PureBasic Forums - English

http://www.purebasic.com
https://www.purebasic.fr/english/

Really good protection system?

https://www.purebasic.fr/english/viewtopic.php?t=23273

Page 5 of 8

Posted: Fri Aug 25, 2006 3:24 pm
by thefool
Max. wrote:
thefool wrote:Max. : Normally you would debug it instead of just disassembling. Try to launch the exe using olly [or attach yourself to the process] instead, then it would probably look different. Yeah upload an executable, please..
The dump in my posting was from Ollydebug.
i know but did you RUN the exe so it has a chance to run the decryptor?

Posted: Fri Aug 25, 2006 3:56 pm
by Max.
thefool wrote:
Max. wrote:
thefool wrote:Max. : Normally you would debug it instead of just disassembling. Try to launch the exe using olly [or attach yourself to the process] instead, then it would probably look different. Yeah upload an executable, please..
The dump in my posting was from Ollydebug.
i know but did you RUN the exe so it has a chance to run the decryptor?
How can I disassemble a program in Ollydebug without running it?

Beside, it isn't a classic decryptor one could dump the image in memory, but a virtual machine, where each opcode in the protected areas is interpreted at run-time (including performance penalties) - they say.

Anyway, just try it (http://www.zerowaitingtime.com/2455-dow ... Simple.exe).

I didn't bother much with the serial verification, used just 1 Virtual Machine and not the highest VM complexity, so guessing a correct number would be quite easy.

Posted: Fri Aug 25, 2006 4:05 pm
by thefool
Listen dude. When you first start it olly first dissassemble it, you got to push the run button to see the decrypted view. For example, if you have a self-modifying program that decrypts a part of itself when you want to do it, you first have to run through till you arrive at the destination its decrypted, THEN stop and there you have the decrypted memory view.

You dont get what i say, do you :?
Beside, it isn't a classic decryptor, but a virtual machine, where each opcode in the protected areas is interpreted at run-time (including performance penalties).
so?

Posted: Fri Aug 25, 2006 4:10 pm
by techjunkie
Cool! :P

Image

Posted: Fri Aug 25, 2006 4:12 pm
by Max.
thefool wrote:Listen dude. When you first start it olly first dissassemble it, you got to push the run button to see the decrypted view. For example, if you have a self-modifying program that decrypts a part of itself when you want to do it, you first have to run through till you arrive at the destination its decrypted, THEN stop and there you have the decrypted memory view.

You dont get what i say, do you :?
Beside, it isn't a classic decryptor, but a virtual machine, where each opcode in the protected areas is interpreted at run-time (including performance penalties).
so?
You over and over proof that you are a rude little fellow. Didn't expect anything else from you, tbh. And with that our little conversation ends. Have fun playing with yourself, I tend to enlighten the worthy only. :lol:

Posted: Fri Aug 25, 2006 4:45 pm
by thefool
Good thing you put that smiley otherwise i would kill you :)

well codevirtualizer is, a part of the Themida protection "plan". As i stated earlier, themida is not simply dumpable. So you were right.
I am having a look at it.

Posted: Sat Aug 26, 2006 3:28 am
by NoahPhense
localmotion34 wrote:you hear about the math genius who solved a hundred year old equation, and then refused the prize? apparently he is a severe recluse, and hates attention.
Yeah, that's me most weekends. ;)

- np

Posted: Sun Jan 07, 2007 2:11 pm
by utopiomania
@localmotion34, No offence, but I think hanzProf is nearer the truth than you are. It doesn't make
sense to crack ExeCryptor, then keep this fact a secret.

If I understand ExeCryptor's workings right, I can decide which part of the code is to be obfuscated
(at the machine code level), and to what degree. The protected code can for example be a 100 times
bigger than normal, and must be manually back-tracked first to understand what the code do.

This is virtually impossible

The below is obfuscated source code, what if it were 100 pages of pure machine code? The best thing
is, next time a program is compiled int a new minor version, the code looks completely different again
and the crackers have to do it all over again :)

