Preliminary Research on Anti-cracking Design Technology of VB shared software (2)

Author: Aegean Sea [SCG] 2008/09/06 (reprinted please keep this information)
 
In the previous article, I roughly explained the following:
 
1. File integrity to prevent unauthorized modification
2. Check during running to prevent LOADER
3. Anti-debugging to prevent dynamic tracking and mounting
4. Static disassembly Analysis
5. Registration Code System (algorithm part, core content)
6. Shelling prevention
7. Concealed Design
8. Find another path
 
The list is here to remind beginners of sharing software in VB. When designing VB anti-cracking, there should be no "Bucket effect", that is to say, the design is like a bucket, the absence of any corner will make it impossible to fully fill the water.
 
The bundle of this bucket is probably to protect file integrity and prevent modification.
It's a weekend. Today is a little time. Hurry up and write it. Wait for dinner, practice the piano, and then accompany your girlfriend.
 
Next, we will begin to explain 1st and 2 in detail. The old rule is: If you are free, have time, have energy, and have the ability to write.
 
1. For file integrity, you can use CRC32, MD5, or hash algorithms to calculate the file's encryption value and compare it at appropriate times to determine whether the file is modified or not. Of course, you can also add a shell to prevent illegal file modification. There is also a simple check of the last modification time of the file to see if it is the time you set yourself. If not, it is likely to be modified. You can also check the file size, often after the compression shell is taken off, the file size increases. When the protective shell is removed, the file size decreases. We can set a critical value to check whether the shell is shelled. It is also commonly used to intentionally design the algorithm traps. If the hacker falls into your trap, in fact, this jump will not be cracked, otherwise, the algorithm will never be reached, so that the hacker can be detected to modify the program process. You can quit a program without warning. Do not quit directly. Otherwise, the program will be traced to exit the function.
 
There is also memory image verification to prevent normal memory modification and normal breakpoint problems.
 
We will demonstrate the integrity verification design of the three vbprograms.
 
The first is the CRC32 self-validation Design of VB, including the process, code, and all engineering files and demonstrations;
The second is the vbprogram's time detection rules, including the process, code, and all engineering files and demonstrations;
The third is the vbprogram's file size detection rule, including the process, code, and all engineering files and demonstrations.
 
In fact, there are still some detection methods, but the principle is similar to the three methods we are about to expose, are derived.
 
Chapter 2 lecture 1
 
Design of CRC32 self-verification in VB
 
Come and come... Everyone is doing sports with me, shaking hands, shaking feet, and taking a deep breath. This article will take a long time and strive to be simple, clear, and easy to understand, I will talk about the application requirements in detail and will not be as self-defeating as some advanced people. Of course, if there are any errors, please help us to correct them. Thank you.
 
First, let's briefly review what CRC32 is.
 
In the field of data storage and data communication, the CRC verification utility library has to adopt the method of checking errors to ensure data correctness. Among the many error detection methods, CRC is the most famous one. CRC is short for Cyclic Redundancy verification. Its features are: high error checking capability, low overhead, and easy to use encoder and detection circuit. From the perspective of its ability to detect errors, the probability of errors it cannot discover is only less than 0.0047%.
 
With Table query and calculation algorithms, we can automatically generate a code table in the program for Table query and computation, which is convenient and fast.
 
In order to quickly take the principles of ink and save some time for dinner, I quoted an article on the Internet, "exploring the implementation principles of the CRC32 algorithm:
 
Http://www.diybl.com/course/6_system...1/134331.html #
 
The following is the reference section ------------------------------
 
Based on the principle of no re-build of wheels, this article does not involve any information on the Internet.
What's CRC?
In short, CRC is a value. This value is used to verify the correctness of the data. The CRC value simply means that you need to do
The remainder of the processed data divided by a constant. After you get this value, you can append it to your data,
When the data is transferred to another place, take out the original data (which may be damaged during the transfer) and the attached CRC value, and then
The original data of is divided by the previous constant (agreed) and a new CRC value is obtained. Check whether two CRC values are equal.
Whether the data is transmitted incorrectly.
So how can we divide your data by a constant? The method is to encode your data and process it in bytes into numbers.
So what is this constant? You do not have to pay attention to what it is or how it is obtained. When you really want to write a hand
When implementing the CRC algorithm, I can tell you that the theoretical scientist of CRC will tell you. Constants of different lengths correspond to different CRC implementation algorithms.
When this constant is 32 bits, CRC32 is mentioned here.
You do not need to understand all the above content, because you need to consult other materials to obtain the complete theoretical introduction of CRC.
The mathematics behind CRC?
Many textbooks associate CRC with polynomials. Here, the polynomial refers to a formula with a coefficient of 0 or 1, for example:
A0 + a1 * x + a2 * x ^ 2 +... + an * x ^ n. Where a0, a1,..., an is either 0 or 1. We do not care about the value of x.
(If you want to pay attention to it, you can simply think that x is 2.) Here, we sort the values of a0, a1,... and an to represent bits.
Stream. For example, the bitstream represented by 1 + x ^ 3 is 1101. Some materials will reverse this order, which is normal.
What is a generative polynomial?
The so-called generative polynomial is the constant I mentioned above. Note that here, a polynomial represents a bit stream, that is, a bunch
1. 0. The combination is eventually a numerical value. For example, in the CRC32 algorithm, the generated polynomial is:
C (x) = 1 + x ^ 2 + x ^ 4 + x ^ 5 + x ^ 7 + x ^ 8 + x ^ 10 + x ^ 11 + x ^ 12 + x ^ 16 + x ^ 22 + x ^ 23 + x ^ 26 + x ^ 32.
The corresponding number is 11101101101110001000001100100000 (x ^ 32 is implicitly given in actual calculations, so it is not included here
That is, 0xEDB88320 (the number corresponding to the polynomial may be reversed, and 0x04C11DB7 is obtained after being reversed, which is also correct ).
From this we can see that the CRC value can also be seen as the remainder of our data divided by a generated polynomial.
How to perform this division?
Use the calculation methods provided by most textbooks because any data can be processed as pure numbers. Therefore, to some extent, we can
Start the division directly. Although in fact this is not a standard division. For example, our data is 1101011011 (for convenience, I directly give the binary
It can be seen from this that CRC is calculated by bit), and the given generated polynomial (corresponding value) is 10011. General textbooks
It will tell us that we will shift our data to a few places (generate a polynomial digit-1 bit) before this division, so as to accommodate the future computation results.
(After I append the CRC value to the original data ). But why? I don't know. (What you don't know can't be vague.
) Then, division is:
1100001010
_______________
10011) 11010110110000 attaching a few zeros of new data
10011 ...... subtraction here (hopefully you will not forget elementary arithmetic) is an exclusive or operation
-----.........
10011 ........
10011 ........
-----........
00001 ...... calculate by bit
00000 .......
-----.......
00010 ......
00000 ......
-----......
00101 .....
00000 .....
-----.....
01011 ....
00000 ....
-----....
10110...
10011...
-----...
01010 ..
00000 ..
-----..
10100.
10011.
-----.
01110
00000
-----
1110 = This remainder is the so-called CRC value, which is also known as the checksum value.
You can obtain