gman24
Jul 13 2004, 01:20 AM
This is by method at hxxp://methlab.tech.nu/ or easier to remember hxxp://www.methlabs.org (p2p/government and military/ad blocklist site)
I havn't tested or looked through it yet.
Here is the quote from his post
| QUOTE |
Protect your VB apps against..
'- "SoftICE"
'- "Win32Dasm"
'- "Debuggy By Vanja Fuckar"
'- "OllyDBG"
'- "ProcDump by G-Rom, Lorian & Stone"
'- "SoftSnoop by Yoda/f2f"
'- "TimeFix by GodsJiva"
'- "TMR Ripper Studio"
Also has step-debug detection too so it can find other debugger apps that are stepping through the code
C'ya!!
|
setthesun
Jul 13 2004, 06:06 AM
Thank you for this, For example all of yahoo games are using protection. Also it includes filemon, regmon (sysinternal tools)
passi
Jul 13 2004, 10:34 AM
Hey many thanks for this!
This is really good
Kynroxes
Jul 14 2004, 01:54 AM
yeah really good, and tks for the source
tweakz20
Jul 15 2004, 03:50 PM
detect step through eh? don't believe that at all...
did anyone actually try this and then try to crack their own program?.. i would if i had a vb compiler
MaNiAx
Jul 15 2004, 04:03 PM
wow really cool stuff, thanks for this .
gman24
Jul 15 2004, 08:33 PM
" detect step through eh?"
The way that step through seems to work is like this
| CODE |
'Check for Step Debugger
Timer_start = Timer
For s = 1 To 25
PSub 'Pointless Sub
PFunction (s + Int(Rnd * 20)) 'Pointless Function
Next s
Timer_time = Timer - Timer_start
'Step-debugging Detected...
If Timer_time > 1 Then
End
End If
|
Sees if it takes more time than it should to complete those commands (25 sub and function calls). If so it closes the program. Not the most complex method.
You need to compile to pcode for it to work it seems (says to in the code at least)
I havn't compiled it yet, I havn't booted into windows to try it out yet. (I will try it next time I boot into windows)
tweakz20
Jul 15 2004, 10:26 PM
not sure how it would turn up in ASM, but if it's something like this....
CMP [time] 1
jge [address]
[address]
call [end call]
but there's probably a resource call to a timer and end there.. setting ollydbg to break at the call to end should work fine. (then change the jump if greater to null)
not giving a tut on how to break it.. (that was a guess of around how to do it).. but i'm just trying to point out that it's impossible to have safe code.... i mean, seriously, give a geek some caffine, a PC, and a fair amount of time, anything's possible!
edit- this was for VB programs right? why not just use a decompiler?
gman24
Jul 15 2004, 10:53 PM
I thought of the same thing, makes it harder to crack not crackproof. Ya your right on that could be one way to bypass the stepthrough protection. It uses other methods as well, all bypassable if you look into it.
VB6 decompilers are limited. You usually use them in conjunction with a dissasembler.
I can write tuts on how to bypass all the methods, but it is a better than nothing.
| QUOTE |
give a geek some caffine, a PC, and a fair amount of time, anything's possible!
|
lol, that's going to be my new motto.
gman24
Jul 20 2004, 08:46 PM
Here is the compiled prog for people who just want to test it.
I tried active debugging with w32dsm and it worked.
There are a couple of ways to get aroud everything.
tweakz20
Jul 20 2004, 11:33 PM
whoa, is that code encrypted? my dissassembler's first pass came up bad.. or is that another feature they put in?
(btw- it's like everyother line is ADD!)
gman24
Jul 21 2004, 09:06 PM
Encryption is one of the methods it uses yes. You can use thier function to encrypt strings you want to encrypt.
They also use useless conditional branches, junk code, and some other stuff.
jetprice
Jul 23 2004, 02:56 AM
What in the name of Zeuses buthole has this to do with security ?!?
There is ALWAYS a solution to disable/bypass/... such protections, stop making them .. they are useless, broken in a day.
JDog45
Jul 23 2004, 06:38 PM
| QUOTE (jetprice @ Jul 23 2004, 02:56 AM) |
What in the name of Zeuses buthole has this to do with security ?!?
There is ALWAYS a solution to disable/bypass/... such protections, stop making them .. they are useless, broken in a day. |
Maybe in the wrong topic, but it does have to do with security...software security.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.
