Pack file security against Injection Tool.

Post here messages if you have any problems with working of Enigma Protector
Post Reply
popcade
Posts: 10
Joined: Sun Nov 10, 2013 12:44 pm

Pack file security against Injection Tool.

Post by popcade » Sat Oct 18, 2014 1:18 am

Hi,

I'm planning to buy a copy of Enigma(32), previously I'm using MoleBox9x, now it's insufficient and Enigma is just what I need, however I tested with demo version of Enigma 4.1, the virtual box can be still easily be extract by a certain tool via DLL Injection (you probably know the tool as I mailed to support).

With that tool any file packaging method can be restored within 3 clicks, and it kills MoleBoxPro/MoleBoxVS/EnigmaVB/BoxedApp/ThinApp/Spoon/SmartPacker/Cameyo/Evalzer packages, which is an awful threat to package security and many attemps in vain, the only thing I can do is to detect the tool title then shut my app, but the title can be easily changed so I doubt it's a safe method.

However my app relies some inline hook tool like AppLocale and NTLEA(ntlea.codeplex.com), is there any way to prevent injection and keep AppLocale/NTLEA working?

Alec
Posts: 86
Joined: Thu Feb 20, 2014 9:35 am

Re: Pack file security against Injection Tool.

Post by Alec » Mon Oct 20, 2014 11:58 am

When it comes to accessing files it doesn't matter whether your application is protected or not, since it will be using Win API in order to access them, VirtualBox builds up additional virtual file system on top of the disk file system i/o layer, so it can't detect what exactly accesses the files.

When it comes to file package security developers usually implement their own packed/encrypted file containers and don't use any 3rd party tools, since such tools are limited by genereal app functionality while developers can do with their code whatever they desire.

popcade
Posts: 10
Joined: Sun Nov 10, 2013 12:44 pm

Re: Pack file security against Injection Tool.

Post by popcade » Mon Oct 20, 2014 12:31 pm

Hi,

I do understand what you said, but the issue is I'm using a 3rd party game engine and I need to invest time to make a pack algo, however tools like GLBasic and BlitzBasic have no native way loading from a file archive to memory bank yet.

And yes, I do want to make an engine by myself or some easier way, adopt to another game engine, but that took time and make my brain spin a lot.

Although I know many popular games have no resource protection AT ALL, it really depends on what the developer thoughts, however a packed file using Enigma have the benefit to get rid from Installers and makes loading faster, the security will be a plus.

Ilya
Posts: 122
Joined: Tue Oct 07, 2014 2:31 am

Re: Pack file security against Injection Tool.

Post by Ilya » Mon Oct 20, 2014 1:42 pm

Is there a way fix this? Too bad for packed files can be here so quick and easy to access!

Google translate, sorry.

popcade
Posts: 10
Joined: Sun Nov 10, 2013 12:44 pm

Re: Pack file security against Injection Tool.

Post by popcade » Wed Oct 22, 2014 5:39 am

Hi,

To describe what I means, please look the tool Here, and try to using it.

As present most virtualizer can be easily invested by this tool and in my test,
the current Themida's xBundler can avoid the file extracting dll, while most other packers not.

As you know now more and more devkits rely on 3rd party DLLs or Scripts,
I'm willing to pay for extra seciurity if you have developed
such plugin or new packing algo, and this should benefit many ppl.

Legend
Posts: 6
Joined: Tue Apr 08, 2014 7:24 am

Re: Pack file security against Injection Tool.

Post by Legend » Thu Oct 23, 2014 5:59 pm

I would like to know whether theres a solution/fix to this problem too.

Post Reply