Jump to content

EXECryptor software protection

Jean5
 Share

Recommended Posts

RogueSpear

RogueSpear

Posted
Posted

You obviously speak as someone with an agenda and your claim that there is even such a thing as "effective" copy protection clearly illustrates your own ignorance. So what is your hidden agenda? A little bit of disclosure would be helpful.


#rootworm

#rootworm

Posted
Posted

i think sir, you confuse "invulnerable" with "effective".

i would never dream that any effective method is unbreakable. what i myself would call effective is making the cracker's job exceedingly difficult. that is after all about the best one can aim for.

my only agenda is to expose trolls who spout ignorant opinion portrayed as fact.

LLXX

LLXX

Posted
Posted
doubled the size of my code? what an ignorant thing to say. you clearly have no experience in software protections. they are neither large, slow, nor buggy.

with -extensive- protection i would expect my compiled exe to grow by no more than 1% for a standard utility. for a sizable application, the size difference would be inconsequential....we're talking 20-25k max, and that's a lot of code.

For example take Armadillo which is very popular and supposedly "excellent" protection:

1. size

Armadillo 3.70a packed calc.exe with all options enabled (extensive enough?)

Original size 92Kb

"Packed" size: 'dillo stub 393Kb + packed data 64Kb = 457Kb

2. speed

DebugBlocker/CopyMemII + Nanomites + Code Splicing

DebugBlocker adds extra process

CopyMemII utilises pagefaults (incremental unpacking concept)

Nanomites utilises interrupts

Code Splicing = extra jumps = increased execution time

Someone should pack Prime95 with 'dillo maximum protection and compare results with unpacked :lol:

3. buggy?

Some programs will not work correctly after being packed.

Armadillo is usually reliable though.

Some packers are worse, those using ring-0 drivers are the most intrusive.

Can be unpacked in 5 minutes.

Effort spent trying to "protect" software can be better spent making the software itself better. Trying to make it "exceedingly difficult" for the cracker is also going to make it "exceedingly difficult" for the programmer, even more so.

it's very easy to have effective software protection that has ZERO impact on usability or performance
It's very easy, just "protect" a 0-byte file. No impact on usability or performance, because there was none to begin with :o
RogueSpear

RogueSpear

Posted
Posted
i think sir, you confuse "invulnerable" with "effective".

i would never dream that any effective method is unbreakable. what i myself would call effective is making the cracker's job exceedingly difficult. that is after all about the best one can aim for.

my only agenda is to expose trolls who spout ignorant opinion portrayed as fact.

Well aren't we lucky to a have such a philanthropic soul such as yourself :puke: If you want to sell your ignorant opinions and propaganda, I doubt you'll find many buyers around here. The only reason someone would gush with half truths and lies regarding the merits of copy protection is because they profit from it.

Your argument sounds just about as genuine to me as the one Microsoft tries to make for it's "Benefits of being genuine".

ripdajacker

ripdajacker

Posted
Posted

A really effective protection is to implement it in the functionality.

I saw that Godfather the game had some issues when it was cracked. You were unable to get out of a car and so on, but it's only a matter of time before someone breaks the protection, if the software is of good quality, you will sell it without a doubt.

RogueSpear

RogueSpear

Posted
Posted

Well it seems that rootworm would rather send me insulting PMs rather than make a public post. I just love that type. Defending the indefensible, then hiding in the shadows. He would have done quite well in 1940's Germany.

fly

fly

Posted
Posted
Well it seems that rootworm would rather send me insulting PMs rather than make a public post. I just love that type. Defending the indefensible, then hiding in the shadows. He would have done quite well in 1940's Germany.

pwnage is best served warm, cold, or nazi-style.

  • 2 weeks later...
BillyColl

BillyColl

Posted
Posted
Can someone explain to me what this software does and what it protects exactly?

