No matter which AES you chose - there exists always possibility of unpacking the application. I mean crackers always have the possibility of obtaining at least one valid key (for instance: look at expensive 3D apps like GameSpace or Messiah) and that moment is critical for the protection. From all protectors ASProtect has the best (most secure) implementation of keys generation and validation, so what? It is and will be cracked by unpacking.

If you want to build a serious protection, not another ASProtect clone (let's be honest: nowadays protectors are clones of ASProtect), then you have to implement a fancy VM or/and own CPUs (a real challange ). Such a solution gives you a chance to stop the crackers for a long time and excludes from "the game" 99% of all crackers.

Regards.
Reply With Quote
  #7  
Old 12-05-2004, 20:22
Michel Michel is offline
Friend
 
Join Date: Sep 2004
Location: France
Posts: 66
Rept. Given: 2
Rept. Rcvd 6 Times in 1 Post
Thanks Given: 0
Thanks Rcvd at 1 Time in 1 Post
Michel Reputation: 6
You are right, from my point of vue, the Tao's idea is not very original and will never go to a strong protection (no dump, no keygen, no direct decrypt).

I think one of the most serious protection would be to delocalize some part of the app on a server, wich verify on his list if the user is registered. I don't see what I could do... Fortunally for the badboys, that's seems however a little heavy...
Reply With Quote
  #8  
Old 12-05-2004, 22:44
dyn!o's Avatar
dyn!o dyn!o is offline
Friend
 
Join Date: Nov 2003
Location: Own mind
Posts: 214
Rept. Given: 1
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 8
Thanks Rcvd at 0 Times in 0 Posts
dyn!o Reputation: 1
Hmm.... the idea of online authorization has been already implemented several times. The newest pretenders are Half Life 2 and IDA. We (they) still have a problem since no matter what part of software you chose to be taken from the server, it always must be executed on the local machine. IDA developers seems to become quite different by proposing an online server as the engine's brain. For sure this makes cracking impossible but who will buy IDA based on online engine? For sure not me. The same reason will significantly decrease their sales, forcing part of legal users to use pirated version of IDA.

Ok. that was only unique example and it was based on an unique kind of software which may be indeed executed on a remote machine because the purpose of that software may be compared rather to a service, not a casual software product. Let's go back to "usual" software like games and applications - these just cannot be executed online. The reason is even simpler than the problem.

Approximately 99% of the software must be executed on the local machine and therefore you are free to crack it. The protection of the future should allow the cracker to analyse it but should not allow to modify its content. This can be made by making the code dependend on its own - its execution should be based on own functions making its patching useless (e.g. hashing, jumps, checksums as pointers, etc. ). The first example of such a solution we can find in Starforce - you can analyse it but it's very hard to change a single byte inside because of dependencies. The people able to crack it we can count on the fingers of a single hand.

Regards.
Reply With Quote
  #9  
Old 12-05-2004, 23:20
taos's Avatar
taos taos is offline
The Art Of Silence
 
Join Date: Aug 2004
Location: In front of my screen
Posts: 580
Rept. Given: 65
Rept. Rcvd 54 Times in 19 Posts
Thanks Given: 69
Thanks Rcvd at 133 Times in 36 Posts
taos Reputation: 54
Quote:
Originally Posted by dyn!o
The problem is the moment when your code gets decrypted. No matter which AES you chose - there exists always possibility of unpacking the application. I mean crackers always have the possibility of obtaining at least one valid key
But imagine this:
My EXE is encrypted with key value 64 (it's a very simple example ).
I insert into the EXE the hash code of 64.
When user runs in his PC gets HW-ID value 4.
When he sends me value 4, I send him value 60.
Then EXE program adds HW-ID(4) + my unlock code (60). Hash of this sum is equal hash inserted in EXE.Unpack succesfull.
He sends the valid key to a cracker (60) and the cracker have another HW-ID (18). Hash not equal.Unpack not succesfull. If cracker changes JE/JNE or nop's jumps, EXE file is not valid.
Obviously the algorithm must be more complicated that 60+4
How then a cracker can unpack this EXE?
or do you mean that cracker buy a legal code and then unpack?
then I understand...Protect must be in another direction...
I'm with yours about VM or emulating CPU it's the future and with these systems can be more difficult to crack APPS.
Using server side app it's not indicated, not everyone have internet in his PC.
With this project I'm only "playing" in the other side of the board.
Anyone have info about VM or CPU?



Regards

Last edited by taos; 12-05-2004 at 23:36.
Reply With Quote
  #10  
Old 12-08-2004, 01:01
ajron ajron is offline
Family
 
Join Date: Jan 2002
Location: Poland
Posts: 40
Rept. Given: 0
Rept. Rcvd 33 Times in 7 Posts
Thanks Given: 0
Thanks Rcvd at 1 Time in 1 Post
ajron Reputation: 33
Quote:
I'm with yours about VM or emulating CPU it's the future and with these systems can be more difficult to crack APPS.
Anyone have info about VM or CPU?
You can see my old crackme. It has very simple code, but running in VM makes it very hard to analyse. You can download it from:
hxxp://www.powergg.digi.pl/download.php?id=8
Reply With Quote
  #11  
Old 12-08-2004, 08:08
upb's Avatar
upb upb is offline
Friend
 
Join Date: Apr 2002
Location: Elbonia
Posts: 63
Rept. Given: 5
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 3
Thanks Rcvd at 0 Times in 0 Posts
upb Reputation: 0
Wink

http://www.crackmes.de/users/upb/crackmes/keygenme_3/download

stack based (very simple) 'cpu', a few instructions only
you can try to keygen it or see how it's done.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[TuT][Source] Make Your Own UnKnoWn Crypter by stefsot [100% FUD][Unique\New Method] mdj General Discussion 1 12-20-2011 08:58


All times are GMT +8. The time now is 23:16.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )