hi,
a malicious hacker recently got into my servers and withdrew an EXE file of an extremely private network program that leads to our remote console.
He then proceeded to decompile it, extracting pure basic sourcecode.
How can I protect future code from this?
my programs have been decompiled!
-
rory-games
- User
- Posts: 39
- Joined: Sun Feb 02, 2020 9:14 am
- Contact:
-
NicTheQuick
- Addict
- Posts: 1527
- Joined: Sun Jun 22, 2003 7:43 pm
- Location: Germany, Saarbrücken
- Contact:
Re: my programs have been decompiled!
You need to secure your server better.
Disassembling is always possible.
Also you never should compile sensitive information into an executable. Write your code as it would be OpenSource.
Btw. How do you know all that? He can not extract your Purebasic code but in theory he can match what it would look like. But never exactly.
Disassembling is always possible.
Also you never should compile sensitive information into an executable. Write your code as it would be OpenSource.
Btw. How do you know all that? He can not extract your Purebasic code but in theory he can match what it would look like. But never exactly.
The english grammar is freeware, you can use it freely - But it's not Open Source, i.e. you can not change it or publish it in altered way.
Re: my programs have been decompiled!
I don't think hat it is possible to get the PB source code out of an exe file.
Of course you can disassemble an exe file, but this does not result in the source code.
If you rename the large PB IDE generated temporary exe file which contains all of the debug informations,
maybe then it is possible to get more useful infos.
Of course you can disassemble an exe file, but this does not result in the source code.
If you rename the large PB IDE generated temporary exe file which contains all of the debug informations,
maybe then it is possible to get more useful infos.
Re: my programs have been decompiled!
No, he didn't. You can't unscramble an egg. He may have got decompiled assembly code, but it wasn't PureBasic source code.rory-games wrote:He then proceeded to decompile it, extracting pure basic sourcecode.
Re: my programs have been decompiled!
True they can disassemble to ASM but what is important is what method they used to infiltrate? Do you know?
That is helpful to the community here.
That is helpful to the community here.
The nice thing about standards is there are so many to choose from. ~ Andrew Tanenbaum
Re: my programs have been decompiled!
There is only a decompiler for C/C++ binary or .NET compilations, not for purebasic (that i know offrory-games wrote:He then proceeded to decompile it, extracting pure basic sourcecode.
You can't protect your code 100% against decompilation. But you can make it hard enough for an attacker, that they will simply give up. That is a race tough - how much time do you want to invest into a protection scheme and how much time will an attacker be willing to spend?rory-games wrote:How can I protect future code from this?
You can find products to protect a PE binary from decompilation, but they often just use simple tricks that known decompilers can't deal with. Till the next upcoming version or a competing product can do it.
Don't expect an attacker to actually tell you how he did it. They will often tell you nonsense like having used a decompiler for your binary while they actually sniffed login and connection strings from the data section of your binary or stole it by breaking into your server. You could ask a trustworthy person to get the info and tell you how they did it and maybe together tell you how to change your methods to avoid that specific method. You can make it a lot harder, but not impossible to get this information.
Where is the data stored that the attacker used?
On a web server?
Ask google for a web server audit. You will find many tools and methods.
Inside the binary?
Is the information openly visible with a hex viewer?
ps: don't buy any decompiler protection products unless you understand how they work. Otherwise you might have just wasted your money for snake oil