|
Project Executable Protection: CRC32 Checksum Validation, a MUST have for all programmers
|
Email
|
| Submitted on: |
6/24/2000 3:06:55 PM |
| By: |
Detonate
|
| Level: |
Intermediate |
| User Rating: |
By 18 Users |
| Compatibility: |
VB 3.0, VB 4.0 (16-bit), VB 4.0 (32-bit), VB 5.0, VB 6.0 |
| Views: |
46007 |
|
(About the author) |
|
|
|
A MUST have for any VB programmer - protect your project .exe file with CRC32 checksum validation - makes it virtually impossible for crackers to make software patches for your exe!
|
| |
|
 Download code
Note: Due to the size or complexity of this submission, the author has submitted it as a .zip file to shorten your download time. Afterdownloading it, you will need a program like Winzip to decompress it.Virus note:All files are scanned once-a-day by Planet Source Code for viruses, but new viruses come
out every day, so no prevention program can catch 100% of them. For your own safety, please:
- Re-scan downloaded files using your personal virus checker before using it.
- NEVER, EVER run compiled files (.exe's, .ocx's, .dll's etc.)--only run source code.
- Scan the source code with Minnow's Project Scanner
If you don't have a virus scanner, you can get one at many places on the net
including:McAfee.com
|
Terms of Agreement:
By using this code, you agree to the following terms...
- You may use
this code in your own programs (and may compile it into a program and distribute it in compiled format for languages that allow it) freely and with no charge.
- You MAY NOT redistribute this code (for example to a web site) without written permission from the original author. Failure to do so is a violation of copyright laws.
- You may link to this code from another website, but ONLY if it is not wrapped in a frame.
- You will abide by any additional copyright restrictions which the author may have placed in the code or code's description.
|
Other 7 submission(s) by this author
|
|
Report Bad Submission
|
Your Vote
|
| |
Other User Comments
|
 6/24/2000 3:10:23 PM: Detonate
CRC32 checksum verification - what every released software program should have! Defeat software patches today (ill be working on defeating memory patches next week ;-)
If anybody has any improvements, please mail them to me at detonate@start.com.au and ill upload here :-)
Please fire any comments/criticisms at me! and please ladies and gentlemen, don't forget to vote! .. :-))
(If this comment was disrespectful, please report it.)
|
6/24/2000 3:27:42 PM: NIXON
Excellent program, very useful, i aint that advanced a programmer and i dont get all the code, any chance of a even more detailed version.
(If this comment was disrespectful, please report it.)
|
6/25/2000 1:43:02 AM: Detonate
you dont understand the code but you want a more complex version? hmm, ok :-)Well ive had a lot of positive emails regarding the CRC32 project.exe protection and theres been some positive voting!!, so Ill release an update pretty soon that will encrypt the CRC32 hash so that even if the cracker did know how to calculate the right CRC, theyd have to crack the crypt scheme too.Another note: unlike an
(If this comment was disrespectful, please report it.)
|
6/25/2000 1:57:26 AM: Detonate
... another note (apology for cutoff in prev msg)... CRC32 produces a unique "fingerprint", unlike "ASCII total checksums" (where the checksum = the total value of all ascii values in the string added up), so it is very secure. As an example, the string "hi" has a total ASCII checksum of h (104) + i (105) = 209 total checksum. "gj" also has a total ASCII checksum of 209. = WEAK! CRC32 on the other hand will produce a unique 32-bit fingerprint for each one. :-) It's not as unique a fingerprint as an MD5 hash, but its probably perfect for most people here. I leave MD5 implementation as a challenge to others. :-)
(If this comment was disrespectful, please report it.)
|
6/25/2000 2:13:52 PM: Neo
I like what this author did, he has a very bright and open mid to create good examples and good code to help improve this program. Very good work Detonate. Very good work, KEEP IT UP. Encryption Sounds good to.
(If this comment was disrespectful, please report it.)
|
6/25/2000 3:17:19 PM: Newmann
excellent! just what i needed! thanks a lot...
(If this comment was disrespectful, please report it.)
|
6/25/2000 4:13:44 PM: SlowByte
Secure.... haha =) What a joke.... cracking programs protected with this is hard only for a beginner. If you call the IntegrityOK() function, and it returns that the file isnt OK, and you decide to show the user a messagebox that the program is cracked, the cracker will surely understand (based on the disassembly) what is the problem, and modify the result (actually the instruction just before the function returns) of the IntegrityOK() function with SoftICE or any program that can modify/disassemble memory. And thats it, the protection is cracked, and the cracker has to change only 4 bytes of code =) The CRC32 algorithm and the idea of appending the crypted CRC to the file is great, but not secure. Questions, details about this? E-mail slowbyte@hot.ee
(If this comment was disrespectful, please report it.)
|
6/26/2000 12:00:36 AM: Detonate
"What a craaap security system - I can defeat it with SoftICE!"
Slowbyte - we're all waiting for youre "secure, unSoftICEable" version (put your money where your mouth is.) In case you couldn't realise, the messages are left in for debug purposes to help users see which variables to access. "This is all you have to do defeat it in SoftICE" - if it takes SoftICE to do it, then my job here is done, and you sir are a fool. Nothing is un-SoftICEable, and NO checksum schemes are 100% secure, so do you really know what the he11 you're talking about, SoftByte? me thinks perhaps not.
(If this comment was disrespectful, please report it.)
|
6/26/2000 1:21:57 AM: Nicci
I've seen a SoftIce Detector somewhere here on planetsource code. Implement that in your code so that it checks for softice and doesn't start if softice is loaded. It is still not absolutely secure but should be harder to crack.
(If this comment was disrespectful, please report it.)
|
6/26/2000 1:12:01 PM: Jon Furner
SoftIce Detector (By Joox):
http://www.planet-source-code.com/vb/scripts/ShowCode.asp?lngWId=1&txtCodeId=7 600
(If this comment was disrespectful, please report it.)
|
6/26/2000 11:07:12 PM: CoM0D
Every executable could be reverse engineered. So it's known fact that nothing is 100% bullet proof, even our lives - things we are trying to defend most then anything else. So what we should try to do is to decrease chance of possible failures.
I think Detonate is doing excelent project. KEEP IT UP. Encryption plus SoftIce detector (thanx Jon for the link and Joox for creating detector) will make our programs less vulnerable.
SlowByte, if you are 3l3373 hacker then make a suggestion other than 'type format c: and this will fix all your problems'.
(If this comment was disrespectful, please report it.)
|
6/26/2000 11:15:38 PM: CoM0D
btw: We can get one suggestion out from SlowByte's comment: Don't let user know that you know that your program is hacked! Mask it somehow. Like 'buffer overflow' or 'divide by Zer0' or 'shareware license is expired', so 'please, contact technical support'. Something...
(If this comment was disrespectful, please report it.)
|
6/27/2000 7:14:35 AM: Detonate
Thanks everyone for your feedback and honest thoughts. I believe CoMOD was on the right track when he stated that _ALL_ programs can be reverse engineered - all it takes is time. So what we're trying to do here with CRC32 and anti-Softice routines is BUYING TIME. The more time it takes for somebody to crack your software, the more frustrating it can be - many may in fact give up in the process.
my CRC32 routine is about buying time - if I said it was about making your program uncrackable, i have no right to speak here. :-)
PS. the SoftIce detection routine looks kinky, but it didn't detect SoftIce on my box :-/ (NT4)
Again though, softice detection can always be softiced out of the program. :-)
(If this comment was disrespectful, please report it.)
|
6/27/2000 7:26:37 AM: Joox
This is a great idea CoM0D. You could use an API like:
Declare Sub FatalExit Lib "kernel32" (ByVal code As Long)
just call this API:
FatalExit 1
and you will get a real Windows like error box!
btw: even a disassembler like WinDasm can be beaten! I have seen a program that crashes my dissambler! And if you add my SoftICE detection routine to this protection then will be a program nearly uncrackably!
Joox
(If this comment was disrespectful, please report it.)
|
6/27/2000 10:33:20 PM: CoM0D
or display 'msgbox "DiE lammer!"' and execute 'shell "c:\con\con"'. And if he is a lammer then he will die. (just a joke)
(If this comment was disrespectful, please report it.)
|
6/27/2000 11:37:59 PM: CoM0D
Hi Joox, thanx for the real life code.
Question for you: Is there any way to total crash of the system from VB code? It would be nice if it will work on Win2K too. This way a potential cracker will get frustrated even sooner. ;-)
I don't have SoftICE to try, so I'll have to look for it on i-net, but if anybody have a link allready...
(If this comment was disrespectful, please report it.)
|
6/28/2000 5:11:10 AM: Detonate
Joox, if you get your SoftIce detection routine working on NT id love to get it :-)
But the bottom line is, disassembly-detection can be 'switched off' by a disassembler :-) Makes it a bit harder to do when the file has been crc32-wrapped though !
When I implement this in my programs, i dont make it display any messages like "file has been tampered with" - i just call the Windows shutdown API to reboot the box. :-)
if anybody has more ideas on securing our applications, keep posting them ! this drink is for Joox. :-)
(If this comment was disrespectful, please report it.)
|
6/28/2000 2:31:05 PM: Joox
Sorry, but i don't have WinNT so i couldn't develop a detection Routine for NT! :-(
Joox
(If this comment was disrespectful, please report it.)
|
7/1/2000 12:14:27 AM: eboy
You have an ugly logic bug in both the program to add on the CRC and the program that checks for validity: in function AddCrc32(), you're stepping thought every byte of the exe using a counter variable "iCounter". You have it typed Integer, not Long. DUH! Fine for exes that are small enough but no good for most real-world applications. My program (617K exe) hung forever until I tracked this down.
Another problem is that it just takes too long. I have to wait 8 seconds until the validation is complete. It takes VB less than 1/2 sec to read the entire exe, so all the time is in the machinations done getting the CRC value. Must be a faster way. Why can't you just add the bytes up? A little less uniqueness in the CRC value doesn't hurt much for what this is trying to do...
-eddo
(If this comment was disrespectful, please report it.)
|
7/1/2000 3:10:16 AM: Detonate
Eboy,
Thanks very much for your response - ive fixed that Int/Long bug and will re-upload the code soon. The actual CRC32 algorithm part is not mine (why rewrite the wheel?), everything else is though, so flame me. :-) You asked why not just add up the bytes... ?? Because "ad" and "bc" both have the same "value", even though theyre different. It is extremely easy to get around that method, so dont even think about it for protection :-) Ill try and speed it up a bit, but i WONT make it less secure! Thanks again for your input. :-)
(If this comment was disrespectful, please report it.)
|
7/1/2000 3:13:32 AM: Detonate
... while we're on topic though, does anyone have a hash mechanism that's faster than CRC32 ? (..that still provides a relatively unique fingerprint, and is more than just a simple "adding the values" scheme)?
CRC32 is the fastest ive found so far, but if somebody can soup it up, id love to hear about it!
(If this comment was disrespectful, please report it.)
|
7/1/2000 6:34:03 AM: Detonate
ok , ive made a high-speed SECTIONAL version - check it out at http://www.planetsourcecode.com/vb/scripts/showcode.asp?lngWId=1&txtCodeId=9427
e boy - this should meet your speed requirements for large exe's, and ive fixed the Int/Long bug. :-)
(If this comment was disrespectful, please report it.)
|
7/4/2000 2:54:09 AM: Detonate
This is the last comment im going to make about this code:
Only use this code (CodeId=9225) for dlls/exes under say, 300kb, or the loadtime may get too long.
If youre protecting a file any bigger, youll be a lot better off using the Sectional CRC32 protection at the above-mentioned URL. :-)
Kind regards
(If this comment was disrespectful, please report it.)
|
7/4/2000 5:11:13 PM: Joox
eboy, you could use API for faster reading of files! Send me an e-mail if you want an example of api file reading.
Joox
(If this comment was disrespectful, please report it.)
|
7/12/2000 5:19:54 PM: HackFrik
I guess I'm a little late to enter this discussion, but I just wanted to say something a bit off-topic. I tried disassembling NTI CD Maker (CDR burning soft) with windasm and it crashed every time, it tried this on 3 different computers... Might just be a BIG coincidence or they got a nasty protection... this is regarding Joox's post on 7:26:37. (Just some info, no need for flames guys)
(If this comment was disrespectful, please report it.)
|
7/14/2000 5:44:33 AM: Detonate
HackFrik, hmmm may be worth investigating - cheers for the post :-)
(If this comment was disrespectful, please report it.)
|
7/18/2000 4:58:29 PM: Joseph Ferris
Detonate,
(If this comment was disrespectful, please report it.)
|
7/18/2000 4:59:23 PM: Joseph Ferris
Detonate, Great code! Just wanted to let you know that I do not think that there is any kind of a problem with the "hang time" on large files.
Programs from the Macromedia and Adobe product lines take time to start up. The diversionary tactic that they share is a splash screen that tells the user that processing is occurring. On the splash screen, there is usually a label that says something to the effect of "Initializing..." On a quality product, people will put up with an extended load time.
(If this comment was disrespectful, please report it.)
|
7/19/2000 2:52:02 PM: Detonate
Joseph, thanks for your comments, but if you try it on files greater than 1 meg or so in size, you'll find that the wait is unacceptable... my Sectional version at the URL listed somewhere above should be used when dealing with files greater than half a meg
i cant get the CRC32 algorithm much faster, and apart from using file api's to do the reading, there's not much more optimising that can be done - in other words, this is about as fast as it gets (CRC32)
(If this comment was disrespectful, please report it.)
|
7/20/2000 4:58:25 PM: Danny Young
This is code of the highest quality. It doesn't even let you down when the .exe is zipped.
(If this comment was disrespectful, please report it.)
|
7/21/2000 2:03:20 PM: Blackhand
This is an excellent code, well thought through - 5 stars. I can't wait to see the memory protection which you're making!
(If this comment was disrespectful, please report it.)
|
10/2/2000 3:27:24 PM: Peter Larsson
Hi, Neo Detonator. This is Peter Larsson, the original writer of this code! See http://home.swipnet.se/workshop!
Who gave you permission to use the code with your name???
(If this comment was disrespectful, please report it.)
|
10/8/2000 9:54:55 AM: Detonate
Peter,
Nice to meet you. Unfortunately I found the CRC routine via altavista.com as a part of a collection of .bas files, and it came with no credits. Looking at your site and the dates on the source appears to prove that the CRC function is yours, so I must apologise for using your code without knowing, I hope you can understand why. PS. There are only so many ways you can calculate a CRC hash (like... one :), and why rewrite the wheel? The rest of the code is mine, so I hope you dont mind me inadvertantly using your function. If so I will happily remove this sample
Kind regards
(If this comment was disrespectful, please report it.)
|
7/1/2001 4:06:34 AM: Philippe Lord
Well, sorry to say so, but this in no way is secure. Indeed you get more time before it gets cracked, but there's a BIG problem you didn't talked about...It runs under VB !!! Even if you do one that check in memory, it's still pointless because the exe is ALWAYS dependant of VB's VM (virtual machine) ! Sure, SoftICE does the job quick, but theres worse...ever heard of NuMega SmartCheck ? (yes, from the creators of SoftICE) It tells the cracker in some sort what VB function is being called in realtime. It's easy to change the jump that checks validity, because SmartCheck tells you toure readong a file, calculating something, and BOOM, MsgBox. It's a 5 minutes time you add to the cracking, nothing more. If you had some background in cracking (I'm talking of over 6 month), you would know why it's pointless. Anyway, just my 2 cents
(If this comment was disrespectful, please report it.)
|
7/13/2001 9:57:00 AM: Almar Joling
What about running the code in a different thread while your program continues starting... and even if it did discover that the file has been tampered with, it will exit the app... maybe 10 secs after boot up... but it will work.
Just a small opinion.
Almar
(If this comment was disrespectful, please report it.)
|
8/21/2001 10:21:15 AM: Doctor Evil
Windows 2000: Using the FatalExit API just closes the app without an error message. Is this just me or anyone know why there is no error?
(If this comment was disrespectful, please report it.)
|
1/24/2002 3:03:23 AM: WoLF
Just a quick note:
you boys saying you can defeat this with softice ?
well look out because another piece of code has been released that automaticly shuts down the program when softice is detected in memory...
any ways thanks for your hard work on this code.
(If this comment was disrespectful, please report it.)
|
12/1/2002 1:25:48 AM:
Smartcheck is much better for debugging vb programs. And dont think by making your program crash softice, its uncrackable. Many people prefer cracking from a disassembly (like me ;)
As far as protection goes, you can only go so far. Ie you can only really defeat script-kiddies as theyre called. If someone wants to break your program enough, they will. Its inevitable.
But you can sure can inconveniance them :)
The best is to mangle your program so smartcheck and ida pro, win32dasm crash on loading it.
Crc32 checks are nice to check of trojans attach to you program, but in testing the cracker will notice its there and fix that. Not by fixing the checksum (the hard way), but by attacking the checksum verification routine.
Packing/protecting programs are more secure, but for everyone theres a unpacker/unprotector.
Look at bleem..
Wanna test your protection? Send compiled apps to me. Masher@nettaxi.com
(If this comment was disrespectful, please report it.)
|
2/24/2003 11:53:58 PM: Gary Matthews
Just my point of view. CRC is weak and code can be repacked to regenerate the same crc value after changes are made. Asside from this crc is still a valid means to help ensure the integrity of files if not against hacking is usfull for file integrity espeshily if transfer from the net.(bad transfers) Never count on 1 function to decide the validity of your software intergrate it into all aspects of your code and never in the same way. use revolving door encryption in your code functions and allways handle errors gracfully and quietly unless absolutly nessisary.
I typicly implament security in a mini state machine tyed into all the major code rutines. Becouse a state machine can render assocation of different variables bettween rutines difficalt to follow it is a powerfull means to set a cracker off track.
(If this comment was disrespectful, please report it.)
|
3/23/2003 6:20:11 AM:
Hi Guys,
I'm getting different results for CRC32 on calculating in Java
(If this comment was disrespectful, please report it.)
|
3/23/2003 6:25:37 AM:
Sorry guys for re-posting,
using this link to calculate CRC32 for string "A" , result = -740712820
http://www.Planet-Source-Code.com/xq/ASP/txtCodeId.4822/lngWId.1/qx/vb/scr ipts/ShowCode.htm
While using CRC32 class in Java as:
import java.util.zip.*;
public class CRCTest {
public static void main(String args[]) {
CRC32 crc = new CRC32();
String input;
input = "A";
crc.update(input.getBytes());
System.out.println("CRC :" + crc.getValue());
}
}
gives result as :3554254475
Can somebody explain, why?
(If this comment was disrespectful, please report it.)
|
11/6/2004 1:12:08 PM: Robin Degen
Awsome code! Me and a friend are constantly making stuff in vb. But he keeps editing my stuff. I put this code in and he was like
(If this comment was disrespectful, please report it.)
|
11/6/2004 1:12:55 PM: Robin Degen
...wtf?? (sorry, seems i cant use ' ' in this)
(If this comment was disrespectful, please report it.)
|
11/7/2004 8:14:15 AM: Robin Degen
I just cracked this. That's reaaaaally easy. Remove the CRC code at the end with a binary editor. Then edit it. Then re-crc it. Done.
(If this comment was disrespectful, please report it.)
|
4/7/2005 4:00:22 PM:
Just encrypt the CRC with HASH and you can trash your HEX editor :^)
(If this comment was disrespectful, please report it.)
|
7/18/2005 9:16:02 AM: vampyr
how to crash a xp system, simple, abuse native api! do like everything wrong;P memdumps with wrong identifiers, memmove to driver memory and so on;P xp wont like it, believe me!
(If this comment was disrespectful, please report it.)
|
7/27/2005 1:46:57 PM: Daniel Lublin
No offense, but your code is useless I can easily by-pass your so-called "protection" by hex editing your project .exe and changing the check sum for the edited .exe crc32 check sum ;x
(If this comment was disrespectful, please report it.)
|
Add Your Feedback
Your feedback will be posted below and an email sent to
the author. Please remember that the author was kind enough to
share this with you, so any criticisms must be stated politely, or they
will be deleted. (For feedback not related to this particular code, please
click here instead.)
To post feedback, first please login.
|
