Information générale
Catégorie:
Produits tierce partie
Level II branding changes a few bits that control the pseudo random number generator that drives VFP's obfuscation scheme (XOR with a pseudo-random byte stream). You should be able to see the changed parameters if you diff a branded runtime DLL against an unbranded one.
Thus, to decompile such an APP a cracker would need the branded runtime DLL in order to extract the modified PRNG parameters. OTOH the total entropy is about 40 bits or less, so brute-forcing the parameters takes less than a minute on a P3 class machine. May be less hassle than trying to locate both the branded runtime and a matching unbranded version, and then to find out where exactly the parameters are stored in that version of the runtime.
Précédent
Répondre
Voir le fil de ce thread
Voir le fil de ce thread à partir de ce message seulement
Voir tous les messages de ce thread
Voir tous les messages de ce thread à partir de ce message seulement