Announcement

Collapse
No announcement yet.

Hacking data from .exe

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Hacking data from .exe

    If I had a constant set in my exe such as a 256 bit key like a software generated password and set it to a constant...
    %notimportantdata = ......................................

    Can this data be read directly?

    I know any software can be broken, but wouldn't it be rather difficult if there were say 256 or more different checks within the app to verify an unchanged .exe ?
    Warped by the rain, Driven by the snow...

    jimatluv2rescue.com

  • #2
    Depends on how you check.

    Easy crack: Say you have a function, let's call it IsValidLicense(), that calculates the license and returns TRUE/FALSE. Regardless of how many times you call that function in your application, the cracker will just look for the function and modify the EXE in a way that this function will always return true.

    More difficult crack: doing the validation inline (=not using a function) at 256 different places. The hacker has to spot all locations where the validation takes place.

    Another step of protection: Not immediately letting your application fail upon an invalid license. Failing immediately will help the hacker in spotting the places where the validation is done. Remember the failed validation, let the application keep on working as normal for a time, than fail. Don't make the fail obviously related to a license issue (i.e. don't pop up a message "Invalid license"). Instead, let the application produce "wrong" results (that you can still identify as a license issue).

    (Disclaimer: I'm nowhere near being an expert on cracking/licensing issues. The above is gathered from what I've read over years)

    Comment


    • #3
      Instead, let the application produce "wrong" results (that you can still identify as a license issue).
      I never liked this. (I think Eric P posted that SQL Tools does something like this).

      I have one application where this is signficant. What I do is return a success/fail code of 'fail' with an associated error code/message meaning "invalid or expired library."

      Then again, I don't enjpoy taking support calls to start with, but if they must happen... I'd much rather have a discrete error code value returned than have the user putz around for an hour wondering why "it's not working" and then call me when he is in a bad mood because when he learns the problem he will know he just wasted an hour - or - from his point of view - *I* wasted *his* hour.


      MCM
      Michael Mattias
      Tal Systems (retired)
      Port Washington WI USA
      [email protected]
      http://www.talsystems.com

      Comment


      • #4
        What about 256 Functions?

        What about having 256 different functions for verifying a valid program?

        I have thought about creating several dummy checks with misleading error messages to attempt to hide the real stuff from the hacker. ( Have the hacker looking for bogus checks instead of valid ones ).

        There is a discussion of piracy killing Flight Sim add on vendors which is what prompted my thinking on this subject.

        Wouldn't changing the .exe change the CRC of the .exe ?
        Warped by the rain, Driven by the snow...

        jimatluv2rescue.com

        Comment


        • #5
          This is worth a look.
          Scott

          http://www.powerbasic.com/support/pb...=stack+protect

          Re:
          I never liked this. (I think Eric P posted that SQL Tools does something like this).

          I have one application where this is signficant. What I do is return a success/fail code of 'fail' with an associated error code/message meaning "invalid or expired library."

          Then again, I don't enjpoy taking support calls to start with, but if they must happen... I'd much rather have a discrete error code value returned than have the user putz around for an hour wondering why "it's not working" and then call me when he is in a bad mood because when he learns the problem he will know he just wasted an hour - or - from his point of view - *I* wasted *his* hour.


          MCM


          AMEN! Throw in a nag screen if necessary, or print headers on hardcopy reports stating "PRODUCED ON AN ILLEGAL AND/OR UNLICENCED COPY of XXX software. or use a watermark.
          Last edited by Scott Hauser; 22 Jan 2008, 01:57 PM.
          The most exasperating part of the "rat race" is how often the rats are in the lead!

          Comment


          • #6
            Individual Compiles?

            Consider a string of data 2048 characters long.. call it a key.
            You app only uses 256 characters of this key chosen at random ( specifics don't matter ).

            Your app generates this key using hardware serial numbers ( or other hardware specific info ). The user emails you this key and you generate a patch file to embed your deprotection key in the customers install of your app.

            You now have a specific .exe for each customer based on the reg key you send them.

            Would it be bad to ask your customer to allow info specific to their copy of your app to be sent to your server say 1 out of every 20 times you run it?

            The idea is to have a running list of every specific app you have sold. You would at least be able to determine where a pirated copy came from???

            *** While this topic is not specifically code based, since it has brought forward some interesting methods of protection that are code based I continued this discussion here... I hope I haven't crossed too many lines *****
            Warped by the rain, Driven by the snow...

            jimatluv2rescue.com

            Comment


            • #7
              Your app generates this key using hardware serial numbers ( or other hardware specific info ).
              I never liked this, either. Too many users - especially corporate users - are upgrading, replacing or swapping machines or parts of machines (the part with the 'hardware-specific info') to make hardware-keyed licensing a good choice.

              Disclaimer: I do not sell to the retail market at all. Hardware-keyed licensing may in fact be a good choice in that environment.

              MCM
              Michael Mattias
              Tal Systems (retired)
              Port Washington WI USA
              [email protected]
              http://www.talsystems.com

              Comment


              • #8
                Corporate License

                I would think that for a major volume purchase arangements could be made to provide a completly unprotected version.

                I would not be totally against distributing unprotected software, but identified such that I could trace a pirated or non-licensed verstion back to the source customer.
                Warped by the rain, Driven by the snow...

                jimatluv2rescue.com

                Comment


                • #9
                  against distributing unprotected software, but identified such that I could trace a pirated or non-licensed verstion back to the source customer
                  That's what I do. I have about 3000 copies of various applications around the country and it works for me.

                  But one thing which has helped me a lot: Over the past couple of years, corporate customers themselves do a lot a 'police' work, mostly by controlling "who may and who may not install stuff."

                  Whether that's a byproduct of security-consciousness or the lawsuits Microsoft filed against careless (or possibily criminal) licensees a couple of years ago, or some combination thereof, it's a Good Thing for developers who serve the corporate user market (moi).

                  MCM
                  Michael Mattias
                  Tal Systems (retired)
                  Port Washington WI USA
                  [email protected]
                  http://www.talsystems.com

                  Comment


                  • #10
                    Have you tried TSearch? it allows to open a process and watching for values
                    directly from process memory in real time.

                    Comment


                    • #11
                      Idea?

                      So what if I take this key and every 10 minutes or so pick random bits from it and compare this to the same values from an encrypted key? Or better yet from several encrypted keys?

                      So if I get this right.. unless I use encrypted values anyone can search the value of a program variable? I assume this would be easier for globals ?
                      Warped by the rain, Driven by the snow...

                      jimatluv2rescue.com

                      Comment


                      • #12
                        You can't effectively search for "Variables" but string literals are stored in the executable file and can be searched for with any decent hex editor. (eg UltraEdit).

                        For that matter, if the token contains only printable characters,Notepad will do nicely.
                        Michael Mattias
                        Tal Systems (retired)
                        Port Washington WI USA
                        [email protected]m
                        http://www.talsystems.com

                        Comment

                        Working...
                        X