Recent

Author Topic: Obfuscator for FreePascal / Lazarus  (Read 19647 times)

GPcH

  • Newbie
  • Posts: 5
Obfuscator for FreePascal / Lazarus
« on: May 29, 2017, 02:09:48 pm »
Hello!

I'm from DotFix Software and we are pleased to release obfuscation for FreePascal / Lazarus compiled files. Starting v6.1, our software protection platform DotFix NiceProtect supports obfuscation for applications developed in FreePascal and already 10 years we supports Delphi obfuscation. More information how it works you can read here:
https://www.niceprotect.com/help/obfuscation.htm

Delphi and FPC compilers is very similar, but have too different internals at binary files. It need additional reasearch, development and testing. We have ask only one question: do it needs to the FPC community? If yes, we can make additional tool, just for obfuscation (with selecting form in binary EXE/OCX/DLL file and other features). I'm so sorry, but we can't make it free or for small price, because development needs a lot of time, but FPC community is not so large.

Thanks for any reply!

Ñuño_Martínez

  • Hero Member
  • *****
  • Posts: 1186
    • Burdjia
Re: Obfuscator for FreePascal / Lazarus
« Reply #1 on: May 30, 2017, 09:29:05 am »
I find it useless.  Just compiling with optimizations (-O2 and up) and stripping all debug and profile information, and apply smartlinking, will make it almost un-decompilable.  Not only FPC, but also Delphi.  I remember using Delphi decompilers for Delphi 6 and they were unable to decompile any actual code except resources (and you don't need a decompiler to do that).
« Last Edit: May 30, 2017, 09:31:59 am by Ñuño_Martínez »
Are you interested in game programming? Join the Pascal Game Development community!
Also visit the Game Development Portal

Thaddy

  • Hero Member
  • *****
  • Posts: 14205
  • Probably until I exterminate Putin.
Re: Obfuscator for FreePascal / Lazarus
« Reply #2 on: May 30, 2017, 09:50:41 am »
Obfuscators are indeed completely useless for compiled languages. Only useful for marketing and a false sense of protection.
Furthermore I see some that greatly impact performance.
Although I know of at least one esteemed FPC programmer/guru that sometimes uses it, fully aware of the above.

If you want I can re-publish some code from my old obfuscating experiment times..... (way back machine...)

Obfuscation stems from a thorough misunderstanding of how compiled software works. Or that software can not be debugged in-memory and tailored VM's. At some point obfuscators *must* unhide code and that reveals program flow, otherwise the software won't execute. It keeps the script-kiddies at bay to some extend, but not much else.

I don't see the market and if I need it, I will use my own code. O:-) Which relies on simple encryption and compression rather than anything else, apart from linker sections.
Good enough.
« Last Edit: May 30, 2017, 09:54:53 am by Thaddy »
Specialize a type, not a var.

marcov

  • Administrator
  • Hero Member
  • *
  • Posts: 11383
  • FPC developer.
Re: Obfuscator for FreePascal / Lazarus
« Reply #3 on: May 30, 2017, 11:22:28 am »
If you bothered to click the URL that GPCH posted, you'll see that it obfuscates type names in that reappear in streamed component RTTI, which can be used as starting point in reverse engineering attempts.

But it is indeed a lot less needed than with e.g. bytecode languages. Most users won't either need it, and some others will go to different techniques (like we do with whole EXE encryption + hw dongle)

GPcH

  • Newbie
  • Posts: 5
Re: Obfuscator for FreePascal / Lazarus
« Reply #4 on: May 30, 2017, 12:01:17 pm »
I find it useless.  Just compiling with optimizations (-O2 and up) and stripping all debug and profile information, and apply smartlinking, will make it almost un-decompilable.  Not only FPC, but also Delphi.  I remember using Delphi decompilers for Delphi 6 and they were unable to decompile any actual code except resources (and you don't need a decompiler to do that).

Can you upload any FPC exe file, what use forms, classes and GUI part (not pure API or KOL/MCK) and protected against decompilation using compiler options? I will provide screenshots how it can be decompiled using our DE Decompiler. Also you can see this private video: https://www.youtube.com/watch?v=uWGTKOirvJo&t=204s
This is just our internal tool, not a commercial product and can't be downloaded.

marcov

  • Administrator
  • Hero Member
  • *
  • Posts: 11383
  • FPC developer.
Re: Obfuscator for FreePascal / Lazarus
« Reply #5 on: May 30, 2017, 01:51:33 pm »
IMHO it's a misnomer to call it  a decompiler, not one statement of Pascal is decompiled.

It walks resources, and recreates form declarations from it, finds the location of the related published methods in RTTI, and then disassembles the published methods.


Thaddy

  • Hero Member
  • *****
  • Posts: 14205
  • Probably until I exterminate Putin.
Re: Obfuscator for FreePascal / Lazarus
« Reply #6 on: May 30, 2017, 02:22:08 pm »
And this kind of "decompiler"  (resources decompiled, method headers and class names decompiled and assembler code for e.g. the method bodies and other code) for years, in multiple flavors -including one or two by me - and completely freeware.
It's less than an intermediate programmer task for a programmer  that knows Object Pascal, just a bit of assembler and a bit about how resources are stored. And it it Windows only I presume?

If you are trying to market such a think you would look like an absolute beginner. Even windows OS resources are not prevented from view in any way. There a reason for that.

I shall give some tips to do it properly:
- make sure you know the internals of the linker and not the compiler. That's easier to hide code with, changing/merging and splitting linker sections.
- make sure lots of important code is in the resources, and load these resources on the fly from the executable. (google for dll in a resource, load from memory)
- Oh well, create forms on the fly and in code would also help, as does rewriting the system units.

- And self-modifying code is not supposed to work anymore on a modern OS.

All the basic stuff is still here: http://www.delphibasics.info/

That includes both "how to hide" code basics and "how to reveal" code basics.
« Last Edit: May 30, 2017, 02:50:01 pm by Thaddy »
Specialize a type, not a var.

marcov

  • Administrator
  • Hero Member
  • *
  • Posts: 11383
  • FPC developer.
Re: Obfuscator for FreePascal / Lazarus
« Reply #7 on: May 30, 2017, 02:46:42 pm »
- Oh well, create forms on the fly and in code would also help, as does rewriting the system units.

In the past I've worked with a dummy application that saved the streamed forms to disk. These were then encrypted and added to the main binary. Sometimes a bit finicky, but quite workable. 

In the end we chose encrypting dongle, but the main reason to use an obfuscator is that when a customer gives it to a wannabe hacker, that one immediately gives up (because it is off the beaten path).  Of course it won't stop the real cracks, but there is something to it.
« Last Edit: May 30, 2017, 02:48:46 pm by marcov »

Thaddy

  • Hero Member
  • *****
  • Posts: 14205
  • Probably until I exterminate Putin.
Re: Obfuscator for FreePascal / Lazarus
« Reply #8 on: May 30, 2017, 02:55:24 pm »
@Marco
I already mentioned that, regarding ..... tongue in cheek. Indeed if software is of such high value that it risks being copied (any software is) then feel free to use a professional solution like a dongle. We even contemplated that in my PerfectView days. We chose a document signature solution for our projects since that also can provide legal proof of infringement. (hidden in and over the code, not like a MS or Apple codesigning solution. We hid the serial in essential parts of the code. all 128 bytes of them in a multi GB total product. Hardly findable without the algorithm)

I don't know if we ever used it, but we used something similar made  a collegue before.

Also note I changed my mind about referring to such websites as I link to above. This is actually on-topic: openness is superior in every case.
« Last Edit: May 30, 2017, 03:10:04 pm by Thaddy »
Specialize a type, not a var.

GPcH

  • Newbie
  • Posts: 5
Re: Obfuscator for FreePascal / Lazarus
« Reply #9 on: May 30, 2017, 04:13:36 pm »
And this kind of "decompiler"  (resources decompiled, method headers and class names decompiled and assembler code for e.g. the method bodies and other code) for years, in multiple flavors -including one or two by me - and completely freeware.

We published DE Decompiler at 2007 year and Lite version (without code decompilation) is free. You can download it on some web archives (just google for latest DE Decompiler Lite 2.0). On our video from my previous post I just shown the decompiler for Delphi x64. Do you know any freeware or commercial decompiler with support of Delphi x64 files? I'm about decompiler with solution explorer (to analyze each class, form, uses of each form, methods and events).

Also you're wrong about the resources. We get only dfm content from the resources. All other parts (units, classes, methods, properties, etc) decompiled from internal structures, not from the resources. Decompiler supports "Uses", "Try ... Except" statements, recovery calls of standard functions of VCL (using assembler signatures for each Delphi version), etc.

PS: My post not about decompilation, but about RTTI obfuscation. Our software protection platform also supports code virtualization. Virtualization provided on most software protectors. but obfuscation for FreePascal classes at no one.

Thaddy

  • Hero Member
  • *****
  • Posts: 14205
  • Probably until I exterminate Putin.
Re: Obfuscator for FreePascal / Lazarus
« Reply #10 on: May 30, 2017, 05:34:49 pm »
I still don't see your point. That's a basic dictionary lookup. What's difficult about it? (core algorithm)
The only thing you show is that it is -probably - designed with - some - knowledge of - basic- computer science.
Sorry, but I can't get my grumpy mode even in place....

If you would -could - compare Donald Trump in a competition of and with sheer stupidity, Trump wins. We know that. You come very very close to defeating Trump.. :D ;)

[edit]
I will add that obfuscation is easy... So why bother.... It is about revealing obfuscation and that is even easier with your code examples.... Get the point?
1) nice idea (at first sight)
2) been there (way before 2000)
3) done it
4) useless (proof that it does not hold value)

BTW We also have DeDe which is freeware and still works if you upgrade it yourself.... 8-) 8-) 8-) O:-) >:D but that is not the best of breed, although quite cute.
« Last Edit: May 30, 2017, 05:50:00 pm by Thaddy »
Specialize a type, not a var.

balazsszekely

  • Guest
Re: Obfuscator for FreePascal / Lazarus
« Reply #11 on: May 30, 2017, 07:05:31 pm »
@GPcH
In contrast to others, I think you(your team) did a good job. Nevertheless  @Ñuño_Martínez, @marcov, @Thaddy has a valid point when they say obfuscation is pretty much useless nowadays. Take a look how easy is to read between the lines, if you know where to look(attached image). Left Ollydbg, right a "dummy" pascal code. With programs like CDA(function hooking), you can find in 5 minutes where the exact equivalent of a button click is in asm(OllyDbg), even if the code is obfuscated. The "dummy" code can be easily patched to show valid password even when you enter an invalid one.
« Last Edit: May 30, 2017, 07:07:37 pm by GetMem »

Thaddy

  • Hero Member
  • *****
  • Posts: 14205
  • Probably until I exterminate Putin.
Re: Obfuscator for FreePascal / Lazarus
« Reply #12 on: May 30, 2017, 07:09:30 pm »
@getmem

So that makes two of esteemed FPC programmers   :D

At least I trust you and Marco with your code revealing capabilities... 8-)

You just proved my point, btw.. :-X
Specialize a type, not a var.

molly

  • Hero Member
  • *****
  • Posts: 2330
Re: Obfuscator for FreePascal / Lazarus
« Reply #13 on: May 30, 2017, 07:34:36 pm »
It might be beneficial for TS to have a look at ramblings from people like Fravia.

The tools mentioned so far are just a tip of the ice-berg, there are far better ones. There is also innovation and progress in that field.

As shown by GetMem, using olly is usually enough to get you going.

With regards to dongles, i can only laugh at those. Much annoyance for the user (especially when having multiple software requiring as such) and they don't help a bit. In the end it all boils down to software.

GPcH

  • Newbie
  • Posts: 5
Re: Obfuscator for FreePascal / Lazarus
« Reply #14 on: May 31, 2017, 09:40:26 am »
RTTI obfuscation is just an addition to the code virtualization, morphing, exe packing, resource protecting, etc. It's just additional layer of protection. For example, DotFix Niceprotect supports a lot of virtualization and obfuscation features and RTTI obfuscation is just one of theese.

The reason to create this topic is in asking the question: Do anyone needs RTTI obfuscation as additional tool (include command line) to use it with another protection system (not with our DotFix NiceProtect)? Most people already use another protection, but no one protection supports obfuscation for internals (not code) of FreePascal.

Thank you to all for the replies!

 

TinyPortal © 2005-2018