EXECryptor is a software tool that provide developers with software protection from reverse engineering, analysis and modifications. Its main difference from other protection tools is its code transformation called "Code Morphing". This technology protects the code on the CPU-command level. It is known the x86 processors command system is redundant and allows the execution of the same ‘code’ using various different system commands. It breaks up the protected code into several processor commands or small command snippets and replace them by others, while maintaining the same end result. Thus the protector obfuscates the code not on the source level but on the level of the CPU commands.

The Code Morphing is multilevel technology containing hundreds of unique code transformation patterns. In addition this technology includes the special layer that transforms some commands into Virtual Machine commands (like P-Code). Code Morphing turns binary code into an undecipherable mess that is not similar to normal compiled code, and completely hides execution logic of the protected code.

There is no concept of code decryption with this system Protected code blocks are always in the executable state, and they are executed as a transformed code. The original code is completely lost and code restoration is an NP-hard problem.

The weak point of such scheme is that it significantly increases the size and affects the speed of a program. But protecting an application author usually doesn't need to transform its entire code. It is enough to protect only critical parts of your code, responsible for serial number verification, trial expiration date, and other evaluation restrictions. The rest of application code remains intact and software execution speed remains the same.

Below is a code sample generated by Delphi and a partial (the full listing contains over 500 instructions) listing of the transformed code.

Source code :

writeln('Test OK');

After compilation

mov eax, [$ 004092ec]

mov edx, $00408db4

call @WriteOLString

call @WriteLn

call @_IOTest

After the code transformation (partial):

db 3

add al, $30

xlat

call +$000025b2

jmp +$00000eec

call +$00000941

or al, $4a

scasd

call -$304ffbe9

rol eax, $14

mov edi, [ebx]

jmp +$00001738

mov ebx, eax

shr ebx, $03

push ebx

jmp +$0001b5e

call -$000001eb

jmp +$00003203

jmp +$00005df8

call +$00000910

adc dh, ah

fmul st(7)

adc [eax], al

les eax, [ecx+$0118bfc0]

stosb

http://www.strongbit.com

DRauch

DRauch

Posted
Posted

Yoda's Crypter 1.3.

I love it. Used it for 3 years now. It's not uncrackable but has to be manually unpacked and is long and very difficult.

LLXX

LLXX

Posted
Posted (edited)
Yoda's Crypter 1.3.

I love it. Used it for 3 years now. It's not uncrackable but has to be manually unpacked and is long and very difficult.

Most of these claims of 'hard to unpack' are coming from those that have never tried... y0da is just a little harder than UPX. Of course it's hard for those that don't know anything about unpacking!

y0da has a resource leak BTW: http://www.wintellect.com/Articles/Yoda.pdf

Edited by LLXX
  • 1 month later...
BillyColl

BillyColl

Posted
Posted
Yoda's Crypter 1.3.

I love it. Used it for 3 years now. It's not uncrackable but has to be manually unpacked and is long and very difficult.

Yoda Protector is built on polymorphic encryption principle. Encryption approach is enough weak, because the encrypted app code becomes decrypted and restored when the program runs.

As for ExeCryptor http://www.strongbit.com it is based on a kind of code obfuscation : Code morphing. It makes to run program in obfuscated state without original code restoration. This way it is much harder for crackers.

LLXX

LLXX

Posted
Posted (edited)

Strange coincidence that this topic got revived... because I just unpacked an EXEcryptor-packed prog not one day ago! :lol:

It's a rather interesting feeling to have read all these claims of 'no concept of code decryption', 'impossible to crack', etc. then actually do it and find out they're really bluffing - it works just like a normal unpack-and-run packer.

...and BTW, even the latest version of PEiD doesn't identify EXEcryptor :}

Edited by LLXX
#rootworm

#rootworm

Posted
Posted

and execryptor still claims it's never been compromised. lol. every version of it has been unpacked. early versions had some blatant weaknesses.

just like to comment about when i was talking about code size before... i wasn't talking about packers, i was talking about protections in your own code.

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...