Trick Protection Analyzers
Trick Protection Analyzers
Hi Enigma
I have an opinion . I don't know if this is possible .
When you analyze an executable that is protected with enigma , Analyzer will show "Enigma Protector x.x version" .
So I think analyzer will read "Enigma Protector" in protected exe & they show it .
So you can rename All enigma protector to "Nothing Found" . Then "nothing found" will be a protector & analyzers show "nothing found" .
I think if this is possible then we can trick so many crackers but advanced ones .
What do you think ? Am I right ?
I have an opinion . I don't know if this is possible .
When you analyze an executable that is protected with enigma , Analyzer will show "Enigma Protector x.x version" .
So I think analyzer will read "Enigma Protector" in protected exe & they show it .
So you can rename All enigma protector to "Nothing Found" . Then "nothing found" will be a protector & analyzers show "nothing found" .
I think if this is possible then we can trick so many crackers but advanced ones .
What do you think ? Am I right ?
-
- Posts: 10
- Joined: Wed Oct 13, 2010 1:55 pm
- Contact:
Re: Trick Protection Analyzers
No, u don't. Analyzer technique depends on signatures (some unique bytes sequence, one of thousands for enigma) also called as stubs. U can't hide from a scanner and hiding is not the point of the executable protection, this one goes to malware.
Re: Trick Protection Analyzers
Hi My Friend Sebastiano
Ok , Then is there any way to change signatures ? I mean the developer of enigma (Vladimir) may change signatures to "Nothing found" , not us .
Ok , Then is there any way to change signatures ? I mean the developer of enigma (Vladimir) may change signatures to "Nothing found" , not us .
-
- Posts: 10
- Joined: Wed Oct 13, 2010 1:55 pm
- Contact:
Re: Trick Protection Analyzers
No, he can't. Why u think that undetection will help in protection ?
Re: Trick Protection Analyzers
Hi My Friend Sebastiano
So I Think undetection is a professional protection mode .
By The Way , My post just is a question . Ok, If He can't no problem .
But Please Let me wait for his answer too .
Thank You Again
Because so many crackers can not find protection & they think really nothing is Found .My Friend Sebastiano wrote:No, he can't. Why u think that undetection will help in protection ?
So I Think undetection is a professional protection mode .
By The Way , My post just is a question . Ok, If He can't no problem .
But Please Let me wait for his answer too .
Thank You Again
Re: Trick Protection Analyzers
Really, there is a feature in Enigma called PROTECTION FEATURES - File Analyzer Deception. There you may choose a signature that will be using to hide Enigma Protector from file analyzers.
As Sebastiano correctly wrote, the effect of this function depends on what techniques the file analyzer is using. This feature may hide Enigma from many analyzers, but some advanced still could detect it.
Anyway, I think this feature is little useless. Because if cracker can't detect Enigma due to File Analyzer Deception feature, I'm 100% guaranty he/she will not crack anything in Enigma.
As Sebastiano correctly wrote, the effect of this function depends on what techniques the file analyzer is using. This feature may hide Enigma from many analyzers, but some advanced still could detect it.
Anyway, I think this feature is little useless. Because if cracker can't detect Enigma due to File Analyzer Deception feature, I'm 100% guaranty he/she will not crack anything in Enigma.
Re: Trick Protection Analyzers
Hi My Friend Enigma
So Can you guide me ? I have just one Exe file . "URL 2 IP" As you saw in my tutorial .
So how can I change signature To trick Analyzers ? I try several times , but every time Analyzers show Enigma Protector as packer .
Can you guide me to hide Enigma ?
So Can you guide me ? I have just one Exe file . "URL 2 IP" As you saw in my tutorial .
So how can I change signature To trick Analyzers ? I try several times , but every time Analyzers show Enigma Protector as packer .
Can you guide me to hide Enigma ?
Re: Trick Protection Analyzers
that's very simple, open your project file, to go PROTECTION FEATURES - File Analyzer Deception panel, and there select, for example, Borland C++. After you protect the file, some analyzers should show Borland C++ instead of Enigma Protector.
But as I wrote, this does not work with all kind of file analyzers.
But as I wrote, this does not work with all kind of file analyzers.
Re: Trick Protection Analyzers
Hi MY Friend Enigma
I'm using PiED & Protection ID . The most famous Analyzers .what should I write in "Name of the protection code section" ? Anything ?
PiED Can not detect but Protection ID can .
So Now ?
I'm using PiED & Protection ID . The most famous Analyzers .what should I write in "Name of the protection code section" ? Anything ?
PiED Can not detect but Protection ID can .
So Now ?
Re: Trick Protection Analyzers
Hi Majid,
I just repeat, if cracker cannot determine what protection is used, even if protection is hidden like in this feature, this cracker will not pass the protection.
You may write there anything, write ".data" without quotesMajid Pasha wrote:.what should I write in "Name of the protection code section" ? Anything ?
yes, when I developed it, I've based on PEiD and not Protection ID. How to avoid detection of Protection ID? Looks like no way. Because to add additional deception methods I have to add new signatures to Enigma, but this may cause huge amount of false detections by antiviruses.Majid Pasha wrote:PiED Can not detect but Protection ID can .
I just repeat, if cracker cannot determine what protection is used, even if protection is hidden like in this feature, this cracker will not pass the protection.