Overview
Examples
Screenshots
Comparisons
Applications
Download
Documentation
Tutorials
Bazaar
Status & Roadmap
FAQ
Authors & License
Forums
Funding Ultimate++
Search on this site
Search in forums












SourceForge.net Logo
Home » Developing U++ » Bazaar » Protect packages - split code encryption,client and server
Protect packages - split code encryption,client and server [message #40222] Sat, 06 July 2013 15:26 Go to next message
mdelfede is currently offline  mdelfede
Messages: 1259
Registered: September 2007
Senior Contributor
Hi,

I splitted protect package in 3 parts :

Protect         Contains code encryption, can be used standalone
ProtectClient   Client side of network protection
ProtectServer   Server side of network protection


You can use Protect package stand-alone, providing an encryption key provider which can be, for example, an hardware key.
No more dependency from mysql or sqlite

ProtectClient has also SQL dependency removed

The only changes needed in user code are include files;

<Protect/ProtectClient.h> becomes <ProtectClient/ProtectClient.h>
<Protect/ProtectServer.h> becomes <ProtectServer/ProtectServer.h>
<Protect/Protect.h> remains the same.

This package(s) still depend on obsoleted web package found on svn repository; I'm on the way of removing this dependence.

Ciao

Max
Re: Protect packages - split code encryption,client and server [message #40230 is a reply to message #40222] Sun, 07 July 2013 23:29 Go to previous messageGo to next message
mdelfede is currently offline  mdelfede
Messages: 1259
Registered: September 2007
Senior Contributor
ProtectXXX packages now don't depend anymore on obsoleted Web package
Re: Protect packages - split code encryption,client and server [message #40419 is a reply to message #40222] Wed, 31 July 2013 17:07 Go to previous messageGo to next message
Alboni is currently offline  Alboni
Messages: 182
Registered: January 2012
Location: Deventer, Netherlands
Experienced Member
Where might I find this new version?

I tried using the protect package in my program (the version from the stable upp release).
I use MSVC10 on Windows XP
The program would crash every time on PROTECT_END_FUNC; but obfuscate seems to work. (yes, the keys match)

My businesspartner has a windows7 machine and on his computer the whole program refuses to start. No messages.

[Updated on: Wed, 31 July 2013 17:10]

Report message to a moderator

Re: Protect packages - split code encryption,client and server [message #40420 is a reply to message #40419] Wed, 31 July 2013 17:13 Go to previous messageGo to next message
mdelfede is currently offline  mdelfede
Messages: 1259
Registered: September 2007
Senior Contributor
Hi,

I tested the protect package ONLY on MSC9.
Somebody report it working on MSC10 too, but I'm not sure.

The package, code encryption part, is STRONGLY compiler dependent, so there's no guarantee at all that it'll work on new compiler versions, due to core-rearranges by optimizer.

I tried all my possible to work around this with MSC9 and GCC. but some code path may break it too.
AND, it will surely NOT work on MSC64 bit due of lacking of inline assembly support.

You can try to insert/remove some code inside your protected function to see if something changes; if you've a SHORT non-working testcase I can try (not immediately) to check what's happening there.

Anyways, the new package is on SVN and should be on nighty builds. I'm using it in a commercial app without problems.

Ciao

Max

[Updated on: Wed, 31 July 2013 17:14]

Report message to a moderator

Re: Protect packages - split code encryption,client and server [message #40421 is a reply to message #40420] Wed, 31 July 2013 18:16 Go to previous messageGo to next message
Alboni is currently offline  Alboni
Messages: 182
Registered: January 2012
Location: Deventer, Netherlands
Experienced Member
Could things like pipeline length of the processor be an issue?
I read somewhere that modern processors are not fond of self modifying code. Might trigger virusscanners also.

The protected function is pretty wild with a lot of dependensies, but I'll see what I can do.

(and where can I get the new version for testing?)

[Updated on: Wed, 31 July 2013 18:17]

Report message to a moderator

Re: Protect packages - split code encryption,client and server [message #40422 is a reply to message #40421] Wed, 31 July 2013 18:23 Go to previous messageGo to next message
mdelfede is currently offline  mdelfede
Messages: 1259
Registered: September 2007
Senior Contributor
Alboni wrote on Wed, 31 July 2013 18:16

Could things like pipeline length of the processor be an issue?


maybe, but I doubt it.... my protected functions runs reliably in 12 customers in windows varying from winxp to windows7) and some 200+ people tested it with no problems at all.
On my 4x2 core notebook it runs quite well too.

It may depend on some code-path rearrangements by optimizer... I had some problems because of it on the beginning.

Last version is on svn or on nighty builds.

Ciao

Max
Re: Protect packages - split code encryption,client and server [message #40423 is a reply to message #40222] Wed, 31 July 2013 20:46 Go to previous messageGo to next message
Alboni is currently offline  Alboni
Messages: 182
Registered: January 2012
Location: Deventer, Netherlands
Experienced Member
Ok, I managed to make an example that crashes on closing the app.

Re: Protect packages - split code encryption,client and server [message #40424 is a reply to message #40423] Wed, 31 July 2013 22:29 Go to previous messageGo to next message
mdelfede is currently offline  mdelfede
Messages: 1259
Registered: September 2007
Senior Contributor
Ok, got it, with a simple solution... I don't remember why, but it was because of some compiler workaround, but you NEED a return BEFORE the PROTECT_END_FUNC :

PROTECT_START_FUNC(Decrypt)
....
.....
return;
PROTECT_END_FUNC



I can't hard code it because function may or may not return a value, so you have to put yourself.

Tested with your sample code, don't crash anymore.

On next weeks I'll see if I can find a better solution.

Ciao

Max

[Updated on: Wed, 31 July 2013 22:30]

Report message to a moderator

Re: Protect packages - split code encryption,client and server [message #40425 is a reply to message #40222] Wed, 31 July 2013 23:01 Go to previous messageGo to next message
Alboni is currently offline  Alboni
Messages: 182
Registered: January 2012
Location: Deventer, Netherlands
Experienced Member
Thanks! I'll try it out!

So I can't encrypt a part of a function?

This return doesn't apply to obfuscate I presume?
Re: Protect packages - split code encryption,client and server [message #40426 is a reply to message #40425] Wed, 31 July 2013 23:04 Go to previous messageGo to next message
mdelfede is currently offline  mdelfede
Messages: 1259
Registered: September 2007
Senior Contributor
The macro is done to be able to encrypt parts, but the bug prevents it for now.
So, for the meantime just put the return, I'll see if I can fix it.
Re: Protect packages - split code encryption,client and server [message #40427 is a reply to message #40425] Wed, 31 July 2013 23:06 Go to previous messageGo to next message
mdelfede is currently offline  mdelfede
Messages: 1259
Registered: September 2007
Senior Contributor
Alboni wrote on Wed, 31 July 2013 23:01


This return doesn't apply to obfuscate I presume?


Nope, this one is working correctly. And that's weird, because obfuscate do a re-encription on exit, so it should be easier to trigger the bug.
Re: Protect packages - split code encryption,client and server [message #40428 is a reply to message #40222] Wed, 31 July 2013 23:38 Go to previous messageGo to next message
Alboni is currently offline  Alboni
Messages: 182
Registered: January 2012
Location: Deventer, Netherlands
Experienced Member
It works on my machine now! Smile
But the version I send to my collegue only had obfuscate in it, and it didn't work on his (Win7) computer. Are there any rules to obfuscate, like can I do....

void function()
{
	......code
	.........
	OBFUSCATE_START_FUNC;
	........
	.. secret stuff
	........	
	OBFUSCATE_END_FUNC;
	........
	more code.......
}

Re: Protect packages - split code encryption,client and server [message #40429 is a reply to message #40428] Wed, 31 July 2013 23:44 Go to previous messageGo to next message
mdelfede is currently offline  mdelfede
Messages: 1259
Registered: September 2007
Senior Contributor
uhm.... I don't remember.
The obfuscate stuff decrypts on enter, executes and re-encrypts the code on exit. It should be safe, but you MUST NOT have a return in the middle of the encrypted code, otherwise on next call it'll crash.

so, this should be ok :
code
OBFUSCATE_START_FUNC
secret
<NO RETURNS HERE !!!>
OBFUSCATE_END_FUNC
code
return


but NOT :
code
OBFUSCATE_START_FUNC
secret
return                <--- WRONG!
OBFUSCATE_END_FUNC
code
return


(this is clearly stated in bazaar doc page...)

