Welcome to the new Woodmann RCE Messageboards Regroupment
Please be patient while the rest of the site is restored.

To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.

The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.

All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.

guardit 4 linux

RCE of Linux tools and programs.
Locked
User avatar
Shub-nigurrath
Senior Member
Posts: 431
Joined: Mon May 10, 2004 2:00 pm
Location: Obscure Kadath

guardit 4 linux

Post by Shub-nigurrath »

Hi,
anyone has ever approached this protector?

http://www.arxan.com/software-protectio ... /index.php

sounds interesting and more recent than shiva..

According to the whitepaper here http://www.arxan.com/ds-pdf/GuardIT-for ... asheet.pdf

it seems to use the code-guards technique I also described few years ago: http://www.woodmann.com/forum/showthrea ... -by-Guards

Interesting, also because I completely forgot about it..

Another interesting thing is that arxan was believed to be almost dead and instead they released an interesting protection suite for mobile terminals..
(¯`·._.·[¯¨´*·~-.¸¸,.-~*´¨ Ŝħůβ¬Ňïĝµŕřāŧħ ₪¯¨´*·~-.¸¸,.-~*´¨]·._.·´¯)
There are only 10 types of people in the world: Those who understand binary, and those who don't
http://www.accessroot.com
User avatar
Maximus
Posts: 481
Joined: Mon Sep 19, 2005 3:09 am
Location: NDA

Post by Maximus »

I've searched alot about it - they work for a very limited (yet where much money stays) customership and you usually do not have access to software protected by it. Hence, their very unverified claims, mainly based off the fact they avoid real tests...
After digging alot, I've finally discovered more about it. In essence, it's all matter of finding an hidden key in it. It can work fine on closed boxes (i.e. TV). On PC, I doubt.
The 'software guards' is not very different from self-CRC with Solomon ECC's alike fixes...
I want to know God's thoughts ...the rest are details.
(A. Einstein)
--------
..."a shellcode is a command you do at the linux shell"...
Sab
Senior Member
Posts: 175
Joined: Tue Aug 13, 2002 12:26 am

arxan is crcs mainly

Post by Sab »

see some research and proof of concept code done by the university (slides + pdf).
http://www.cs.purdue.edu/people/faculty/mja/

He wrote a few papers which are published that describe it. At its core its crc macros on predetermined ranges within the compiler using sdk, trivially solved.
FrankRizzo
Posts: 359
Joined: Sat Nov 27, 2004 7:43 pm
Contact:

Post by FrankRizzo »

I used to work for an Arxan competitor, and I know that we were stealing account after account from them. They appear to be mostly living on short term government R&D contracts currently. I assume this mobile suite was either an offshoot from one of those, or something one of the grad students did, and they wanted to try to make some money off of it.
User avatar
Shub-nigurrath
Senior Member
Posts: 431
Joined: Mon May 10, 2004 2:00 pm
Location: Obscure Kadath

Post by Shub-nigurrath »

I read several papers about this. Placing guards and repairing agents (for self healing) in the code is a stuff which is very well known (even skype is protected like so), the main result they did was to find a method to place these agents automatically into a petri network over compiled code. Which is a remarkable result afterall.

The interesting stuff is that they also extended this product to other platforms like android and java (that's almost the same), but it's real that indeed I still never saw a protected product. Moreover reading better their available documents and crossing that info w the web it seems like the protector for java cannot use the guard/checker method..
(¯`·._.·[¯¨´*·~-.¸¸,.-~*´¨ Ŝħůβ¬Ňïĝµŕřāŧħ ₪¯¨´*·~-.¸¸,.-~*´¨]·._.·´¯)
There are only 10 types of people in the world: Those who understand binary, and those who don't
http://www.accessroot.com
FrankRizzo
Posts: 359
Joined: Sat Nov 27, 2004 7:43 pm
Contact:

Post by FrankRizzo »

They're great at writing papers. What we heard from the customers that we took from them was that it required too much developer interaction, and things would break, and be difficult to pinpoint the causes. All the things that you DON'T want in a protection!
FrankRizzo
Posts: 359
Joined: Sat Nov 27, 2004 7:43 pm
Contact:

Post by FrankRizzo »

enjoylife2012 wrote:All the things that you DON'T want in a protection!
Yes! Especially one that you paid a million dollars for, and that's going on a billion plus dollar "defense department device".
User avatar
Maximus
Posts: 481
Joined: Mon Sep 19, 2005 3:09 am
Location: NDA

Post by Maximus »

FrankRizzo wrote:a million dollars for
WHAT???????????????????????????????

You mean that a shitty cloakware license/arxan license cost that much and it is breakable by any half-assed reverser with a basic knowledge of RCE+encryption?????

I thought it wouls cost say 50k$ to a company... a million?????????????????????????????????????????????

omg if this's true I wont be able to... o my god :D :D :D

ok, i need self-control :D

omg i cant please tell me youre kidding me :D

HAHAHA no I cant believe it...
OMG how will i be serious....
I want to know God's thoughts ...the rest are details.
(A. Einstein)
--------
..."a shellcode is a command you do at the linux shell"...
FrankRizzo
Posts: 359
Joined: Sat Nov 27, 2004 7:43 pm
Contact:

Post by FrankRizzo »

Maximus wrote:WHAT???????????????????????????????

You mean that a shitty cloakware license/arxan license cost that much and it is breakable by any half-assed reverser with a basic knowledge of RCE+encryption?????

I thought it wouls cost say 50k$ to a company... a million?????????????????????????????????????????????

omg if this's true I wont be able to... o my god :D :D :D

ok, i need self-control :D

omg i cant please tell me youre kidding me :D

HAHAHA no I cant believe it...
OMG how will i be serious....
Well, honestly, I've never seen their "industrial strength" version. BUT! I've heard the same complaints about it that you hear here about the watered down commercial version. The company that I worked for was stealing their lunch CONSTANTLY because our shit worked, unlike theirs.
Locked