Guys, not a question, just an example of someone unsure of the process.

I'm investigating a target that uses the Mozilla engine at it's core, and builds upon it. Well, it has a license file like FlexLM, but is a homebrew. The licensing dll is 200K, and is an XPCOM object. (Not fun to disassemble BTW). So, I'm digging around, and find the "your license is expired" dialog trigger. It's in a JAVASCRIPT FILE. With a header on the function that tells what it does, and that it should return true if the license is good.

return true;

done. Now, while the app is running, the About box shows that your license is expired, or missing, or whatever. So, I start digging for that code. It's in a compiled python script. And, just to be nice, they provide the original python for you, just in case you want to see how the protection works.



*sigh* This reminds me of a super hero game that I saw a long time ago that came from the UK. Batch file protection:

@echo off
DocCheck.exe
if errorlevel blah goto exit
game.exe
:exit

No, I'm not kidding.

Haha oh wow... I've seen "IsRegistered" options in registry keys and INI files and the such, but providing the source code is on a whole different level.

Ran into a .net application with an IsReg named function - my other favorite was the Arma protected app relying solely on an Arma .dll for protection - unpack the main app and the protection disappears.

SiGiNT

Ran into this one today that shows just how hard Symantec tries...

I have an old laptop with NAV Corporate Edition that I'm trying to re-use but clean off (some of the apps need to stay due to lack of install disks).

Attempting to uninstall prompts for a password, presumably designed to prevent users disgusted with system performance from simply uninstalling the root cause of their disgruntlement.

Fortunately, Symantec put a registry key in:

HKEY_LOCAL_MACHINE\SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion\Administrator Only\Security\

aptly named UseVPUninstallPassword

Changing the hex value from "1" to "0" removes the password requirement.

Clueless,

exactly the same stuff with Trend Micro

I saw a .dll in a project once that had a function named HasProductBeenPurchased, and return a bool.

In their defense, they did an MD5 sum of the .dll from the main app.

This was a protection that they used on over 800 applications, and the same search and replace would fix them all.

It seems that the code that called the .dll was probably in a library, so the bytes were ALWAYS the same.

In (grin) defense of the protectors. . .

If you have never taken a dive into assembly language ,
and the mysterious ways a computer works,
you get to believe that your cluelessness
Is shared across the world. . .

If a vendor said
your software is protected
you believe it most be true
Like everyone else,
believes what they say in Television,
The radio news,
in School,
The Bible or
in Church

Like when they say, in advertisement
You will be happier
and sexier
If you drink that can of beer
or smoke that cigarette brand

believe me,
people are deceived
and conned
In much more serious matters
day and night
(just take a look at the news these days)

Do you really think you are safe,
When you lock your door at night?
Do you think nobody
Will get inside your car,
If you close those windows
made of fragile glass?

Safety is an illusion
based on that tacit agreement
called the social contract
gullible humans believe
we made in the far past

Not to Fuck each other

too hard.


(Hey dELTA, what about smoking pot and reality reversing?? )

Have you considered that THIS might NOT actually be reality?????

Regards,

I pray for that every day.

Haha, I was already about to comment on it even before I saw that last line of the post.

Just something that might get handy...
http://www.capricorn.org/~akira/home/lockpick/mitlg-a4.pdf

I love the editors

When I was in the military, one of the classes I was given was on "methods of entry." The instructor had a large plexiglass (clear) door in a frame on wheels with 26 locks and a slide chain on it on the inside. While he gave his lecture, he picked all 26 locks and opened the slide chain with a piece of tape, a couple of rubber bands, and a bent paper clip. He then went through the door, looked at some "top secret" papers on a desk, then went back out, re-locking the slide chain and all 26 locks from the outside.

The point of the exercise was to demonstrate that almost nothing protected by a lock is "secure" given the opportunity and sufficient time and that the main object of "security" was to attempt to make the process as difficult as possible so that one might have an opportunity to catch the "bad guys" or require them to damage the lock, so one would at least know it had been compromised.

The problem is not that "they" know your plans and secrets. You can always change the plans, although some secrets one would prefer not to share.

The problem is when "you don't know" "they know" your plans and secrets and you are relying on those plans or secrets for whatever purpose they are supposed to serve. For example, in the military, if they know where, when, and with what equipment you might be planning to attack, they have a much greater probability of defeating your attack, or at the least inflicting much more substantial casualties. Not a good thing if you are the one who is scheduled to lead the attack.

Regards,

Hey JMI, with all respect (you know I have for you)
could you elaborate around this comment?

YOU might be dreaming THIS whole scenario. On the other hand, I might be dreaming this whole scenario, including your asking ME that question. OR, we BOTH might be the figment of SOMEONE ELSE'S imagination and that person is dreaming US.

Regards,

Oh cool, can we get into another discussion on metaphysics?
Maximus?


So anyway...

René Descartes walks into a bar and orders a drink.
He finishes the drink and the bartender asks if he wants another one.
"Oh I think not" says René,
and poof he disappears from existence..

Haha, good joke K.

JMI, are you going surrealistic on me?

If you have not seen this movie, I am sure you would enjoy it:

Le charme discret de la bourgeoisie
http://www.imdb.com/title/tt0068361/

[purple smoke] *puff*

Let's try to explain why (maybe) we might not be in a world thinking another world thinking another... let's see if I can persuade.

...let's talk of Matrix, then. Everyone saw it, no? Well, that film as a substantial metaphysical layer, more thicker that it might seem at first (sometime hollywood can mix special effect and intelligent essays, impressive...).

Ask yourself: you are in an ocean river, and you see an ant walking the sand. If you look the sand more closely, you see the ant is crafting the lines of Washington's portrait. Is it *A* Washington's portrait, or just casual lines?
The answer is not trivial for the following reason: think you are near the top of a hill, and you see a single Tree on top. Yeah, you can see the leaves, the dimmed veins of the wood. Is it *A* Tree?
The question, now, isn't so trivial.
Where is the difference? At sight, you might say: the ant is not REFERRING to the Washington's portrait, but I *AM* referring to the Tree.
Wow (...WoW).
...but...

What does this has to do with being in a world thinking another world -or not?
Matrix's people in the matrix were really talking i.e. of trees or not? How could they distinguish if they were real trees or just simply mental images?
Said simple, how could they know if they were brains in a vat with a projected mental image or just real people looking a tree on top of a hill?

soooo....
http://www.cavehill.uwi.edu/bnccde/ph29a/putnam.html
....

Send me a mail from you psychiatric hospital after you read it

edit----
don't remember exact words, so forgive me for paraphrasing :P

Naides:

Is it true that only the French could make a movie whose "plot" is described as:

"A surreal, virtually plotless series of dreams centered around six middle-class people and their consistently interrupted attempts to have a meal together"

"The film satirizes french bourgeoisie but as I said it is not really an acid satire but a surreal comedy/drama that doesn't really have to make sense. Dream in dream sequences are often used to express the character's unrests and troubles. The movie is somehow similar to The Exterminating Angel where the characters, after they eat cannot leave the room even though there is nothing stopping them. Here, different situations interrupt the characters from eating. These situations are absurd and illogic, just like the ones in The Exterminating Angel."


But I'm afraid I missed that one though. I was in Viet Nam at the time.

Regards,

Here's a cute response to a CRC error -



SiGiNT

Hey SiGiNT! I KNOW that app! I was just having a look at it myself.

There is a function in there that checks the window titles, and if it has "keygen" in it, it exits the program.

Very nice protection job on it.

Howdy,

Is this metaphysics or really philosophy?

One can always make their own observations when given the context in which it MAY be intended.

How do you decide it is an ant on the sand?
How do you decide it is a tree on top of the hill?

If you were to make these decisions without any "outside" interference,
then the answer has absolutly no meaning to anyone but you.

"soylent green", was it really about the obvious or was it about what could be?

Your perception of what you see and think is only that, a perception.
You can change it however you like. It is within your mind to make that choice.

Woodmann

Damn! Woody is waxing philosophical. You Go Woody!



Regards,

Maybe the same app. but I got this response to a small patch modifying 4 bytes - it has a loop that checks every every frickin line in the compilation - pesky problem - but relatively easy to defeat - just move the value from the comparison register to the compared register.