I've just tested it on my virtualbox windows7 and it works well, but I'm using MSC9. IIRC I had some problems with MSC10....

[Updated on: Wed, 31 July 2013 23:45]

Report message to a moderator

Re: Protect packages - split code encryption,client and server [message #40431 is a reply to message #40222] Thu, 01 August 2013 10:22 Go to previous messageGo to next message
Alboni is currently offline  Alboni
Messages: 182
Registered: January 2012
Location: Deventer, Netherlands
Experienced Member
Sadly it still doesn't work on my collegues pc.
Re: Protect packages - split code encryption,client and server [message #40432 is a reply to message #40431] Thu, 01 August 2013 10:26 Go to previous messageGo to next message
mdelfede is currently offline  mdelfede
Messages: 1259
Registered: September 2007
Senior Contributor
Really weird.... maybe he did something with security on his machine ? My app NEEDS to overwrite code, it uses a function that makes code writeabile before decripting it.
I don't know if in windows 7 there's a way to disallow this.
Ask him to disable antivirus first.....

Max
Re: Protect packages - split code encryption,client and server [message #40434 is a reply to message #40222] Thu, 01 August 2013 13:59 Go to previous messageGo to next message
Alboni is currently offline  Alboni
Messages: 182
Registered: January 2012
Location: Deventer, Netherlands
Experienced Member
That didn't work. Maybe he needs admin rights?

[Updated on: Thu, 01 August 2013 14:06]

Report message to a moderator

Re: Protect packages - split code encryption,client and server [message #40435 is a reply to message #40434] Thu, 01 August 2013 14:02 Go to previous messageGo to next message
mdelfede is currently offline  mdelfede
Messages: 1259
Registered: September 2007
Senior Contributor
Nope, on my machines it doesn't.
Could you please send your colleague a small sample to see if it crashes too ?
Re: Protect packages - split code encryption,client and server [message #40436 is a reply to message #40222] Thu, 01 August 2013 14:06 Go to previous messageGo to next message
Alboni is currently offline  Alboni
Messages: 182
Registered: January 2012
Location: Deventer, Netherlands
Experienced Member
Does it execute code in the data segment?
Turning on data execution protection on my XP didn't make it stop working.
Re: Protect packages - split code encryption,client and server [message #40437 is a reply to message #40436] Thu, 01 August 2013 14:10 Go to previous messageGo to next message
mdelfede is currently offline  mdelfede
Messages: 1259
Registered: September 2007
Senior Contributor
Alboni wrote on Thu, 01 August 2013 14:06

Does it execute code in the data segment?
Turning on data execution protection on my XP didn't make it stop working.


Nope, it decripts the code inside code segment, so is the opposite : it reads and write inside code segment.
This is allowed by this call :

bool res = VirtualProtect(start, size, access ? PAGE_EXECUTE_READWRITE : PAGE_EXECUTE_READ, &oldProt);


I don't know if it is possible to block it on windows7.
Never had such problems before.....
Re: Protect packages - split code encryption,client and server [message #40438 is a reply to message #40222] Thu, 01 August 2013 14:13 Go to previous messageGo to previous message
Alboni is currently offline  Alboni
Messages: 182
Registered: January 2012
Location: Deventer, Netherlands
Experienced Member
I'll make a popup if the call fails with the extended error info
and try again with my program
Previous Topic: Broken packages
Next Topic: Encrypted storage with streaming (OpenSSL, AES)
Goto Forum:
  


Current Time: Wed Nov 13 13:16:05 CET 2019

Total time taken to generate the page: 0.02145 seconds