The New Chaos Protection
protecti
Our protections
12 November 1998
by NiKoDeMoS
Courtesy of Fravia's page of reverse engineering
fra_00xx
98xxxx
handle
1100
NA
PC
Well, I took off the 'advanced' autocertification... we'll see in due time if it is advanced or not. Awaiting your input and your contributions... note that the related 'cryptographic' challenge is in jeremy1.htm. There's no need to set a deadline, but let's say that it would be nice to get some input on this before spring 1999...
There is a crack, a crack in everything That's how the light gets in
Rating
( )Beginner ( )Intermediate ( )Advanced ( )Expert

Welcome to a new era of protection, via the route of chaos.
The purpose of this essay is really to provide a challenge for you. A follow up essay will be done after the results of this challenge are tallied.
The New Chaos Protection

Written by NiKoDeMoS


Introduction
Okay, I've seen a lot of reversing essays and a few protecting essays. I think
a common approach is to tend towards complexity, especially with the VxD
routines, etc. This approach is intended to tackle the problem a little
differently, placing the complexity on the reverser and not the protector.
To get an idea of what I mean, consider many traditional approaches to protecting. Most of the time you can easily find the elaborate routine that goes through several iterations of encryption and checksum and cross-check, but invariably you either get a comparison (yes, no) or some call to an enabling routine. Therefore, all of the previous complexity was lost due to the simplicity of the final check.
This protecting method attempts to go around this downfalls, and provide a truly challenging routine. The target isn't too exciting. It's an encrypt algorithm that I wrote myself and can be found as a different challenge on this page for your sheer pleasure. What I did was to take that code and modify it to require a registration key. I did this rather quickly, but I'm sure you'll appreciate the results.


Tools required
SoftIce
W32Dasm
Hex-Editor
Some cheese and crackers, maybe some literature by James Gleick or Benoit Mandelbrot.

Target's URL/FTP
bestwinp.zip (Just contains bestwin.exe, prot.dll <-- hmmm, and reg.key (double hmmm))

Program History
This program isn't popular, was just written, and doesn't do much! You can use it to encrypt/decrypt a file using a new algorithm I'm testing out elsewhere. The only thing that I did was develop a prot.dll to protect certain functions and use a registration key (hacked code, bad, but gets to the point). This is basically used as an example for this new protection method.

Essay

Okay, here we go. Let's describe the challenge as is:

You will get a set of files, being:

BESTWIN.EXE
PROT.DLL
REG.KEY

When you fire it up, you'll be presented with a barebones windoze app. You
can choose the option to set your key (this is the passcode for encrypting
and decrypting files) and also encrypt a file. You should note that when
you set the key, you get hit with a "This product must be registered"
sign. That should be obvious in and of itself. You'll also notice that once
you select a key, only the encrypt option is available, not the decrypt one!
So, where to go from here? 
  1. Find the method used for protection, and describe this method as specifically as possible
  2. Find the exact registration key that must be used
  3. Create a "crippled" version that circumvents any need for a registration key (this should be simple, the top two not so easy!)
The point here is that not too much effort was put in. There is a set reg key, whereas a practical implementation would have a different reg key for each installation. This can be implemented with the protective method used. I can also protect many more functions and reference them with more complicated codes, but I want to see what can be done with this bare bones.


Final Notes

Okay, I think this is a great protection method, IMHO, but you may come back
within hours and say, "That really stunk." If it appears to be noble enough
to stand up to scrutiny, the next essay will be a description of the exact
method used and how anyone can implement it themselves. If the method turns
out to be a weak, pathetic attempt, then the next essay will be a manifesto
of whining self-pity and declarations of utter failure. Happy reversing! 
NiKoDeMoS


Ob Duh
doesn't apply

You are deep inside fravia's page of reverse engineering, choose your way out:

redhomepage redlinks redsearch_forms red+ORC redstudents' essays redacademy database
redreality cracking redhow to search redjavascript wars
redtools redanonymity academy redcocktails redantismut CGI-scripts redmail_fravia+
redIs reverse engineering legal?