Author Topic: Watermark  (Read 6871 times)

Magnum

  • Member
  • *****
  • Posts: 2367
Watermark
« on: January 16, 2013, 08:57:08 AM »
I have been messing around with putting a watermark in the .exe.

A non text one using some of the extended ascii charcters. For example, Alt 240 that makes the 3 horizontal lines on top of each other.

As far as putting it in the code section and jumping over it, are there other ways where it's not some obvious ?

Or I guess you could put in a very rarely used code sequence that does nothing.


Take care,
                   Andy

Ubuntu-mate-18.04-desktop-amd64

http://www.goodnewsnetwork.org

CommonTater

  • Guest
Re: Watermark
« Reply #1 on: January 16, 2013, 10:05:51 AM »
I have been messing around with putting a watermark in the .exe.

A non text one using some of the extended ascii charcters. For example, Alt 240 that makes the 3 horizontal lines on top of each other.

As far as putting it in the code section and jumping over it, are there other ways where it's not some obvious ?

Or I guess you could put in a very rarely used code sequence that does nothing.

You could put it in the Resourses as an RCDATA file...

Or if you wanted to be really tricky ... checksum the exe's icon and use that as your watermark.

qWord

  • Member
  • *****
  • Posts: 1475
  • The base type of a type is the type itself
    • SmplMath macros
Re: Watermark
« Reply #2 on: January 16, 2013, 10:39:44 AM »
A specific sequence of superfluous prefixes and/or using different encodings for the same operation may be not that conspicuous.
MREAL macros - when you need floating point arithmetic while assembling!

Magnum

  • Member
  • *****
  • Posts: 2367
Re: Watermark
« Reply #3 on: January 16, 2013, 12:53:28 PM »
CommonTater,

Are you talking about some "anti-change" code?

I have some checksum code for the whole .exe, but not for individual components.

What is involved in writing that code ?

I am accruing a collection of that kind of code for curiosity.

It's pretty funny running into code you have written or had help from others spread all around theworld iother languages. Sometimes the code has "lost parts" during it's transmission and a poster is asking for help in getting it to work.  :icon14:

In 16 bit code, I messed around with direct video writes that wrote out text one letter at a time
Take care,
                   Andy

Ubuntu-mate-18.04-desktop-amd64

http://www.goodnewsnetwork.org

CommonTater

  • Guest
Re: Watermark
« Reply #4 on: January 16, 2013, 03:20:52 PM »
CommonTater,

Are you talking about some "anti-change" code?

It could be used that way, I suppose...
But I was thinking more like a "recognition code".
It's an old Sharware trick to develope a registration code from file contents.


It's pretty simple really ... exe files store static resources, you can access them through WinAPI calls... just pick something and make a hash or checksum as your program's signature.  Icons are prime pickings because they tend to be unique for each EXE. 

Check out the .... FindResource() and LockResource() functions on msdn.

Store the checksum as RCDATA (again in the resources)... and you have a signature that you can recreate by re-scanning the Icon (or whatever).


jj2007

  • Member
  • *****
  • Posts: 13030
  • Assembler is fun ;-)
    • MasmBasic
Re: Watermark
« Reply #5 on: January 16, 2013, 06:35:12 PM »
A specific sequence of superfluous prefixes and/or using different encodings for the same operation may be not that conspicuous.

Yep, that is pretty easy and difficult to find if you bury it deep enough. It is mostly a question of how much time a cracker wants to invest in debugging the exe...

If I had a valuable software (I don't, and it strikes me that the question of obfuscating and securing pops up so frequently here - does anybody here have anything that is worth the effort???), then I would do the following:
- check if the fingerprint is OK (not the same as watermarking)
- if not, put somewhere a comparison between the install date and system time (or some other magic difference)
- set a flag if the difference is too high
- pop up later in an unrelated place and tell the user "you forgot to register"

Now the fingerprint is the tricky part:
- user downloaded a legal copy and left his email address, so that his downloaded exe could be individually configured
- user has to contact you via email or website to get a magic dword
- in his exe, in the code or data section, there is an individually crafted 512 bytes section with random data
- one of the dwords, at a location determined by another (fixed position) dword contains the xor'ed register dword
- if that dword doesn't match, it triggers some nasty behaviour
- and of course, the check takes place deeply buried in the edit control's subclass procedure, and only if the user types "Microsoft".

But again, that only makes sense if you have to offer something as valuable as PaintShop Pro ;)

dedndave

  • Member
  • *****
  • Posts: 8828
  • Still using Abacus 2.0
    • DednDave
Re: Watermark
« Reply #6 on: January 16, 2013, 06:50:19 PM »
put a legal warning in there, that if they are caught, they will be presecuted to the fullest extent of the law
if they want to crack it, there really is no stopping them
so - scare them - and make them feel guilty
tell them that you and your 20 children will starve
the wife left you, so she won't be hurt
but, your dog will run away if they use your program illegally   :biggrin:

sounds country and western, to me

jj2007

  • Member
  • *****
  • Posts: 13030
  • Assembler is fun ;-)
    • MasmBasic
Re: Watermark
« Reply #7 on: January 16, 2013, 06:55:48 PM »
if they are caught, they will be presecuted to the fullest extent of the law

The LAW? Dave, you are dreaming :eusa_naughty:
"This software is copyrighted by COSA NOSTRATM, in cooperation with our valued Chinese and Russian partners"

ragdog

  • Member
  • ****
  • Posts: 609
Re: Watermark
« Reply #8 on: January 16, 2013, 08:32:13 PM »
Quote
"This software is copyrighted by COSA NOSTRATM, in cooperation with our valued Chinese and Russian partners"

 :biggrin:

Magnum

  • Member
  • *****
  • Posts: 2367
Re: Watermark
« Reply #9 on: January 17, 2013, 12:38:47 AM »
A specific sequence of superfluous prefixes and/or using different encodings for the same operation may be not that conspicuous.

Yep, that is pretty easy and difficult to find if you bury it deep enough. It is mostly a question of how much time a cracker wants to invest in debugging the exe...

If I had a valuable software (I don't, and it strikes me that the question of obfuscating and securing pops up so frequently here - does anybody here have anything that is worth the effort???), then I would do the following:
- check if the fingerprint is OK (not the same as watermarking)
- if not, put somewhere a comparison between the install date and system time (or some other magic difference)
- set a flag if the difference is too high
- pop up later in an unrelated place and tell the user "you forgot to register"

Now the fingerprint is the tricky part:
- user downloaded a legal copy and left his email address, so that his downloaded exe could be individually configured
- user has to contact you via email or website to get a magic dword
- in his exe, in the code or data section, there is an individually crafted 512 bytes section with random data
- one of the dwords, at a location determined by another (fixed position) dword contains the xor'ed register dword
- if that dword doesn't match, it triggers some nasty behaviour
- and of course, the check takes place deeply buried in the edit control's subclass procedure, and only if the user types "Microsoft".

But again, that only makes sense if you have to offer something as valuable as PaintShop Pro ;)

For me, it's not a matter of value, but of curiosity.

I spent paper route money, money selling used golf balls, and deposit money from collected soda bottles
on things as candy, magazines, hatchets, and microscopes and chemistry sets.

I think boredom is often another mother of invention too.

Andy

(Copywrong) SiegeWorks 2013 One interesting trick is the self deletion of an .exe (SDE) followed by the creation of a modified file/compressed item of the same name. :-)

I am not sure that the code would work post XP, I do have a Win 7 machine available for testing.

I think some software writers are guilty of doing some heavy register thrashing. I uninstalled one app that had 14,000 plus entries to delete.





Take care,
                   Andy

Ubuntu-mate-18.04-desktop-amd64

http://www.goodnewsnetwork.org