yeah I agree Mr. Vladimir is really great thanks for enigma I really love this software.EnigmaUser wrote:Vladimir is much faster than me,great support!
Virtual Box usage
-
iloveEnigma
- Posts: 2
- Joined: Thu Jun 24, 2010 10:36 am
Re: Virtual Box usage
-
EnigmaUser
- Posts: 10
- Joined: Tue Jun 22, 2010 6:40 pm
Re: Virtual Box usage
Thanks alot for great explanation, This feature is perfect for what i need.
Now , as i understood each EXE or and each File has its own Checksum, so for let say client.exe there checksum : 0x003194
now, The checksum Calculation make sure that the exe is the correct one via Server sided object, but as i see there software called brute32crc which can get you the executable Checksum and then change it into another.
I would really like to know if it possible to hide the checksum in my exectable, or make the Calculation checksum system somehow diffrent so others couldnt get it.
Now , as i understood each EXE or and each File has its own Checksum, so for let say client.exe there checksum : 0x003194
now, The checksum Calculation make sure that the exe is the correct one via Server sided object, but as i see there software called brute32crc which can get you the executable Checksum and then change it into another.
I would really like to know if it possible to hide the checksum in my exectable, or make the Calculation checksum system somehow diffrent so others couldnt get it.
Re: Virtual Box usage
Ok,about this in theory.. might work,but in practice almost never.EnigmaUser wrote:Thanks alot for great explanation, This feature is perfect for what i need.
Now , as i understood each EXE or and each File has its own Checksum, so for let say client.exe there checksum : 0x003194
now, The checksum Calculation make sure that the exe is the correct one via Server sided object, but as i see there software called brute32crc which can get you the executable Checksum and then change it into another.
I do not known that software(brute32crc need more info or address of that tool). There is a lot of standard hashing alghoritm (crc32,md2,md5,6,sha 512 etc).
which one is used for verifying the checksum in enigma nobody known for, sure except Vladimir.But what if,only if ,it has a custom hashing ,what then?
I sure that checksum is encrypted in Enigma and compared with one in the fly check. and this is almost sure made in memory,which is protected of course.
Is much too complicated to crack on this path . Sure everything is possible but must have a lot of knowledge of ASM.Every protection scheme has the weakness.
It need dedicated cracker like(skid row,razor1911etc ) to crack this baby and the software must be notorius to merit such effort.
Until Vladimir answer , i recommend to implement another, you're own check reading from external source.EnigmaUser wrote: I would really like to know if it possible to hide the checksum in my exectable, or make the Calculation checksum system somehow diffrent so others couldnt get it.
later edit:
Enigma has 2 method checksum at the start and runtime integrity.Check the manua under Check-up section
Launch the demo version then when the full version has been buy it send that version with "Encrypted with hardware id" - check with manual under registration features (i like this paranoia, i just love that option).
REMEMBER this is just a Enigma user's opinion and is pure unofficial
Re: Virtual Box usage
Thanks scorillo7, you are right in almost all things
But EnigmaUser is talking about file checksum that is written in the file header. This value can be almost any and everybody can change it to another value. I do not recommend to use this value for any of your internal use, just because it can be changed.
As scorillo7 advised, you may just calculate standard md5 hash sum of the file and check it with your server-side plugin. This case you have to store checksums of your file in the server side. If you worry that cracker may change something in your file, but keep the checksum same - do worry, it is almost impossible!
I also very curious, what do you want to implemented, except "standard" checksum protection of Enigma? Enigma's protection is really enough, it will not allow to make any changes of the file in the "weak" places.
I think you do not have to do anything. Checksum that is made in Enigma is enough.
But EnigmaUser is talking about file checksum that is written in the file header. This value can be almost any and everybody can change it to another value. I do not recommend to use this value for any of your internal use, just because it can be changed.
As scorillo7 advised, you may just calculate standard md5 hash sum of the file and check it with your server-side plugin. This case you have to store checksums of your file in the server side. If you worry that cracker may change something in your file, but keep the checksum same - do worry, it is almost impossible!
I also very curious, what do you want to implemented, except "standard" checksum protection of Enigma? Enigma's protection is really enough, it will not allow to make any changes of the file in the "weak" places.
I think you do not have to do anything. Checksum that is made in Enigma is enough.
-
EnigmaUser
- Posts: 10
- Joined: Tue Jun 22, 2010 6:40 pm
Re: Virtual Box usage
Yeah, as enigma said, My own client.exe protection is not much appriciated as others can just take the checksum and connect via diffrent Client EXE since it is only Server side checksum header checks
about what you said
an Additionly Server side check would be great if i knew how to check my md5 hash sum of the file , maybe i could add it to the Server side setup check though not sure.
Either way im mostly looking for checksum header protection from finding, about the CRC32 software i have uploaded it so you can see how it works and checks the exe checksum values:
Brute CRC 32:
http://www.mediafire.com/?2tniq1nk2t4
about what you said
As scorillo7 advised, you may just calculate standard md5 hash sum of the file and check it with your server-side plugin. This case you have to store checksums of your file in the server side. !
an Additionly Server side check would be great if i knew how to check my md5 hash sum of the file , maybe i could add it to the Server side setup check though not sure.
Either way im mostly looking for checksum header protection from finding, about the CRC32 software i have uploaded it so you can see how it works and checks the exe checksum values:
Brute CRC 32:
http://www.mediafire.com/?2tniq1nk2t4
Re: Virtual Box usage
EnigmaUser
I could advise you two ways how to make this:
1. You may calculate the md5 hash of your client.exe, inside this exe, and send this hash to the server script. This script will check, if this hash is in trusted list and will allow execution. Better, if your client requires some authentication with login/password, then you may send the checksum together with login and pass, and if checksum is invalid then you force login/pass also invalid.
This way does not require internet resources, internet speed resources, but the crackers may change your HTTP traffic and change calculated checksum to another, and use any client.. But this can make only advanced crackers, I seem.
2. Second way, you will send the whole client.exe to the server, together (for example) with the login and password, and then in some php script you may calculate md5 has of this file and compare it with the trusted list.
Another question is how to may send hash or file itself to the server.
1. you may write plugin for Enigma where calculate the hash of the protected file. Enigma has API EP_CryptHashFile to calculate the has of the whole file, you may use it. Or:
2. you may write another exe, that will calculate the hash of protected file, but the first way is better due to protection
3. if you plan to send whole file to the server to check, there is md5 function in php that you could use.
This is not a trivial task, moreover if you do not have programming skills, but you may try...
Regarding some online checksum checkup... as you are registered user of Enigma, you have seen the Control Panel where you download latest version or get license information. It could be possible to make such checkup into such panel. But, I do not have plans to make it in the nearest feature... Firstly, I wanted to release Control Panel as a particular product, then add some online activation features, and maybe then to make such checkup..
I could advise you two ways how to make this:
1. You may calculate the md5 hash of your client.exe, inside this exe, and send this hash to the server script. This script will check, if this hash is in trusted list and will allow execution. Better, if your client requires some authentication with login/password, then you may send the checksum together with login and pass, and if checksum is invalid then you force login/pass also invalid.
This way does not require internet resources, internet speed resources, but the crackers may change your HTTP traffic and change calculated checksum to another, and use any client.. But this can make only advanced crackers, I seem.
2. Second way, you will send the whole client.exe to the server, together (for example) with the login and password, and then in some php script you may calculate md5 has of this file and compare it with the trusted list.
Another question is how to may send hash or file itself to the server.
1. you may write plugin for Enigma where calculate the hash of the protected file. Enigma has API EP_CryptHashFile to calculate the has of the whole file, you may use it. Or:
2. you may write another exe, that will calculate the hash of protected file, but the first way is better due to protection
3. if you plan to send whole file to the server to check, there is md5 function in php that you could use.
This is not a trivial task, moreover if you do not have programming skills, but you may try...
Regarding some online checksum checkup... as you are registered user of Enigma, you have seen the Control Panel where you download latest version or get license information. It could be possible to make such checkup into such panel. But, I do not have plans to make it in the nearest feature... Firstly, I wanted to release Control Panel as a particular product, then add some online activation features, and maybe then to make such checkup..
Re: Virtual Box usage
I must disagre with you Vladimir , any trained monkey can analyze and tamper http requests.It's so easy,now.I could advise you two ways how to make this:
1. You may calculate the md5 hash of your client.exe, inside this exe, and send this hash to the server script. This script will check, if this hash is in trusted list and will allow execution. Better, if your client requires some authentication with login/password, then you may send the checksum together with login and pass, and if checksum is invalid then you force login/pass also invalid.
This way does not require internet resources, internet speed resources, but the crackers may change your HTTP traffic and change calculated checksum to another, and use any client. But this can make only advanced crackers, I seem.
Let's explain why i say this.
There is 2 common(used by almost everybody) way to send info over the internet from a client exe.
thru a http "post" request or by sending opening method("get") to retrieve a php webpage with parameters.(www.site.com/index.php?id=123&hash=A155FR1VV)
The first can tampered only by a snifer the second one tampered directly in browser (after sniffer analize)
For the sake of discussion i propose another method a little more complicated but more secure(i think).
- 1. Calculate MD5 hash of the file internaly
2.Get the ID for Enigma
3.Split the current time in lets say every 3 minutes(creating a sort of sector ),every 3 minute has different value and calculate MD5 hash of the string.
