========================================================
UPX-SCRAMBLER 3.06 (Engine 1.06) by ©OnT®oL/Incorporated
========================================================
INTRODUCTION
============
This is a modifier for files packed with one of the best loseless file compression programs ever made - Ultimate Packer for eXecutables - (UPX) It modifies the packed files in such a way that it cannot be unpacked with the "-d" option which is inbuilt into UPX. This way your files are a 'LITTLE' better protected from lamers who might want to peek at your code for some unforseen reason....Anyways none of us like the useless crap that this otherwise good packer puts in our files so here's an effective way of removing it instead of having to do it yourself each time or coding a program to do it for ya ( knowing that most of you do it! ). This program has been tested under Windows 9X, Windows NT, Windows 2000 and Windows Me. Also note that this program was intended for personal use but I released it for the public as I thought it could be helpful!
UPX Shell v1.0.0 Official!
-
Num3
- PureBasic Expert
- Posts: 2812
- Joined: Fri Apr 25, 2003 4:51 pm
- Location: Portugal, Lisbon
- Contact:
http://www.exetools.com/
darklordz wrote:No thats y i call it protection. The compressed file will always be backed up first before editing it. You see what my "Protect" File functions do is nothing more then replace a couple of bytes with 00. So that upx can still regognise them but can't (de)compress them....
Unfortunately if you simply replace a couple of bytes, you can just as easily put them back
Simple example... UPX and protect an app with your program.
Now download the following app (written in PB of course), run it and select the file you have just protected. Your app will be unprotected and the UPX will be removed. TaaDaa !!
http://www.reelmediaproductions.com/test/DeShell.zip
By the way, your "Protect" option violates the UPX license (specifically these terms)...
The stub which is imbedded in each UPX compressed program is part of UPX and UCL, and contains code that is under our copyright. The terms of the GNU General Public License still apply as compressing a program is a special form of linking with our stub.
2. This also implies that the UPX stub must be completely unmodfied, i.e. the stub imbedded in your compressed program must be byte-identical to the stub that is produced by the official unmodified UPX version.
- We grant you special permission to freely use and distribute all UPX
compressed programs. But any modification of the UPX stub (such as,
but not limited to, removing our copyright string or making your
program non-decompressible) will immediately revoke your right to
use and distribute a UPX compressed program.
- UPX is not a software protection tool; by requiring that you use
the unmodified UPX version for your proprietary programs we
make sure that any user can decompress your program. This protects
both you and your users as nobody can hide malicious code -
any program that cannot be decompressed is highly suspicious
by definition.
Last edited by Paul on Mon Dec 15, 2003 4:12 am, edited 1 time in total.
it took under 5 minutes to decompress any UPX-Packed-exe .
Just use Ollydebug, open your packed exe, sets the breakpoint and let unpack it.
Then write the images down on the disk and create a new PE-Header (with PE-Lord for example) .To easy to do.
btw, the source for Upx is available . study them and write your own system. Its not that hard task and remember, It can be done in Purebasic .
Just use Ollydebug, open your packed exe, sets the breakpoint and let unpack it.
Then write the images down on the disk and create a new PE-Header (with PE-Lord for example) .To easy to do.
btw, the source for Upx is available . study them and write your own system. Its not that hard task and remember, It can be done in Purebasic .
SPAMINATOR NR.1
@Paul if it is indeed the stub that beeing modified then so be it. But due to every file having a different filesize the stub is on a different position every time (Unless you pack he same file over and over....). Every file has lots of 0. So it doesnt matter unless if you have the original to compare the protected version against.....
@darklordz
Of course it is the stub you are modifying, that is why the bytes can be put back.
I'm not sure how knowledgable you are at programming but the UPX stub is the beginning part of the program that does the work to get your app to eventually run.
This stub is at the same position and contains the same data on every app you UPX, regardless of file size. That is why it is so simple to put these bytes back that you have modified.
Did you actually try the little app I made that repairs the stub you have modified? Try it on your UPXShell app. You will see that it easily puts back the missing bytes and then removes the UPX from it.
Of course you do not have to believe me and you can release all the apps you want, thinking that they are protected. Really doesn't matter to me!
Personally I don't think it is right to give others a fault sense of security by saying it is protecting their apps, not to mention breaking a software license agreement.
Of course that is only my opinion and to each his own.
Of course it is the stub you are modifying, that is why the bytes can be put back.
I'm not sure how knowledgable you are at programming but the UPX stub is the beginning part of the program that does the work to get your app to eventually run.
This stub is at the same position and contains the same data on every app you UPX, regardless of file size. That is why it is so simple to put these bytes back that you have modified.
Did you actually try the little app I made that repairs the stub you have modified? Try it on your UPXShell app. You will see that it easily puts back the missing bytes and then removes the UPX from it.
Of course you do not have to believe me and you can release all the apps you want, thinking that they are protected. Really doesn't matter to me!
Personally I don't think it is right to give others a fault sense of security by saying it is protecting their apps, not to mention breaking a software license agreement.
Of course that is only my opinion and to each his own.
