Any questions? Ask us: support@enigmaprotector.com

Files not protected AT ALL !

Issues related to Enigma Virtual Box

Files not protected AT ALL !

Postby kbenaissa » Fri Jan 03, 2014 8:56 am

Hi,

According to the help of EVB :

Enigma Virtual Box can be used in any application by any reason, just some ideas:

make your application more flexible by building it into single executable file
protect files of your application agains modifying and illegal copying
hide dynamic libraries and it's functionality


Same problem with Protector !

But unfortunately, If we open explorer within the protected app and (to open, a file, save a file so any API that call the OpenFileDialog) and browse to the app folder and tape "*.*" we have all the app files (uncompressed) and clear and we can copy them and restore all the file in the EVB. other V apps use the HIDE option for files, HOPE i'm wrong and there is an option to hide files.

Is it possible to add a MUST REQUIRED linked package before xecuting the program ?

Best regards
kbenaissa
 
Posts: 6
Joined: Fri Jan 03, 2014 8:47 am

Re: Files not protected AT ALL !

Postby Unc3nZureD » Mon Jan 06, 2014 12:43 am

Anyways injecting a DLL and copy all the required files does the same... It's not really that high level protection...
Unc3nZureD
 
Posts: 40
Joined: Thu Jun 14, 2012 6:06 am

Re: Files not protected AT ALL !

Postby kbenaissa » Mon Jan 06, 2014 2:31 pm

Unc3nZureD wrote:Anyways injecting a DLL and copy all the required files does the same... It's not really that high level protection...


But not for every one ! by protecting the process we can't inject dll. i think.
kbenaissa
 
Posts: 6
Joined: Fri Jan 03, 2014 8:47 am

Re: Files not protected AT ALL !

Postby Unc3nZureD » Tue Jan 07, 2014 9:04 am

Of course I tried and I succeed. You can easily inject a DLL :)
Unc3nZureD
 
Posts: 40
Joined: Thu Jun 14, 2012 6:06 am

Re: Files not protected AT ALL !

Postby newuser » Tue Jan 07, 2014 12:31 pm

Just a curious question here, does the enigma protector protect against these 2 methods mention above compare to engima virtual box?
newuser
 
Posts: 49
Joined: Tue Apr 13, 2010 5:43 pm

Re: Files not protected AT ALL !

Postby Enigma » Wed Jan 08, 2014 9:21 am

Hi Guys,

To avoid files being listed in the Explorer, you may turn off the option Share Virtual System to Child Processes.

Regarding other comments - Enigma Virtual Box places all embeded files into final executable without any protection, you may view these files in the simple hex editor. Enigma Protectoe encrypts the virtual content, and moreover, it never extract virtual files to memory and keeps them private/protected.

Surely, files may be available in the open dialogs, explorer (if the necessary option is enabled) etc. That's an expected functionality that can't be overwritten somehow. Hiding virtual files in file dialogs can be done only if we disable enumeration for virtual files, but your application is also requiring files enumeration, disabling this feature may work your application unworkable.

When you run virtual exe file you enjoy that all virtual content is being copying to this new process, but you do not enjoy if this process is Explorer, I may understand it but there is no matter for protection is it Explorer or any other application.

Virtual Box does it job for everything, it can't determine if the process is illegal like Explorer in our case or it is allowed process. It can't determine if the dll is injected or it is normal application dll.

Btw, you may set the hide attribute for a file to hide it in file dialog. You may also add virtual files in the non existing drive Z: and read these files from there to avoid them to be mapped to the Explorer. Use your imagination please!
Enigma
Site Admin
 
Posts: 2310
Joined: Wed Aug 20, 2008 2:24 pm

Re: Files not protected AT ALL !

Postby kbenaissa » Wed Jan 08, 2014 5:09 pm

Hi,

Tanks, but I tried to copy needed DLL in virtual sytem32 but i can"t understand why it doesn't work ! I used a virtual directory before my post (Y:\blabla\folder) but in task manager we can see the virtual directory and explore it !

Second, how to mention a linked package as REQUIRED if not found the EXE fails !

What about DLL injecting and people are saying it is easy !



Best regards,


Enigma wrote:Hi Guys,

To avoid files being listed in the Explorer, you may turn off the option Share Virtual System to Child Processes.

Regarding other comments - Enigma Virtual Box places all embeded files into final executable without any protection, you may view these files in the simple hex editor. Enigma Protectoe encrypts the virtual content, and moreover, it never extract virtual files to memory and keeps them private/protected.

Surely, files may be available in the open dialogs, explorer (if the necessary option is enabled) etc. That's an expected functionality that can't be overwritten somehow. Hiding virtual files in file dialogs can be done only if we disable enumeration for virtual files, but your application is also requiring files enumeration, disabling this feature may work your application unworkable.

When you run virtual exe file you enjoy that all virtual content is being copying to this new process, but you do not enjoy if this process is Explorer, I may understand it but there is no matter for protection is it Explorer or any other application.

Virtual Box does it job for everything, it can't determine if the process is illegal like Explorer in our case or it is allowed process. It can't determine if the dll is injected or it is normal application dll.

Btw, you may set the hide attribute for a file to hide it in file dialog. You may also add virtual files in the non existing drive Z: and read these files from there to avoid them to be mapped to the Explorer. Use your imagination please!
kbenaissa
 
Posts: 6
Joined: Fri Jan 03, 2014 8:47 am

Re: Files not protected AT ALL !

Postby Unc3nZureD » Thu Jan 09, 2014 5:09 am

Of course, making it not to appear is probably one of the easiest, however:

- You can compress it to make the file harder to extract via Hex Edit
- BUT you can't make it unvulnerable of DLL Injection attack. If I'm right nor the protector can protect us. Since the application uses the feature to access the file, the injected DLL will work as the main program and will be able to access it too.

Maybe you could add a check to make sure which module calls the enumeration and if it's not an exe then hide it. I'm not sure if it's possible, just an idea :)
Unc3nZureD
 
Posts: 40
Joined: Thu Jun 14, 2012 6:06 am

Re: Files not protected AT ALL !

Postby Enigma » Fri Jan 10, 2014 9:00 am

Unc3nZureD wrote:Maybe you could add a check to make sure which module calls the enumeration and if it's not an exe then hide it. I'm not sure if it's possible, just an idea


Had the same idea, but unfortuantely it is impossible to determine a module from which the API is called...
Enigma
Site Admin
 
Posts: 2310
Joined: Wed Aug 20, 2008 2:24 pm


Return to Enigma Virtual Box x86/x64

Who is online

Users browsing this forum: No registered users and 19 guests

cron