4.Contecanate,but delimited by space or another delimiter which is not in the massage to create confusion) all and crypt this with a standard alghorithm recognized by php and the key for this is the ID from Enigma or a standard key masked by Protected String function of Enigma.
5.Send the the crypted text as parameter (be sure to send it before time of the sector expires and encoded in base32)
The time on position 3 is just to change message body every 3 minutes,it has no another function.
Use the same time for both server and client exe.This can be atacked only in the same sector of time.
that is very good if the file is not huge. but not in the dial up connection,you never know where the software go.2. Second way, you will send the whole client.exe to the server, together (for example) with the login and password, and then in some php script you may calculate md5 has of this file and compare it with the trusted list.
Re: Virtual Box usage
Hm, so it is easy to fake http traffic...
scorillo7 your way also could live... Anyway, it does not serve 100% guaranty. Crackers may analyze these hasing/encryption methods and then implement same in own client.. Even if we will make triple encryption with own algorithms, I'm sure it will not stop advanced crackers..
Maybe the way to solve this - use SSL connection, when the traffic is encrypted, what do you think? Is it possible to fake SSL data (that is encrypted)?
Also, maybe the better idea - review protection itself. For example, you will use registration feature of Enigma. To use your client, users will have to contact to you, to get registration key. Without the key client will just not work. Then, when your application will connect to the server, you will check user's registration key and name on the server. If name and key are valid - you allow this user to work. If you have found that some of your clients are cheaters, then you disable the registration information of this user, so, if he will connect, you will check his registration key and allow/disallow to work. That's I think is a right decision. Crackers may use any client, but if they will not have valid, not banned registration key, they will not be able to do anything.
scorillo7 your way also could live... Anyway, it does not serve 100% guaranty. Crackers may analyze these hasing/encryption methods and then implement same in own client.. Even if we will make triple encryption with own algorithms, I'm sure it will not stop advanced crackers..
Maybe the way to solve this - use SSL connection, when the traffic is encrypted, what do you think? Is it possible to fake SSL data (that is encrypted)?
Also, maybe the better idea - review protection itself. For example, you will use registration feature of Enigma. To use your client, users will have to contact to you, to get registration key. Without the key client will just not work. Then, when your application will connect to the server, you will check user's registration key and name on the server. If name and key are valid - you allow this user to work. If you have found that some of your clients are cheaters, then you disable the registration information of this user, so, if he will connect, you will check his registration key and allow/disallow to work. That's I think is a right decision. Crackers may use any client, but if they will not have valid, not banned registration key, they will not be able to do anything.
-
EnigmaUser
- Posts: 10
- Joined: Tue Jun 22, 2010 6:40 pm
Re: Virtual Box usage
Enigma that is nice solution which i thought the same, the problem is i am having tons of users and not enough time to check by hand one by one.
also it is download and use kind of program so im sure 90% of the users will get confused how to activate it etc..
Scrillo
2) do you mean ID from String protection?
3) how do i make timing of hash checks?
4,5) doesnt seems like can be done without previous knowledge.
I was wondering if enigma software has also feature of Encrypting exe inside another EXE(which could be the launcher) then to launch the exe from it, this way the only way to get the checksum is to unpack the launcher which wont be possible incase it protected.
also it is download and use kind of program so im sure 90% of the users will get confused how to activate it etc..
Scrillo
How do i calculate the MD5 Hash of the file? does it have software for it? and if yes which.1. Calculate MD5 hash of the file internaly
2.Get the ID for Enigma
3.Split the current time in lets say every 3 minutes(creating a sort of sector ),every 3 minute has different value and calculate MD5 hash of the string.
4.Contecanate,but delimited by space or another delimiter which is not in the massage to create confusion) all and crypt this with a standard alghorithm recognized by php and the key for this is the ID from Enigma or a standard key masked by Protected String function of Enigma.
5.Send the the crypted text as parameter (be sure to send it before time of the sector expires and encoded in base32)
2) do you mean ID from String protection?
3) how do i make timing of hash checks?
4,5) doesnt seems like can be done without previous knowledge.
I was wondering if enigma software has also feature of Encrypting exe inside another EXE(which could be the launcher) then to launch the exe from it, this way the only way to get the checksum is to unpack the launcher which wont be possible incase it protected.
Re: Virtual Box usage
This is also not a good way. What will stop the cracker to run own client without run your "client extractor"?EnigmaUser wrote:I was wondering if enigma software has also feature of Encrypting exe inside another EXE(which could be the launcher) then to launch the exe from it, this way the only way to get the checksum is to unpack the launcher which wont be possible incase it protected.
Maybe you give me information about your program, what it does and how works, I probably find a better protection solution..?