• Welcome to Valhalla Legends Archive.
 

Creating Authentication Systems

Started by Mephisto, December 12, 2004, 05:49 PM

Previous topic - Next topic

MyndFyre

Quote from: R.a.B.B.i.T on December 16, 2004, 04:01 PM
I usually keep 1 algorithm for each series of programs, and I only change it if I know it's been cracked.  I think I should start changing my aglorithims each release now -.-

It wouldn't make a difference if the hacker figured out how to bypass the algo altogether.
QuoteEvery generation of humans believed it had all the answers it needed, except for a few mysteries they assumed would be solved at any moment. And they all believed their ancestors were simplistic and deluded. What are the odds that you are the first generation of humans who will understand reality?

After 3 years, it's on the horizon.  The new JinxBot, and BN#, the managed Battle.net Client library.

Quote from: chyea on January 16, 2009, 05:05 PM
You've just located global warming.

UserLoser.

Quote from: R.a.B.B.i.T on December 16, 2004, 04:01 PM
I usually keep 1 algorithm for each series of programs, and I only change it if I know it's been cracked.  I think I should start changing my aglorithims each release now -.-

Should look into your own encryption/scrambling system if you want it to be more secure.  By secure, I mean take more effort to crack; rather than modifying about 3 bytes of your code in the executable

iago

Is it possible to do encryptions like that for VB programs?  I'm assuming that RaBBiT is using VB, and I know VB is really limited (much like Java) for low level stuff like that.
This'll make an interesting test for broken AV:
QuoteX5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


MyndFyre

Quote from: iago on December 16, 2004, 05:31 PM
Is it possible to do encryptions like that for VB programs?  I'm assuming that RaBBiT is using VB, and I know VB is really limited (much like Java) for low level stuff like that.

You could do a simple encryption with a stub program, I imagine: encrypt the entire program by doing something simple like XORing each byte with an arbitrary byte such as 0x6f or something.  Then prepend a stub that loads the data, decrypts it, and jumps to where the actual entry point *should* be.
QuoteEvery generation of humans believed it had all the answers it needed, except for a few mysteries they assumed would be solved at any moment. And they all believed their ancestors were simplistic and deluded. What are the odds that you are the first generation of humans who will understand reality?

After 3 years, it's on the horizon.  The new JinxBot, and BN#, the managed Battle.net Client library.

Quote from: chyea on January 16, 2009, 05:05 PM
You've just located global warming.

Eibro

Quote from: MyndFyre on December 16, 2004, 05:33 PM
Quote from: iago on December 16, 2004, 05:31 PM
Is it possible to do encryptions like that for VB programs?  I'm assuming that RaBBiT is using VB, and I know VB is really limited (much like Java) for low level stuff like that.

You could do a simple encryption with a stub program, I imagine: encrypt the entire program by doing something simple like XORing each byte with an arbitrary byte such as 0x6f or something.  Then prepend a stub that loads the data, decrypts it, and jumps to where the actual entry point *should* be.
A system like that is equally as weak. I could just convert the descrambling code into an IDC script and run it on scrambled sections.
Eibro of Yeti Lovers.

MyndFyre

Quote from: Eibro[yL] on December 16, 2004, 06:28 PM
A system like that is equally as weak. I could just convert the descrambling code into an IDC script and run it on scrambled sections.

Yes I know.  That's why I said "You could do a simple encryption."  The point was that it would be possible, not the strength of the scheme of protection.
QuoteEvery generation of humans believed it had all the answers it needed, except for a few mysteries they assumed would be solved at any moment. And they all believed their ancestors were simplistic and deluded. What are the odds that you are the first generation of humans who will understand reality?

After 3 years, it's on the horizon.  The new JinxBot, and BN#, the managed Battle.net Client library.

Quote from: chyea on January 16, 2009, 05:05 PM
You've just located global warming.

Banana fanna fo fanna

Should encrypt the exe on disk, and use code modification in-memory to randomly scramble around program flow.

R.a.B.B.i.T

Quote from: MyndFyre on December 16, 2004, 05:04 PM
Quote from: R.a.B.B.i.T on December 16, 2004, 04:01 PM
I usually keep 1 algorithm for each series of programs, and I only change it if I know it's been cracked.  I think I should start changing my aglorithims each release now -.-

It wouldn't make a difference if the hacker figured out how to bypass the algo altogether.
It would change the place where the jump occured, however!

UserLoser.

Quote from: R.a.B.B.i.T on December 19, 2004, 09:56 PM
Quote from: MyndFyre on December 16, 2004, 05:04 PM
Quote from: R.a.B.B.i.T on December 16, 2004, 04:01 PM
I usually keep 1 algorithm for each series of programs, and I only change it if I know it's been cracked.  I think I should start changing my aglorithims each release now -.-

It wouldn't make a difference if the hacker figured out how to bypass the algo altogether.
It would change the place where the jump occured, however!

So?  Then all someone has to do is disassemble it or do what they did the first time to find it

R.a.B.B.i.T

True, but it does get annoying to decompile and change the program every time.  Cracking the serial would work until the algorithm would change.

Banana fanna fo fanna

it would take prolly 5 min to crack that protection.

R.a.B.B.i.T

I never said it was the best, or even GOOD.  It was just an example.

TheMinistered

#57
Yes, it is possible-- although quite ugly!  The key to doing it is a v-table hack & signatures.  We use the v-table hack so that we can write our scramble/descramble encrypt/decrypt in assembly.  Then the assembly needs signatures, since we can't do inline assembly we give the scramble/descramble encrypt/decrypt a dummy parameter and we pass something obvious like 0x12345678 or 0xBADBEEF, something our routines can scan for to know where to stop at.  It also requires a bit more for signatures using this method because the signatures will be pushed onto the stack before the call, etc.


Dim m_objProtection as new clsProtection

Private Sub Form_Load()
    Set m_objProtection = new clsProtection
End Sub

Private Sub DoMath()
  Dim lngX as long, lngY as long   

    Call m_objProtection.Decramble(&H12345678)
        lngX = 1
        lngY = 1
        lngX = lngX + lngY
    Call m_objProtection.Scramble(&H87654321)
End Sub

Private Sub Form_Unload(ByRef Cancel as Integer)
    Set m_objProtection = Nothing
End Sub


Arta

Nice to see you got that working in the end :)

Newby

Nice to see I didn't have to write the scrambling part after all. :)
- Newby

Quote[17:32:45] * xar sets mode: -oooooooooo algorithm ban chris cipher newby stdio TehUser tnarongi|away vursed warz
[17:32:54] * xar sets mode: +o newby
[17:32:58] <xar> new rule
[17:33:02] <xar> me and newby rule all

Quote<TehUser> Man, I can't get Xorg to work properly.  This sucks.
<torque> you should probably kill yourself
<TehUser> I think I will.  Thanks, torque.

|