RE: Re[2]: Shrouded code...
-----Original Message-----
From: aku saya [mailto:akusaya at gmx.net]
Sent: Monday, November 08, 2004 11:34 AM
To: EUforum at topica.com
Subject: Re[2]: Shrouded code...
Some weeks ago, (finally) my commercial program in Euphoria has been
cracked.
It is not binded, but translated to C and compiled.
In my experience, cracking programs is not too difficult, about half of
them can be cracked by:
1. find a references the string that states it is expired or wrong code,
etc 2. find a "cmp" assembly code followed by conditional jump on some
lines above it. 3. modify the jump to the opposite of it (eg. je
change to jne) or change to no operation (#90)
String on step 1 is very easy to find on a compiled Euphoria program.
because it is visible on the exe file.
Therefore, I have a suggestion to RDS, to make C code generated by
translator has (at least simple) string encryption.
In init_.c:
_2202 = NewString("An unknown GUI function ID used.");
_2199 = NewString("Couldn't link to C procedure '%s'");
_2196 = NewString("Couldn't link to C function '%s'");
Lines like that would be better to be changed, I think, to:
_2202 = NewEncString("usf0uj2e49uic0921i0cmk912iu30c11");
_2199 = NewEncString("d08uc032umdoqwe0cu0(RU)UC)$@U)Us'");
_2196 = NewEncString("E(Q&^(!C#JUNOXAEU*)CUQ)QEJiJCOIQ");
or whatever it is, the point is that the string is not visible on the
exe file directly.
>>Just how secure is shrouded code? How difficult would it be for
>>someone to reverse-engineer small sections of shrouded code, to try
>>and determine an algorithm used?
P> I imagine it is pretty difficult.
P> I shrouded the simplest program I could think of, "?1" and got this:
P> 00000000 FE6D3E54 5E240A6E FA6A58E8 6EFE22EF
*.m>T^$.n.jX.n.".*
P> 00000010 B254C384 AFBB
*.T.... *
P> I shrouded it again, and got this:
P> 00000000 FE286554 5E240A85 ECFDC6C0 4D78577A
*.(eT^$......MxWz*
P> 00000010 EAF70F73 BC67
*...s.g *
P> So as you can see almost every byte is scrambled differently each
P> time. Plus, as Rob is fond of saying, any code you (or someone else)
P> did manage to recover would have short, meaningless names.
P> Pete
W> True, but theres another aspect to code security: how vulnerable is a
shrouded program requiring a registration code or something like that?
The answer: very. Because crackers cant just go looking jor jne, jle,
jge, jg, je, jl, etc., it puts up a pretty complicated barricade.
I would note, however, that programs shrouded with former versions of
shroud.ex are pretty insecure. If I wanted to go to the trouble, I could
crack those. I can only dream of cracking 2.4 shrouded's.
William
|
Not Categorized, Please Help
|
|
