Problem with decompilers & passwords
Results 1 to 8 of 8

Thread: Problem with decompilers & passwords

  1. #1
    Senior Member
    Join Date
    Nov 2001
    Posts
    472

    Problem with decompilers & passwords

    I have made an app in Visual Basic that use cryptation to hide database passwords from the user. The encrypted password his hidden in a settings-file, and I use a well-known encryption algorithm. In the code that logs on to the database, I fetch the encrypted password from file and decrypt it using a key. The key is stored inside a string variable.

    Now, if anyone can decompile the program they can access my database. That's BAD! What can be done with this problem? Are there decompilers that can decompile VB6? And how about anti-decompilers?

    Does anyone know about decompilers that actually work? (Perhaps direct me with a link).
    I've found there's easier to find anti-decompilers, so I'll look into that. But I would need a decompiler to see if my anti-decompiler actually works.
    ---
    proactive

  2. #2
    Senior Member
    Join Date
    Oct 2001
    Posts
    677
    You can use protective mechanisms on your compiled app. For example, some things encrypt or compress the app so that even if decompiled it will not make any sense. These kind of things decrypt or decompress on-the-fly as the app. runs, which still means that someone with a good debugger (e.g. SoftICE) can get the string if they know when and where to look whilst the program is running.

    Debuggers are infinitely more useful than decompilers... Generally, decompilers leave you with a bunch of ASM code rather than the language the program was made in... Debuggers also give you ASM, but they do so whilst the program is active, so you can see what it's doing... try poking round your app with a debugger, and see if it throws up the key string at any point.
    One Ring to rule them all, One Ring to find them.
    One Ring to bring them all and in the darkness bind them.
    (The Lord Of The Rings)
    http://www.bytekill.net

  3. #3
    Senior Member
    Join Date
    Nov 2001
    Posts
    472
    Ok, that's a good advice. I'll check it out! Thanks!
    ---
    proactive

  4. #4
    Senior Member
    Join Date
    Nov 2001
    Posts
    472
    Hmmmm... That didn't work. Seems the SoftICE debugger can only handle C(++) code. The VB debugger comes up with the password alright, but I'm still not convinced. Think I gotta look for some kind of deconstructor or a hex-editor or something. Man, I hate this low level ****!

    If anyone got hints, please let me know!
    ---
    proactive

  5. #5
    The Iceman Cometh
    Join Date
    Aug 2001
    Posts
    1,209
    I know that decompilers for VB do exist, though it's been a while since I've heard anything about them. I do know there are some which are specifically designed for VB.NET, but I'm assuming you're not using that? If you're using VB 6, you'll just have to search online to see if you can find anything. A quick Google, I found a lot of links for VB 3 and below, but not too much for 5 or 6. I did find this: http://www.tek-tips.com/gfaqs.cfm/le...d/222/sfid/939 which may be useful... Good luck.

    AJ

  6. #6
    Senior Member
    Join Date
    Nov 2001
    Posts
    472
    Finally I found the right tool for the job, a disassembler. I suppose that's what them guys use who crack games etc. The password's there, in clear-text, and so are all my sql-calls and other strings.

    I guess it's time to sit back and find out how to patch this up!
    ---
    proactive

  7. #7
    Senior Member
    Join Date
    Oct 2001
    Posts
    677
    SoftICE can debug anything, not just C++!
    One Ring to rule them all, One Ring to find them.
    One Ring to bring them all and in the darkness bind them.
    (The Lord Of The Rings)
    http://www.bytekill.net

  8. #8
    Antionline Quitter..Srsly
    Join Date
    Aug 2001
    Posts
    457
    yea personally i use Hackman...it is awesome it has a dissassembler a hexeditor and many other things...u should probably do a google search for it....it is one of the most complete pieces of software for that type of stuff...good luck ...oh btw hackman also has a tool that encrypts things, in Skip Jack(official NSA encryption algorythm) DES and some others...u really should check it out
    \"\"A weak mind is like a microscope, which magnifies trifling things but cannot receive great ones.\" G.K. Chesterton, 19th-century English essayist and poet\"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •