VBA-M
Moderator: General Mods
-
- ZSNES Developer
- Posts: 3904
- Joined: Tue Jul 27, 2004 10:54 pm
- Location: Solar powered park bench
- Contact:
Okay mudlord, the app is ready. Meet me on IRC for it.
You include a .h file, link against a .c file, and call a function internally inside the app, which you use to make the app fail if it doesn't return success.
Once compiled, you now run my program to "sign" the binary. Once signed, they can't make any changes to the binary, even compressing it, otherwise it'll bomb out when trying to run.
For them to bypass my signing, they'd need to:
A) Figure out how it's signed, and replicate the signing, which odds are, not happening.
B) Hack the code in the binary to skip over the protection routines, possible, but these people don't seem up to that, we'll see. If they bypass it like this, we can toughen it up a bit.
C) Compile from source. As we all know, this is near impossible, and they'd never do that. Why if they do this, we'll just have to let them continue with their stupid hacks
Oh and BTW, the signatures written into the binary are also covered by signatures, and unless you have my algorithms, you won't be able to modify any of them and keep the others in sync, since they all cover each other. Man, I love reading up PhD thesis crypto papers that everyone ignores
You include a .h file, link against a .c file, and call a function internally inside the app, which you use to make the app fail if it doesn't return success.
Once compiled, you now run my program to "sign" the binary. Once signed, they can't make any changes to the binary, even compressing it, otherwise it'll bomb out when trying to run.
For them to bypass my signing, they'd need to:
A) Figure out how it's signed, and replicate the signing, which odds are, not happening.
B) Hack the code in the binary to skip over the protection routines, possible, but these people don't seem up to that, we'll see. If they bypass it like this, we can toughen it up a bit.
C) Compile from source. As we all know, this is near impossible, and they'd never do that. Why if they do this, we'll just have to let them continue with their stupid hacks
Oh and BTW, the signatures written into the binary are also covered by signatures, and unless you have my algorithms, you won't be able to modify any of them and keep the others in sync, since they all cover each other. Man, I love reading up PhD thesis crypto papers that everyone ignores
May 9 2007 - NSRT 3.4, now with lots of hashing and even more accurate information! Go download it.
_____________
Insane Coding
_____________
Insane Coding
-
- -Burninated-
- Posts: 871
- Joined: Mon Sep 10, 2007 11:33 pm
- Location: Unspecified
-
- ZSNES Developer
- Posts: 3904
- Joined: Tue Jul 27, 2004 10:54 pm
- Location: Solar powered park bench
- Contact:
Well, it seems they don't even have the skill to bypass a protection.
Repackaging an old release, that's nice and original.
On the other hand, byuu did bypass the protection within 10 minutes, that's what real developers do.
On the bright side, we now know for any new builds we have with new features we add, they won't be able to put out a ripped off version.
Repackaging an old release, that's nice and original.
On the other hand, byuu did bypass the protection within 10 minutes, that's what real developers do.
On the bright side, we now know for any new builds we have with new features we add, they won't be able to put out a ripped off version.
May 9 2007 - NSRT 3.4, now with lots of hashing and even more accurate information! Go download it.
_____________
Insane Coding
_____________
Insane Coding
-
- ZSNES Developer
- Posts: 6747
- Joined: Tue Dec 28, 2004 6:47 am
Not bad...though if you have some reversing skill, it shouldnt be hard at all.On the other hand, byuu did bypass the protection within 10 minutes, that's what real developers do.
I'm interested with what byuu can do with Starforce, could take 10 hours, 10 days, 10 months (Splinter Cell 3 with SF lasted a year uncracked)....
MIDIs on a webpage? Is it still 1997?
Yeah, Nach asked me to test his protection earlier today. I gave him some suggestions that I strongly recommend you try for hardening things up a bit, but it's always 100x harder to protect an EXE than it is for someone with reverse engineering skills to crack it. You really shouldn't waste your time with these people.
I hijacked the program entry point with a LoadLibrary call, eg DLL injection. From here, I patched back over the entry point so the program would pass its own initial checksum test. I also patched out IsDebuggerPresent, and then hooked Advapi32 calls to block the SoftICE check.
After that, I wrote my own single stepping debugger to let the program decrypt the first payload, and then successfully dumped the process memory to reveal the decrypted program.
