Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 05-09-2004, 01:51
ManSun
 
Posts: n/a
Armadillo questions?

What is the Armadillo protection system? How does it work?

How does Skamer from Dream Team break Armadillo protection system? Is this implementation failure? Or is this weak cryptography algorithm used in Armadillo?

Where can I know more details about Armadillo protection system?
Reply With Quote
  #2  
Old 05-09-2004, 02:23
MrAnonymous
 
Posts: n/a
Why not goto the Armadillo website and read there propaganda? If you want to learn about it theres tuts on unpacking it, releases of it etc.

No other grp other than dT has ever keygenned Armadillo to my knowlege and there not to willing to say how they did it, as that wold be a give away to Chad and the rest of the Arma Developers.
Reply With Quote
  #3  
Old 05-09-2004, 02:27
Kinsky
 
Posts: n/a
ManSun, you can find more information on Armadillo's forum: http://support.siliconrealms.com/
Reply With Quote
  #4  
Old 05-09-2004, 03:20
ManSun
 
Posts: n/a
But

but, there are only general uselesness informations...;-/
Reply With Quote
  #5  
Old 05-09-2004, 17:19
peleon peleon is offline
Friend
 
Join Date: Sep 2003
Posts: 174
Rept. Given: 0
Rept. Rcvd 7 Times in 1 Post
Thanks Given: 0
Thanks Rcvd at 7 Times in 7 Posts
peleon Reputation: 7
ManSun,

I don't think it's a matter of weak cryptographic algorithm. Software protection against cracking has not much to do with cryptographic algorithms....my sister, without cryptographic knowledge, could wait till the program is decrypted in memory and user LordPE do dump the decrypted program in memory

About the rest of your question...maybe you should give more details about what you want to know exaclty, and not asking that general question that could be answer in Armadillo's help
Reply With Quote
  #6  
Old 05-11-2004, 14:06
ManSun
 
Posts: n/a
What cryptography algorithms does use Armadillo and what keys a dyn!o and other talking about??? (Skamer made keygenerators for Armadillo, but he didin't dump decrypted parts from memory....my brother ;>)
Reply With Quote
  #7  
Old 05-11-2004, 17:05
dyn!o's Avatar
dyn!o dyn!o is offline
Friend
 
Join Date: Nov 2003
Location: Own mind
Posts: 214
Rept. Given: 1
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 8
Thanks Rcvd at 0 Times in 0 Posts
dyn!o Reputation: 1
Hi there!

"I don't think it's a matter of weak cryptographic algorithm."
Well, keygenerating relies in the most part in the cryptography but the software protection itself doesn't have to deal with cryptography only and it's rather about anti-***, anti-*** etc. stuff.

What I want to say?
I mean that Armadillo keygeneration was caused only by a silly bug which was now solved (I am still very surprsied why so late).

What algo Arma uses?
ECC.

What that gives us?
Nothing beacause this time the settings and binary material were carefully chosen so don't waste your time brothers.

Does that make Armadillo uncrackable?
No, it makes it unkeygenable


Good luck,
dyn!o
Reply With Quote
  #8  
Old 05-11-2004, 18:34
ricnar456 ricnar456 is offline
Friend
 
Join Date: May 2002
Posts: 290
Rept. Given: 1
Rept. Rcvd 28 Times in 10 Posts
Thanks Given: 0
Thanks Rcvd at 52 Times in 40 Posts
ricnar456 Reputation: 28
to peleon

with all my respects, in armadillo with copymem2, if you wait till program is full decrypted in memory you wait eternally, never is full decypted in memory, the father process copy only 1000 bytes in the child process, execute this 1000 bytes and erase this 1000 bytes, copy other 1000 bytes execute and erase, never the target is full decrypted, the solucion is force the farher decrypt all and next beggining to execute, but is not a work for my sister, jeje is a hard work, and next you can fight with the nanomites, when you have the full program dumped, not run by nanomites (INT3), the jmps of the original program was replaced by INT3, and you can determine, what jump are (conditional or jmp) if jump or not jump ,and where jump, if you put your sister to make this work, you are a bad brother, jeje.

Ricardo
Reply With Quote
  #9  
Old 05-11-2004, 18:49
SvensK
 
Posts: n/a
lol, point taken. I wont make my sis do it
Reply With Quote
  #10  
Old 05-11-2004, 21:22
ManSun
 
Posts: n/a
Thanks for any information!

