6 replies to this topic

[plypencil]

I would like someone to attempt to crack the defenses I have put in place on a program. I would like data.csi (File in the root directory) to be modified and the program to still validate successfully when it runs.

This is a test for some of my defenses im incorperating into my game to prevent modifications.

If you do crack the program please send me a copy and a breif description on how you managed to bypass the security.

Thanks to anyone who helps he test the integrity of this. And I would appreciate any ideas on how to improve the security (If people manage to break through)
Ply.

Heres the link: ACS.zip

[Alexander]

The zip seems to be broken (atleast with my setup, I'll look at it on an other computer later). I see the .csi files are PNG images though, I wonder where you're going with that, but I think I have an idea..

EDIT: There are roughly eleven ways I can think of to bypass, including an EAX RM on fa::3e12f0 and 20 segments further.

Edited by Alexander, 25 June 2010 - 12:52 AM.

[Surpintine]

7z worked to unzip it.

It seems as though the cryptographic algorithm is not supported on my system (win xp)?

Quote

************** Exception Text **************
System.PlatformNotSupportedException: The specified cryptographic algorithm is not supported on this platform.
at System.Security.Cryptography.CapiNative.AcquireCsp(String keyContainer, String providerName, ProviderType providerType, CryptAcquireContextFlags flags, Boolean throwPlatformException)
at System.Security.Cryptography.SHA512CryptoServiceProvider..ctor()
at CSACS_1_1.main.d3c8(String f9ce)
at CSACS_1_1.main.c4e1()
at CSACS_1_1.main.b0a2()
at CSACS_1_1.main._Lambda$__1(Object a0, EventArgs a1)
at System.Windows.Forms.Form.OnShown(EventArgs e)
at System.Windows.Forms.Form.CallShownEvent()
at System.Windows.Forms.Control.InvokeMarshaledCallbackDo(ThreadMethodEntry tme)
at System.Windows.Forms.Control.InvokeMarshaledCallbackHelper(Object obj)
at System.Threading.ExecutionContext.runTryCode(Object userData)
at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean ignoreSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Windows.Forms.Control.InvokeMarshaledCallback(ThreadMethodEntry tme)
at System.Windows.Forms.Control.InvokeMarshaledCallbacks()

Update: Ok, do not use .NET to build anti-cracking systems as .NET can be reflected and the (almost) complete source code recovered. I am viewing your methods of encryption and your general anti-crack design as we speak.

Update: Why do you save the PNG images as CSI files? Just trying to throw us off?
Update: Oh CSI are the initials of your company **** Systems Inc ^^

Public Sub c4e1()

    Dim path As String = "./data.csi"

    Dim str3 As String = Me.d3c8(File.ReadAllText(path))

    Dim str2 As String = Me.d628(File.ReadAllText(path))

    If ((str3 = Me.a3a9) AndAlso (str2 = Me.cf45)) Then

        Thread.Sleep(&H3E8)

        Me.ee70.Image = Image.FromFile(path)

        Me.BackColor = Color.Green

        Interaction.MsgBox("Program validated successfully", MsgBoxStyle.OkOnly, Nothing)

    Else

        Me.BackColor = Color.Red

        Interaction.MsgBox("YOU FAILED!", MsgBoxStyle.OkOnly, Nothing)

    End If

End Sub

So there's your main "anti-cracking" function. What's to stop me from patching your If statement to always jump (JMP)?

Update: The hashes you compare the files to I believe?

• cf45 : LaqdOjD0wYHzhLMzutA3DQ==
  
• a215: pvcuixMX/2umaj2XgZyOR50Bdv67BQMUQ7a8C0M1XAYbu8PZjZefPbMU8SDyXPVg==q6gK5FN9fjV2G+CHVf2NPM
  
• a3a9: pvcuixMX/2ZZjZefPq6gK5FN9fjV2G+CHVfyOuR50Bdv67BQMUQ7a8C0M1XAYbu8P2NPmaj2XgMbMU8SDyXPVg==
  
• a34f: ZefPq6gK5FuR50Bdv67BpvcuixM7a8C0X/2ZZjQMUQM1XAYbu8P2NPmaj2XgMbMU8SDyXPVg==N9fjV2G+CHVfyO
  
• a44a: maj2XgMbMU8SDyXPVg==pvcuixMX/2ZZjZefPq6gK5FN9fjV2G+CHVfyOuR50Bdv67BQMUQ7a8C0M1XAYbu8P2NP
  
• a3b9: p8C0M1jZefPq6gK5FN9fjV2G+CHVfyOuR50Bdv67BQMXAYbu8PvcuixMX/2ZZUQ7a2NPmaj2XgMbMU8SDyXPVg==

So, there are a few different ways to bypass your security. Patch the If statement, alter the hash's in the .text segment, set the return values of the StringCompare function to be the hash values.

My verdict is that using .NET for an anti-crack is a joke. If you do have to use it, obfuscate your data better and your program flow, and encrypt your program.

Edited by Surpintine, 24 June 2010 - 11:32 PM.

[plypencil]

Wow, I see that was torn apart pretty easily. By the way only two of those hashes are used. And what two different algorhythms. I will work on another one which inclcudes different methods, however I cannot move away from .net programming as my skills are only tiny in native c :(.

Also I dont believe it is possible to encrypt the program and still allow it to run? If you have any links which demonstrate how it is done please share with me :)

.Net Framework 4.0 is required, that might be why you cannot run it Nullw0rm.

Edited by plypencil, 25 June 2010 - 05:54 AM.
Addition

[Surpintine]

The program would have to decrypt on execution which is no easy task. I don't really know if you can even do it in 100% .NET as .NET was not built to be able to work with (read/write) memory. I wouldn't worry about encryption actually.

You could look at the Strong Name technology; but that can also be fairly easily bypassed. .NET is just not a good framework for an anti-cracking system!

You also should implement some simple (meaning easily bypassable) anti-debugging. You could use the IsDebugger API. Read about it here.

Google Smart Assembly and look at some of the features to get an idea of what you need to implement. Then google those features and see how there is almost no support on programming those features.

If you are serious about a .NET anti-crack system, you need to learn everything there is to know about the PE header, the .NET framework, MSIL, and learn how hackers reverse engineer .NET. You need to work from the inside out, and realize that people can't help you with this, you need to learn it by yourself.

[d0s]

The best anti-crack method of all is simply to make a solid well-documented, fairly easy-to-use program people want to pay money for and a very fast way to access/activate it. If someone, somewhere wants to crack your program.. they will. If someone, somewhere wants to use your program illicitly, they will. Make the system as simple as possible and then get it in their hands and out of their way. The less they have to deal directly with you and your company beyond the general charge/activate, the better, and the less the likelihood that they'll feel your program is worth going to the trouble to break/obtain illicitly.

[Red_Shadow]

ITT: What happens when newcommers to programming build "unbreakable security systems".