@paul I see no download link?
@paul I did not give anyone a false sence of security I just tried your solution. I compressed a file took those offsets and compressed a bigger file and "protected" that. then i too the offsets from the first file and put the upx "stub" back.....And it didn't work..... So plz gimme a download link. And my app that the ability to.... My app is not in violation of any law. I don't think i fooled anyone, because not everybody knows how to even use a hexeditor.... And what the stub lookes like. I found this "trick" of mine when i was dabeling with a hexeditor. And it worked. Every "protection" scheme can be broken....
@paul I did not give anyone a false sence of security I just tried your solution. I compressed a file took those offsets and compressed a bigger file and "protected" that. then i too the offsets from the first file and put the upx "stub" back.....And it didn't work..... So plz gimme a download link. And my app that the ability to.... My app is not in violation of any law. I don't think i fooled anyone, because not everybody knows how to even use a hexeditor.... And what the stub lookes like. I found this "trick" of mine when i was dabeling with a hexeditor. And it worked. Every "protection" scheme can be broken....
That is sooo funny
The 3 executables i tested ur app on. well WHAHHAHA!
i'll let the facts speak for themselves...
i have created 4 rar files each containing a program created by rockstar on the blitz forums.
http://www.balpoint.com/temp/fpsdemo%20original.rar
http://www.balpoint.com/temp/fpsdemo%20compressed.rar
http://www.balpoint.com/temp/fpsdemo%20protected.rar
http://www.balpoint.com/temp/fpsdemo%20badfix.rar
the first one is the original compiled one
the second one is teh compressed one (using upx shell)
the third one is the "protected" one
the fourth one is the "fixxed" one.
as you may have noticed the fourth one gives an error. Now why is that.
if you compare the fixed one with the compressed one in a hexditor you'll see the "stub" starts @ a different offset. And i can scream this off the top of my lungs that the stub cannot just be put on a static offset! So my protection feature might be luckely reverse enginered but in this case it didn't work. thanks you for waisting my time and for you're comments. this is hopefully the proof you required to show you that your method isn't shall i say stable....
Note: This proved my theory right and you wrong...
Also don't forget the bug i mentioned, dont use UP 0 use UPX0......
[Edit] i also don't get what your problem is. I released an app and this app has been around since last year. I just added a protection feature to give users a choice. Now i don't see anything wrong with that. You can ethicaly choose not use it! Im not forcing anybody.
The 3 executables i tested ur app on. well WHAHHAHA!
i'll let the facts speak for themselves...
i have created 4 rar files each containing a program created by rockstar on the blitz forums.
http://www.balpoint.com/temp/fpsdemo%20original.rar
http://www.balpoint.com/temp/fpsdemo%20compressed.rar
http://www.balpoint.com/temp/fpsdemo%20protected.rar
http://www.balpoint.com/temp/fpsdemo%20badfix.rar
the first one is the original compiled one
the second one is teh compressed one (using upx shell)
the third one is the "protected" one
the fourth one is the "fixxed" one.
as you may have noticed the fourth one gives an error. Now why is that.
if you compare the fixed one with the compressed one in a hexditor you'll see the "stub" starts @ a different offset. And i can scream this off the top of my lungs that the stub cannot just be put on a static offset! So my protection feature might be luckely reverse enginered but in this case it didn't work. thanks you for waisting my time and for you're comments. this is hopefully the proof you required to show you that your method isn't shall i say stable....
Note: This proved my theory right and you wrong...
Also don't forget the bug i mentioned, dont use UP 0 use UPX0......
[Edit] i also don't get what your problem is. I released an app and this app has been around since last year. I just added a protection feature to give users a choice. Now i don't see anything wrong with that. You can ethicaly choose not use it! Im not forcing anybody.
cool down darklordz or leave!
Paul only said that your "protection" isnt good because
it can be reversed most time.
If you found 1 app now that cant be unprotected, be happy
your protection works at least for 1 application.
Dont think and act like you are the best, there are people
here who actually know much more about protection and
cracking than you'll ever know.
And now shut it please, i'm getting bored...
Paul only said that your "protection" isnt good because
it can be reversed most time.
If you found 1 app now that cant be unprotected, be happy
your protection works at least for 1 application.
Dont think and act like you are the best, there are people
here who actually know much more about protection and
cracking than you'll ever know.
And now shut it please, i'm getting bored...
-
Codemonger
- Enthusiast
- Posts: 384
- Joined: Sat May 24, 2003 8:02 pm
- Location: Canada
- Contact:
I don't know anything about UPX, is it like a self executing compressed exe ? what can it do for DLL's ? what is it good for ?
I checked out the website for UPX, it didn't tell me much except that it compresses executables ... can someone briefly explain , and tell me the benefits. I am interested.
Thanks.
I checked out the website for UPX, it didn't tell me much except that it compresses executables ... can someone briefly explain , and tell me the benefits. I am interested.
Thanks.
<br>"I deliver Justice, not Mercy"
    - Codemonger, 2004 A.D.
    - Codemonger, 2004 A.D.