Recent

Author Topic: Securing a string against decompilation?  (Read 4441 times)

TheLastCayen

  • Jr. Member
  • **
  • Posts: 81
Re: Securing a string against decompilation?
« Reply #30 on: February 24, 2020, 12:07:10 am »
Like mentioned before, I can be wrong so no offense ;) I just tough that was a fun way of doing it;)

440bx

  • Hero Member
  • *****
  • Posts: 3946
Re: Securing a string against decompilation?
« Reply #31 on: February 24, 2020, 12:26:16 am »
I can be wrong so no offense
None taken.

;) I just tough that was a fun way of doing it;)
For fun... go for it!
(FPC v3.0.4 and Lazarus 1.8.2) or (FPC v3.2.2 and Lazarus v3.2) on Windows 7 SP1 64bit.

RAW

  • Hero Member
  • *****
  • Posts: 868
Re: Securing a string against decompilation?
« Reply #32 on: February 24, 2020, 03:45:17 am »
Of course there is a 100% way to protect your software! Every beginner can handle this ...

WRITE BAD SOFTWARE !!! EDIT:  :D
« Last Edit: March 07, 2020, 02:48:22 am by RAW »
Windows 7 Pro (x64 Sp1) & Windows XP Pro (x86 Sp3).

krexon

  • Jr. Member
  • **
  • Posts: 80
Re: Securing a string against decompilation?
« Reply #33 on: February 24, 2020, 09:57:24 pm »
You can split password characters into multiple variables

winni

  • Hero Member
  • *****
  • Posts: 3197
Re: Securing a string against decompilation?
« Reply #34 on: February 24, 2020, 10:45:10 pm »
Hi!

There are a lot of properties which are stored as ASCII in your binary.

Use a hex editor to have a look at them.

With Linux you just use: strings MyBinary

A list with things like this appear:

Code: Text  [Select][+][-]
  1. TImage
  2. Image1
  3. OnMouseDown
  4. Image1MouseDown
  5. OnMouseMove
  6. Image1MouseMove OnMouseUp
  7. Image1MouseUp
  8. TBitBtn
  9. BitBtn1
  10. Left
  11. Height
  12. Width
  13. Caption
  14. Color
  15. BitBtn1Click
  16. TabOrder
  17. TBGRASpriteAnimation
  18.  

Chose one of them as password. Fetch the offset byte count.
Then you can look at this byte if the password matches.

Problem 1: If you add code to your app the offset byte changes

Problem 2: Everyone who knows how to work with a depiler will recognize this. Perhaps a little bit later than other solutions.


Winni

ASBzone

  • Hero Member
  • *****
  • Posts: 678
  • Automation leads to relaxation...
    • Free Console Utilities for Windows (and a few for Linux) from BrainWaveCC
Re: Securing a string against decompilation?
« Reply #35 on: February 25, 2020, 05:02:40 am »
You can split password characters into multiple variables

Take some time to look at the reverse engineering of malware which uses advanced obfuscation techniques, to get a sense of the many ways in which critical code or content can be obfuscated, and yet how well these tactics can be uncovered.

https://sensorstechforum.com/advanced-obfuscation-techniques-malware/

https://www.vadesecure.com/en/malware-analysis-understanding-code-obfuscation-techniques/

-ASB: https://www.BrainWaveCC.com/

Lazarus v2.2.7-ada7a90186 / FPC v3.2.3-706-gaadb53e72c
(Windows 64-bit install w/Win32 and Linux/Arm cross-compiles via FpcUpDeluxe on both instances)

My Systems: Windows 10/11 Pro x64 (Current)

Mr.Madguy

  • Hero Member
  • *****
  • Posts: 844
Re: Securing a string against decompilation?
« Reply #36 on: February 25, 2020, 10:41:56 am »
It's standard situation. There is no ideal lock. Every lock can be opened. Better lock just takes more time, more experience and better instruments to open it. So it's always about one question. Is it worth hacker's time and effort? Just use some sort of cipher. It will protect your password from naive hacking, i.e. will require decompilation and/or debugging. This will take away 90% of possible hackers. There are tools to make decompilation and debugging much harder. Such tools usually add extra code to make code logic understanding much harder. May be also some anti-debugging measures. Funny thing, but even simple custom anti-decompilation/debugging measures can be more effective, than standard ones, cuz standard ones can already be cracked and your custom tools will require some time to research. In this case it would take too much effort for hacker to crack your password, so he'll most likely give up.
« Last Edit: February 25, 2020, 11:12:20 am by Mr.Madguy »
Is it healthy for project not to have regular stable releases?
Just for fun: Code::Blocks, GCC 13 and DOS - is it possible?

Thaddy

  • Hero Member
  • *****
  • Posts: 14205
  • Probably until I exterminate Putin.
Re: Securing a string against decompilation?
« Reply #37 on: February 25, 2020, 01:23:43 pm »
Stick to https://forum.lazarus.freepascal.org/index.php/topic,48627.msg350317.html#msg350317 if you are a beginner, it is good enough.
Learn to NEVER EVER do that professionally, you will look silly.

Hackers do not know a magic want, they know mathematics.
« Last Edit: February 25, 2020, 01:26:16 pm by Thaddy »
Specialize a type, not a var.

 

TinyPortal © 2005-2018