Code: Select all

#define O(b,f,u,s,c,a)b(){int o=f();switch(*p++){X u:_ o s b();X c:_ o a b(); 
default:p--;_ o;}} 
#define t(e,d,_,C)X e:f=fopen(B+d,_);C;fclose(f) 
#define U(y,z)while(p=Q(s,y))*p++=z,*p=' ' 
#define N for(i=0;i<11*R;i++)m[i]&& 
#define I "%d %s\n",i,m[i] 
#define X ;break;case 
#define _ return 
#define R 999 
typedef char*A;int*C,E[R],L[R],M[R],P[R],l,i,j;char B[R],F[2];A m[12*R],malloc 
(),p,q,x,y,z,s,d,f,fopen();A Q(s,o)A s,o;{for(x=s;*x;x++){for(y=x,z=o;*z&&*y== 
*z;y++)z++;if(z>o&&!*z)_ x;}_   0;}main(){m[11*R]="E";while(puts("Ok"),gets(B) 
)switch(*B){X'R':C=E;l=1;for(i=0;i<R;P[i++]=0);while(l){while(!(s=m[l]))l++;if 
(!Q(s,"\"")){U("<>",'#');U("<=",'$');U(">=",'!');}d=B;while(*F=*s){*s=='"'&&j 
++;if(j&1||!Q(" \t",F))*d++=*s;s++;}*d--=j=0;if(B[1]!='=')switch(*B){X'E':l=-1 
X'R':B[2]!='M'&&(l=*--C)X'I':B[1]=='N'?gets(p=B),P[*d]=S():(*(q=Q(B,"TH"))=0,p 
=B+2,S()&&(p=q+4,l=S()-1))X'P':B[5]=='"'?*d=0,puts(B+6):(p=B+5,printf("%d\n",S 
()))X'G':p=B+4,B[2]=='S'&&(*C++=l,p++),l=S()-1 X'F':*(q=Q(B,"TO"))=0;p=B+5;P[i 
=B[3]]=S();p=q+2;M[i]=S();L[i]=l X'N':++P[*d]<=M[*d]&&(l=L[*d]);}else p=B+2,P[ 
*B]=S();l++;}X'L':N printf(I)X'N':N free(m[i]),m[i]=0   X'B':_ 0 t('S',5,"w",N 
fprintf(f,I))t('O',4,"r",while(fgets(B,R,f))(*Q(B,"\n")=0,G()))X 0:default:G() 
;}_ 0;}G(){l=atoi(B);m[l]&&free(m[l]);(p=Q(B," "))?strcpy(m[l]=malloc(strlen(p 
)),p+1):(m[l]=0,0);}O(S,J,'=',==,'#',!=)O(J,K,'<',<,'>',>)O(K,V,'$',<=,'!',>=) 
O(V,W,'+',+,'-',-)O(W,Y,'*',*,'/',/)Y(){int o;_*p=='-'?p++,-Y():*p>='0'&&*p<= 
'9'?strtol(p,&p,0):*p=='('?p++,o=S(),p++,o:P[*p++];}

Posted: Sun Jan 07, 2007 3:14 pm
by ricardo
I take a look into Code Virtualizer and it looks good (price is comfortable too). Can anybody here tells me if they feel its a good protection?

Re: Really good protection system?

Posted: Sun Jan 07, 2007 3:42 pm
by ricardo
Max. wrote:

Code: Select all

Macro VIRTUALIZER_START
    
 !db $EB, $10, $43, $56, $20, $20, $0C, $00, $00, $00, $00, $00, $00, $00, $43, $56, $20, $20
 
EndMacro


Macro VIRTUALIZER_END
    
!db  $EB, $10, $43, $56, $20, $20, $0D, $00, $00, $00, $00, $00, $00, $00, $43, $56, $20, $20

EndMacro
 
 Result.s = InputRequester("Licensing","Please enter your serial to continue","")
 
 Serial.l = Val (Result.s)
 
 VIRTUALIZER_START
 
 If Serial % 2 = 0 And Serial % 3 = 0 
    ok = 1
 Else
    ok = 0
 EndIf
 
 If ok
    RetVal = MessageRequester ("Ok!","Thank you")
 Else
    RetVal = MessageRequester ("Failed!","Have a bad day")
 EndIf    
 
 VIRTUALIZER_END
 
 End
How to use if from PB 3.94?

Posted: Sun Jan 07, 2007 10:25 pm
by utopiomania
Forget 'Code Virtualizer'. It relies on an internal 'VM', so it's closed loop and can be cracked easily.

ExeCryptor on the other hand just messes up your code to the point where it takes Man-Years
to decode.

The point is, if you think your program is worth selling, spending a few bucks on the right commercial
protection is the best thing you can do.

Posted: Mon Jan 08, 2007 12:34 am
by ricardo
utopiomania wrote:Forget 'Code Virtualizer'. It relies on an internal 'VM', so it's closed loop and can be cracked easily.
Are you sure? I was about buying it... but now you make me insecure about buying it.
ExeCryptor on the other hand just messes up your code to the point where it takes Man-Years
to decode.

The point is, if you think your program is worth selling, spending a few bucks on the right commercial
protection is the best thing you can do.
Which one?

Posted: Mon Jan 08, 2007 1:11 am
by PB
Two suggestions here were to delete the hard disk or ruin the data created by
an app that was cracked. Just remember that if you do that, you better have a
lot of money and a damn good lawyer to protect yourself from a lawsuit.

Posted: Mon Jan 08, 2007 11:10 am
by Baldrick
Just wondering if anyone has any experience as to whether usb / lpt dongles as a form of software protection are worthwhile?
I do install a couple of products which use them & they do seem ok, but then I have never attempted to bypass them either.
for example:

http://www.matrixlock.de/english/index.htm

above url is just from a quick google search, so I know absolutely nothing about them..

Posted: Mon Jan 08, 2007 9:16 pm
by ricardo
Invitation fro cracking PLEASE!!

I just buy Code Virtualizer and im doing a simple test. Please download a very simple PB protected application from

http://www.yenerich.com/ForCrack.zip

and crack it.

(Its just a input requester and detection if the key is right or wrong)

*Don't have any other protection but Code Virtualizer.

Thanks in advance!
All times are UTC+01:00
Page 5 of 8

Powered by phpBB® Forum Software © phpBB Limited