| View previous topic :: View next topic |
| Author |
Message |
Chris12
Expert Cheater
![]() Reputation: 1
Joined: 27 Apr 2012
Posts: 103
|
 Posted: Thu Feb 26, 2015 3:35 pm Post subject: Exe tampering |
 |
|
Hi,
I made a program, now some people are cracking it.
Its written in c#, I obfuscated the code with my own obfuscator.
They still manage to find some "if(...)" and invert it (je => jnz) with a single byte-patch.
Does anyone have any tips to prevent such things?
I don't want to use a commercial obfuscator.
If this were c++ i'd decrypt and re-encrypt the method at runtime.
But in .net I can't.
I thought about checksumming the IL bytes of the methods I want to protect.
Does anyone with more in-depth knowledge of .net have any ideas what I can do?
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 470
Joined: 09 May 2003
Posts: 25805
Location: The netherlands
|
| Posted: Thu Feb 26, 2015 3:50 pm Post subject: |
|
|
Checksumming the IL bytes won't matter as those are unchanged. It's the native code that gets changed
There may be a way to find it in c# and then checksum that, but that only works if you generate the checksum after it has been JIT'ed and before it is edited
I think .net has a method to find the JIT'er and hook that so you may be able to get it as soon as your method is jitted (don't know the details, but I saw it when doing research on finding method addresses, but since I don't need them instantly I passed it aside in favor of a delayed lookup)
Alternatively, you could try making it harder. Right now you have only one if statement checking the state. You could make that a quite convoluted if check using multiple methods and value references that do random things when detected the result has been tampered with
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Chris12
Expert Cheater
![]() Reputation: 1
Joined: 27 Apr 2012
Posts: 103
|
| Posted: Thu Feb 26, 2015 3:54 pm Post subject: |
|
|
Sorry for not making this clear, they're patching the IL bytes directly, not the compiled asm.
I would add a checksum of the complete module but they'd just patch that out too 
As for making it harder, could you give some examples?
What convolutions can I do to make it harder?
I'm so uncreative sorry ^^
|
|
| Back to top |
|
|
atom0s
Moderator
 Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
| Posted: Fri Feb 27, 2015 3:49 am Post subject: |
|
|
Sad to say but no matter what you do people are going to figure out ways to crack your code etc. Depending on how your program is coded you could connect it to a server on-load and have to stream / download parts of the code required to use it based on specific information such as a user/pass combo to login to a valid account and so on.
Keep in mind that can be bypassed eventually too if someone is bored enough to put in the work to do it.
_________________
- Retired. |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
