Home » Developing U++ » UppHub » Protect packages - split code encryption,client and server
| Protect packages - split code encryption,client and server [message #40222] |
Sat, 06 July 2013 15:26  |
mdelfede
Messages: 1310
Registered: September 2007
|
Ultimate Contributor |
|
|
Hi,
I splitted protect package in 3 parts :
Protect Contains code encryption, can be used standalone
ProtectClient Client side of network protection
ProtectServer Server side of network protection
You can use Protect package stand-alone, providing an encryption key provider which can be, for example, an hardware key.
No more dependency from mysql or sqlite
ProtectClient has also SQL dependency removed
The only changes needed in user code are include files;
<Protect/ProtectClient.h> becomes <ProtectClient/ProtectClient.h>
<Protect/ProtectServer.h> becomes <ProtectServer/ProtectServer.h>
<Protect/Protect.h> remains the same.
This package(s) still depend on obsoleted web package found on svn repository; I'm on the way of removing this dependence.
Ciao
Max
|
|
|
|
|
|
| Re: Protect packages - split code encryption,client and server [message #40419 is a reply to message #40222] |
Wed, 31 July 2013 17:07  |
 |
Alboni
Messages: 216
Registered: January 2012
Location: Kajaani, Finland
|
Experienced Member |
|
|
Where might I find this new version?
I tried using the protect package in my program (the version from the stable upp release).
I use MSVC10 on Windows XP
The program would crash every time on PROTECT_END_FUNC; but obfuscate seems to work. (yes, the keys match)
My businesspartner has a windows7 machine and on his computer the whole program refuses to start. No messages.
[Updated on: Wed, 31 July 2013 17:10] Report message to a moderator |
|
|
|
| Re: Protect packages - split code encryption,client and server [message #40420 is a reply to message #40419] |
Wed, 31 July 2013 17:13 |
mdelfede
Messages: 1310
Registered: September 2007
|
Ultimate Contributor |
|
|
Hi,
I tested the protect package ONLY on MSC9.
Somebody report it working on MSC10 too, but I'm not sure.
The package, code encryption part, is STRONGLY compiler dependent, so there's no guarantee at all that it'll work on new compiler versions, due to core-rearranges by optimizer.
I tried all my possible to work around this with MSC9 and GCC. but some code path may break it too.
AND, it will surely NOT work on MSC64 bit due of lacking of inline assembly support.
You can try to insert/remove some code inside your protected function to see if something changes; if you've a SHORT non-working testcase I can try (not immediately) to check what's happening there.
Anyways, the new package is on SVN and should be on nighty builds. I'm using it in a commercial app without problems.
Ciao
Max
[Updated on: Wed, 31 July 2013 17:14] Report message to a moderator |
|
|
|
|
|
|
|
|
|
| Re: Protect packages - split code encryption,client and server [message #40424 is a reply to message #40423] |
Wed, 31 July 2013 22:29 |
mdelfede
Messages: 1310
Registered: September 2007
|
Ultimate Contributor |
|
|
Ok, got it, with a simple solution... I don't remember why, but it was because of some compiler workaround, but you NEED a return BEFORE the PROTECT_END_FUNC :
PROTECT_START_FUNC(Decrypt)
....
.....
return;
PROTECT_END_FUNC
I can't hard code it because function may or may not return a value, so you have to put yourself.
Tested with your sample code, don't crash anymore.
On next weeks I'll see if I can find a better solution.
Ciao
Max
[Updated on: Wed, 31 July 2013 22:30] Report message to a moderator |
|
|
|
|
|
|
|
|
|
|
|
| Re: Protect packages - split code encryption,client and server [message #40429 is a reply to message #40428] |
Wed, 31 July 2013 23:44 |
mdelfede
Messages: 1310
Registered: September 2007
|
Ultimate Contributor |
|
|
uhm.... I don't remember.
The obfuscate stuff decrypts on enter, executes and re-encrypts the code on exit. It should be safe, but you MUST NOT have a return in the middle of the encrypted code, otherwise on next call it'll crash.
so, this should be ok :
code
OBFUSCATE_START_FUNC
secret
<NO RETURNS HERE !!!>
OBFUSCATE_END_FUNC
code
return
but NOT :
code
OBFUSCATE_START_FUNC
secret
return <--- WRONG!
OBFUSCATE_END_FUNC
code
return
(this is clearly stated in bazaar doc page...)
I've just tested it on my virtualbox windows7 and it works well, but I'm using MSC9. IIRC I had some problems with MSC10....
[Updated on: Wed, 31 July 2013 23:45] Report message to a moderator |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| Re: Protect packages - split code encryption,client and server [message #40441 is a reply to message #40222] |
Thu, 01 August 2013 16:25 |
|
Alboni
Messages: 216
Registered: January 2012
Location: Kajaani, Finland
|
Experienced Member |
|
|
Yeah, I did this:
bool PROTECT_WRITE_ACCESS(byte *start, size_t size, bool access)
{
dword oldProt;
bool res = VirtualProtect(start, size, access ? PAGE_EXECUTE_READWRITE : PAGE_EXECUTE_READ, &oldProt);
if (!res)
{
Exclamation(::Format("VirtualProtect fail %d (size=%d, access=%d)",(int)GetLastError(), (int)size, (int)access));
}
return res;
}
but no popup appeared.
The testapp I sent you with the "return" modification applied did run btw. But my big app failed silently on my collegues computer, (works on mine) the non encrypted version works on both.
|
|
|
|
|
|
|
|
|
|
|
|
| Re: Protect packages - split code encryption,client and server [message #40479 is a reply to message #40222] |
Wed, 07 August 2013 03:31 |
|
Alboni
Messages: 216
Registered: January 2012
Location: Kajaani, Finland
|
Experienced Member |
|
|
I inspected the lines that were altered.
a-b+c sometimes gets interpreted as (a-b)+c and sometimes as a-(b+c) wich yelds a different result.
So I tried using ( ) on this line: (274)
PROTECT_OBFUSCATE(__startPtr, __endPtr - __startPtr + 2, __keyPtr, 16); \
The version below doesn't crash on my pc, but I don't know if this is what was intended.
PROTECT_OBFUSCATE(__startPtr, __endPtr - (__startPtr + 2), __keyPtr, 16); \
If I do the same on Encrypt it does crash, so that suggest not.
In any case is it helpful to use ( ) to not let the compiler decide.
|
|
|
|
|
|
|
|
| Re: Protect packages - split code encryption,client and server [message #40482 is a reply to message #40222] |
Wed, 07 August 2013 13:01 |
|
Alboni
Messages: 216
Registered: January 2012
Location: Kajaani, Finland
|
Experienced Member |
|
|
(I have not recompiled EncryptDecrypt during the tests, I assumed this was not necessary. Let me know if I thought wrong)
encrypt and obfuscate now both run fine on my computer.
Obfuscate gives a compiler warning:
warning C4102: '__end' : unreferenced label
It still doesn't work on my collgues's pc.
I changed protectEncrypt so that it doesn't alter the executable filetime.
[Updated on: Wed, 07 August 2013 13:02] Report message to a moderator |
|
|
|
|
|
|
|
|
|
| Re: Protect packages - split code encryption,client and server [message #40488 is a reply to message #40487] |
Wed, 07 August 2013 23:18 |
mdelfede
Messages: 1310
Registered: September 2007
|
Ultimate Contributor |
|
|
So, we can try this, but it mus be done on your friend's machine.
1) Remove PROTECT_START_FUNC and END_FUNC macros from your protected function and replace them with the code in Protect.h (remove the backslashes, of course), so you can step inside macros with debugger.
2) Build the app, but do NOT run the ProtectEncrypt on it. Step up to protected function beginning, note the code range of the function, dump it on a file. Name it as UNENCRYPTED.BIN. The difficult part is to find the end of he cunction inside binary code, but you can search for PROTECT_END_MARKER byte sequence.
3) Run ProtectEncrypt on app, then do the same as before. Beware to stop BEFORE the call to Decrypt function.
Store the code area inside ENCRYPTED.BIN file. Take care it has the SAME length as former one.
4) Without exiting debugger, step OVER the decrypt function call, and re-save the binary code inside DECRYPTED.BIN file.
As before, the file should have same length as 2 former files.
5) You can send me the 3 binary files, if you trust. Otherwise, compare the UNENCRYPTED.BIN file with the DECRYPTED.BIN file. They should be identical, besides the marker (PROTECT_START_MARKER and PROTECT_END_MARKER which gets overwritten by ProtectEncrypt.
If there are other differences besides markers, try to locate them.... if they're near end marker, the decrypt routine is missing some parts.
You could also check if ProtectEncrypt do its job on the whole code between both markers, by comparing UNENCRYPTED and ENCRYPDET files. That could give some hints too.
[Updated on: Wed, 07 August 2013 23:23] Report message to a moderator |
|
|
|
|
|
|
|
|
|
|
|
|
|
Goto Forum:
Current Time: Sat May 30 08:21:58 GMT+2 2026
Total time taken to generate the page: 0.01389 seconds
|
U++ framework
Search
Help
Members
Register
Login
Home
