#solved
[C#] Protecting a bot
10/31/2014 15:26
Exo#1
10/31/2014 15:48
tolio#2
first of all, everything is crackable.
in my opinion a custom obfuscator combined with a hwid system provides the best cost-benefit ratio
in my opinion a custom obfuscator combined with a hwid system provides the best cost-benefit ratio
10/31/2014 16:45
Devsome#3
+ check every x minutes if the user have the rights to use this tool or if anythink is wrong then close it.
10/31/2014 17:10
Requi#4
Obfuscating the code, makes the code unreadable for a normal user. You have to deobfuscate it and if it's a custom obfuscator, he has to do it manually.
Then you can use a public packer, to avoid script kids. Mostly they give up after this ;)
Then you can use a public packer, to avoid script kids. Mostly they give up after this ;)
10/31/2014 17:15
tolio#5
and there is nothing you can do about it.Quote:
everything is crackable.
but you can provide a good product and people will pay for it. dont invest to much time in trying to protect your bot, instead work on your bot to improve the product you sell.
and something more about the obfuscator topic, for every commercial one there exists a deobfuscator so get hands on a custom/privat one and you are good to go
10/31/2014 21:00
YatoDev#6
dont check a text file. set up a database with a php script or program a server that accept connections and manage allQuote:
11/02/2014 21:26
3Angle#7
Make a web based account system. And the server only returns to the premium users in the database. For example through the forum system, just like other game hacks.
11/02/2014 21:58
qqdev#8
Put as much as you can on a web server and not inside the software.
11/03/2014 14:20
Devsome#9
Register(webpage) => Database
Login(program) => to php => database(if account exist,if payed,if already logged in)
Encrypt your program to php POST with username,password,hwid and someother crap thats only the same on the username,password.
Decrypt it in the PHP script(webpage) ,handel it and send some emcrypted specialchars back to the program.
After the right decrypted specialchar the user are successfully logged in and ready to use your program.
Login(program) => to php => database(if account exist,if payed,if already logged in)
Encrypt your program to php POST with username,password,hwid and someother crap thats only the same on the username,password.
Decrypt it in the PHP script(webpage) ,handel it and send some emcrypted specialchars back to the program.
After the right decrypted specialchar the user are successfully logged in and ready to use your program.
11/03/2014 23:18
MrDami123#10
The trick is to sell the result from the bot not the bot itself. ;)
11/07/2014 08:07
BlackHybrid#11
Google for Confuser..
This tool has the following features:
Anti debugger
Anti memory dumping
Anti decompiler
Prevent any tampering of the assemblies
Encrypt codes
Encrypt constants (i.e. numbers & strings)
Encrypt resources
Control flow obfuscation
External/Internal reference proxy
Renaming
This tool has the following features:
Anti debugger
Anti memory dumping
Anti decompiler
Prevent any tampering of the assemblies
Encrypt codes
Encrypt constants (i.e. numbers & strings)
Encrypt resources
Control flow obfuscation
External/Internal reference proxy
Renaming
11/07/2014 18:38
Else#12
Google for DeConfuser..Quote:
11/07/2014 22:00
lama9379#13
Easy to say: Web API.. That one which you are prefering.. PHP or c# server or what ever. I prefer socketservers, written in c# too
11/08/2014 07:00
Flyff_Service#14
If your bot is a dll that is going to get injected into a target process then I would recommend this method to you:
1) Use a backend web login with your loader which identifies a user
(The user has to register his HWID either through your website or first startup - up to you.)
2) Then you need a little script in your backend web app which streams your bot dll directly to your Loader (don't save it on disk just keep it in the RAM), encrypted with the users HWID saved in your database. (Just a simple download script)
3. The loader decrypts the dll which is only possible if the PC of the user has the HWID which is linked to his account he is using.
Your bot dll can still be extracted when it's injected though, so in case you want to protect the module itself you have to hide it. I think you have to rewrite the PEB or sth like that, can't remember -> research with google by urself. But it's important to notice that there is no 100% protection if someone want to crack your bot he is able to!!!
Sry for bed englando it's very late
1) Use a backend web login with your loader which identifies a user
(The user has to register his HWID either through your website or first startup - up to you.)
2) Then you need a little script in your backend web app which streams your bot dll directly to your Loader (don't save it on disk just keep it in the RAM), encrypted with the users HWID saved in your database. (Just a simple download script)
PHP Code:
//Pseudocode
$botModule = file_get_contents('bot.dll');
echo encrypt($botModule, $hwid);
Your bot dll can still be extracted when it's injected though, so in case you want to protect the module itself you have to hide it. I think you have to rewrite the PEB or sth like that, can't remember -> research with google by urself. But it's important to notice that there is no 100% protection if someone want to crack your bot he is able to!!!
Sry for bed englando it's very late
11/08/2014 11:16
dready#15
@Flyff_Service
This is a legit way when using nativ code,but in .NET this seems a bit like an overkill.
You will put quiet some work, adding Compatiblity iusses and in the end fetching the unlinked Dll is about 5 Lines of Code.
Ps. You dont need to fiddle with the PEB, this works for sure, but i guess loading and solving the Dll directly raw into memory without ever linking it serves the same purpouse without the risk of something monitoring the Linktables
In the end Tolios approach is in my opinion be the best, stop the total starters, and put enough effort into the further Development to show people that they are buying the service, not the programm himself.
This is a legit way when using nativ code,but in .NET this seems a bit like an overkill.
You will put quiet some work, adding Compatiblity iusses and in the end fetching the unlinked Dll is about 5 Lines of Code.
Ps. You dont need to fiddle with the PEB, this works for sure, but i guess loading and solving the Dll directly raw into memory without ever linking it serves the same purpouse without the risk of something monitoring the Linktables
In the end Tolios approach is in my opinion be the best, stop the total starters, and put enough effort into the further Development to show people that they are buying the service, not the programm himself.