Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   Identifying licenses / users from packed executables (https://forum.exetools.com/showthread.php?t=15438)

Notmex 12-05-2013 16:07
Identifying licenses / users from packed executables
 
Does maybe someone know if it is possible for protector vendors (like vmprotect) to identify the user that protected an executable? by watermarks or license hints that are implemented in the protected application?

evlncrn8 12-05-2013 18:19
yes if they have designed such things in their products, its entirely possible

giv 12-05-2013 19:10
Yes.
A simple hash in the protected executable code could identify the user who own the legitimate product that protected the file.
Many vendors do that.
That is why some antivirus software alarm when a file is suposed to be protected with a legitimate protector.
The AV company have the watermarks for the real products and they don't recognise the cracked/patched etc. products.

Notmex 12-05-2013 19:43
Thats what I heard in the past.. Leaked versions get detected by AVs. So I guess they submitted a method to identify a packed/protected executable and even allow access to something like a hash or so to identify a leaked/cracked version to AV companies. So it wont be good to use a leggit purchased protector to protect something evil as it prolly can be tracked back and even released/leaked versions are more evil since the AVs are able to filter them out before execution.

giv 12-05-2013 21:10
Is not good thing at all to do some evil stuff.
:)

Conquest 12-06-2013 16:45
Quote:
Originally Posted by Notmex (Post 88521)
Thats what I heard in the past.. Leaked versions get detected by AVs. So I guess they submitted a method to identify a packed/protected executable and even allow access to something like a hash or so to identify a leaked/cracked version to AV companies. So it wont be good to use a leggit purchased protector to protect something evil as it prolly can be tracked back and even released/leaked versions are more evil since the AVs are able to filter them out before execution.
sometime AVs block virtualized protected apps just because they dont accompany a valid signature/certificate. but recently this trend has come to a stop . now a days most AVs just flag something illegal if they find out certain protector watermarks which are part of publicly compromised distributions. kaspersky and mcafee used to flag any vmp app which isnt digitally signed or has been tempered. I dont know if they still do so(i just comodo firewall nothing else since i am fed up with antiviruses triggering out now and then).
More or less if you are thinking about doing something malicious , dont rely on protectors . those days are gone.
rather learn something new by making ur own obfuscator.

atomix 12-07-2013 03:32
Yes, it is possible to watermark an app or the result of using an app (packed exe, image file, audio/video) using a hash or a user-specific string. Watch out if you suspect something. I've seen this before, and fortunately I could compare my licensed copy with another one and found the culprit hash used. :)


All times are GMT +8. The time now is 18:02.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX