Re[2]: Shrouded code...
- Posted by akusaya at gmx.net Nov 08, 2004
- 445 views
Some weeks ago, (finally) my commercial program in Euphoria has been cracked. It is not binded, but translated to C and compiled. In my experience, cracking programs is not too difficult, about half of them can be cracked by: 1. find a references the string that states it is expired or wrong code, etc 2. find a "cmp" assembly code followed by conditional jump on some lines above it. 3. modify the jump to the opposite of it (eg. je change to jne) or change to no operation (#90) String on step 1 is very easy to find on a compiled Euphoria program. because it is visible on the exe file. Therefore, I have a suggestion to RDS, to make C code generated by translator has (at least simple) string encryption. In init_.c: _2202 = NewString("An unknown GUI function ID used."); _2199 = NewString("Couldn't link to C procedure '%s'"); _2196 = NewString("Couldn't link to C function '%s'"); Lines like that would be better to be changed, I think, to: _2202 = NewEncString("usf0uj2e49uic0921i0cmk912iu30c11"); _2199 = NewEncString("d08uc032umdoqwe0cu0(RU)UC)$@U)Us'"); _2196 = NewEncString("E(Q&^(!C#JUNOXAEU*)CUQ)QEJiJCOIQ"); or whatever it is, the point is that the string is not visible on the exe file directly. >>Just how secure is shrouded code? How difficult would it be for >>someone to reverse-engineer small sections of shrouded code, to try >>and determine an algorithm used? P> I imagine it is pretty difficult. P> I shrouded the simplest program I could think of, "?1" and got this: P> 00000000 FE6D3E54 5E240A6E FA6A58E8 6EFE22EF *.m>T^$.n.jX.n.".* P> 00000010 B254C384 AFBB *.T.... * P> I shrouded it again, and got this: P> 00000000 FE286554 5E240A85 ECFDC6C0 4D78577A *.(eT^$......MxWz* P> 00000010 EAF70F73 BC67 *...s.g * P> So as you can see almost every byte is scrambled differently each P> time. Plus, as Rob is fond of saying, any code you (or someone else) P> did manage to recover would have short, meaningless names. P> Pete