Hey Woodmann - quoting from a popular commercial - "do I have a response to that??" sure I have a response - WHAT?????"


SiGiNT

Boñuel is actually portuguese. :P
If you want something really surreal, try his co-production with Salvador Dali (http://www.imdb.com/title/tt0020530/). Now THAT'S weird shit.

According to IMdb: Luis Buñuel was born 22 February 1900, Calanda, Teruel, Aragón, Spain!

http://www.imdb.com/name/nm0000320/bio

Regards,

Soylent Green was about celebrity chefs run amok.

They were just "kickin' it up a notch" too far.

And what was THX1138 REALLY about???? - I have a vested interest in the answer, I was in that one.

SiGiNT

And yes George Lucas is only a couple inches taller than 5 feet.

Did you have to shave your head?

Absolutely!!!!

In one scene I'm one of the shuffling masses, actually about 30-40 of us in a continuous loop, in the hallway when Robert DuValle and Donald Pleasance break into the corridor - a lot of the movie was shot in a power station in Oakland Ca. - didn't pay much but the catered lunches were outstanding.

SiGiNT

Thats like asking how many licks it takes to get to the center of a Tootsie Pop.

At the risk of showing just how nerdy we were, my brother DID IT. (I counted). It took 711 licks to get to the tootsie roll center of the tootsie roll pop.

(Cue Grandpa Simpson voice)
We only had 4 TV stations, and that's the way we LIKED it!

We were bored kids. (As if you couldn't already tell).

hi,



hehe, even HP big flag ships "HP open view" software is _very_ open in similar terms ...

i notified them once, that they provide software demo downloads with debug info. internally they said it was discussed a lot, 2yrs later i still downloaded with debug info

-> ie:

Example1: ovutil.dll-OVLICisExpired():The linear codingstyle shows no protection techniques - this
==========
looks like highlevel coded without understanding what software protection is all about.

It really is the standard code to show people how to NOT do a date expiration check.

_text:5A415C6E;Attributes:bp-basedframe
_text:5A415C6E
_text:5A415C6E;int__cdecl_OVLICisExpired(charexpirationTime)
_text:5A415C6E public__OVLICisExpired
_text:5A415C6E__OVLICisExpiredprocnear ;CODEXREF:_OVNNMreadLicEntries+1FD p
_text:5A415C6E
_text:5A415C6Enow =dwordptr-4
_text:5A415C6EexpirationTime =byteptr 8
_text:5A415C6E
_text:5A415C6E push ebp ;Function has frame pointer omitted
_text:5A415C6F mov ebp,esp
_text:5A415C71 push ecx
_text:5A415C72 push 0
_text:5A415C74 call ds:__imp__time
_text:5A415C7A add esp,4
_text:5A415C7D mov [ebp+now],eax
_text:5A415C80 mov eax,dwordptr[ebp+expirationTime]
_text:5A415C83 mov ecx,[ebp+now]
_text:5A415C86 cmp ecx,[eax]
_text:5A415C88 jle shortloc_0_5A415C9C <----PATCH THE SPOF HERE----<
_text:5A415C8A mov edx,dwordptr[ebp+expirationTime]
_text:5A415C8D cmp dwordptr[edx],0DBE5Fh
_text:5A415C93 jz shortloc_0_5A415C9C
_text:5A415C95 mov eax,1 ;ORHERE(eax=1meansEXPIRED)
_text:5A415C9A jmp shortloc_0_5A415C9E
_text:5A415C9Cloc_0_5A415C9C:xor eax,eax
_text:5A415C9Eloc_0_5A415C9E:mov esp,ebp
_text:5A415CA0 pop ebp
_text:5A415CA1 retn
_text:5A415CA1__OVLICisExpiredendp ; TO MAKE NNM LICENSE VALID FOREVER!!

however,

who runs network node manager on his computer anyways , but still it helps so much to find exploits with all that info ... MAAAN!

cheers, 0xf001

?

Anyway, this one is good for a laugh: http://worsethanfailure.com/Articles/Lock_In_Key_Security.aspx

hi fr33ke,

to your quote - its an ida default comment

regards, 0xf001