From here, it tested to see if two .sys kernel-level drivers were installed, and if not, it would spawn them from the EXE, install them, and then activate them. For Win9x, it'd install VXDs. Scary when you realize those two kernel drivers run 24/7 on your PC.
I had the ability to patch these kernel drivers before they were created, and I could disassemble the drivers, albeit with no heuristics (kernel function call names and such), but I couldn't actively debug them, even with SoftICE. I would basically need a kernel-level debugger to continue, and that requires two machines.
At that point, I realized I was pretty much in over my head, and I really didn't care that much to continue. Could I have cracked it if I kept at it? Probably not. Still, it was a fun learning experience.
Yeah, Nach asked me to test his protection earlier today. I gave him some suggestions that I strongly recommend you try for hardening things up a bit, but it's always 100x harder to protect an EXE than it is for someone with reverse engineering skills to crack it. You really shouldn't waste your time with these people.
Starforce 3 bested me.I'm interested with what byuu can do with Starforce, could take 10 hours, 10 days, 10 months (Splinter Cell 3 with SF lasted a year uncracked)....
I hijacked the program entry point with a LoadLibrary call, eg DLL injection. From here, I patched back over the entry point so the program would pass its own initial checksum test. I also patched out IsDebuggerPresent, and then hooked Advapi32 calls to block the SoftICE check.
After that, I wrote my own single stepping debugger to let the program decrypt the first payload, and then successfully dumped the process memory to reveal the decrypted program.
From here, it tested to see if two .sys kernel-level drivers were installed, and if not, it would spawn them from the EXE, install them, and then activate them. For Win9x, it'd install VXDs. Scary when you realize those two kernel drivers run 24/7 on your PC.
I had the ability to patch these kernel drivers before they were created, and I could disassemble the drivers, albeit with no heuristics (kernel function call names and such), but I couldn't actively debug them, even with SoftICE. I would basically need a kernel-level debugger to continue, and that requires two machines.
At that point, I realized I was pretty much in over my head, and I really didn't care that much to continue. Could I have cracked it if I kept at it? Probably not. Still, it was a fun learning experience.
So their release is not a cracked version of 515? My bad. I was just pointing out what they had said on their site. Good to know your protection works. Hopefully what their doing won't discourage you from working on VBA. WE all know who has put the real time and effort into it. Many thanks to the VBA-M Team, from me as well, I'm sure, most of the emulation community.mudlord wrote:I beg to differ, they are re-reshacking old releases.I am sorry to say it but it looks like they cracked it.
Shame.
[img]http://img259.imageshack.us/img259/2365/pirateuserbartv2.jpg[/img]
E=mc²
"People should not be afraid of their governments, governments should be afraid of their people." -V
[url=http://sc2.sourceforge.net/]The Ur-Quan Masters[/url]
E=mc²
"People should not be afraid of their governments, governments should be afraid of their people." -V
[url=http://sc2.sourceforge.net/]The Ur-Quan Masters[/url]
-
- Veteran
- Posts: 637
- Joined: Sat Apr 21, 2007 8:05 pm
Gladly seconded. We really appreciate your hard work.DEFIANT wrote:Hopefully what their doing won't discourage you from working on VBA. WE all know who has put the real time and effort into it. Many thanks to the VBA-M Team, from me as well, I'm sure, most of the emulation community.
I bring the trouble.
-
- ZSNES Shake Shake Prinny
- Posts: 5632
- Joined: Wed Jul 28, 2004 4:15 pm
- Location: PAL50, dood !
Wasn't that the one asking for the smashed original disk ?
皆黙って俺について来い!!
Pantheon: Gideon Zhi | CaitSith2 | Nach | kode54
Code: Select all
<jmr> bsnes has the most accurate wiki page but it takes forever to load (or something)
-
- -Burninated-
- Posts: 871
- Joined: Mon Sep 10, 2007 11:33 pm
- Location: Unspecified
-
- ZSNES Developer
- Posts: 3904
- Joined: Tue Jul 27, 2004 10:54 pm
- Location: Solar powered park bench
- Contact:
I'm still able to access this page just fine.
http://www.freewebs.com/laterza/index.htm
http://www.freewebs.com/laterza/index.htm
May 9 2007 - NSRT 3.4, now with lots of hashing and even more accurate information! Go download it.
_____________
Insane Coding
_____________
Insane Coding