custom Run-time packer
in [Cryptography]
|
From: astral on 9 Jun 2010 12:07 "Dave -Turner" <admin(a)127.0.0.1> wrote in message news:A7-dnfHOFownvpLRnZ2dnUVZ8rudnZ2d(a)westnet.com.au... >> And then the "ask for password" routine replaced by something that >> always says "succeeded" > > Yes, but you'd still need to know the password first though to get to that > stage. > > ----------- it possible to strip PE header and replace with stub, make stub strongly obfuscated (can not be encrypted, but obfuscated); stub will decryped AES-256 encrypted image. It can takes a months and years to decrypt it. It doesn't matter that the executable can be dumped from memory after it's been decrypted and loaded.
From: unruh on 9 Jun 2010 12:39 On 2010-06-09, Dave -Turner <admin(a)127.0.0.1> wrote: >> And then the "ask for password" routine replaced by something that >> always says "succeeded" > > Yes, but you'd still need to know the password first though to get to that > stage. Yes, but these things are often introduced as anti copying procedures. Thus one password can get your 100000 useable copies. > >
From: Phil Carmody on 13 Jun 2010 02:22 "Dave -Turner" <admin(a)127.0.0.1> writes: > > And then the "ask for password" routine replaced by something that > > always says "succeeded" > > Yes, but you'd still need to know the password first though to get to that > stage. If you don't trust the person to whom you are giving the password not to pass the password on, then you may as well assume the password will leak out. If you do trust the person to whom you are giving the password not to pass the password on, then why don't you trust him to not pass the software on if you give it to him without the password "protection"? And why do you want to constantly annoy him by asking him for a password each time he runs the program? This use of passwords is pure snake oil. Phil -- I find the easiest thing to do is to k/f myself and just troll away -- David Melville on r.a.s.f1
First
|
Prev
|
Pages: 1 2 Prev: Why hash function (e.g. MD5) cannot be a MAC Next: Best practice for password hashing |