Yes dump program in memeory is hard-work because it is many antycracking-trick (anty-dissasembler, anty-debugger, anty-trace, dummy-opcodes, relocation, embedded-code and other)
easier is carded program but is not the same
Reply With Quote
  #11  
Old 05-12-2004, 00:46
peleon peleon is offline
Friend
 
Join Date: Sep 2003
Posts: 174
Rept. Given: 0
Rept. Rcvd 7 Times in 1 Post
Thanks Given: 0
Thanks Rcvd at 7 Times in 7 Posts
peleon Reputation: 7
hehehe, thanks for the info Ricardo and for being so kind with sisters

Well, I was talking a bit about software protection in general. I read in a forum that one shareware author was asking why programs can be cracked when you have unbreakable cryptographic algoritms out there. Many programmers don't realise that to crack a program you dont need to have knowledge about cryptographic, just use other simpler ways (dump, rebuild IAT...). So, the shareware author was talking about his posibilities of programming a cryptographic algorithm in his program and that was the perfect software protector against cracking in general. (he was far from the reality )
Reply With Quote
  #12  
Old 05-12-2004, 01:04
ricnar456 ricnar456 is offline
Friend
 
Join Date: May 2002
Posts: 290
Rept. Given: 1
Rept. Rcvd 28 Times in 10 Posts
Thanks Given: 0
Thanks Rcvd at 52 Times in 40 Posts
ricnar456 Reputation: 28
perfect

i understand, and you have reason.

Sorry for my bad english.

Ricardo Narvaja
Reply With Quote
  #13  
Old 05-12-2004, 01:08
JMI JMI is offline
Leader
 
Join Date: Jan 2002
Posts: 1,627
Rept. Given: 5
Rept. Rcvd 199 Times in 99 Posts
Thanks Given: 0
Thanks Rcvd at 96 Times in 94 Posts
JMI Reputation: 100-199 JMI Reputation: 100-199
If one uses the cryptographic process to protect certain functions in the software, which will not decrypt, and therefore not operate unless the proper code is entered and they have used a strong encryption "properly", it is not likely that one can get a fully functioning software unless one is capable of writing the missing elements. While this depends on the proper choice of the functions to protect, it is a fairly effective protection system. The problem is that the shareware software vendors seem not to impliment these features in their programs. This is a common problem of those who fail to use asprotect to its full potential. While I'm less familiar with the choices offered arma users, I would suspect that they,also, often fail to use its capabilities to their full potential, leaving aside the issue of the incorrect implimentation of the earlier cryptographic systems which was actually arma's error.

Regards,
__________________
JMI
Reply With Quote
  #14  
Old 05-12-2004, 01:19
peleon peleon is offline
Friend
 
Join Date: Sep 2003
Posts: 174
Rept. Given: 0
Rept. Rcvd 7 Times in 1 Post
Thanks Given: 0
Thanks Rcvd at 7 Times in 7 Posts
peleon Reputation: 7
Hi JMI,

Yes, you are right and that's a good way to protect. Though that protection way is not applicable to all kind of software (like when you have to release a COMPLETE version of your program but with trial limits). Anyway, shareware authors can do a lot more from his source code like that encryption scheme that you talked about....Programmers seem very lazy for that and they just complain when it's cracked in a few days
Reply With Quote
  #15  
Old 05-12-2004, 01:49
JMI JMI is offline
Leader
 
Join Date: Jan 2002
Posts: 1,627
Rept. Given: 5
Rept. Rcvd 199 Times in 99 Posts
Thanks Given: 0
Thanks Rcvd at 96 Times in 94 Posts
JMI Reputation: 100-199 JMI Reputation: 100-199
As a general rule, the only way to actually protect a trial software is to NOT make it complete. If you make it complete and give a timelimit, some enterprising cracker is going to figure out how to remove the time limit. Afterall, it has to have a check stored somewhere. Even having it check the software companies computer can be tricked. If one can keep the debugger running and has enough patience, it can be found and defeated.

Again, just a general observation.

Regards,
__________________
JMI
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
PE Loader Questions dila General Discussion 13 12-20-2011 12:03
2 questions about hasp suddenLy General Discussion 3 01-12-2005 01:51
2 questions (IDA / Windows 2k/2k3) skyper General Discussion 8 04-22-2004 08:44
some unpacking questions gnasher General Discussion 2 01-03-2004 20:44


All times are GMT +8. The time now is 03:31.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )