Overview
Examples
Screenshots
Comparisons
Applications
Download
Documentation
Tutorials
Bazaar
Status & Roadmap
FAQ
Authors & License
Forums
Funding Ultimate++
Search on this site
Search in forums












SourceForge.net Logo
Home » Developing U++ » Bazaar » Protect packages - split code encryption,client and server
Re: Protect packages - split code encryption,client and server [message #40439 is a reply to message #40438] Thu, 01 August 2013 14:57 Go to previous messageGo to next message
Alboni is currently offline  Alboni
Messages: 182
Registered: January 2012
Location: Deventer, Netherlands
Experienced Member
No popup so VirtualProtect does not fail or doesn't get called.
Re: Protect packages - split code encryption,client and server [message #40440 is a reply to message #40439] Thu, 01 August 2013 15:41 Go to previous messageGo to next message
mdelfede is currently offline  mdelfede
Messages: 1259
Registered: September 2007
Senior Contributor
VirtualProtect returns 0 when failing, so you can't see by app crash. You could log the return value. You see the call inside Protect.cpp file.
Re: Protect packages - split code encryption,client and server [message #40441 is a reply to message #40222] Thu, 01 August 2013 16:25 Go to previous messageGo to next message
Alboni is currently offline  Alboni
Messages: 182
Registered: January 2012
Location: Deventer, Netherlands
Experienced Member
Yeah, I did this:

bool PROTECT_WRITE_ACCESS(byte *start, size_t size, bool access)
{
	dword oldProt;
	bool res = VirtualProtect(start, size, access ? PAGE_EXECUTE_READWRITE : PAGE_EXECUTE_READ, &oldProt);
	if (!res)
	{
		Exclamation(::Format("VirtualProtect fail %d (size=%d, access=%d)",(int)GetLastError(), (int)size, (int)access));
	}
	
	return res;
}


but no popup appeared.

The testapp I sent you with the "return" modification applied did run btw. But my big app failed silently on my collegues computer, (works on mine) the non encrypted version works on both.
Re: Protect packages - split code encryption,client and server [message #40458 is a reply to message #40441] Mon, 05 August 2013 01:39 Go to previous messageGo to next message
mdelfede is currently offline  mdelfede
Messages: 1259
Registered: September 2007
Senior Contributor
Hi,

I guess I've find the problem.
On next days I'll check it out and submit the fixed code.

Ciao

Max
Re: Protect packages - split code encryption,client and server [message #40462 is a reply to message #40222] Mon, 05 August 2013 10:36 Go to previous messageGo to next message
Alboni is currently offline  Alboni
Messages: 182
Registered: January 2012
Location: Deventer, Netherlands
Experienced Member
Waiting with anticipation Smile
Thank you...
Re: Protect packages - split code encryption,client and server [message #40475 is a reply to message #40462] Tue, 06 August 2013 19:26 Go to previous messageGo to next message
mdelfede is currently offline  mdelfede
Messages: 1259
Registered: September 2007
Senior Contributor
Could you please test replacing Protect.h with attached file ?

(please test BOTH PROTECT and OBFUSCATE, on your friend's machine too. You DON'T need anymore the RETURN of former posts)
  • Attachment: Protect.h
    (Size: 8.55KB, Downloaded 138 times)

[Updated on: Tue, 06 August 2013 19:28]

Report message to a moderator

Re: Protect packages - split code encryption,client and server [message #40478 is a reply to message #40222] Wed, 07 August 2013 02:44 Go to previous messageGo to next message
Alboni is currently offline  Alboni
Messages: 182
Registered: January 2012
Location: Deventer, Netherlands
Experienced Member
I tested briefly on my computer: (xp) on the stable release version.
*Encrypt indeed works without return now.
*Obfuscate now crashes the program. It didn't before.


I will report on the other computer tomorrow.

Re: Protect packages - split code encryption,client and server [message #40479 is a reply to message #40222] Wed, 07 August 2013 03:31 Go to previous messageGo to next message
Alboni is currently offline  Alboni
Messages: 182
Registered: January 2012
Location: Deventer, Netherlands
Experienced Member
I inspected the lines that were altered.

a-b+c sometimes gets interpreted as (a-b)+c and sometimes as a-(b+c) wich yelds a different result.

So I tried using ( ) on this line: (274)
	PROTECT_OBFUSCATE(__startPtr, __endPtr - __startPtr + 2, __keyPtr, 16); \


The version below doesn't crash on my pc, but I don't know if this is what was intended.
	PROTECT_OBFUSCATE(__startPtr, __endPtr - (__startPtr + 2), __keyPtr, 16); \


If I do the same on Encrypt it does crash, so that suggest not.
In any case is it helpful to use ( ) to not let the compiler decide.
Re: Protect packages - split code encryption,client and server [message #40480 is a reply to message #40479] Wed, 07 August 2013 09:33 Go to previous messageGo to next message
mdelfede is currently offline  mdelfede
Messages: 1259
Registered: September 2007
Senior Contributor
Alboni wrote on Wed, 07 August 2013 03:31

I inspected the lines that were altered.

a-b+c sometimes gets interpreted as (a-b)+c and sometimes as a-(b+c) wich yelds a different result.



Nope, + operator associates left to right, so it's always (a - b) + c, which is the intended behaviour.
I forgot to take the 2 bytes of a jmp instruction, when decrypting on windows, at least for PROTECT.
I'll check again OBFUSCATE.....
Re: Protect packages - split code encryption,client and server [message #40481 is a reply to message #40480] Wed, 07 August 2013 09:56 Go to previous messageGo to next message
mdelfede is currently offline  mdelfede
Messages: 1259
Registered: September 2007
Senior Contributor
Please recheck now with attached file.... it should be ok.

Let me know your results on ALL of your tests, I'll wait for it before updating svn.

Ciao

Max
  • Attachment: Protect.h
    (Size: 8.56KB, Downloaded 425 times)
Re: Protect packages - split code encryption,client and server [message #40482 is a reply to message #40222] Wed, 07 August 2013 13:01 Go to previous messageGo to next message
Alboni is currently offline  Alboni
Messages: 182
Registered: January 2012
Location: Deventer, Netherlands
Experienced Member
(I have not recompiled EncryptDecrypt during the tests, I assumed this was not necessary. Let me know if I thought wrong)

encrypt and obfuscate now both run fine on my computer.

Obfuscate gives a compiler warning:
warning C4102: '__end' : unreferenced label



It still doesn't work on my collgues's pc.


I changed protectEncrypt so that it doesn't alter the executable filetime.

[Updated on: Wed, 07 August 2013 13:02]

Report message to a moderator

Re: Protect packages - split code encryption,client and server [message #40483 is a reply to message #40482] Wed, 07 August 2013 13:07 Go to previous messageGo to next message
mdelfede is currently offline  mdelfede
Messages: 1259
Registered: September 2007
Senior Contributor
Alboni wrote on Wed, 07 August 2013 13:01



It still doesn't work on my collgues's pc.




Well... I ran out of ideas about it.... Did you compile the code and sent him the compiled app, or did him compile by himself ?

Does he have the ability of running code inside debugger and give you a backtrace ? (I don't remember well, but IIRC windows has some kind of just-in-time debugger that can do it...).

Did he run the small testcase, or the complete app ?
If the problem is just on latter, could you make him test a small sample app with just the DoMain() and maybe a DoObfuscate() calls ?
Re: Protect packages - split code encryption,client and server [message #40486 is a reply to message #40483] Wed, 07 August 2013 18:49 Go to previous messageGo to next message
mdelfede is currently offline  mdelfede
Messages: 1259
Registered: September 2007
Senior Contributor
And.... maybe a dumb question, but do the app run on your friend's PC WITHOUT the PROTECT flag (so without the protection code embedded) ?
Re: Protect packages - split code encryption,client and server [message #40487 is a reply to message #40222] Wed, 07 August 2013 22:00 Go to previous messageGo to next message
Alboni is currently offline  Alboni
Messages: 182
Registered: January 2012
Location: Deventer, Netherlands
Experienced Member
I send him the .exe of the complete app (5.2 Mb exe)

Yes it runs absolutely without the protect flag. That's the funny thing. I would not steal your time like that. The software is being used by several clients on various systems.

If I send the testapp I sent earlier, it runs ok for both encrypt and obfuscate. I think there may be some upp elements that do initialisations in a different order perhaps. Then the problem might go away if I create them on the heap.

Or maybe my protected function is too big and a longer jump instruction is generated? I want to hide the whole logic that checks the licence and starts the main window.

Debugging on the other computer:
There was a popup with lots of times FREEFREEFREEFREE in it.

There was a crash in a filehandling routine because the filenamestring contained garbage. It would normally be empty is the functions failed. None of this happens with the protect flag off.

I will try to build a new example that will display the same problem as the big app.


Re: Protect packages - split code encryption,client and server [message #40488 is a reply to message #40487] Wed, 07 August 2013 23:18 Go to previous messageGo to next message
mdelfede is currently offline  mdelfede
Messages: 1259
Registered: September 2007
Senior Contributor
So, we can try this, but it mus be done on your friend's machine.

1) Remove PROTECT_START_FUNC and END_FUNC macros from your protected function and replace them with the code in Protect.h (remove the backslashes, of course), so you can step inside macros with debugger.

2) Build the app, but do NOT run the ProtectEncrypt on it. Step up to protected function beginning, note the code range of the function, dump it on a file. Name it as UNENCRYPTED.BIN. The difficult part is to find the end of he cunction inside binary code, but you can search for PROTECT_END_MARKER byte sequence.

3) Run ProtectEncrypt on app, then do the same as before. Beware to stop BEFORE the call to Decrypt function.
Store the code area inside ENCRYPTED.BIN file. Take care it has the SAME length as former one.

4) Without exiting debugger, step OVER the decrypt function call, and re-save the binary code inside DECRYPTED.BIN file.
As before, the file should have same length as 2 former files.

5) You can send me the 3 binary files, if you trust. Otherwise, compare the UNENCRYPTED.BIN file with the DECRYPTED.BIN file. They should be identical, besides the marker (PROTECT_START_MARKER and PROTECT_END_MARKER which gets overwritten by ProtectEncrypt.
If there are other differences besides markers, try to locate them.... if they're near end marker, the decrypt routine is missing some parts.

You could also check if ProtectEncrypt do its job on the whole code between both markers, by comparing UNENCRYPTED and ENCRYPDET files. That could give some hints too.

[Updated on: Wed, 07 August 2013 23:23]

Report message to a moderator

Re: Protect packages - split code encryption,client and server [message #40489 is a reply to message #40488] Wed, 07 August 2013 23:21 Go to previous messageGo to next message
mdelfede is currently offline  mdelfede
Messages: 1259
Registered: September 2007
Senior Contributor
Btw, the FREEFREEFREE is a marker of unallocated area used by upp..... I suspect there are some memory problems somewhere, but not sure.

Which are the differences between your machine and your friend's ? OS, 32 or 64 bit, kind of processor.... ?
Re: Protect packages - split code encryption,client and server [message #40490 is a reply to message #40222] Wed, 07 August 2013 23:43 Go to previous messageGo to next message
Alboni is currently offline  Alboni
Messages: 182
Registered: January 2012
Location: Deventer, Netherlands
Experienced Member
Mine: (on wich it all runs)
Intel Pentium 4 3.2Ghz, 2GB ram, Windows XP home (up to date)
keyboard from 1991 Smile

His:
Intel Core i-3 laptop 8GB ram, Windows 7, 64 bit

Compiler: upp version and compiler are the same on both machines:
Upp 5485 and MSVC10
.......
Oh that reminds me... I forgot to give your patched protect.h to him so the debug run is not valid. I will repeat that one tomorrow with the proper version. Embarassed

All the other tests were with executables built on my machine, so those count.



Re: Protect packages - split code encryption,client and server [message #40491 is a reply to message #40490] Wed, 07 August 2013 23:46 Go to previous messageGo to next message
mdelfede is currently offline  mdelfede
Messages: 1259
Registered: September 2007
Senior Contributor
Alboni wrote on Wed, 07 August 2013 23:43

Mine: (on wich it all runs)
Intel Pentium 4 3.2Ghz, 2GB ram, Windows XP home (up to date)
keyboard from 1991 Smile

His:
Intel Core i-3 laptop 8GB ram, Windows 7, 64 bit




Uhmmm... the big difference is the 64 bit OS.
Could you try it on another machine with windows7 64 bit ? It should make no difference, but that's the only important difference I see....
Re: Protect packages - split code encryption,client and server [message #40492 is a reply to message #40222] Wed, 07 August 2013 23:54 Go to previous messageGo to next message
Alboni is currently offline  Alboni
Messages: 182
Registered: January 2012
Location: Deventer, Netherlands
Experienced Member
I will try/practise the steps you suggest on my own machine first.

If there are differences they should show up, the code is the same.
My computer might just be more tolerant to "almost right".
Re: Protect packages - split code encryption,client and server [message #40493 is a reply to message #40492] Wed, 07 August 2013 23:56 Go to previous messageGo to previous message
mdelfede is currently offline  mdelfede
Messages: 1259
Registered: September 2007
Senior Contributor
It would be quite weird, but you can try.
Between the UNENCRYPTED and DECRYPTED you should find ONLY differences on markers parts. If you find more, tell me.
If you don't, I'm afraid you'll have to test it on your friend's machine.

Ah, btw... I guess you'll need another debugger, the UPP one don't allow to save binary chunks, IIRC.
Previous Topic: Broken packages
Next Topic: Encrypted storage with streaming (OpenSSL, AES)
Goto Forum:
  


Current Time: Thu Nov 21 17:41:07 CET 2019

Total time taken to generate the page: 0.01819 seconds