* * *

Author Topic: Some questions about program protection  (Read 2815 times)

justnewbie

  • Full Member
  • ***
  • Posts: 129
Re: Some questions about program protection
« Reply #15 on: March 23, 2018, 01:28:29 pm »
@Handoko: Tried, works. Thank you for the detailed and helpful answer!

Martin_fr

  • Administrator
  • Hero Member
  • *
  • Posts: 4746
    • wiki
Re: Some questions about program protection
« Reply #16 on: March 23, 2018, 03:34:35 pm »
Make sure you use -Xs

Because the rest only affects files in the project, but not the packages used.
For example you want -O3 for everything, you need to add it to packages too (or use "additions and overrides").

Also test, that strip.exe can not remove further info. It never happened to me, but IIRC some people reported in the past that on some platform -Xs would not do a 100% complete job.

justnewbie

  • Full Member
  • ***
  • Posts: 129
Re: Some questions about program protection
« Reply #17 on: March 23, 2018, 04:34:16 pm »
OK, thank you for the additions.
Just a question about Handoko's answer:
Quote
01. Lazarus main menu > Project Options > Compiler Options > Compilation and Linking
02. Enable "Smaller rather than faster (-Os)"
03. Enable "Smart linkable (-CX)"
04. Enable "Link smart (-XX)"
05. Lazarus main menu > Project Options > Compiler Options > Debugging
06. Disable all items of "Checks and assertion"
07. Disable "Generate debugging info for GDB"
08. Enable "Strip symbols from execuable (-Xs)"
09. Click "Ok" and rebuild the program
Is it the "safest" settings (against any hacking)?

Handoko

  • Hero Member
  • *****
  • Posts: 2456
  • My goal: build my own game engine using Lazarus
Re: Some questions about program protection
« Reply #18 on: March 23, 2018, 05:28:50 pm »
As Martin_fr already said, the most important one is the -Xs (strip symbols). The others - not very sure - but I think are not very important.

Simply configuring the settings 'properly' including striping the symbols are not very useful. Hackers can easily peek into your exe file to find important texts using hex tools, for example you save your password using const:

Code: Pascal  [Select]
  1. const
  2.   MyPassword = 'rainbow';

You should save only encrypted version of the text and decrypt it runtime. For example, you can write a simple function to get the decrypted text by combining 2 strings:

Code: Pascal  [Select]
  1. const
  2.   MyPassword1 = 'ribw';
  3.   MyPassword2 = 'ano';
  4.  
  5. function CombinePass(Input1, Input2: string): string;

I tell you a story. When I was around 16, I got a pirated copy of Lotus 123. Starting the program, I saw the splash screen said "Lotus 123, licensed to [xxxxx]". So I was thinking could I change the name? Using a hex tool, I changed the [xxxxx] to my name, but the program won't start after being modified. Using debug.com (or maybe debug.exe), I managed to trace the program. I found that it used a simple checksum to make sure the licensed info hasn't changed. Yep, as you guess, I managed to make it to show my name on the splash screen.

FYI, Lotus 123 is one of the world class applications in that old era. With some tools and knowledge it was easy to hack. Ssst, don't tell the Lotus company I hacked their software, or I will be trouble. :-X

Even you have encrypted the password string, hackers still can hack it. They don't have to know how to decrypt your password, they just need find the code that handling the login process, and use a jmp command to skip it.

If you want to understand how to 'better' protect your program, I suggest you should learn some assembly language and try to hack some programs. I felt shameful to hack someone's program, so I don't pursue my career as a hacker.
« Last Edit: March 23, 2018, 06:24:51 pm by Handoko »

justnewbie

  • Full Member
  • ***
  • Posts: 129
Re: Some questions about program protection
« Reply #19 on: March 23, 2018, 06:15:40 pm »
Thank you for clarifying!

 

Recent

Get Lazarus at SourceForge.net. Fast, secure and Free Open Source software downloads Open Hub project report for Lazarus