[NOTE]Encrypt .exe's before releasing!

unknownone · 09/02/2009, 20:30

If only slaps could be handed out over the interwebs, most of this forum would have red arses.

Quote:

Originally Posted by Smythe94

tao, ofcourse it can, but do you really think any one will spend all that money and/or time to decompile a private server or something like that?

The problem here is when the person doing the reversing is more knowledgeable than the one attempting to add protection. It takes longer to protect something than to break the protection.

Quote:

Originally Posted by EmmeTheCoder

The way I'm doing it cannot be decompiled, you CAN NOT get the sourcecode out of that exe, simple as that, and as it isn't really a obfuscator (is that even a word?) , there are no programs to decompile the exe.

CIL is structurally identical to C#. Even without decompiling back to C#, you can still view the CIL for any program, which is both readable, and follows the same class hierarchy as the uncompiled code. The only difference is the content of each method - The C# compilation is a "non-reversable" process.

A C# compiler is really only a "method compiler". Every method is compiled separately, resulting in short, straightforward sections of code that are usually easy to decompile. Code optimisations and such result in decompiled code which isn't exactly the same as the source code, but functionally equivalent.

If you remove the modularity from your code, you can probably get some CIL which is not so straightforward to decompile, and will cause trouble for most decompilers - but it doesn't stop one from reading, and understanding the CIL that isn't decompiled.

You can get some of the best obfustication by using languages which don't use the same OOP concepts that C# and CIL follow, for example, using F# produces code which looks very odd in CIL, and almost meaningless if you try to decompile it to C#. The code can be decompiled though - it's just that there's no "F# decompiler", afaik.

Basser · 09/02/2009, 21:34

@UnkownNone, I think you should change your name.
But now to the point, link me to a reflector for the Phoenix Security thing, and than I'll read the rest of your post, its really long, and since I don't think Phoenix Security is well-known, I don't think anyone released a decompiler, not sure though.

@Emme, Either release the way you encrypt, or stop "Look what I've got and you haven't"-ing.

~Bas

~~kinshi88~~ · 09/02/2009, 21:45

Visual Studio comes with Dotfuscator right there in the the Tools menu, along with some other fun stuff.
(Ps, I have the full version. Donno if it's included in the Free version)

_tao4229_ · 09/02/2009, 22:30

Quote:

Originally Posted by Smythe94

@UnkownNone, I think you should change your name.
But now to the point, link me to a reflector for the Phoenix Security thing, and than I'll read the rest of your post, its really long, and since I don't think Phoenix Security is well-known, I don't think anyone released a decompiler, not sure though.

@Emme, Either release the way you encrypt, or stop "Look what I've got and you haven't"-ing.

~Bas

No, please stop acting like you actually know what you're talking about. You really should have read all of unknownones post.

Took me 30 seconds to find it, and 4 minutes to test it.
Have fun.

killermickle · 09/02/2009, 22:40

Quote:

Originally Posted by Smythe94

@UnkownNone, I think you should change your name.

You just did change his name.

~~PeTe Ninja~~ · 09/03/2009, 06:02

I can't believe I started this all just by reflecting one program.

Basser · 09/03/2009, 11:18

It was disrespect full to release someones source on the same topic.
@tao, did you test it on a protected .exe?
Download the phoenix security, than try reflecting it, I tested it and it I didn't get the source, but maybe your reflector is better.

~Bas

_tao4229_ · 09/03/2009, 16:27

You don't get the full source because phoenix protector has an obfuscator.

This means class names/namespace names are gone for good.
I tested it on your portable port scanner thing and it did everything it said it did.

It decrypts strings, even gives back control names etc. It turns it back it to mainly readable code.

Basser · 09/03/2009, 16:32

What your saying is, phoenix protector isn't good enough?
kk.. Does anyone know a better way to decrypt / obfuscate?

~Bas

_tao4229_ · 09/03/2009, 18:21

Quote:

Originally Posted by Smythe94

What your saying is, phoenix protector isn't good enough?
kk.. Does anyone know a better way to decrypt / obfuscate?

~Bas

No, what I'm saying is pretty much what unknownone is saying.

You should've read his post.

Public encryption algorithms have public decryption algorithms for the most part. The only ones that usually don't have public decryption algorithms are things like codeveil that cost shitloads of money. In that case, you have to follow what unknownone said. It really only matters if the skill level of the person 'cracking' the program is greater than the person protecting it, because it's *usually* easier to crack it.

Basser · 09/03/2009, 20:35

I've read this all.
But tao, have you found any program to decrypt a file that's encrypted with Phoenix Encryption? And is it a freeware? I mean, I know a lot of people can decrypt it, however the people that can, have no interest in most .exe's released on this forum.

_tao4229_ · 09/03/2009, 23:34

Quote:

Originally Posted by Smythe94

I've read this all.
But tao, have you found any program to decrypt a file that's encrypted with Phoenix Encryption? And is it a freeware? I mean, I know a lot of people can decrypt it, however the people that can, have no interest in most .exe's released on this forum.

I already posted it.

Basser · 09/05/2009, 09:04

#request close

_Emme_ · 09/05/2009, 10:54

#closed