Files not protected AT ALL !

Issues related to Enigma Virtual Box
Post Reply
kbenaissa
Posts: 6
Joined: Fri Jan 03, 2014 8:47 am

Files not protected AT ALL !

Post by kbenaissa »

Hi,

According to the help of EVB :
Enigma Virtual Box can be used in any application by any reason, just some ideas:

make your application more flexible by building it into single executable file
protect files of your application agains modifying and illegal copying
hide dynamic libraries and it's functionality
Same problem with Protector !

But unfortunately, If we open explorer within the protected app and (to open, a file, save a file so any API that call the OpenFileDialog) and browse to the app folder and tape "*.*" we have all the app files (uncompressed) and clear and we can copy them and restore all the file in the EVB. other V apps use the HIDE option for files, HOPE i'm wrong and there is an option to hide files.

Is it possible to add a MUST REQUIRED linked package before xecuting the program ?

Best regards
Unc3nZureD
Posts: 40
Joined: Thu Jun 14, 2012 6:06 am

Re: Files not protected AT ALL !

Post by Unc3nZureD »

Anyways injecting a DLL and copy all the required files does the same... It's not really that high level protection...
kbenaissa
Posts: 6
Joined: Fri Jan 03, 2014 8:47 am

Re: Files not protected AT ALL !

Post by kbenaissa »

Unc3nZureD wrote:Anyways injecting a DLL and copy all the required files does the same... It's not really that high level protection...
But not for every one ! by protecting the process we can't inject dll. i think.
Unc3nZureD
Posts: 40
Joined: Thu Jun 14, 2012 6:06 am

Re: Files not protected AT ALL !

Post by Unc3nZureD »

Of course I tried and I succeed. You can easily inject a DLL :)
newuser
Posts: 49
Joined: Tue Apr 13, 2010 5:43 pm

Re: Files not protected AT ALL !

Post by newuser »

Just a curious question here, does the enigma protector protect against these 2 methods mention above compare to engima virtual box?
Enigma
Site Admin
Posts: 2939
Joined: Wed Aug 20, 2008 2:24 pm

Re: Files not protected AT ALL !

Post by Enigma »

Hi Guys,

To avoid files being listed in the Explorer, you may turn off the option Share Virtual System to Child Processes.

Regarding other comments - Enigma Virtual Box places all embeded files into final executable without any protection, you may view these files in the simple hex editor. Enigma Protectoe encrypts the virtual content, and moreover, it never extract virtual files to memory and keeps them private/protected.

Surely, files may be available in the open dialogs, explorer (if the necessary option is enabled) etc. That's an expected functionality that can't be overwritten somehow. Hiding virtual files in file dialogs can be done only if we disable enumeration for virtual files, but your application is also requiring files enumeration, disabling this feature may work your application unworkable.

When you run virtual exe file you enjoy that all virtual content is being copying to this new process, but you do not enjoy if this process is Explorer, I may understand it but there is no matter for protection is it Explorer or any other application.

Virtual Box does it job for everything, it can't determine if the process is illegal like Explorer in our case or it is allowed process. It can't determine if the dll is injected or it is normal application dll.

Btw, you may set the hide attribute for a file to hide it in file dialog. You may also add virtual files in the non existing drive Z: and read these files from there to avoid them to be mapped to the Explorer. Use your imagination please!
kbenaissa
Posts: 6
Joined: Fri Jan 03, 2014 8:47 am

Re: Files not protected AT ALL !

Post by kbenaissa »

Hi,

Tanks, but I tried to copy needed DLL in virtual sytem32 but i can"t understand why it doesn't work ! I used a virtual directory before my post (Y:\blabla\folder) but in task manager we can see the virtual directory and explore it !

Second, how to mention a linked package as REQUIRED if not found the EXE fails !

What about DLL injecting and people are saying it is easy !



Best regards,

Enigma wrote:Hi Guys,

To avoid files being listed in the Explorer, you may turn off the option Share Virtual System to Child Processes.

Regarding other comments - Enigma Virtual Box places all embeded files into final executable without any protection, you may view these files in the simple hex editor. Enigma Protectoe encrypts the virtual content, and moreover, it never extract virtual files to memory and keeps them private/protected.

Surely, files may be available in the open dialogs, explorer (if the necessary option is enabled) etc. That's an expected functionality that can't be overwritten somehow. Hiding virtual files in file dialogs can be done only if we disable enumeration for virtual files, but your application is also requiring files enumeration, disabling this feature may work your application unworkable.

When you run virtual exe file you enjoy that all virtual content is being copying to this new process, but you do not enjoy if this process is Explorer, I may understand it but there is no matter for protection is it Explorer or any other application.

Virtual Box does it job for everything, it can't determine if the process is illegal like Explorer in our case or it is allowed process. It can't determine if the dll is injected or it is normal application dll.

Btw, you may set the hide attribute for a file to hide it in file dialog. You may also add virtual files in the non existing drive Z: and read these files from there to avoid them to be mapped to the Explorer. Use your imagination please!
Unc3nZureD
Posts: 40
Joined: Thu Jun 14, 2012 6:06 am

Re: Files not protected AT ALL !

Post by Unc3nZureD »

Of course, making it not to appear is probably one of the easiest, however:

- You can compress it to make the file harder to extract via Hex Edit
- BUT you can't make it unvulnerable of DLL Injection attack. If I'm right nor the protector can protect us. Since the application uses the feature to access the file, the injected DLL will work as the main program and will be able to access it too.

Maybe you could add a check to make sure which module calls the enumeration and if it's not an exe then hide it. I'm not sure if it's possible, just an idea :)
Enigma
Site Admin
Posts: 2939
Joined: Wed Aug 20, 2008 2:24 pm

Re: Files not protected AT ALL !

Post by Enigma »

Unc3nZureD wrote:Maybe you could add a check to make sure which module calls the enumeration and if it's not an exe then hide it. I'm not sure if it's possible, just an idea
Had the same idea, but unfortuantely it is impossible to determine a module from which the API is called...
Post Reply