• Welcome to Valhalla Legends Archive.
 

More Hex Protection

Started by ChR0NiC, May 22, 2003, 01:16 AM

Previous topic - Next topic

ChR0NiC

Nothing was solved in Simi's post. I need to know because alot of my strings are showing in my hex. Important ones that I don't want hexed out of the bot. Please could someone helpe me just if it's even to hide just a few strings.

Yoni

With enough effort, any string, no matter how well hidden, could be changed.

tA-Kane

#2
Quote from: ChR0NiC on May 22, 2003, 01:16 AMNothing was solved in Simi's post. I need to know because alot of my strings are showing in my hex. Important ones that I don't want hexed out of the bot. Please could someone helpe me just if it's even to hide just a few strings.
If simple un-elaborate string encoding is all you're after, then consider these statements:

Here's an example of how I add strings which I want hidden:
Chr(Asc("K"))+Chr(Asc("a"))+FlipString("Ben")+Chr(Asc("o"))+Chr(Asc("t"))

Comes out to "KaneBot". FlipString is a function which I wrote myself which does exactly that; takes a string and returns it being flipped, like so:Function FlipString(Source As String)
 Dim i As Integer
 Dim Flipped As String
 For i = Len(Source) DownTo 0
   Flipped = Flipped + Mid(Source,i,1)
 Next
 Return Flipped
End Function


VB should store each letter and the "Ben" string separately, making it hard for anyone not knowing what they're doing to realize that it's actually a string instead of machine code that they're looking at.

Additionally, if you do this for different strings in several places, each string containing the same character(s), then if one of those characters were to get changed, other strings might not be understandable.

Take the following example along with the one given above:
Chr(Asc("B")+FlipString(" y")+"K"+Chr(Asc("e"))+"it"+FlipString("neB h")+Chr(Asc("n"))+"e"+Chr(Asc("t"))+Chr(Asc("t"))

Which is "By Keith Bennett". If VB stores the letter "K" at a single location, and references to it by both the first example and the second, then if you were to replace the "K" with some other letter, for example, "T", then the two examples would thus become:
TaneBot
By Teith Bennett


I suppose you could just do "K"+"a"+FlipString("Ben")+"o"+"t", but the added Chr(Asc())'s would help confuse people who do know a little more about what they're doing. Though, again, it is not perfect and can still easily be "fixed" by anyone who's persistant enough.


Again, this is a simple and un-elaborate scheme. Anyone who knows what they're doing and is persistant enough will easily be able to crack this.
Macintosh programmer and enthusiast.
Battle.net Bot Programming: http://www.bash.org/?240059
I can write programs. Can you right them?

http://www.clan-mac.com
http://www.eve-online.com

Tuberload

The bright side of the, anyone who knows what there doing, problem is the people who will be hexing his bot probably wont fit into that category at all.
Quote"Pray not for lighter burdens, but for stronger backs." -- Teddy Roosevelt
"Your forefathers have given you freedom, so good luck, see you around, hope you make it" -- Unknown

Moonshine

Consider trying an application called "telock", It'll compress your exe, and also hide all strings / recognisable data along with it.  Sure it's probably reversable, but the typical user wouldn't be able to hex it.  Also, you can perform checksums during runtime to check the integrity of your strings.

iago

If you do what Kane suggested, you should also put a char *k = "Keith Bennett"; (or the vb equivolant) somewhere else in your code just to throw them off the scent.  

And thanks for telling us your sceme!
* iago goes to hex all kane's software
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


Camel

Quote from: tA-Kane on May 22, 2003, 03:51 AM
Chr(Asc("K"))+Chr(Asc("a"))+FlipString("Ben")+Chr(Asc("o"))+Chr(Asc("t"))

i would think the compiler would optimize that out, no?

Banana fanna fo fanna

VB!? Optimizer!? Nah.

If you really just want to protect against dumbasses who only know how to hex and not real reverse engineers, consider base64 encrypting your strings and insert them into your code surrounded by a base64_decode function or something similar.

l)ragon

could RSA encrypt all your strings see if they haxor that  ;)
*^~·.,¸¸,.·´¯`·.,¸¸,.-·~^*ˆ¨¯¯¨ˆ*^~·.,l)ragon,.-·~^*ˆ¨¯¯¨ˆ*^~·.,¸¸,.·´¯`·.,¸¸,.-·~^*

Etheran

you would have to store the private key in the exe somewhere, that makes it easily reversable :p

l)ragon

Quote from: Etheran on May 22, 2003, 04:11 PM
you would have to store the private key in the exe somewhere, that makes it easily reversable :p

who says it has to be in the exe 8p
*^~·.,¸¸,.·´¯`·.,¸¸,.-·~^*ˆ¨¯¯¨ˆ*^~·.,l)ragon,.-·~^*ˆ¨¯¯¨ˆ*^~·.,¸¸,.·´¯`·.,¸¸,.-·~^*

Yoni

Well, it has to be somewhere, distributed with the bot... In which case it will be trivially reversible.

When I say "trivially" I mean once you hack it, no matter how difficult it was, you think, "well, that was easy".

Compare: Trivial, on MathWorld.

ChR0NiC

Is it possible if....if your bot is hexed, to put the bot in some sort of lockdown??

Eibro

Quote from: ChR0NiC on May 22, 2003, 06:55 PM
Is it possible if....if your bot is hexed, to put the bot in some sort of lockdown??
Yes
Perhaps you'd like to ask another, different question? :)
Eibro of Yeti Lovers.

l)ragon

Quote from: Yoni on May 22, 2003, 06:03 PM
Well, it has to be somewhere, distributed with the bot... In which case it will be trivially reversible.

When I say "trivially" I mean once you hack it, no matter how difficult it was, you think, "well, that was easy".

Compare: Trivial, on MathWorld.

yes but still who in there stupid little mind is going to evin attempt to '1337 h4x0r' it lol.
*^~·.,¸¸,.·´¯`·.,¸¸,.-·~^*ˆ¨¯¯¨ˆ*^~·.,l)ragon,.-·~^*ˆ¨¯¯¨ˆ*^~·.,¸¸,.·´¯`·.,¸¸,.-·~^*