Log in

View Full Version : Preventing Decompilers / Disassemblers


BOB
March 18th, 2003, 12:24
I am sorry if this is in the wrong forum but PLEASE help me.

I am writing a thesis / dissertation regarding software security, trying to help developers create protections.

Looking through the old tutorial (1998ish) I have found a number of assembly routines that stop S-Ice etc.. but are there any newer methods.

For example - how can you prevent Smart Check, or IDA, or W32 Dasm in, lets say, using Delphi???

If yuou have any other ideas on protection systems, even if they are crackable or quite strong, I would be very GRATEFUL.

Thanks

ZaiRoN
March 18th, 2003, 14:32
Hi BOB,

imho, the whole board is a place where the reverser guys learn how the protections work and, where developers are supposed to learn how improve their protections.
Listing all knowed anti-methods is difficult but you can use the search function to locate some of them.

You can start with it and if you want to know something about a particular method, feel free to ask...someone will help you :-)

Regards,
ZaiRoN

squidge
March 18th, 2003, 18:35
Different tricks apply to different apps (and even different versions of the app!). For example, an infinite jump reference in w32dasm will lock up the app, but this will not have any effect on IDA.

Best protection against IDA is never use constant addresses in data or jumps - make everything reference the registers, and ensure the registers are setup using algorithms. (Eg. CALL EAX instead of CALL 4521A4, whereas EAX is setup previously in some math's algo). Very impractical however, and pretty much impossible unless you code the entire thing in ASM.

Other than that, tokening is a good way - I've yet to see a disassembler make anything out of a QBasic 4.5 program beyond the loader

Kayaker
March 18th, 2003, 18:47
Hi

ZaiRoN pretty much has it right, this whole place is full of tricks and you just have to start learning where the level of 'deprotection' lays. I'm sure you've researched other things, but there are several essays around outlining protection ideas you can use, try Fravia's Searchlores protection articles for a start, CrackZ archives has some good stuff, I remember even the Delphiforum site had quite a good page on protection tips and tricks contributed to by several knowledgable reversers.

Re Delphi... there are several ready made commercial protections around of course, but I seem to remember a unit put together by someone of packaged Delphi anti Sice and other tricks, though I don't know if I'd bother with them. If you figure out a trick, someone will figure out a way around it, and how you implement it is critical in how easy or hard that will be. A few anti tool tricks by themselves are nothing much unless tied into a larger protection. If you have more specific questions...

Regards,
Kayaker