Re[2]: Shrouded code...
- Posted by akusaya at gmx.net
Nov 08, 2004
Some weeks ago, (finally) my commercial program in Euphoria has been
cracked.
It is not binded, but translated to C and compiled.
In my experience, cracking programs is not too difficult, about half
of them can be cracked by:
1. find a references the string that states it is expired or wrong
code, etc
2. find a "cmp" assembly code followed by conditional jump on some
lines above it.
3. modify the jump to the opposite of it (eg. je change to jne) or
change to no operation (#90)
String on step 1 is very easy to find on a compiled Euphoria program.
because it is visible on the exe file.
Therefore, I have a suggestion to RDS, to make C code generated by
translator has (at least simple) string encryption.
In init_.c:
_2202 = NewString("An unknown GUI function ID used.");
_2199 = NewString("Couldn't link to C procedure '%s'");
_2196 = NewString("Couldn't link to C function '%s'");
Lines like that would be better to be changed, I think, to:
_2202 = NewEncString("usf0uj2e49uic0921i0cmk912iu30c11");
_2199 = NewEncString("d08uc032umdoqwe0cu0(RU)UC)$@U)Us'");
_2196 = NewEncString("E(Q&^(!C#JUNOXAEU*)CUQ)QEJiJCOIQ");
or whatever it is, the point is that the string is not visible on the
exe file directly.
>>Just how secure is shrouded code? How difficult would it be for
>>someone to reverse-engineer small sections of shrouded code, to try
>>and determine an algorithm used?
P> I imagine it is pretty difficult.
P> I shrouded the simplest program I could think of, "?1" and got this:
P> 00000000 FE6D3E54 5E240A6E FA6A58E8 6EFE22EF *.m>T^$.n.jX.n.".*
P> 00000010 B254C384 AFBB *.T.... *
P> I shrouded it again, and got this:
P> 00000000 FE286554 5E240A85 ECFDC6C0 4D78577A *.(eT^$......MxWz*
P> 00000010 EAF70F73 BC67 *...s.g *
P> So as you can see almost every byte is scrambled differently each
P> time. Plus, as Rob is fond of saying, any code you (or someone else)
P> did manage to recover would have short, meaningless names.
P> Pete
|
Not Categorized, Please Help
|
|
