#1
|
|||
|
|||
How long will the best software-only protections last?
Hi,
I've seen/tested several software protections such as armadillo and asprotect. While I'm not all that good yet, from reading tuts on cracking Armadillo (Ricardo) and other protections I have not heard of a protection lasting more than a few weeks. I know this question has been thrown around before (i.e., it is hopeless to protect against reverse-engineering because eventually with enough time it will be cracked). This is true with software-only protection, I wonder if it is with some of the new hardware dongles such as Rockey5. That one looks unique in that code is only run on the smartcard (it never gets executed on the CPU) so unless you RE the hardware/smartcard you are hosed. My question is: Would it ever be possible to make software-only protection last a few months?? My guess is no. Seems like hardware is the only way to go. For instance, if the protection were to crash the computer/delete files when something was tripped (but not immediately and it would have to detect virtual machines), and then morph itself upon running.. is this only a nuisance ? It would also have to have many sections encrypted, then decrypted when needed and reencrypted again (wouldn't this be removed like Ricardo does by debugging and stripping out the code upon decryption). It seems like debugger checks, parent/child protection, crc checks, and everything else is just a nuisance. Any one have thoughts on this?? |
#2
|
||||
|
||||
Hi,
Quote:
Quote:
Quote:
The market needs something different. Something really new. Imagine StarForce vm. Did they invent something new? Nope. They used all the best and known ideas. But they succeeded. The same concerns Themida. Now imagine what would happen if you bring something really new. Something people (crackers) will not understand and be not able to deal with using known methods. Someone may say: "then new crackers will be born". Assuming so then why StarForce is still not commonly crackable (in PRO version), not to mention Themida? New crackers will face much harder way to cross than we had in the time of starting our hobbies few years ago (compare Aspack to Themida or the first SecuROM to the actual version.... not to mention StarForce). Quote:
Regards. Last edited by dyn!o; 06-09-2005 at 17:57. |
#3
|
|||
|
|||
Dear chaboyd,
If you like I can introduce a target that has lasted for about 2 years and nobody has managed to crack it up to now. Regards, Android. |
#4
|
||||
|
||||
Quote:
_http://www.chosenbytes.com/challenge.php Yeah...my names on that list. I lost interest once I realized that its not a protector persay, rather an add-on. I unpack, I don't keygen, inline, patch, etc... Its an *.ocx (ActiveX) control protected with neolite, designed for VB developers. It can be removed all you have to do is remove all the DLLFunction calls, it doesn't even compress the executable, but the key is his stipulations of what he considers a successful cracking of his protection: Code:
1) Code-Lock will register a program with any registration code. Code:
2) The registered version protected by Code-Lock will run on any computer. Code:
3) You have to crack Code-Lock within 60 days of the Challenge. Peace...
__________________
Even as darkness envelops and consumes us, wrapping around our personal worlds like the hand that grips around our necks and suffocates us, we must realize that life really is beautiful and the shadows of despair will scurry away like the fleeting roaches before the light. |
#5
|
||||
|
||||
Guys, don't waste your time on Code-Lock speculations.
Quote:
Look at the awards he (I forgot this sleepwalker's nick) admitted to himself - these are not awards. Look also at the forum posts he is making mostly by himself (I mean posts like "I can't believe it! It's still uncracked!"). Childrens like fairytales and www.code-lock.com is a one big kindergarden with own world of dreams. Search ExeTools and find my post where I posted the correspondence (if I correctly remember... "dynio" or "dyn!o" post) where he disallowed me to get into the competition. At that time he just encrypted a part of code with asymmetric key so it was clear that it's uncrackable but not because of software security but cryptographic algorithm. As far as I remember I asked him about that possibility and probably that was the reason of refusing me getting into this sick "challange". Quote:
Regards. Last edited by dyn!o; 06-12-2005 at 19:02. |
#6
|
|||
|
|||
Quote:
|
#7
|
||||
|
||||
Quote:
Quote:
Now you've got my synapse's firing though, maybe a copy of Splinter Cell CT would be a nice addition to my grocery list...yeah Wal-Mart should have it... Thanks for your input dyn!o you and JMI always have a way of sliciing through the bull$hit to the facts; to end the arguements. Peace...
__________________
Even as darkness envelops and consumes us, wrapping around our personal worlds like the hand that grips around our necks and suffocates us, we must realize that life really is beautiful and the shadows of despair will scurry away like the fleeting roaches before the light. |
#8
|
|||
|
|||
Hi,
Thanks Dyn!o and D-Jester for all you said. But what I meant was not Code-Lock. I was talking about a custom protection made by a russian reverser used in program which is written in VC++ using MFC privileges. And this MFC part has mede the reversing very hard. Anyway,if any body is interseted I have the software on my FTP and I can share it. Just send a PM if you need the link and more details about this program. Best Regards, Android. |
#9
|
||||
|
||||
Don't get me wrong but actually there are many uncracked applications. I don't know any application which stays uncracked because of protection strength (forget Code-Lock legend). Most of them aren't touched because there is no interest to do so (they're not popular enough).
