March 7, 2021
Hot Topics:

IIS Increased Integrated Security

  • By Dax Pandhi
  • Send Email »
  • More Articles »

Y'know, today's crackers tend to find our 'security file' no matter what we name it and where we place it. So I did a little digging myself and found some 'tips' to give us a slightly better chance at it...

Question: How do they find the file, no matter where we keep it, and whatever we name it?

Answer: Simple. They use a file monitoring / registry monitoring utility such as RegMon or FileMon, which use APIs to see which file is being written or read from. The same for registry entries.

Blow Up!

Question: How come they cracked my EXE even if it was made using a 'packer'?

Answer: Okay, now get one thing straight, for every good guy there is a bad guy, for every Karl Moore there is a Dax Pandhi, and for every packer is an unpacker!! The same is for security software, even the famous ActiveLock OCX can be (and has been) cracked.

Note: For those who don't know, a Packer is a software that can encode and put your EXE/DLL into a 'protective box', or in other words, it gives your software super encrypted protection. An Unpacker can undo what the packer does. For each packer there is a different unpacker and all rely on different methods.

Question: Does this mean that we lost the war?

Answer: No! Of course not, you still have your secret weapon me!! (Okay stop laughing!)

Seriously, you need just three things to go against piracy better than the rest: Visual Basic 6, this article and just a wee bit of imagination (yes, that thing with which you could picture me as a dude with a 3ft. beard and a pair of rose-colored glasses).

Here's a small overview of how the cracker tracks your information reading and writing.

Top Tip: Yet again, crackers might be reading this very article, so use your imagination and twist the code all round and round. If you don't know how, just grab a pack o' good ol' imagination.

Blow Up!

Encoding is not enough, so let's look at what we could do to combat the problem:

  1. Create an ActiveX DLL Project.
  2. In Class1 (by default) there is nothing, so code the following in it:
Option ExplicitPublic Declare Function GetWindowsDirectory& Lib _"kernel32" Alias "GetWindowsDirectoryA" (ByVal lpBuffer _As String, ByVal nSize As Long)Private Declare Function WritePrivateProfileString& _Lib "kernel32" Alias "WritePrivateProfileStringA" (ByVal _lpApplicationName As String, ByVal lpKeyName As Any, ByVal _lpString As Any, ByVal lpFileName As String)Public Function WindowsDir()  Dim strBuffer As String * 260  Dim intX As Integer    GetWindowsDirectory strBuffer, 260    WindowsDir = Left(strBuffer, InStr(strBuffer, Chr(0)) - 1)  If Right$(WindowsDir,1) <> "\" Then _  WindowsDir = WindowsDir & "\"End FunctionPublic Sub SetKeyString(strFile As String, strSection _    As String, strKey As String, strData As String)    WritePrivateProfileString strSection, strKey, strData, strFileEnd SubPublic Function XOREncode(strKey As String, strInPath _As String) As String  Dim strInput As String  Dim strOutput As String  Dim dblX As Double    Open strInPath For Binary As #1    strInput = Input(LOF(1), 1)  Close #1    For dblX = 1 To Len(strInput)    strKey = strKey & strKey    If Len(strKey) >= Len(strInput) Then      dblX = Len(strInput)    End If  Next dblX    For dblX = 1 To Len(strInput)    strOutput = strOutput & Chr(Asc(Mid(strInput, dblX, 1)) _Xor Asc(Mid(strKey, dblX, 1)))  Next dblXXOREncode = strOutputEnd FunctionPublic Function SecureData(strData As String)Dim sWD0 As String' Dummy Store FileDim sWD1 As String' Dummy Store FileDim sWD2 As String' Dummy Store FileDim sWD3 As String' Dummy Store FileDim sReal As String' Real Store FileDim sTemp As String   SWD0 = WindowsDir & "data1.dat"SWD1 = WindowsDir & "data2.dat"SWD2 = WindowsDir & "data3.dat"SWD3 = WindowsDir & "data4.dat"SReal = WindowsDir & "gr386.vxd"	' gr386.vxd looks like a system file, so it MAY	' Throw our tracker off course a bitSTemp = XOREncode "MyKey12345", strDataSetKeyString SWD0, "Security", "Code", STempSTemp = XOREncode "MyKey67890", strDataSetKeyString SWD1, "Security", "Code", STemp' Write the real data in between the dummies to confuse the trackerSTemp = XOREncode "MyKey12345", strDataSetKeyString SReal, "Security", "Code", STempSTemp = XOREncode "MyKeyABCDE", strDataSetKeyString SWD2, "Security", "Code", STempSTemp = XOREncode "MyKeyFGHIJ", strDataSetKeyString SWD3, "Security", "Code", STemp' Now let's throw our tracker off-course!! ;>MoveFile swd1, swd2MoveFile SWD3, SWD4 ' By Now his screen must be filled with 2000 tracks' Use other encoding functions you may have here to encode SRealEnd Function
  1. Compile the DLL (compile to P-Code for best result) and bootstrap it (see parts 2 & 3)
  2. In setup1.vbp, open Project | References
  3. In the dialog that opens up, click browse and open the new DLL.
  4. Now, click OK and it is registered AND referenced into your project.
  5. Now, wherever you want to write the data out, use the SecureData function

Now, in your app (not setup1.vbp but the app you're using setup1.vbp for) use the XOREncode function in conjunction with the INI Class (look around VB-World.net for that one ;).

As the INI Class reads the data within gr386.vxd, XOREncode it and voila you have your lil' serial number!!

This way, you can create a cool 2-way security store that can be accessed and modified by both the setup application and your software.

Top Tip: For showing the registration info in the about box, extract the info from the store and save it temporarily in a registry key. Don't delete the registry key, just keep it it will be another breadcrumb in the wrong direction to throw the hackers off trail (If you don't follow me, read Hansel & Gretel)

Page 2 of 7

This article was originally published on November 20, 2002

Enterprise Development Update

Don't miss an article. Subscribe to our newsletter below.

Thanks for your registration, follow us on our social networks to keep up-to-date