Results 1 to 2 of 2

Thread: Tool-writer questions

  1. #1
    chris
    Guest

    Tool-writer questions

    I'm not quite sure I chose the right forum, but here are my questions anyway.

    I am writing a tool which prevents reverse engineering. (I am an expert tool writer, but a beginner in reverse engineering).

    Question 1) How can I become trusted as good guy and not just one more person requesting malware (to use)?

    Question 2) Any experienced opinions what to do, so that my tool can be used for good purposes, but be difficult to use to create malware?

    For a starter, I already have some "tricks":
    • The output of my tool does NOT hide its being obfuscated. The obfuscation is easy to recognize, in spite of (hopefully) being almost impossible to reverse engineer.
    • The generated code is too long to hide in small places.
    • (Possibly ?) The tool could embed a visible watermark, so anybody could know how the obfuscated code was created.
    • (Possibly ?) The tool could embed an (invisible?) watermark with a serial number. Each buyer would get a new serial number. (Would buyers care? How could I get good enough identifications that this would be worth doing?)

    I would love to hear whether these measures would be safe enough or useless to prevent/reduce creation of malware. Even better: maybe somebody has more or better ideas how to accomplish that.

    Question 3) I'm always looking for juicy tricks, easy for automatic generation. This will eventually become my next question, after question 1) is answered.

    I promise to eventually send a "crackme" (minus the best tricks), but for now the tool is still too simple to make this interesting.
    Chris


    C h r i s J a c o b i
    j a c o b i a t a c m d o t o r g
    Please be careful when replying to the bulletin board; I would love to be "verifiable", but not searchable/findable yet.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Quote Originally Posted by chris View Post
    I am writing a tool which prevents reverse engineering. (I am an expert tool writer, but a beginner in reverse engineering).
    Let me rephrase your sentence...
    Since John Carmak made IDTech engines core (doom,quake etc) alone, I want to write IDTech 7 core (I'm an expert developer, but I am a beginner in 3d graphic).

    * About malware preventing/generation: there are already dozen of anti-RCE tools used to scramble malware, so do not be worried, AV companies will deal with it -it's their job, after all..
    * About the 'visible watermark': if your watermark would be used for recognize 'good code', it would take a split second to locate&duplicate it for faking silly AVs. In case you didnt know, you can disable DEP in windows this very same way (just mimic a common pattern of a widely available protection -securom- and you get silently rid of DEP).
    * About the 'invisible watermark': it is already used in some product, since quite a bit of time.


    Honestly, I'd prefer an arxan protected sample instead, if you can... it's very irritant how they claim they have a good product ...when I know it is not...
    Last edited by Maximus; March 16th, 2012 at 10:44.
    I want to know God's thoughts ...the rest are details.
    (A. Einstein)
    --------
    ..."a shellcode is a command you do at the linux shell"...

Similar Threads

  1. Me code write good: The l33t skillz of the virus writer
    By Kayaker in forum Malware Analysis and Unpacking Forum
    Replies: 71
    Last Post: July 28th, 2007, 07:55
  2. Belgian police arrest female virus writer
    By crUsAdEr in forum Off Topic
    Replies: 7
    Last Post: March 2nd, 2004, 17:22
  3. 2 questions
    By Anonymous in forum OllyDbg Support Forums
    Replies: 2
    Last Post: September 19th, 2003, 10:24
  4. Three questions...
    By Risotto in forum Malware Analysis and Unpacking Forum
    Replies: 22
    Last Post: May 30th, 2002, 22:40
  5. Two questions...
    By doc in forum Malware Analysis and Unpacking Forum
    Replies: 10
    Last Post: July 6th, 2001, 05:44

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •