Re: Dll Security

Valdis.Kletnieks_at_vt.edu
Date: 05/09/05

Next message: Slavisa Dojcinovic: "RE: Dll Security"

Previous message: contact_at_webappsec.org: "Announcement: The Web Security Mailing List"
In reply to: VP: "Dll Security"
Next in thread: Slavisa Dojcinovic: "RE: Dll Security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: VP <pelasaco@gmail.com>
Date: Sun, 08 May 2005 19:34:37 -0400

On Fri, 06 May 2005 16:17:30 -0300, VP said:
> Hi, i have a dll and i want to encrypt it to hide (obfuscate ??) an
> important algorithm used here.

Good luck. You're probably better off making the customer sign an NDA
or other document that has some teeth in it, so that you can sue them if
they rip your code off. I have more faith in a good lawyer being able
to bulletproof the problem than a good programmer...

> I'm encrypting the dll with a program, then when i want to loadlibrary() it,
> i decrypt it to a plain-text file, then i loadlibrary the plain-text file.
> So i have my encrypted dll and i have a plain-text version either. To
> mitigate this vulnerability, i'm using EFS to protect my plain-text dll.

So far so good, except....

> I'm wondering if using the PE format i can do some kind of "on-the-fly
> encrypt and decrypt". Is it possible ? There is any example ? Is it a good
> solution ?

The first guy who comes along with a debugger will have little to no problem
getting your code extracted. Note that even loading the encrypted form, then
checking if you're being debugged, then decrypting and calling the code won't
work, because there's a race condition - they can attach the debugger after
your test. And they can make the timing hole arbitrarily large - a bunch
of 'for(;;)' loops will slow things down. You can't even raise your priority
by a notch, as the attacker can raise the priority of their cycle-suckers by
2 notches and the debugger by 3.

This is *really* a "You can't win this one" game. You *might* be able
to if there's proper hardware support - but note that even the now-emerging
"trusted computing" chipsets probably can be subverted....

application/pgp-signature attachment: stored

Next message: Slavisa Dojcinovic: "RE: Dll Security"

Previous message: contact_at_webappsec.org: "Announcement: The Web Security Mailing List"
In reply to: VP: "Dll Security"
Next in thread: Slavisa Dojcinovic: "RE: Dll Security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

multithreaded debugging
... Do you know if are there any problems with debugger? ... to debug graphic interface (priority level 251) cause stopping higher ... Questo messaggio è strettamente confidenziale e destinato esclusivamente ...
(microsoft.public.windowsce.platbuilder)
Re: multithreaded debugging
... >problems with debugger? ... Trying to debug graphic interface (priority level 251) cause stopping higher priority threads ... potrebbe contenere informazioni riservate e/o confidenziali. ...
(microsoft.public.windowsce.platbuilder)
Re: Dll Security
... solution even if i just raise the bar. ... > program detect that it is being run in a debugger (not a trivial task and ... >>I'm encrypting the dll with a program, then when i want to loadlibraryit, ...
(SecProg)
Re: Divisions of labor
... > debugger guru, you don't know how much you would use the debugger ... > All of programming isn't debugging, so becoming a master of the debugger ... > Another question that I'd like to raise is, ... > Slashdot) result in an improvement of productivity immediately. ...
(comp.lang.python)
Raising events quickly from DLL server crashes the client
... I don't know which is the cause, but I've noted that if I raise some ... events quickly, my VB6 client crashes. ... when I run my client app from the IDE attached to the VC debugger ... CComVariant varResult; ...
(microsoft.public.vc.atl)