|
-
Dec 31st, 2002, 02:34 PM
#1
Thread Starter
Addicted Member
Encryption DLLs
I have written an encryptor in VC++ and made a DLL out of it. I want to use this in a VB Program I'm writing.
The problem is that functions used in the DLL are accessable outside of the VB program which means anyone could access the cryption routines. Is there any way I can put C++ code directly into a VB program, or a way I can ensure that only my VB program can use the DLL?
Using Visual Studio .NET 2005
-
Dec 31st, 2002, 03:30 PM
#2
Guru
Well, you could port it to VB... Bad idea though 
Could also call GetModuleFileName and compare it to the expected name of the exe.
Can't think of any simple way that can't be easily hacked by anyone who's a little bit experienced though.
-
Dec 31st, 2002, 03:58 PM
#3
Good Ol' Platypus
It's very very primitive, but it works. Try making the functions not work without an Init function. This function has a hardcoded value that the parameter passed must match. You can use a CRC only of the correct parameter there. If the CRC of the passed function is equal to the CRC inside the sub, bingo you've got a match and the functions become usable.
All contents of the above post that aren't somebody elses are mine, not the property of some media corporation. 
(Just a heads-up)
-
Dec 31st, 2002, 04:39 PM
#4
Guru
Originally posted by Yonatan
Can't think of any simple way that can't be easily hacked by anyone who's a little bit experienced though.
-
Dec 31st, 2002, 05:21 PM
#5
Good Ol' Platypus
There's no way to get the original value from the CRC, so the only way to get past that would be bruteforce.
All contents of the above post that aren't somebody elses are mine, not the property of some media corporation.
(Just a heads-up)
-
Dec 31st, 2002, 05:32 PM
#6
Guru
Yeah... Just load the DLL and edit its memory (specifically, the value that specifies the Init status) so it thinks the Init function was successfully called.
-
Dec 31st, 2002, 09:51 PM
#7
Or just temporaraly replace the DLL with your own, and record what value the VB program passes to it.
-
Dec 31st, 2002, 11:10 PM
#8
Good Ol' Platypus
*sigh*. If only encryption wasn't needed
All contents of the above post that aren't somebody elses are mine, not the property of some media corporation.
(Just a heads-up)
-
Dec 31st, 2002, 11:41 PM
#9
Can VB embed binary resources? If so then you could maybe embed the DLL, extract it on startup into a temporary file, load it and on closedown delete the file.
But I don't think VB can use LoadLibrary and GetProcAddress properly, especially GetProcAddress...
And you could still force crash the VB app to hinder it from deleting the DLL, or even simpler extract the resource.
All the buzzt
 CornedBee
"Writing specifications is like writing a novel. Writing code is like writing poetry."
- Anonymous, published by Raymond Chen
Don't PM me with your problems, I scan most of the forums daily. If you do PM me, I will not answer your question.
-
Jan 1st, 2003, 02:17 AM
#10
Good Ol' Platypus
All contents of the above post that aren't somebody elses are mine, not the property of some media corporation.
(Just a heads-up)
-
Jan 1st, 2003, 08:05 AM
#11
People will love you when your app requires an internet connection for no apparent reason.
All the buzzt
CornedBee
"Writing specifications is like writing a novel. Writing code is like writing poetry."
- Anonymous, published by Raymond Chen
Don't PM me with your problems, I scan most of the forums daily. If you do PM me, I will not answer your question.
-
Jan 1st, 2003, 01:24 PM
#12
Guru
Originally posted by Sastraxi
Web-based authing.
...and it still can be bypassed.
Web based authorizing is only useful when the actual service is Internet-based. If the authorizing is Internet-based, and the service itself is independent of the Internet (so that the whole code is compiled for you), people will crack the authorization.
On that note, you can make a server that requires authorization, and does the encryption. However, you should note two things:
[list=1][*]You have to think of a good authorization method, or it won't be secure enough.[*]Depending on the type of encryption and the geographical location of the server, it might be subject to encryption export laws in the country it's in. (For example, in the USA, you cannot export encryption that uses keys larger than 40 bits.)[/list=1]
Last edited by Yonatan; Jan 1st, 2003 at 01:27 PM.
-
Jan 1st, 2003, 01:37 PM
#13
Monday Morning Lunatic
Do it from Canada or the UK then
I refuse to tie my hands behind my back and hear somebody say "Bend Over, Boy, Because You Have It Coming To You".
-- Linus Torvalds
-
Jan 1st, 2003, 02:44 PM
#14
VB can use resources.
You have to add the VB resource editor to the project. -- Plenty on this in the VB section.
Once you insert it, you can extract it at run time when you need it using a save as routine.