I own myself tens of uncracked applications, some of them with custom protections never seen before. It's a pitty that most of them are AsProtect/Armadillo like clones (I would say all.... except interesting exception called VMProtect which gets better and better with each release). Quote:
Regards. Last edited by dyn!o; 06-13-2005 at 05:17. |
#10
|
|||
|
|||
LOL, there's a request section.
|
#11
|
|||
|
|||
What about VMProtect'ed executables and ExeCrypt unpacked itself? They are both released more than a year ago, but still are not cracked? Mutable virtual machine is hard to analyze (yes it is possible, but needs too many time to). Or I missed smth and they are both simply cracked already?
|
#12
|
||||
|
||||
VMProtect is a very good protector for specific tasks. I didn't see it properly used yet. Even StarForce Nightmare author(s) made a small mistake while configuring VMProtect blocks (thus you can see what Nightmare really does despite the fact of VM protected code). VMProtect is crackable but requires manual work and some experience. If someone would think before protecting then who knows... it may be really hard.
Regarding ExeCrypt I didn't really see it, something new inside? |
#13
|
|||
|
|||
CodeLock is bullshit.... just a cryptor.. remember everyone ASprotect does this from so long ago... so what's so special with this codelock... aspr and other cryptor/protector encrypt parts of the code.. impossible to recover without entering original serial key.. also could work by using a System ID.... so.... so i just see an author trying to promote his app. to make it famous and to make enought $
My 1 cent left Regards |
#14
|
|||
|
|||
Quote:
Hi, As I mentioned before there is no cryptography used in this target. But it's still not cracked. Also as for requesting I have done it before in TSRH and SND forums. Most of the crackers there failed to help. Also I sent some requests to individual crackers but just one of them managed to clear some points about the target. That's all about this DAMN target. Regards, Android. |
#15
|
|||
|
|||
Looks like it does mutate
>>>Mutable virtual machine is hard to analyze
I downloaded and did a quick test of VMProtect 1.05. It certainly seems to do a good job preventing both analysis through IDAPro and Ollydbg. Ollydbg can't execute the code since it is no longer x86 instructions. I haven't figured out yet how the VM actually executes it though. ------------------------------------- New addition So I decided to test if VmProtect mutates the code each time you protect a program. It definitely changes. I used the maximum protection options and delected the project after each run. I did three runs applying the VM to a program including the below section of code: 004015FF E85C020000 call 00401860 00401604 83C404 add esp,04 00401607 E8F4F9FFFF call 00401000 0040160C 0FBEC0 movsx eax,al 0040160F 83F879 cmp eax,79 00401612 750F jnz 00401623 How the code appears while debugging during each run: First run: 004015FF .-E9 9DCE0100 JMP Guessing.0041E4A1 00401604 58 DB 58 ; CHAR 'X' 00401605 D2 DB D2 00401606 57 DB 57 ; CHAR 'W' 00401607 C5 DB C5 00401608 E4 DB E4 00401609 06 DB 06 0040160A ED DB ED 0040160B . 53 PUSH EBX 0040160C . EB 35 JMP SHORT Guessing.00401643 0040160E E0 DB E0 0040160F F2 DB F2 00401610 74 DB 74 ; CHAR 't' 00401611 DA DB DA 00401612 0D DB 0D Second run: 004015FF .-E9 43D00100 JMP Guessing.0041E647 00401604 63 DB 63 ; CHAR 'c' 00401605 72 DB 72 ; CHAR 'r' 00401606 9E DB 9E 00401607 72 DB 72 ; CHAR 'r' 00401608 A0 DB A0 00401609 19 DB 19 0040160A BD DB BD 0040160B 17 DB 17 0040160C BE DB BE 0040160D E6 DB E6 0040160E . C3 RETN 0040160F DC DB DC 00401610 C6 DB C6 00401611 AD DB AD 00401612 B6 DB B6 Third run: 004015FF >-E9 46CF0100 JMP Guessing.0041E54A 00401604 DA DB DA 00401605 D7 DB D7 00401606 15 DB 15 00401607 . 1351 4D ADC EDX,DWORD PTR DS:[ECX+4D] 0040160A . 8B7B C9 MOV EDI,DWORD PTR DS:[EBX-37] 0040160D . C3 RETN 0040160E . 01FB ADD EBX,EDI 00401610 > 3932 CMP DWORD PTR DS:[EDX],ESI 00401612 . 70 68 JO SHORT Guessing.0040167C So you can see that the hex dump is quite a bit different with no obvious patterns. So while it doesn't change from run to run it does "mutate" when you actually protect a program. Maybe this is old news and everyone already knows this.. Last edited by chaboyd; 06-28-2005 at 09:50. Reason: Answer my own question |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Hello, its been a very long time! Whats new? | MEPHiST0 | General Discussion | 11 | 12-27-2022 19:40 |
bit-arts is dead (long ago) | bart | General Discussion | 0 | 04-14-2006 00:08 |
software protections help | panagiotis | General Discussion | 9 | 09-10-2004 04:58 |
Newbie question ASPR 1.23 RC4 (long!) | Wurstgote | General Discussion | 126 | 02-27-2004 11:41 |