News:

Masm32 SDK description, downloads and other helpful links
Message to All Guests
NB: Posting URL's See here: Posted URL Change

Main Menu

Watermark

Started by Magnum, January 16, 2013, 08:57:08 AM

Previous topic - Next topic

Magnum

I have been messing around with putting a watermark in the .exe.

A non text one using some of the extended ascii charcters. For example, Alt 240 that makes the 3 horizontal lines on top of each other.

As far as putting it in the code section and jumping over it, are there other ways where it's not some obvious ?

Or I guess you could put in a very rarely used code sequence that does nothing.


Take care,
                   Andy

Ubuntu-mate-18.04-desktop-amd64

http://www.goodnewsnetwork.org

CommonTater

Quote from: Magnum on January 16, 2013, 08:57:08 AM
I have been messing around with putting a watermark in the .exe.

A non text one using some of the extended ascii charcters. For example, Alt 240 that makes the 3 horizontal lines on top of each other.

As far as putting it in the code section and jumping over it, are there other ways where it's not some obvious ?

Or I guess you could put in a very rarely used code sequence that does nothing.

You could put it in the Resourses as an RCDATA file...

Or if you wanted to be really tricky ... checksum the exe's icon and use that as your watermark.

qWord

A specific sequence of superfluous prefixes and/or using different encodings for the same operation may be not that conspicuous.
MREAL macros - when you need floating point arithmetic while assembling!

Magnum

CommonTater,

Are you talking about some "anti-change" code?

I have some checksum code for the whole .exe, but not for individual components.

What is involved in writing that code ?

I am accruing a collection of that kind of code for curiosity.

It's pretty funny running into code you have written or had help from others spread all around theworld iother languages. Sometimes the code has "lost parts" during it's transmission and a poster is asking for help in getting it to work.  :icon14:

In 16 bit code, I messed around with direct video writes that wrote out text one letter at a time
Take care,
                   Andy

Ubuntu-mate-18.04-desktop-amd64

http://www.goodnewsnetwork.org

CommonTater

Quote from: Magnum on January 16, 2013, 12:53:28 PM
CommonTater,

Are you talking about some "anti-change" code?

It could be used that way, I suppose...
But I was thinking more like a "recognition code".
It's an old Sharware trick to develope a registration code from file contents.


It's pretty simple really ... exe files store static resources, you can access them through WinAPI calls... just pick something and make a hash or checksum as your program's signature.  Icons are prime pickings because they tend to be unique for each EXE. 

Check out the .... FindResource() and LockResource() functions on msdn.

Store the checksum as RCDATA (again in the resources)... and you have a signature that you can recreate by re-scanning the Icon (or whatever).


jj2007

Quote from: qWord on January 16, 2013, 10:39:44 AM
A specific sequence of superfluous prefixes and/or using different encodings for the same operation may be not that conspicuous.

Yep, that is pretty easy and difficult to find if you bury it deep enough. It is mostly a question of how much time a cracker wants to invest in debugging the exe...

If I had a valuable software (I don't, and it strikes me that the question of obfuscating and securing pops up so frequently here - does anybody here have anything that is worth the effort???), then I would do the following:
- check if the fingerprint is OK (not the same as watermarking)
- if not, put somewhere a comparison between the install date and system time (or some other magic difference)
- set a flag if the difference is too high
- pop up later in an unrelated place and tell the user "you forgot to register"

Now the fingerprint is the tricky part:
- user downloaded a legal copy and left his email address, so that his downloaded exe could be individually configured
- user has to contact you via email or website to get a magic dword
- in his exe, in the code or data section, there is an individually crafted 512 bytes section with random data
- one of the dwords, at a location determined by another (fixed position) dword contains the xor'ed register dword
- if that dword doesn't match, it triggers some nasty behaviour
- and of course, the check takes place deeply buried in the edit control's subclass procedure, and only if the user types "Microsoft".

But again, that only makes sense if you have to offer something as valuable as PaintShop Pro ;)

dedndave

put a legal warning in there, that if they are caught, they will be presecuted to the fullest extent of the law
if they want to crack it, there really is no stopping them
so - scare them - and make them feel guilty
tell them that you and your 20 children will starve
the wife left you, so she won't be hurt
but, your dog will run away if they use your program illegally   :biggrin:

sounds country and western, to me

jj2007

Quote from: dedndave on January 16, 2013, 06:50:19 PM
if they are caught, they will be presecuted to the fullest extent of the law

The LAW? Dave, you are dreaming :eusa_naughty:
"This software is copyrighted by COSA NOSTRATM, in cooperation with our valued Chinese and Russian partners"

ragdog

Quote"This software is copyrighted by COSA NOSTRATM, in cooperation with our valued Chinese and Russian partners"

:biggrin:

Magnum

Quote from: jj2007 on January 16, 2013, 06:35:12 PM
Quote from: qWord on January 16, 2013, 10:39:44 AM
A specific sequence of superfluous prefixes and/or using different encodings for the same operation may be not that conspicuous.

Yep, that is pretty easy and difficult to find if you bury it deep enough. It is mostly a question of how much time a cracker wants to invest in debugging the exe...

If I had a valuable software (I don't, and it strikes me that the question of obfuscating and securing pops up so frequently here - does anybody here have anything that is worth the effort???), then I would do the following:
- check if the fingerprint is OK (not the same as watermarking)
- if not, put somewhere a comparison between the install date and system time (or some other magic difference)
- set a flag if the difference is too high
- pop up later in an unrelated place and tell the user "you forgot to register"

Now the fingerprint is the tricky part:
- user downloaded a legal copy and left his email address, so that his downloaded exe could be individually configured
- user has to contact you via email or website to get a magic dword
- in his exe, in the code or data section, there is an individually crafted 512 bytes section with random data
- one of the dwords, at a location determined by another (fixed position) dword contains the xor'ed register dword
- if that dword doesn't match, it triggers some nasty behaviour
- and of course, the check takes place deeply buried in the edit control's subclass procedure, and only if the user types "Microsoft".

But again, that only makes sense if you have to offer something as valuable as PaintShop Pro ;)

For me, it's not a matter of value, but of curiosity.

I spent paper route money, money selling used golf balls, and deposit money from collected soda bottles
on things as candy, magazines, hatchets, and microscopes and chemistry sets.

I think boredom is often another mother of invention too.

Andy

(Copywrong) SiegeWorks 2013 One interesting trick is the self deletion of an .exe (SDE) followed by the creation of a modified file/compressed item of the same name. :-)

I am not sure that the code would work post XP, I do have a Win 7 machine available for testing.

I think some software writers are guilty of doing some heavy register thrashing. I uninstalled one app that had 14,000 plus entries to delete.





Take care,
                   Andy

Ubuntu-mate-18.04-desktop-amd64

http://www.goodnewsnetwork.org