encrypting text in the final exe file

ethicalhacker

ethicalhacker

Well-known member
Joined
Apr 22, 2007
Messages
142
Location
Delhi,India
Programming Experience
5-10
Using a hex editor people can change any text in an exe file and the changed text will show in the application, using such a technique anyone can change a company name and pirate the software, so is there anyway this can be stopped?
 
Sort by date Sort by votes
The techniques used is commonly called "copy protection" and has purpose of creating locks and/or avoid breaking of locks in software.
For example when deployed you could write some info somewhere about for example the date or size or hash (crc/checksum) of key files, when starting app check that this info is intact, and if not refuse to run. If files were tampered they would probably change in one or both of size and date and highly likely in hash.
 
Upvote 0 Downvote
how can i implement such a technique to my application. But what your talking about is external files. Im asking about text info in the main exe itself like the title of forms the text on labels etc can all be edited in the exe using an editor and the application will run perfectly if the exe file size is maintained. So in the end someone else might use the application after having changed the company name creator name etc.... So how can I prevent this?
 
Upvote 0 Downvote
The hash would take care of that, a hash would not be equal if not all bytes where the same value each time it was calculated. Of course if you were to include such a simple copy protection check anyone interesting in breaking it would just change the binary to bypass your check, so you have to be a lot more ingenious in your countermeasures. There exist copy protection software that can be bought that have gone to extreme lengths to provide the necessary security. Not sure what you mean by external files, what does that have to do with your application?

----edit----
Here a sample code to get the hash of application exe:
VB.NET: 
Dim fs As IO.FileStream = IO.File.OpenRead(Application.ExecutablePath)
Dim h As New SHA1Managed
Dim key As String = Convert.ToBase64String(h.ComputeHash(fs))
fs.Close()
When executable is unchanged the key string will always be same. You have to figure out how to enforce it. Probably the Startup application event would be a good place to do the check. If you don't have high security needs the key string could simply be stored in a User application setting. There is also the issue of how to handle application updates, which would change the application file, especially ClickOnce that is non-configurable and runs externally is not easy to handle in this regard. Perhaps you would use a launcher/updater application for this purpose.
 
Last edited:
Upvote 0 Downvote
There also exist something called "obfuscate" whose purpose is to make the code difficult to reverse engineer, but this doesn't prevent changes to be made.
 
Upvote 0 Downvote
JohnH said:
There also exist something called "obfuscate" whose purpose is to make the code difficult to reverse engineer, but this doesn't prevent changes to be made.
Click to expand...
then all software is insecure and can easily be edited. There has to be a fool proof wayto prevent this.:)
I have easily been able to change text in software like photoshop 3dmax maya vb.net c sharp, etc , Like someone can easily change error messages to show as different silly funny messages:D which can make first time users reading these messages mislead about these software and the software company may lose its reputation:(
I have noticed that linux executable files on the other hand are quite tough to crack or change

People with bad intentions can take advantage of such flaws and create havoc:(
 
Last edited:
Upvote 0 Downvote
Upvote 0 Downvote
JohnH said:
Probably the Startup application event would be a good place to do the check.
Click to expand...
By the Startup application event you mean the startup form's load event?
 
Upvote 0 Downvote
ethicalhacker said:
By the Startup application event you mean the startup form's load event?
Click to expand...
No, I meant the Startup application event. You can get to the application events by clicking the "application events" button in application tab of project properties.
ethicalhacker said:
I tried your code it dint work!
Click to expand...
How so? Did it say anything about "SHA1Managed"? This class belongs to System.Security.Cryptography namespace.
ethicalhacker said:
you dint give any condition to say that if the hash was changed the application wouldnt load!
Click to expand...
You have to figure something out how to use the condition. Maybe a solution is to have an independent application that manages security/update also. There are many ways to handle such matters.
 
Upvote 0 Downvote
Glad you sorted it out.
 
Upvote 0 Downvote
thanks same here but the main problem is that if i add this code to the application startup event the hash gets stored in the user setting everytime the application is started even if changes are made to the exe. How do i save the hash to the setting when the application is started only for the first time, so that I can check the hash everytime the app is started with the original hash?
 
Upvote 0 Downvote

Similar threads

Z
  • Question
What Disassembler|Decompiler|File Viewer|Hex Editor Do You Use For Viewing Binary Files, Paid Or Free?
Replies
0
Views
863
zunebuggy65
Z
RobertAlanGustafsonII
  • Solved
Question how do I get all selected rich text (including any hidden) text from RichTextBox?
Replies
9
Views
835
RobertAlanGustafsonII
RobertAlanGustafsonII
Robert Homes
  • Question
Does anyone know about the SECOND part of the Process.start command, where you can set an argument for the process you're using
Replies
4
Views
481
jmcilhinney
jmcilhinney
K
  • Question
Custom ribbon deployment - single .docm file
Replies
1
Views
364
jdelano
J
K
  • Question
Table relations issue
Replies
1
Views
407
jdelano
J

Share this page

Latest posts

Back
Top