Any questions? Ask us: support@enigmaprotector.com

Enigma anti byte patching

Post here any topics that related to Enigma Protector, its functionality, your misunderstanding, offers to improvements etc etc etc

Enigma anti byte patching

Postby Dave1234 » Mon Aug 22, 2016 1:09 am

Hello everyone
I am Enigma user since 6 months
We have a product with server protection and I use enigma on client version

But with everynew version releases there are bunch of kids able to bypass without unpacking patch bytes in memory making loaders

Now I.ve seen enigma is pretty good but failed.in protection against memory patching

I ve used in app Vm macros
ep protected strings function
Integrity check

And all things which enigma offer

Can u guy help me in this any thing I can do to avoid memory patch
Cause I m damn sure they cannot run exe if unpack ( I did try that)
And I ve seen they using jmp in.olly to skip/ bypass security checks

Thanks,
Dave1234
 
Posts: 5
Joined: Mon Aug 22, 2016 12:57 am

Re: Enigma anti byte patching

Postby Enigma » Mon Aug 22, 2016 7:04 am

Hi,

As per information you gave us, I'm not sure that your application was unpacked. If you applied RISC VM (through markers or functions selecting) and protected strings this adds a full power protection to your file.

However, even if this all is implemented, it is possible to patch unprotected parts of code in memory.

To avoid this, everything that you need to do - protect this part of code that has a weakness for patching.

Apply a virtual machine protection to this part of code and that fixes all your problems. When virtual machine is applied, the original code is being protected so that it becomes impossible to change/patch it.
Enigma
Site Admin
 
Posts: 2182
Joined: Wed Aug 20, 2008 2:24 pm

Re: Enigma anti byte patching

Postby Dave1234 » Mon Aug 22, 2016 7:53 am

Applying virtual machine
You mean by markers ?

Yes I did that on.sensitive parts of code

You recommend using vm markers or risc marker
For those parts ?

Because I use vm marker on most
Dave1234
 
Posts: 5
Joined: Mon Aug 22, 2016 12:57 am

Re: Enigma anti byte patching

Postby Dave1234 » Mon Aug 22, 2016 7:53 am

Applying virtual machine
You mean by markers ?

Yes I did that on.sensitive parts of code

You recommend using vm markers or risc marker
For those parts ?

Because I use vm marker on most
Dave1234
 
Posts: 5
Joined: Mon Aug 22, 2016 12:57 am

Re: Enigma anti byte patching

Postby Enigma » Mon Aug 22, 2016 10:01 am

Risc vm markers provide stronger protection than usual vm markers.

Anyway vm markers provide anti-patching ability too.

If your app is being patched in memory, you first need to know what exact code is patched? Because if code is patched, then I dount it is protected with virtual machine and you have to apply vm for this code.
Enigma
Site Admin
 
Posts: 2182
Joined: Wed Aug 20, 2008 2:24 pm

Re: Enigma anti byte patching

Postby Dave1234 » Mon Aug 22, 2016 2:24 pm

Yes they patch the code thats inside vm marker
But some functions I take from sysutils
Those are not inside markers I dought there is the flaw
I ve change marker to risc lets see what happen
Dave1234
 
Posts: 5
Joined: Mon Aug 22, 2016 12:57 am

Re: Enigma anti byte patching

Postby Enigma » Tue Aug 23, 2016 9:54 am

I do not think they patched code inside the markers, even vm markers, this is too complex.

However, imagine if you have some function like this one:

Code: Select all
function compare(x : string) : boolean;
begin
  // Some code to protect
  // ...
  // End of code
  Result := CompareStr(x, 'test') = 1;
end;


You could protect this function with any virtual machine, but for a cracker this does not matter at all. Cracker could hook the function CompareStr and return any custom result for it. So even if your function becomes protected, it would be possible to change it's result.

To fix such case, you need to protect both functions, your one and system one. And for this case, it is better to use protection with map file instead of markers.

Generate a map file in Delphi, and then using Virtual Machine - Functions Selecting select necessary functions to protect.
Enigma
Site Admin
 
Posts: 2182
Joined: Wed Aug 20, 2008 2:24 pm

Re: Enigma anti byte patching

Postby ilya01 » Tue Aug 23, 2016 10:37 am

I think, that BOOLEAN LICENSE CHECK IS STUPID!
You can replace jump to vm with mov EAX,1 , for example
ilya01
 
Posts: 87
Joined: Tue Oct 07, 2014 2:31 am

Re: Enigma anti byte patching

Postby Enigma » Tue Aug 23, 2016 10:52 am

ilya01 wrote:I think, that BOOLEAN LICENSE CHECK IS STUPID!
You can replace jump to vm with mov EAX,1 , for example


Exactly, agree.
Enigma
Site Admin
 
Posts: 2182
Joined: Wed Aug 20, 2008 2:24 pm

Re: Enigma anti byte patching

Postby Dave1234 » Tue Aug 23, 2016 11:42 pm

Thanks for suggestions
In my case
The function is inttohex
This means he can hook this function and change result ?

Basically its a unique I'd of hardware for which I use inttohex function and check on server

Now in video of cracker I saw unique I'd was 00000000000000 that means he skipped or changed result

Because all possible functions had markers except inttohex

Thanks
Dave1234
 
Posts: 5
Joined: Mon Aug 22, 2016 12:57 am

Next

Return to Basic

Who is online

Users browsing this forum: No registered users and 3 guests