• Welcome to Valhalla Legends Archive.
 

Hex Protection

Started by SiMi, January 27, 2003, 05:40 PM

Previous topic - Next topic

SiMi

Does anyone have Hex Protection for Vb...So when the user hexes your bot with a hex editor , they wont be able to overwrite your current settings...If you dont have a comment to help me , then please dont post it

Noodlez

#1
The simple way to do it would be to caluculate the MD5 checksum of the original exe, and have it checked upon execution of the bot. If it's changed, it's been hexed.

Mesiah / haiseM

#2
There are plenty of ways around that as shown in them program hacking site thingies, im willing to guess you dont know anything about that, anyways. The best way would be to find a site like www.gamehacking.com and use a compresser and/or encrypter. I'd look for an unpopular one, because them fiendish hex editors have gotten around the encryption methods used by the big boys.
]HighBrow Innovations
Coming soon...

AIM Online Status: 

Noodlez

#3
Maybe you shouldnt do a simple "If" then? And if you intend on using a packer or compressor, write your own.

Mesiah / haiseM

#4
Maybe you shouldn't assume that he knows anything about calculating executable checksums then? I was just providing an alternative if he doesn't.
]HighBrow Innovations
Coming soon...

AIM Online Status: 

Noodlez

#5
QuoteMaybe you shouldn't assume that he knows anything about calculating executable checksums then?

then he'll ask for more help

Mesiah / haiseM

#6
Maybe.
]HighBrow Innovations
Coming soon...

AIM Online Status: 

RhiNo

#7
QuoteIt would be kinda pointless but you could do Form_Load() and then do all that stuff like form1.Caption = "Project Name" and all that stuff.  ::)

that wont stop a half way decent hexer ^^

iago

#8
Form1.caption = chr(&h40) & chr(&h41) & ...

would be slightly more secure :)

or have a string:
dim Str = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
and do form1.caption = mid(Str, 5, 1) & mid(Str, 20, 1) & mid(Str, 2, 1) & mid(Str, 10, 1).. etc

That makes it fairly difficult to find what's going on, then put a couple dummy strings so they *think* they've found the right spot, but really they're just changing "form1.tag" or something :)
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


RhiNo

#9
thats not a bad idea right there :-P

iago

#10
(Thanks to www.try2hack.nl for the idea ;-))
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


n00blar

#11
The problem with using Checksums is the fact that there resides a simple cmp and (C or U) jmp which can easily be patched in a few seconds.

Banana fanna fo fanna

#12
Not if your executable is encrypted based on the checksum ;)

Mesiah / haiseM

#13
yeah unless you use your own encryption, cause just about every popular encryption has public decryption methods everywhere...
]HighBrow Innovations
Coming soon...

AIM Online Status: 

Noodlez

#14
Heres another way to prevent strings from showing up in hex/string refrences (idea stolen from Raihan :P)

Dim x1 as long
x1= 779581303
Dim x5 as long
x5= 1685024622
Dim x9 as long
x9= 779773292
Dim x13 as long
x13= 6779503
xz = MakeDWORD(x1) & MakeDWORD(x5) & MakeDWORD(x9) & MakeDWORD(x13)
MsgBox xz 'will be www.noodlez.org

It looks hard, but not if you write a program to do it for you (like I did)