Silly question about being hacked 1

[TheGenius22]

Hello All,

This maybe a silly question but I have to ask. If you compile a huge stand alone exe or compile a small exe with many small DLL's, which would be harder to hack via scanning of memory ? I would just like to know which way is more secure.

Thank you very much.

 

[xwb]

As long as your security isn't built into one of the DLLs, you're OK. Make your security check a macro and include it into every DLL as well as the executable.

security checks as routines are easy to hack. Just clobber the procedure and you're done. If you have it as a macro or inline code, then it is literally scattered all over the place and not so easy to bypass.

Building security into one DLL is the worst thing you can do. All the hacker needs to do is replace that DLL with his own that gives the expected answers (normally true or false) to the questions and you're done.

Also get your most untidy haphazard developer to do it. If you can't work it out with the source code in front of you, what chance does a hacker have?

 

[TheGenius22]

Thanks alot for you reply, it is quite insightful. Do you have any links on this particular subject ?

Thanks again

 

[xwb]

No - this is just from experience. I was a student hacker 30 years ago, hence the comment about clobbering one procedure and you're done. 30 years ago, dongles were all the rage. The mags claimed that it was impossible to pirate code. I worked out where the security procedure was, nullified it and saved the image. Job done. It was that easy. Only took one day. From that time, I've never believed anything that magazines claimed. The next package that came along with a dongle only took 1 hour to crack. If you know what to look for, it is scarily easy.

I actually sent an article to the magazine that claimed it was impossible but they never published it.

I only found one other package that had checks all over the place. Most of them just check once and that is it.

I've worked in places where security was a DLL and I showed them how easy it was to crack it but they didn't buy it and it is still out there, as insecure as ever.

The best advice is to scatter it all over the place and don't make it look the same. eg

x <<= 2;
y = y - 20;
z *= 2;

will generate different code from

y -= 20;
z >>= 1;
x /= 4;

even though the end result will be the same. Hackers look for patterns. If you have a changing pattern, it is more difficult to find. If they manage to crack it, they deserve it FOC.

 

[xwb]

Have a look at the winning entries in the Obfuscated C programming contest. Alternatively there is a book "Obfuscated C and other Mysteries" by Don Libes; ISBN 0-471-57805-3. Not very good for security stuff but absolutely brilliant in techniques.

Some of the code is next to impossible to follow in C. I analyzed a few of them and had a look at the generated, optimized assembler code. It was really difficult.

 

[cpjust]

BTW, what's a "dongle"?

 

[xwb]

dongle - hardware device that is connected to some I/O port. The software communicates with it and will not run if it absent.

Some packages are sold with a dongle. Wordcraft on Commodore PETs had a dongle on the IEEE-488 port. Some Windows packages have them on the parallel port. Guess sooner or later someone will come up with a dongle that works on a USB port.

 

[cpjust]

OK, the only dongles I heard of before were the cables you connected to PCMCIA cards to connect network or phone jacks...

 

[xwb]

See

http://en.wikipedia.org/wiki/Dongle.

Quite a good write up.

 

[lionelhill]

A dongle was a thing like this (and it's a true story):

You buy a truly enormous and expensive machine for your laboratory; it comes with software to control it, and a dongle to stick in the back of the PC. There is nothing the software can do except control this machine, and every machine is sold with a copy of the software.

A year later there is a thunderstorm and a power-surge kills the dongle (amazingly without killing either the expensive machine or the PC). Now you can't use the machine. You have to get a new dongle.

Since it's on a service contract (hopefully!) the manufacturer has to send an engineer 200km to replace the dongle.

Two weeks later there's another thunderstorm.

Dongles were a complete pain, and in some cases downright harmful to the company that used them (didn't they realise that a vast and expensive piece of machinery is itself a very effective dongle? What did they think I was going to do with their software? Modify it to control my fridge?)

Thank Goodness Dongles seem to be history, at least in my field. And yes, they often plugged into the parallel port, and in theory you could daisy-chain several, and stick the printer in the end, but it takes little imagination to see what the back of a PC looks like with 3 dongles and a printer, and less imagination to see what happens when you move the PC fractionally.

Unfortunately it took more imagination than was available to the inventor of the dongle.

 

[TheGenius22]

I have encountered dongles before with a software from work on a usb key. But it has been cracked every single time. Including the ones on the lpt. Im not sure, if it is as secure as they say it is.

I would like to thank you all for your insight. It was very helpful. Thanks again xwb