Author | Message | Time |
---|---|---|
Sevatox | Hrmm this is gonna be hard to explain clearly of what i have in my head so you can understand and possibly help, but here goes. In my loading screen i have multiply tasks and such, what i want to do is add something that checks to see if the .exe has been modified in any way, shape or form. Ex. Checking for program modifications..... [if none] No mods found. [if there is] Modifications found. Shutting down. Basiclly if there are some found the program won't load. Im asking for ways/ideas that this could be done and possibly some steps on how to go about doing it. All comments/suggestions welcome Thanks in Advance. | April 2, 2003, 9:02 AM |
Grok | Convert the project to VB.NET and sign it digitally. Have it check its own signature for authorization to run. | April 2, 2003, 12:26 PM |
Skywing | [quote author=Sevatox link=board=5;threadid=875;start=0#msg6857 date=1049274174] Hrmm this is gonna be hard to explain clearly of what i have in my head so you can understand and possibly help, but here goes. In my loading screen i have multiply tasks and such, what i want to do is add something that checks to see if the .exe has been modified in any way, shape or form. Ex. Checking for program modifications..... [if none] No mods found. [if there is] Modifications found. Shutting down. Basiclly if there are some found the program won't load. Im asking for ways/ideas that this could be done and possibly some steps on how to go about doing it. All comments/suggestions welcome Thanks in Advance. [/quote]By the way, putting up a message when it first detects an unauthorized modification makes it extremely easy to find and disable the protection scheme... | April 2, 2003, 1:39 PM |
iago | [quote author=Skywing link=board=5;threadid=875;start=0#msg6865 date=1049290754] [quote author=Sevatox link=board=5;threadid=875;start=0#msg6857 date=1049274174] Hrmm this is gonna be hard to explain clearly of what i have in my head so you can understand and possibly help, but here goes. In my loading screen i have multiply tasks and such, what i want to do is add something that checks to see if the .exe has been modified in any way, shape or form. Ex. Checking for program modifications..... [if none] No mods found. [if there is] Modifications found. Shutting down. Basiclly if there are some found the program won't load. Im asking for ways/ideas that this could be done and possibly some steps on how to go about doing it. All comments/suggestions welcome Thanks in Advance. [/quote]By the way, putting up a message when it first detects an unauthorized modification makes it extremely easy to find and disable the protection scheme... [/quote] I was going to say that. You should either just die or, even better, make a modification to your own code somewhere else (ie, self re-writing code) that will cause it to crash. Don't forget to take out their system and eat their children, too ;-) | April 2, 2003, 3:51 PM |
Zakath | Or better yet, kill the window but don't terminate the app, and start eating up masses of memory by causing an endless string of memory leaks. | April 2, 2003, 5:36 PM |
Arta | One method, but I have no idea if this is possible in VB: Create a checksum of your file using whatever method you desire, but when calculating the checksum, miss out a portion of the file equivalent to the length of your completed checksum. For example, if you use a 32bit number to store your final checksum, ignore the last 32bits of the file when calculating it. You could ignore any part you wish, i'm just using the last bit as an example. Then, using a hex editor or a specal program you could write, save the checksum value to the portion of the file you skipped when calculating your checksum. When you run, look at the checksum you saved and make sure it's correct. If it's not, quit. You should run this check at several points in your program so that if the first one is found, another will take it's place. You can expand on this and make it do other things if the checksum fails. This is easily accomplished in real programming languages, not sure if it's workable in vb ;) | April 2, 2003, 6:30 PM |
Sevatox | [quote author=Skywing link=board=5;threadid=875;start=0#msg6865 date=1049290754] By the way, putting up a message when it first detects an unauthorized modification makes it extremely easy to find and disable the protection scheme... [/quote] i do realize that it would be easy to disable that portion, but i just wanted to know if its possible. thx grok & arta for actually making REAL comments on how it could be done. | April 2, 2003, 7:14 PM |
St0rm.iD | First, what a bad topic title. Arta's idea is easy to implement and pretty solid. You could also look into encryption and use self-modifying code. | April 2, 2003, 8:28 PM |
iago | [quote author=Sevatox link=board=5;threadid=875;start=0#msg6884 date=1049310852] [quote author=Skywing link=board=5;threadid=875;start=0#msg6865 date=1049290754] By the way, putting up a message when it first detects an unauthorized modification makes it extremely easy to find and disable the protection scheme... [/quote] i do realize that it would be easy to disable that portion, but i just wanted to know if its possible. thx grok & arta for actually making REAL comments on how it could be done. [/quote] Me and skywing's comments were about how to implement it, which is half the battle :P I like Arta's idea, but you have to make sure that the last 4 bytes aren't important for some reason. If they are, it's probably a bad idea to overwrite them. Also, make sure you check this in many parts of your program in different ways to make sure people can't do a find/replace to remove all the references (ie, they don't all call the exact same function in the same way). | April 3, 2003, 12:13 AM |
WolfSage | Or you could have it close the window, run in the background, and fill up their hd ;D | April 3, 2003, 3:22 PM |
Adron | [quote author=iago link=board=5;threadid=875;start=0#msg6899 date=1049328800] Also, make sure you check this in many parts of your program in different ways to make sure people can't do a find/replace to remove all the references (ie, they don't all call the exact same function in the same way). [/quote] Btw, with the solution of writing the checksum to the last 4 bytes, you better make real sure that you don't do if(calculatechecksum() != readlast4bytes()) evil(); because then an attacker will just writelast4bytes(calculatechecksum()); | April 3, 2003, 5:50 PM |
Arta | Indeed, I was going to clarify that: you should store the checksum in several places as well as checking it in several places. This is what led me to believe that it might be hard to implement in VB, because of the lack of inline asm. In Delphi or C++ you could output a checksum into the file wherever you wanted to by doing it within a chunk of assembly. | April 3, 2003, 6:03 PM |
iago | Should calculate it in different ways and store it in different places. | April 3, 2003, 6:49 PM |
St0rm.iD | Or you could port it to Palladium. There is really no way to stop the problem, only make it harder for people to crack. | April 6, 2003, 4:43 AM |