Re: Clever ways to hide a compare
- From: "Jim Leonard" <spamtrap@xxxxxxxxxx>
- Date: Tue, 27 Sep 2005 18:09:35 +0000 (UTC)
jonathon wrote:
> Jim Leonard wrote:
> > I was wading through an old game the other day and found a section of
> > code that grabbed two values and XOR'd them, then kept track of the
> > zero flag through a series of convaluted steps designed to obscure what
> > he was doing. (When you XOR two identical bytes, the result is zero.)
>
> Now that's the stuff I'm interested in. What kind of stuff was he
> using to obscure, and did he just save the status register flags and
> then reload them later?
I think you conveniently missed the section where I talk about how it
took me about 10 minutes to figure it out (and I was *distracted* at
the time). I'm not an ASM guru by any means, but even I saw through
what he was doing.
The best way to protect code that I have observed is to 1. encrypt the
code, and then 2. make the decryption (AND the execution of both the
decryption routine and the decrypted code itself) dependent on the
target runtime environment.
Your only hope of avoiding the disassembly/debugging of your code is to
make the code behave differently based on the runtime environment. An
old example of this is Turbo Debugger in the DOS days; you could
construct code that would get the IP to point to the MIDDLE of an
instruction and execute, but under Turbo Debugger the IP would jump to
the NEXT instruction. Or another debugger trick that works with all
debuggers is to time the execution of a particular block of code, since
under single-step analysis the routine will run much slower.
Doing stuff like this not only requires intimate knowledge of the
target platform, but also may tie your product to that one target
platform. For example, I own a few products that only run on Windows
95, and only on a Pentium 166MHz or slower, due to timing and
OS-specific oddities the products take advantage of. (Because of this,
I have to keep a P120 running under my desk.)
Aside from all this, anything can be cracked over time. The longest I
ever heard of something to crack (hearsay) was 4 weeks (an Amiga
game)... the longest I ever personally witnessed was 3 weeks, with 4+
hours a day devoted to the task (old rare PC game that directly
manipulated the FDC for *all* data accesses, even those not related
specifically to copy-protection). Modern tools like IDA and the latest
SoftICE are MUCH more sophisticated than the tools I had 20 years ago
-- cracking stuff today is a hell of a lot easier and faster!
.
- References:
- Clever ways to hide a compare
- From: jonathon
- Re: Clever ways to hide a compare
- From: Jim Leonard
- Re: Clever ways to hide a compare
- From: jonathon
- Clever ways to hide a compare
- Prev by Date: Re: Getting Back to Real Mode problem
- Next by Date: Re: Clever ways to hide a compare
- Previous by thread: Re: Clever ways to hide a compare
- Next by thread: Re: Clever ways to hide a compare
- Index(es):
Relevant Pages
|
