Move Grind Video

Mega Byte · 09/25/2010, 13:09

Wow sounds impressive

You could integrate it to facebook to learn and for the lulz too haha. or not :P

Im interested in securing applications and having a time based system like that. I was thinking of just opening a connection and keeping track of online time. But they could patch that easy with olly. after unpack and all that.

Since its client side it can always get hacked.. So thats the hard part :P making it as hard as you can.

afkguy · 09/25/2010, 23:06

Quote:

Originally Posted by Mega Byte

Wow sounds impressive

You could integrate it to facebook to learn and for the lulz too haha. or not :P

Im interested in securing applications and having a time based system like that. I was thinking of just opening a connection and keeping track of online time. But they could patch that easy with olly. after unpack and all that.

Since its client side it can always get hacked.. So thats the hard part :P making it as hard as you can.

Yea it's not possible to make it impossible... at least not for me. When considering the level of security needed you must consider your targeted audience. In this case my target audience is less likely to have the skills needed to break the security. The ones that do have the skills might be able to do it if they spent a lot of time.

The easiest way to secure something is by encoding it and placing it in the registry. First off, most users cannot navigate the registry, and if they can they won't know where the relative keys are. If they do find the keys they won't know which subkey / value pair does what because they are all encoded. The subkey "install_date" might look something like "u5Vil0z+4esg4" and its value would appear the same. Simply changes a subkeys value will not work, as that value is decoded by the software and if invalid will not run. Altering the system clock will not work if you store the last known difference between install date and now(each time validation is successful) and compare on each run.

As an extra failsafe, if you use text files to store normal data for the software like I do. You can store backups of your registry information there encode the whole thing. This way if someone opens the text file they will see a giant garbled load of trash... finding the parts that relate to validation would be impossible mixed amoung all the rest.

If you want to be super tricky you can have the character string that is used to define your encoding algorithm dynamically created every time a value is changed. You would also have to link each value to its defining character string. This would make each value (even names of values) have a completely different encoding algorithm. Making it impossible to decode even by the author (once the script is running you have no idea what stage of development the algorithm is on). Only the program itself would know how to decode a value, and it will only have the correct decode algorithm at the time of use, after which the algorithm would change. Making it impossible to decode values by having the source.

I love the word "impossible"... if only I could use it more...

afkguy · 09/25/2010, 23:30

Here is an example of how to make a dynamicly generated algorithm.

Ignore the fact that the code isn't actually here. Use your imagination.

So there is a function that uses a string to define it's algorithm. That string might look like.

Character_String = abcdefghijklmnopqrstuvwxyz1234567890/(|)+-_

The function has two parts, encoding and decoding. They are used like this.

in = hello world
encoded := Base64(in)
decoded := InvBase64(coded)

Using the same character string on decoding you will get "hello world". On encoding you get some crazy looking string.

Now if your character string is different like say:

Character_String = 1234567890/(|)+-_abcdefghijklmnopqrstuvwxyz

The algorithm is different. Well technically speaking the algorithm as the method itself is the same, however the way it goes about that method has changed.

Okay so now how to make the character string dynamiclly change? Every value is only encoded after being decoded (obviously), so if the character string changes after encoding, the next decode will use the correct string.

Lets say its the programs first run. It has a default character string that generates all the values. The first time a value is decoded it will use the default character string.

Lets say these are the values we are working with.

Default_String = abcdefghijkl1234567890
decoded_value = hello world
last_encoded_value = b3if5a3lf9ci ; translates to "hello world" using the default string

So the value has been decoded the first time, before encoding it we are going to change the default string. First we will compare last_encoded_value with itself and remove any duplicate instances of a character.

Now last encoded value = b3if5al9c

Now we compare last encoded value with the default string, and remove any characters found in last encoded value from default string.

Now default string = deghk12467890

Now we place last encoded value in front of default string and make that our new character string for recoding this value.

New_String = b3if5al9cdeghk12467890

The new string contains all the characters that the first string did, except their are in a different order which creates a new algorithm so to speak. After the value has been decoding/encoding a few times it would be impossible to know what character string is being used.

Mega Byte · 09/26/2010, 06:08

Yeah im familiar with encryption

But as for tracking things done in registry / file you can use programs like RegMon or FileMon or sandboxie to figure it out. So back to square one again lol.. But yeah as you said your targeted audience wouldn't know how to hack or they would make their own hacks.

You can also lock applications to hardware by unique id's on hardware inside the machine. Or the CMOS serial.

afkguy · 09/26/2010, 22:41

Quote:

Originally Posted by Mega Byte

Yeah im familiar with encryption

But as for tracking things done in registry / file you can use programs like RegMon or FileMon or sandboxie to figure it out. So back to square one again lol.. But yeah as you said your targeted audience wouldn't know how to hack or they would make their own hacks.

You can also lock applications to hardware by unique id's on hardware inside the machine. Or the CMOS serial.

Yea I know you can see whats being written to your registry, but if the key names/values are encrypted then it's not going to be of much use to you. You will just be staring at a bunch of garbled named keys. If you somehow figure out which ones relate to validation you still wouldn't be able to alter the keys with any successful effect unless you knew the decryption method. If the method is dynamically generated every time the value is stored it should be impossible to figure out.

For example if there was a registry entry that represents how much time has passed since your install date, and if the user was to change the value from whatever it was to a number, that number would be decoded by the script and output nonsense, which is invalid. The only possible way to manually edit the registry keys with success is to know the CURRENT method of encryption, and to apply that to your values before inserting. All which is impossible to know even if you where staring at the source (assuming your char string was dynamically created).

I suppose the most secure method would be to have the machines hardware id's stored in an online database. The ID's would be retrieved on the first launch and compared via HTTP POST every launch there after. The amount of time each user has would be stored in the database as well. Adding/subtracting time would be done server side eliminating all possiblity of tampering.

This is probably what I will do with SkyBot eventually. Right now I used the registry to track information, however the serial numbers are stored server side (encrypted) now. SkyBot used to have potential for leaks within the first couple days of download by each user. Now a unique serial number is required.