Hello everyone
I am Enigma user since 6 months
We have a product with server protection and I use enigma on client version
But with everynew version releases there are bunch of kids able to bypass without unpacking patch bytes in memory making loaders
Now I.ve seen enigma is pretty good but failed.in protection against memory patching
I ve used in app Vm macros
ep protected strings function
Integrity check
And all things which enigma offer
Can u guy help me in this any thing I can do to avoid memory patch
Cause I m damn sure they cannot run exe if unpack ( I did try that)
And I ve seen they using jmp in.olly to skip/ bypass security checks
Thanks,
Enigma anti byte patching
Re: Enigma anti byte patching
Hi,
As per information you gave us, I'm not sure that your application was unpacked. If you applied RISC VM (through markers or functions selecting) and protected strings this adds a full power protection to your file.
However, even if this all is implemented, it is possible to patch unprotected parts of code in memory.
To avoid this, everything that you need to do - protect this part of code that has a weakness for patching.
Apply a virtual machine protection to this part of code and that fixes all your problems. When virtual machine is applied, the original code is being protected so that it becomes impossible to change/patch it.
As per information you gave us, I'm not sure that your application was unpacked. If you applied RISC VM (through markers or functions selecting) and protected strings this adds a full power protection to your file.
However, even if this all is implemented, it is possible to patch unprotected parts of code in memory.
To avoid this, everything that you need to do - protect this part of code that has a weakness for patching.
Apply a virtual machine protection to this part of code and that fixes all your problems. When virtual machine is applied, the original code is being protected so that it becomes impossible to change/patch it.
Re: Enigma anti byte patching
Applying virtual machine
You mean by markers ?
Yes I did that on.sensitive parts of code
You recommend using vm markers or risc marker
For those parts ?
Because I use vm marker on most
You mean by markers ?
Yes I did that on.sensitive parts of code
You recommend using vm markers or risc marker
For those parts ?
Because I use vm marker on most
Re: Enigma anti byte patching
Applying virtual machine
You mean by markers ?
Yes I did that on.sensitive parts of code
You recommend using vm markers or risc marker
For those parts ?
Because I use vm marker on most
You mean by markers ?
Yes I did that on.sensitive parts of code
You recommend using vm markers or risc marker
For those parts ?
Because I use vm marker on most
Re: Enigma anti byte patching
Risc vm markers provide stronger protection than usual vm markers.
Anyway vm markers provide anti-patching ability too.
If your app is being patched in memory, you first need to know what exact code is patched? Because if code is patched, then I dount it is protected with virtual machine and you have to apply vm for this code.
Anyway vm markers provide anti-patching ability too.
If your app is being patched in memory, you first need to know what exact code is patched? Because if code is patched, then I dount it is protected with virtual machine and you have to apply vm for this code.
Re: Enigma anti byte patching
Yes they patch the code thats inside vm marker
But some functions I take from sysutils
Those are not inside markers I dought there is the flaw
I ve change marker to risc lets see what happen
But some functions I take from sysutils
Those are not inside markers I dought there is the flaw
I ve change marker to risc lets see what happen
Re: Enigma anti byte patching
I do not think they patched code inside the markers, even vm markers, this is too complex.
However, imagine if you have some function like this one:
You could protect this function with any virtual machine, but for a cracker this does not matter at all. Cracker could hook the function CompareStr and return any custom result for it. So even if your function becomes protected, it would be possible to change it's result.
To fix such case, you need to protect both functions, your one and system one. And for this case, it is better to use protection with map file instead of markers.
Generate a map file in Delphi, and then using Virtual Machine - Functions Selecting select necessary functions to protect.
However, imagine if you have some function like this one:
Code: Select all
function compare(x : string) : boolean;
begin
// Some code to protect
// ...
// End of code
Result := CompareStr(x, 'test') = 1;
end;
To fix such case, you need to protect both functions, your one and system one. And for this case, it is better to use protection with map file instead of markers.
Generate a map file in Delphi, and then using Virtual Machine - Functions Selecting select necessary functions to protect.
Re: Enigma anti byte patching
Thanks for suggestions
In my case
The function is inttohex
This means he can hook this function and change result ?
Basically its a unique I'd of hardware for which I use inttohex function and check on server
Now in video of cracker I saw unique I'd was 00000000000000 that means he skipped or changed result
Because all possible functions had markers except inttohex
Thanks
In my case
The function is inttohex
This means he can hook this function and change result ?
Basically its a unique I'd of hardware for which I use inttohex function and check on server
Now in video of cracker I saw unique I'd was 00000000000000 that means he skipped or changed result
Because all possible functions had markers except inttohex
Thanks