When you do, randomly create a folder name and put it there, run it, delete the file and the folder.
Other things to do:
Have the DLL check the calling app for an initialization value (discussed above). Change this value using the time as a seed.
Send back encrypted results. Just less encrypted than usual and easy (relatively) to decrypt just in case someone tries to intercept the sent back data, which can be done easily. At least they wont recognize it right off 
Place a dummy DLL file that looks like it does the same thing, but strip the code from the routines. Leave any String data, however, so that they appear in the compiled DLL.
Need to re-register ASP.NET?
C:\WINNT\Microsoft.NET\Framework\v#VERSIONNUMBER#\aspnet_regiis -i
(Edit #VERSIONNUMBER# as needed - do a DIR if you don't know)
-
Jan 1st, 2003, 03:24 PM
#15
Originally posted by Lord_Rat
Send back encrypted results. Just less encrypted than usual and easy (relatively) to decrypt just in case someone tries to intercept the sent back data, which can be done easily. At least they wont recognize it right off
He wants to hinder people from using the DLL, not intercepting the data decrypted by it (they get that presented by the VB app anyway).
All the buzzt
CornedBee
"Writing specifications is like writing a novel. Writing code is like writing poetry."
- Anonymous, published by Raymond Chen
Don't PM me with your problems, I scan most of the forums daily. If you do PM me, I will not answer your question.
-
Jan 1st, 2003, 03:55 PM
#16
Monday Morning Lunatic
Why do you want to stop people using the DLL?
I refuse to tie my hands behind my back and hear somebody say "Bend Over, Boy, Because You Have It Coming To You".
-- Linus Torvalds
-
Jan 1st, 2003, 07:58 PM
#17
To hinder other apps from decrypting the data. He doesn't want that the user notices the encryption, so he can't use a password.
At least I think that's the reason, if I remember correctly Barguast asked about such things a while ago.
All the buzzt
CornedBee
"Writing specifications is like writing a novel. Writing code is like writing poetry."
- Anonymous, published by Raymond Chen
Don't PM me with your problems, I scan most of the forums daily. If you do PM me, I will not answer your question.
-
Jan 2nd, 2003, 07:52 AM
#18
Monday Morning Lunatic
Security through obscurity is no security.
I refuse to tie my hands behind my back and hear somebody say "Bend Over, Boy, Because You Have It Coming To You".
-- Linus Torvalds
-
Jan 2nd, 2003, 01:22 PM
#19
Thread Starter
Addicted Member
Lord_Rat's solution sounds doable. Although I'd have thought they're be a way to embed a C++ function in a Visual Basic project...
Using Visual Studio .NET 2005
-
Jan 2nd, 2003, 01:26 PM
#20
Monday Morning Lunatic
There is. It involves messing around with VB's linking procedure to insert your own code to a matching VB function, hence replacing it.
I refuse to tie my hands behind my back and hear somebody say "Bend Over, Boy, Because You Have It Coming To You".
-- Linus Torvalds
-
Jan 4th, 2003, 09:24 AM
#21
Thread Starter
Addicted Member
I don't suppose you could tell me how?
Using Visual Studio .NET 2005
-
Jan 4th, 2003, 09:41 AM
#22
Monday Morning Lunatic
Nope, I don't remember it any more, and don't have copies of either VB, Visual C++, or Windows any more, so you'll just have to use Google
I refuse to tie my hands behind my back and hear somebody say "Bend Over, Boy, Because You Have It Coming To You".
-- Linus Torvalds
-
Jan 4th, 2003, 09:50 AM
#23
Thread Starter
Addicted Member
I'm no expert at this, so what exactly should I be searching for? "function embedding"?
Using Visual Studio .NET 2005
-
Jan 4th, 2003, 09:55 AM
#24
Monday Morning Lunatic
Search for VB, C++, and Linking.
And pick random words from what you think you're doing
I refuse to tie my hands behind my back and hear somebody say "Bend Over, Boy, Because You Have It Coming To You".
-- Linus Torvalds
-
Jan 4th, 2003, 10:45 AM
#25
Thread Starter
Addicted Member
ak, I'm finding sod all. Is there a proper name for this technique? Is it anything to do with OBJ files?
Using Visual Studio .NET 2005
-
Jan 4th, 2003, 10:55 AM
#26
Monday Morning Lunatic
I refuse to tie my hands behind my back and hear somebody say "Bend Over, Boy, Because You Have It Coming To You".
-- Linus Torvalds
-
Jan 5th, 2003, 10:31 AM
#27
Thread Starter
Addicted Member
I take it you meant the third one down.
It mentions a Compile Controller Add-in which I don't have, and all the example code is gone.
Using Visual Studio .NET 2005
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote
