-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Avi wrote: > Hi Dillon, > > Thanks for the swift reply. > > Regarding my code, I have a small utility that downloads an updated > database with information that I would like to encrypt. The method > I want to use if that the .exe would know how to decrypt the file > and display its data. > > I'm really a newbie rookie novice here and just starting to get > used to the idea of composing multiple transformations on top one > another. Hugo's example looks very appealing to me and your touch > of embedding the key into the executable seems like exactly what I > need. > > After spending many hours following your last post, I reached the > same dead end... memcpy crashes. Here's the detailed explanation: I > d/l the full dobrexor project, and since it didn't have a .dsp/.dsw > files set, I went and installed VS2005. Since it didn't also have > a .sln file, I realized the hard way that the .vcproj file is of > VS2008. Nevermind, I created a new Win32 Console App. under VS2005 > and since then, I spent many hours trying to make everything > work... I used the statis lib. version of cryptopp552, which does > not really work out-of-the-box are requires its own tweaks. It took > me a while to realize that dobrexor is set to wirk with cryptopp's > DLL version. I changed it to work with the static lib version, but > I got into more trouble when trying to use work with dobrexor's > menus. > > Trying to encrypt a file, it crashed with a null filename. After a > short while I found that dobrexor contains the following lines: > const char pub[1024]=""; const char pri[4096]=""; > > Evidently, these supposed to be the pub/priv file names. Added my > own filename (although I think that dobrexor should ask the user to > input the pub/priv filenames, at least if the filename strings are > empty). > > Now it all works, up to the point where I crash on the very same > memcpy line as stated above.......... > > I'm guessing you have a very well tweaked development environment, > but can you please verify and let me know if a clean copy of both > dobrexor and cryptopp552 compiles out-of-the-box (e.g. a clean > install on a VMWare or something)? > > Thanks, > > Avi. > > > On Feb 1, 2:24 pm, Dillon Beresford <[email protected]> > wrote: > > > Avi wrote: >>>> Hi Dillon, I'm new around here and new to the cryptography >>>> world. I'm using VC++ 6.0 SP5 on a WinXP SP2 machine (I have >>>> a legacy code base that I'd like to secure). I tried to >>>> follow your (and originally Hugo's) example, but I'm > having >>>> the same runtime error in both cases. I'm posting my problem >>>> here instead of in Hugo's thread in order to narrow the >>>> differences between our executables (since you embedded your >>>> keys into the source code). The code crashes in oaep.cpp, >>>> line 91: memcpy(output, M, maskedDB +dbLen-M); The 'output' >>>> value is 0 (NULL). I attached the call stack below. Any >>>> ideas? Avi. -- CryptoPP::OAEP_Base::Unpad(const unsigned char >>>> * 0x0032b7f1, > unsigned >>>> int 255, unsigned char * 0x00000000, const > CryptoPP::NameValuePairs & >>>> {...}) line 91 + 20 bytes >>>> > CryptoPP::TF_DecryptorBase::Decrypt(CryptoPP::RandomNumberGenerator > & >>>> {...}, const unsigned char * 0x0032bbd8, unsigned int 257, >>>> unsigned char * 0x00000000, const CryptoPP::NameValuePairs & >>>> {...}) line > 142 + >>>> 59 bytes CryptoPP::PK_DefaultDecryptionFilter::Put2(const >>>> unsigned char * 0x00000000, unsigned int 0, int -1, unsigned >>>> char 1) line 626 + 75 bytes >>>> CryptoPP::BufferedTransformation::MessageEnd(int -1, unsigned >>>> > char 1) >>>> line 763 + 78 bytes >>>> CryptoPP::SimpleProxyFilter::LastPut(const unsigned char * > 0x00000000, >>>> const unsigned char * 0x00000000) line 513 + 51 bytes >>>> CryptoPP::FilterWithBufferedInput::PutMaybeModifiable(unsigned >>>> > char * >>>> 0x00326d68, unsigned int 0, int -2, unsigned char 1, unsigned >>>> > char 0) >>>> line 410 CryptoPP::FilterWithBufferedInput::Put2(const >>>> unsigned char * 0x00326d68, unsigned int 0, int -2, unsigned >>>> char 1) line 156 CryptoPP::Filter::Output(int 2, const >>>> unsigned char * 0x00326d68, unsigned int 0, int -2, unsigned >>>> char 1, const >>>> > std::basic_string<char,std::char_traits<char>,std::allocator<char> > > & >>>> {0x00000000 ""}) line 115 + 44 bytes >>>> CryptoPP::BaseN_Decoder::Put2(const unsigned char * >>>> 0x00000000, unsigned int 0, int -1, unsigned char 1) line 163 >>>> + 42 bytes >>>> CryptoPP::BufferedTransformation::ChannelPut2(const >>>> > std::basic_string<char,std::char_traits<char>,std::allocator<char> > > & >>>> {0x00000000 ""}, const unsigned char * 0x00000000, unsigned >>>> int > 0, int >>>> -1, unsigned char 1) line 250 + 27 bytes >>>> CryptoPP::BufferedTransformation::ChannelMessageEnd(const >>>> > std::basic_string<char,std::char_traits<char>,std::allocator<char> > > & >>>> {0x00000000 ""}, int -1, unsigned char 1) line 938 + 63 bytes >>>> CryptoPP::BufferedTransformation::TransferMessagesTo2 >>>> (CryptoPP::BufferedTransformation & {...}, unsigned int & 0, >>>> const >>>> > std::basic_string<char,std::char_traits<char>,std::allocator<char> > > & >>>> {0x00000000 ""}, unsigned char 1) line 407 + 28 bytes >>>> CryptoPP::BufferedTransformation::TransferAllTo2 >>>> (CryptoPP::BufferedTransformation & {...}, const >>>> > std::basic_string<char,std::char_traits<char>,std::allocator<char> > > & >>>> {0x00000000 ""}, unsigned char 1) line 448 + 24 bytes >>>> CryptoPP::SourceTemplate<CryptoPP::StringStore>::PumpAll2(unsigned >>>> char 1) line 718 + 73 bytes CryptoPP::Source::PumpAll() line >>>> 689 + 47 bytes CryptoPP::Source::SourceInitialize(unsigned >>>> char 1, const CryptoPP::NameValuePairs & {...}) line 701 >>>> CryptoPP::StringSource::StringSource(const char * 0x0012fbd8, >>>> > unsigned >>>> char 1, CryptoPP::BufferedTransformation * 0x00326b10) line >>>> 737 > + 173 >>>> bytes stubClass::AES_CTR_Decrypt(const char * 0x0012ff48, >>>> const char * 0x0012ff30) line 128 + 364 bytes main() line 92 >>>> -- On Jan 23, 4:34 am, Dillon Beresford >>>> <[email protected]> wrote: >>>>> Hugo shared a class he coded up earlier this month which he >>>>> gave to > the group and while searching for information regarding an idea I > came up with about self decrypting stubs using Crypto++, which I > needed for my own project I found his thread. I was actually able > to code up a little function which I added to the class to load > keys using>> CryptoPP::ArraySource as opposed to LoadFile. For my > project I needed > > to be able to generate stubs on the fly which would handle all of > the decryption. I'm also currently writing up some code that will > actually add two extra layers of protection to both keys inside the > executable to avoid reverse code engineering from dumping keys in > memory We simply store our keys in the stub. > >>>>> If we add stub + *.enc file to SFX we can have our stub do >>>>> all the > work for us. :) > >>>>> I would suggest to anyone storing keys inside a binary to > compress the executable using something other than UPX or ASPack. > ;-) keys get gen all the time so it's best to use something with > tons of instructions for anti-debugging, strip TLS, exports, and > CRC protection and aPlib for compression. > >>>>> Dillon's code reading from CryptoPP::ArraySource as opposed >>>>> to > CryptoPP::FileSource > > > >>>>> void stubClass::LoadKey(const char *bufferPub, const char > *bufferPri) { >>>>> CryptoPP::ArraySource(bufferPub, true, new >>>>> CryptoPP::StringSink(pubString)); >>>>> CryptoPP::ArraySource(bufferPri, true, new >>>>> CryptoPP::StringSink(priString)); } Hugo's class using >>>>> CryptoPP::FileSource /* void stubClass::LoadKey(const char >>>>> *pubFilename, const char > *privFilename) { > >>>>> CryptoPP::FileSource (pubFilename, true, new >>>>> CryptoPP::StringSink(pubString)); CryptoPP::FileSource >>>>> (privFilename, true, new CryptoPP::StringSink(priString)); >>>>> } */ We can store our keys in bufferPub and bufferPri and >>>>> call this from > the main() in our stub. > > > >>>>> const char bufferPri[]="308..." const char >>>>> bufferPub[]="308..." int main() { char EFile[]="dob.enc"; >>>>> char DFile[]="dec.exe"; stubClass stubDecrypt; // grab our >>>>> keys from memory. stubDecrypt.LoadKey(bufferPub,bufferPri); >>>>> // decrypt our file stubDecrypt.AES_CTR_Decrypt(EFile, >>>>> DFile); return 0; } thanks Hugo! linked back to the >>>>> original thread where Hugo posted his class. >>>>> > http://groups.google.com/group/cryptopp-users/browse_thread/thread/48... > >>>>> regards, Dillon Beresford stub.cpp 4KViewDownload >>>>> stubClass.cpp 3KViewDownload stubClass.h < 1KViewDownload > Avi - It looks like it's the first argument in memcpy(), if it's > output is NULL then you get the error. Are you planning on > decrypting from a stub or just need the decryption and encryption > to read from key files? If you take a look at the svn Hugo and I > maintain for our project you might get a better working example of > how the Class is implemented. You can download the project here and > use dobclass. > > http://code.google.com/p/komodopgmp/source/browse/trunk/windows/dev/d...http://code.google.com/p/komodopgmp/source/browse/trunk/windows/dev/d... > > > Download the entire project if you like. It's the full > implementation of the class you want. > > http://komodopgmp.googlecode.com/files/dobrexor-beta-build-win-curren... > > > // file.read(Key,512); <-- > > Let me know how your LoadKeys is working. Are you planning on > securing this legacy code from one application or working with a > self decrypting archive? > > Regards, > > Dillon Beresford Komodo PGMP > projecthttp://code.google.com/p/komodopgmp/ >> pgpkeys.asc 2KViewDownload > Avi,
> Thanks for the swift reply. No problem! We will get you going. > Regarding my code, I have a small utility that downloads an updated > database with information that I would like to encrypt. The method > I want to use if that the .exe would know how to decrypt the file > and display its data. Downloads the updated database information that you would to encrypt. Is this function for downloading the information also a part of the program that encrypts and decrypts the data? Reason I ask is because I want to know what your doing to clean up memory after download has been completed, provided the download function is a part of this. > I'm really a newbie rookie novice here and just starting to get > used to the idea of composing multiple transformations on top one > another. Hugo's example looks very appealing to me and your touch > of embedding the key into the executable seems like exactly what I > need. If you like that wait until you see the finished product. > After spending many hours following your last post, I reached the > same dead end... memcpy crashes. > Here's the detailed explanation: I d/l the full dobrexor project, > and since it didn't have a .dsp/.dsw files set, I went and > installed VS2005. > Since it didn't also have a .sln file, I realized the hard way that > the .vcproj file is of VS2008. I will do something just for you this evening after the Super Bowl. :) I've got Visual Studio 6/2003/2005, I will create some projects and send you the link to download the Visual Studio 6 project. > Nevermind, I created a new Win32 Console App. under VS2005 and > since then, I spent many hours trying to make everything work... > I used the statis lib. version of cryptopp552, which does not > really work out-of-the-box are requires its own tweaks. The lib works fine I've never had any issues with the cryptlibs, I have to ask, did you link the cryptlib(d) debug with your debug build and the cryptlib.lib with the release build? > It took me a while to realize that dobrexor is set to wirk with > cryptopp's DLL version. Komodo PGMP is only dependent on cryptopp.dll. Everything in dobrexor is static. There is nothing really special about the build configurations for dobrexor. However, Komodo PGMP is special due to the /CLR and Unicode which was why I went with dll for Komodo. > Trying to encrypt a file, it crashed with a null filename. After a > short while I found that dobrexor contains the following. Yeah, it's still a work in progress and we need make some changes. > Evidently, these supposed to be the pub/priv file names. Added my > own filename (although I think that dobrexor should ask the user to > input the pub/priv filenames, at least if the filename strings Yeah, I'll find a place for this, and add an option for the user to std::cin names for the keys. > I'm guessing you have a very well tweaked development environment, > but can you please verify and let me know if a clean copy of both > dobrexor and cryptopp552 compiles out-of-the-box (e.g. a clean > install on a VMWare or something)? Nope not really I just followed Wei's instructions for building, for instance the LINUX build was developed using the g++ and NetBeans IDE with C++ plugin. The Win32 was compiled with VS 2008. Can you take a screen shot of your debug and release configuration in VS 2005 and send me a link to view the Includes and Library path. I would also like to see what's under General. What is the size of the data your decrypting? And finally the keys are both the public and private keys stored inside the exe? Check and double check those cryptlib builds. I know this sounds crazy but when I was implementing my wrapper/proxy for the unmanaged code I had to go back several times and double check various switches to get my libs just right! If you are doing all of this from win32 console, Crypto++ libs worked nicely for me. Never had any issues but then again ah did you rebuild those libs when you moved the code over to Visual Studio 2005? Don't forget to rebuild cryptlib and cryptlibd. Look forward to your response. I think we can now this out tonight. Dillon -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJhhbtRnxC5lZRuuERAuD8AKC2x5GXzJ18pr1H0RoX0ndcYYTLqwCfcSHr 08+94yps66QbWxM1JQ2gWQc= =dbQy -----END PGP SIGNATURE----- --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com. -~----------~----~----~----~------~----~------~--~---
