Re: Dll Security

From: Keith Oxenrider (koxenrider_at_sol-biotech.com)
Date: 05/07/05

  • Next message: contact_at_webappsec.org: "Announcement: The Web Security Mailing List" 
    Date: Sat, 07 May 2005 15:13:46 -0400
To: VP <pelasaco@gmail.com>, secprog@securityfocus.com

    The real question you should be asking is 'what is the point?' Any decent
    cracker will be able to look at your decrypted binary in RAM, even make a
    copy of it for later use. The very best you can do is raise the bar, but
    to have any real chance of making a difference you need to make your
    program detect that it is being run in a debugger (not a trivial task and
    probably one that is fundamentally impossible, as the hardware itself can
    be emulated) and continue to run, but with some subtle differences that
    make it unusable (if it just crashes, it tells the cracker just what she
    needs to know to bypass the check). Obscuring the code generally makes
    maintenance costs skyrocket; you should do an economic analysis to prove
    that the extra effort will be repaid. Keep in mind that legitimate users
    often need to run their code in debuggers as well, so be sure to factor in
    the ill will created when their attempts to debug their code that uses your
    DLL cause all sorts of nasty problems for them (not to mention the support
    calls!).

    Keith Oxenrider
    CISSP

    At 04:17 PM 5/6/2005 -0300, VP wrote:
    >Hi, i have a dll and i want to encrypt it to hide (obfuscate ??) an
    >important algorithm used here.
    >
    >Well today i'm using a following approach:
    >
    >I'm encrypting the dll with a program, then when i want to loadlibrary() it,
    >i decrypt it to a plain-text file, then i loadlibrary the plain-text file.
    >So i have my encrypted dll and i have a plain-text version either. To
    >mitigate this vulnerability, i'm using EFS to protect my plain-text dll.
    >
    >I'm wondering if using the PE format i can do some kind of "on-the-fly
    >encrypt and decrypt". Is it possible ? There is any example ? Is it a good
    >solution ?
    >
    >Thanks in advance,
    >
    >Victor

  • Next message: contact_at_webappsec.org: "Announcement: The Web Security Mailing List"

    Relevant Pages

    • Re: CAN STRONG NAMES BE CRACKED?
      ... > and read anything in it even if you aren't even a good cracker? ... obfuscator can you return the source code to me? ... break your .DLL if I needed it I would buy it. ... estimating a smaller loss if you right it in C++ or if you write it for ...
      (microsoft.public.dotnet.languages.vb)
    • Re: How do I stop my software from getting cracked?
      ... separate DLL. ... You can write self-modifying code to confuse the cracker. ... I put all the license check code in a method critical to ... some critical functionality here... ...
      (microsoft.public.dotnet.languages.csharp)
    • Re: System-wide hooking, VB+ASM
      ... >> The real question is: 'can you use an AX DLL for systemwide hooks ?' ... I have just done some experiments (with the usual horrendous crashes) ...
      (microsoft.public.vb.winapi)
    • Re: System-wide hooking, VB+ASM
      ... > The real question is: 'can you use an AX DLL for systemwide hooks ?' ... the question of the meaning of "regular DLL" and the related ...
      (microsoft.public.vb.winapi)
    • Re: System-wide hooking, VB+ASM
      ... >What context are you referring to? ... The real question is: 'can you use an AX DLL for systemwide hooks ?' ...
      (microsoft.public.vb.winapi)