|

Computer Security

»

Secure Programming

Dll Security

View: New views

7 Messages — Rating Filter: Alert me

	Dll Security by VP-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi, i have a dll and i want to encrypt it to hide (obfuscate ??) an important algorithm used here. Well today i'm using a following approach: I'm encrypting the dll with a program, then when i want to loadlibrary() it, i decrypt it to a plain-text file, then i loadlibrary the plain-text file. So i have my encrypted dll and i have a plain-text version either. To mitigate this vulnerability, i'm using EFS to protect my plain-text dll. I'm wondering if using the PE format i can do some kind of "on-the-fly encrypt and decrypt". Is it possible ? There is any example ? Is it a good solution ? Thanks in advance, Victor
	Re: Dll Security by Keith Oxenrider :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message The real question you should be asking is 'what is the point?' Any decent cracker will be able to look at your decrypted binary in RAM, even make a copy of it for later use. The very best you can do is raise the bar, but to have any real chance of making a difference you need to make your program detect that it is being run in a debugger (not a trivial task and probably one that is fundamentally impossible, as the hardware itself can be emulated) and continue to run, but with some subtle differences that make it unusable (if it just crashes, it tells the cracker just what she needs to know to bypass the check). Obscuring the code generally makes maintenance costs skyrocket; you should do an economic analysis to prove that the extra effort will be repaid. Keep in mind that legitimate users often need to run their code in debuggers as well, so be sure to factor in the ill will created when their attempts to debug their code that uses your DLL cause all sorts of nasty problems for them (not to mention the support calls!). Keith Oxenrider CISSP At 04:17 PM 5/6/2005 -0300, VP wrote: >Hi, i have a dll and i want to encrypt it to hide (obfuscate ??) an >important algorithm used here. > >Well today i'm using a following approach: > >I'm encrypting the dll with a program, then when i want to loadlibrary() it, >i decrypt it to a plain-text file, then i loadlibrary the plain-text file. >So i have my encrypted dll and i have a plain-text version either. To >mitigate this vulnerability, i'm using EFS to protect my plain-text dll. > >I'm wondering if using the PE format i can do some kind of "on-the-fly >encrypt and decrypt". Is it possible ? There is any example ? Is it a good >solution ? > >Thanks in advance, > >Victor
	Re: Dll Security by Valdis.Kletnieks :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Fri, 06 May 2005 16:17:30 -0300, VP said: > Hi, i have a dll and i want to encrypt it to hide (obfuscate ??) an > important algorithm used here. Good luck. You're probably better off making the customer sign an NDA or other document that has some teeth in it, so that you can sue them if they rip your code off. I have more faith in a good lawyer being able to bulletproof the problem than a good programmer... > I'm encrypting the dll with a program, then when i want to loadlibrary() it, > i decrypt it to a plain-text file, then i loadlibrary the plain-text file. > So i have my encrypted dll and i have a plain-text version either. To > mitigate this vulnerability, i'm using EFS to protect my plain-text dll. So far so good, except.... > I'm wondering if using the PE format i can do some kind of "on-the-fly > encrypt and decrypt". Is it possible ? There is any example ? Is it a good > solution ? The first guy who comes along with a debugger will have little to no problem getting your code extracted. Note that even loading the encrypted form, then checking if you're being debugged, then decrypting and calling the code won't work, because there's a race condition - they can attach the debugger after your test. And they can make the timing hole arbitrarily large - a bunch of 'for(;;)' loops will slow things down. You can't even raise your priority by a notch, as the attacker can raise the priority of their cycle-suckers by 2 notches and the debugger by 3. This is really a "You can't win this one" game. You might be able to if there's proper hardware support - but note that even the now-emerging "trusted computing" chipsets probably can be subverted.... attachment0 (234 bytes) Download Attachment
	RE: Dll Security by Slavisa Dojcinovic :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Try UPX or ASPack. www.aspack.com http://upx.sourceforge.net/ -----Original Message----- From: VP [mailto:pelasaco@...] Sent: Friday, May 06, 2005 9:18 PM To: secprog@... Subject: Dll Security Hi, i have a dll and i want to encrypt it to hide (obfuscate ??) an important algorithm used here. Well today i'm using a following approach: I'm encrypting the dll with a program, then when i want to loadlibrary() it, i decrypt it to a plain-text file, then i loadlibrary the plain-text file. So i have my encrypted dll and i have a plain-text version either. To mitigate this vulnerability, i'm using EFS to protect my plain-text dll. I'm wondering if using the PE format i can do some kind of "on-the-fly encrypt and decrypt". Is it possible ? There is any example ? Is it a good solution ? Thanks in advance, Victor
	Re: Dll Security by VP-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Thanks for all replies. i'm gonna take a look in upx, i must fix this solution even if i just raise the bar. Best Reguards, VP >On 5/7/05, Keith Oxenrider <koxenrider@...> wrote: > The real question you should be asking is 'what is the point?' Any decent > cracker will be able to look at your decrypted binary in RAM, even make a > copy of it for later use. The very best you can do is raise the bar, but > to have any real chance of making a difference you need to make your > program detect that it is being run in a debugger (not a trivial task and > probably one that is fundamentally impossible, as the hardware itself can > be emulated) and continue to run, but with some subtle differences that > make it unusable (if it just crashes, it tells the cracker just what she > needs to know to bypass the check). Obscuring the code generally makes > maintenance costs skyrocket; you should do an economic analysis to prove > that the extra effort will be repaid. Keep in mind that legitimate users > often need to run their code in debuggers as well, so be sure to factor in > the ill will created when their attempts to debug their code that uses your > DLL cause all sorts of nasty problems for them (not to mention the support > calls!). > > > Keith Oxenrider > CISSP > > At 04:17 PM 5/6/2005 -0300, VP wrote: > >Hi, i have a dll and i want to encrypt it to hide (obfuscate ??) an > >important algorithm used here. > > > >Well today i'm using a following approach: > > > >I'm encrypting the dll with a program, then when i want to loadlibrary() it, > >i decrypt it to a plain-text file, then i loadlibrary the plain-text file. > >So i have my encrypted dll and i have a plain-text version either. To > >mitigate this vulnerability, i'm using EFS to protect my plain-text dll. > > > >I'm wondering if using the PE format i can do some kind of "on-the-fly > >encrypt and decrypt". Is it possible ? There is any example ? Is it a good > >solution ? > > > >Thanks in advance, > > > >Victor > >
	RE: Dll Security by Chris Matthews-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Might I also suggest looking at why you are trying to "hide" the algorithm? Perhaps attacking the problem from another angle might help. For example, if your algorithm is indeed the "secret", you could relocate that part on a remote server that you control. Changing the problem may provide a better way of achieving what you want. Not that this would work, but the idea is the important thing. Not ever problem needs to be solved with complex math ;) Cheers, and good luck! Chris -----Original Message----- From: VP [mailto:pelasaco@...] Sent: May 10, 2005 9:54 AM To: secprog@... Subject: Re: Dll Security Thanks for all replies. i'm gonna take a look in upx, i must fix this solution even if i just raise the bar. Best Reguards, VP
	Re: Dll Security by Slashroot :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi, Slavisa Dojcinovic wrote: > Try UPX or ASPack. > www.aspack.com > http://upx.sourceforge.net/ There are a lot of UPX/AsPack decrypters around (http://protools.reverse-engineering.net/unpackers.htm). Hiding code is a very difficult task. You better run your sensible algorithm on a remote server. -- /root

LightInTheBox - Buy quality products at wholesale price