[gman24]

This is by method at hxxp://methlab.tech.nu/ or easier to remember hxxp://www.methlabs.org (p2p/government and military/ad blocklist site)

I havn't tested or looked through it yet.

Here is the quote from his post

Quote

Protect your VB apps against..

'- "SoftICE"
'- "Win32Dasm"
'- "Debuggy By Vanja Fuckar"
'- "OllyDBG"
'- "ProcDump by G-Rom, Lorian & Stone"
'- "SoftSnoop by Yoda/f2f"
'- "TimeFix by GodsJiva"
'- "TMR Ripper Studio"

Also has step-debug detection too so it can find other debugger apps that are stepping through the code

C'ya!!

Attached File(s)

•  checkforcrackers.zip (7.36K)
  Number of downloads: 488

[setthesun]

Thank you for this, For example all of yahoo games are using protection. Also it includes filemon, regmon (sysinternal tools)

[passi]

Hey many thanks for this!

This is really good :)

[Kynroxes]

yeah really good, and tks for the source :)

[Logan]

detect step through eh? don't believe that at all...

did anyone actually try this and then try to crack their own program?.. i would if i had a vb compiler :(

[MaNiAx]

wow really cool stuff, thanks for this .

[gman24]

" detect step through eh?"

The way that step through seems to work is like this

   'Check for Step Debugger
    Timer_start = Timer
    For s = 1 To 25
    PSub 'Pointless Sub
    PFunction (s + Int(Rnd * 20)) 'Pointless Function
    Next s
    Timer_time = Timer - Timer_start

    'Step-debugging Detected...
    If Timer_time > 1 Then
    End
    End If

Sees if it takes more time than it should to complete those commands (25 sub and function calls). If so it closes the program. Not the most complex method.

You need to compile to pcode for it to work it seems (says to in the code at least)

I havn't compiled it yet, I havn't booted into windows to try it out yet. (I will try it next time I boot into windows)

[Logan]

not sure how it would turn up in ASM, but if it's something like this....

CMP [time] 1
jge [address]

[address]
call [end call]

but there's probably a resource call to a timer and end there.. setting ollydbg to break at the call to end should work fine. (then change the jump if greater to null)

not giving a tut on how to break it.. (that was a guess of around how to do it).. but i'm just trying to point out that it's impossible to have safe code.... i mean, seriously, give a geek some caffine, a PC, and a fair amount of time, anything's possible! :)

edit- this was for VB programs right? why not just use a decompiler? <_<

[gman24]

I thought of the same thing, makes it harder to crack not crackproof. Ya your right on that could be one way to bypass the stepthrough protection. It uses other methods as well, all bypassable if you look into it.

VB6 decompilers are limited. You usually use them in conjunction with a dissasembler.

I can write tuts on how to bypass all the methods, but it is a better than nothing.

Quote

give a geek some caffine, a PC, and a fair amount of time, anything's possible!

lol, that's going to be my new motto.

[gman24]

Here is the compiled prog for people who just want to test it.

I tried active debugging with w32dsm and it worked.

There are a couple of ways to get aroud everything.

Attached File(s)

•  testapp.zip (6.89K)
  Number of downloads: 147

[Logan]

whoa, is that code encrypted? my dissassembler's first pass came up bad.. or is that another feature they put in? :huh:
(btw- it's like everyother line is ADD!)

[gman24]

Encryption is one of the methods it uses yes. You can use thier function to encrypt strings you want to encrypt.

They also use useless conditional branches, junk code, and some other stuff.

[jetprice]

What in the name of Zeuses buthole has this to do with security ?!?

There is ALWAYS a solution to disable/bypass/... such protections, stop making them .. they are useless, broken in a day.

[JDog45]

jetprice, on Jul 23 2004, 02:56 AM, said:

What in the name of Zeuses buthole has this to do with security ?!?

There is ALWAYS a solution to disable/bypass/... such protections, stop making them .. they are useless, broken in a day.

Maybe in the wrong topic, but it does have to do with security...software security.