Re: Encrypt a Dll

From: Victor Pereira (taintmode_at_yahoo.com.br)
Date: 05/05/05 

Date: Thu, 5 May 2005 13:51:55 -0300

Hi lelteto,

My goal is HIDE some algorithm that i want to keep secret. It's very
important to protect it.

When you said something about "do a loadlibrary then dump the memory content
from the load address", how can you do a loadlibrary in a crypted library ?
You don't encrypt DllMain ? I'm thinking to use PE to map the .text section
in my code and decrypt it on the fly. Ok it's not 100% safe but you know
"There's nothing 100% secure and bla bla bla"

Thanks for your help,

Victor

"lelteto" <lelteto@discussions.microsoft.com> wrote in message
news:673C040F-D5EF-4992-92E4-0046D6D14083@microsoft.com...
> 1. I don't think Victor's goal is to copy protect because encryption
itself
> will not help that. There are several software protection products on the
> market (SafeNet's Sentinel and Aladdin's HASP are the market leaders)
which
> can copy protect dlls, too.
> 2. The other reason it doesn't make sense is that if I want to get the dll
I
> can just write a very small program which does LoadLibrary then dump the
> memory content from the load address. (Yes, you may need to make a few
> adjustments but it's not hard to do. And if your goal is to HIDE your code
> than this memory dump will give the attacker all the code in clear text.)
> 3. If your goal is to HIDE / OBFUSCATE your code (eg. you have a
proprietary
> algorithm you want to keep secret) it's much harder. There are tools for
that
> but usually they are expensive (and work on source level obfuscation). By
far
> the best of them is Cloakware - but it's not something you can just go and
> buy as a utility :(
>
> Laszlo Elteto
> SafeNet, Inc.
>
> "Valery Pryamikov" wrote:
>
> > Hi,
> > Encrypting your program for the purpose of copy-protecting is a dead
end. It
> > have been proven many times both practically by software makers and
> > theoretically by scientific works of many very bright scientists.
> > Obfuscation could be helpful for that matter, but not encryption. I've
> > written a couple of blog posts in my blog regarding obfuscation and
Program
> > License Protection, where I've given some pointers that you can read:
> >
http://www.harper.no/valery/PermaLink,guid,24c827f1-50a9-4bd5-82fa-4af09f81e849.aspx
> >
http://www.harper.no/valery/PermaLink,guid,0f90cf89-2689-4b7f-8d50-84c964795f3e.aspx
> > If you interesting in more pointers, I can send you a list of papers
(names
> > and authors) concerning that very subject (totally it would be several
> > thousands pages of reading material if you read everything from that
list
> > :-)
> >
> > -Valery.
> > http://www.harper.no/valery
> >
> >
> > "Victor Pereira" <taintmode@yahoo.com.br> wrote in message
> > news:ul29vHYUFHA.3056@TK2MSFTNGP14.phx.gbl...
> > > Hi, i have a dll and i want to encrypt it.
> > > Well today i'm using a following approach:
> > >
> > > I'm encrypting the dll with a program, then when i want to
loadlibrary()
> > > it,
> > > i decrypt it to a plain-text file, then i loadlibrary the plain-text
file.
> > > So i have my encrypted dll and i have a plain-text version either. To
> > > mitigate this vulnerability, i'm using EFS to protect my plain-text
dll.
> > >
> > > I'm wondering if using the PE format i can do some kind of "on-the-fly
> > > encrypt and decrypt". Is it possible ? There is any example ? Is it a
good
> > > solution ?
> > >
> > > Thanks in advance,
> > >
> > > Victor
> > >
> > >
> >
> >

Relevant Pages

  • Re: Encrypt a Dll
    ... > My goal is HIDE some algorithm that i want to keep secret. ... > When you said something about "do a loadlibrary then dump the memory content ... >> can copy protect dlls, ...
    (microsoft.public.platformsdk.security)
  • Re: Questions about arc4
    ... and increasing te length of the key is highly unlikely to protect ... cannot make trivial breaking it (in the sense to make breaking it ... But it's more probable, if not nearly shure, that evolution will at ... So if a crypto remains strong until knowledge on the algorithm keep ...
    (sci.crypt)
  • Re: Passwords
    ... there are nuisance passwords that do not protect anything important to me. ... I won't say how I generate the random characters. ... Note that this is an important exception to the rule to not reveal your algorithm. ...
    (soc.retirement)
  • Re: A brief question about twofish encryption
    ... >]Does the US government or the police have a backdoor password to the ... >]twofish encryption algorithm? ... > not protect their passwords ...
    (alt.os.linux.suse)
  • Re: ASP.NET 2005 hack-proof?
    ... Obfuscation is not fool-proof once the DLL is obtained. ... So, the amount of trouble, time, and expense to protect intellectual ... >> It will deter the casual decompiler, ...
    (microsoft.public.dotnet.framework.aspnet)
Quantcast