The Official Status Thread
-
@Tsaukpaetra That's a bit less than I had in mind.
I'll give you a FREE sample (no registration needed!), though:
// Loader var f = Properties.Resources.MySecretPonies; var g = SuperSecureDecrypt(f); var x = AppDomain.CurrentDomain.Load(g); x.EntryPoint.Invoke(null); // Payload AppDomain.CurrentDomain.AssemblyResolve += AsmResolver; static Assembly AsmResolver(object sender, ResolveEventArgs args) { var f = Properties.Resources.ResourceManager.GetObject(args.Name); var g = SuperSecureDecrypt((byte[])f); return Assembly.Load(g); }
I investigated something along these lines for similarly misguided and fruitless purposes of "shekoowing" parts of our public toolset without paying anyone (well, at least I was). Thankfully, the idea was dropped soon after. Unfortunately, in favor of a horrible web-app.
IOW, good luck with convincing them it can't be done.
"You're a programmer, figure it out, think not just outside the box, be on the edge of the box!" <- actual quote from
-
@Applied-Mediocrity said in The Official Status Thread:
Unfortunately, in favor of a horrible web-app.
You're not going to like what I'm going to say next...
@Applied-Mediocrity said in The Official Status Thread:
IOW, good luck with convincing them it can't be done.
"You're a programmer, figure it out, think not just outside the box, be on the edge of the box!" <- actual quote fromWe'll see. My response:
Misdirecting and shoving the problem along to someone else.
Though, the apparent plan is to use Unity's web-gl builder, it just isn't anywhere close to being done yet, and the idea is to encrypt a portable package with a password that has demo data baked in.
-
@Tsaukpaetra said in The Official Status Thread:
@Applied-Mediocrity said in The Official Status Thread:
Unfortunately, in favor of a horrible web-app.
You're not going to like what I'm going to say next...
Try me. I've seen the depths of the eighth circle of hell, the roar of the server, the reeking odor of a thousand rotting PHP pages...
-
@Applied-Mediocrity said in The Official Status Thread:
@Tsaukpaetra said in The Official Status Thread:
@Applied-Mediocrity said in The Official Status Thread:
Unfortunately, in favor of a horrible web-app.
You're not going to like what I'm going to say next...
Try me. I've seen the depths of the eight circle of hell, the roar of the server, the reeking odor of a thousand rotting PHP pages...
I meant that it's only a stopgap before being done as a web app.
-
@Tsaukpaetra said in The Official Status Thread:
@acrow said in The Official Status Thread:
@Tsaukpaetra Timing issues? I usually implement deferred debug printing the first thing on new projects just because of that.
Thing is, it shouldn't be a timing issue. One thing is executed after another.
But, apparently, not, if there are no debug prints to prove it.
I'm assuming some kind of optimization that has decided it's always okay to do X out of order or skip doing X. That's the only thing I can think of why this is happening...
Or if c++, adding an instruction pushes the memory layout around so a memory leak becomes harmless.
-
@Carnage said in The Official Status Thread:
@Tsaukpaetra said in The Official Status Thread:
@acrow said in The Official Status Thread:
@Tsaukpaetra Timing issues? I usually implement deferred debug printing the first thing on new projects just because of that.
Thing is, it shouldn't be a timing issue. One thing is executed after another.
But, apparently, not, if there are no debug prints to prove it.
I'm assuming some kind of optimization that has decided it's always okay to do X out of order or skip doing X. That's the only thing I can think of why this is happening...
Or if c++, adding an instruction pushes the memory layout around so a memory leak becomes harmless.
I understand these words individually, however I'm difficulty parsing the comprehension.
-
@Tsaukpaetra said in The Official Status Thread:
Status: Being asked if we have "a quick and easy way" to encrypt and package (and I assume virtualize) a Windows program, with a self-destruction capability. Oh, and it needs to be password protected too.
None of that is quick or easy.
Well, stuffing a directory full of shit (that may include an exe file) into an encrypted archive is relatively simple, pending destination compatibility, but it sounds like they want it to not be stored at any time decrypted, so whatever container is used needs to decrypt on-the-fly to RAM and nowhere else while running.
Sounds like you're making malware. At least that's the only scenario I can think of where these requirements make sense.
Also, I hope you told them that will be security by obscurity (which doesn't necessarily mean it's not mostly effective).
-
@topspin said in The Official Status Thread:
@Tsaukpaetra said in The Official Status Thread:
Status: Being asked if we have "a quick and easy way" to encrypt and package (and I assume virtualize) a Windows program, with a self-destruction capability. Oh, and it needs to be password protected too.
None of that is quick or easy.
Well, stuffing a directory full of shit (that may include an exe file) into an encrypted archive is relatively simple, pending destination compatibility, but it sounds like they want it to not be stored at any time decrypted, so whatever container is used needs to decrypt on-the-fly to RAM and nowhere else while running.
Sounds like you're making malware. At least that's the only scenario I can think of where these requirements make sense.
Also, I hope you told them that will be security by obscurity (which doesn't necessarily mean it's not mostly effective).I have. We've basically tabled it last time it came up.
-
@topspin said in The Official Status Thread:
Sounds like you're making malware.
Worse. He's using Unity
-
@Applied-Mediocrity said in The Official Status Thread:
@topspin said in The Official Status Thread:
Sounds like you're making malware.
Worse. He's using Unity
I can't argue that.
-
@mott555 said in The Official Status Thread:
rice down their kitchen sink
Hmm, apparently that takes rodding, really hot water, or strong acid to shift. Yuck. Seek compensation from the building management (who can chase the idiots upstairs).
-
@Tsaukpaetra said in The Official Status Thread:
Being asked if we have "a quick and easy way" to encrypt and package (and I assume virtualize) a Windows program, with a self-destruction capability. Oh, and it needs to be password protected too.
None of that is quick or easy.You're using the wrong programming language. Some of them have runtimes that make this straightforward (as long as you're talking about trivial encryption and not something that'll keep out the determined). The only difficult bit is any dependent DLLs you need; you're strongly advised to use a static build for those if you can. The hardest bit is the self-destruction capability, and then only because Windows locks the executable so you need a little subprocess shuffle to get things to go away.
Much harder is dealing with consequences from antivirus products fuckery.
-
@Tsaukpaetra said in The Official Status Thread:
@Carnage said in The Official Status Thread:
@Tsaukpaetra said in The Official Status Thread:
@acrow said in The Official Status Thread:
@Tsaukpaetra Timing issues? I usually implement deferred debug printing the first thing on new projects just because of that.
Thing is, it shouldn't be a timing issue. One thing is executed after another.
But, apparently, not, if there are no debug prints to prove it.
I'm assuming some kind of optimization that has decided it's always okay to do X out of order or skip doing X. That's the only thing I can think of why this is happening...
Or if c++, adding an instruction pushes the memory layout around so a memory leak becomes harmless.
I understand these words individually, however I'm difficulty parsing the comprehension.
I think he means that you've got a dangling pointer that gets nudged by the debug print. ...Or whatever it points to gets nudged. ...You get the point.
-
@dkf This piqued my interest, so I googled a bit. The first examples I found on google were for C++, funnily enough. But true, I wouldn't call a process easy, when the explanation (for the DLL example) starts with an overview of the binary structure of a DLL file:
-
@acrow said in The Official Status Thread:
@Tsaukpaetra said in The Official Status Thread:
@Carnage said in The Official Status Thread:
@Tsaukpaetra said in The Official Status Thread:
@acrow said in The Official Status Thread:
@Tsaukpaetra Timing issues? I usually implement deferred debug printing the first thing on new projects just because of that.
Thing is, it shouldn't be a timing issue. One thing is executed after another.
But, apparently, not, if there are no debug prints to prove it.
I'm assuming some kind of optimization that has decided it's always okay to do X out of order or skip doing X. That's the only thing I can think of why this is happening...
Or if c++, adding an instruction pushes the memory layout around so a memory leak becomes harmless.
I understand these words individually, however I'm difficulty parsing the comprehension.
I think he means that you've got a dangling pointer that gets nudged by the debug print. ...Or whatever it points to gets nudged. ...You get the point.
Maybe. Does reading memory usually "nudge" other memory?
Well, whatever. It's a few extra log lines that happen at the very beginning of the program, if it works well enough I'll not question it beyond adding a dragons note...
-
@Tsaukpaetra said in The Official Status Thread:
@acrow said in The Official Status Thread:
@Tsaukpaetra said in The Official Status Thread:
@Carnage said in The Official Status Thread:
@Tsaukpaetra said in The Official Status Thread:
@acrow said in The Official Status Thread:
@Tsaukpaetra Timing issues? I usually implement deferred debug printing the first thing on new projects just because of that.
Thing is, it shouldn't be a timing issue. One thing is executed after another.
But, apparently, not, if there are no debug prints to prove it.
I'm assuming some kind of optimization that has decided it's always okay to do X out of order or skip doing X. That's the only thing I can think of why this is happening...
Or if c++, adding an instruction pushes the memory layout around so a memory leak becomes harmless.
I understand these words individually, however I'm difficulty parsing the comprehension.
I think he means that you've got a dangling pointer that gets nudged by the debug print. ...Or whatever it points to gets nudged. ...You get the point.
Maybe. Does reading memory usually "nudge" other memory?
Well, whatever. It's a few extra
log lineswords in stack, function calls, and possibly a library initialization that happen at the very beginning of the program, if it works well enough I'll not question it beyond adding a dragons note...FTFY
-
@acrow said in The Official Status Thread:
@Tsaukpaetra said in The Official Status Thread:
@acrow said in The Official Status Thread:
@Tsaukpaetra said in The Official Status Thread:
@Carnage said in The Official Status Thread:
@Tsaukpaetra said in The Official Status Thread:
@acrow said in The Official Status Thread:
@Tsaukpaetra Timing issues? I usually implement deferred debug printing the first thing on new projects just because of that.
Thing is, it shouldn't be a timing issue. One thing is executed after another.
But, apparently, not, if there are no debug prints to prove it.
I'm assuming some kind of optimization that has decided it's always okay to do X out of order or skip doing X. That's the only thing I can think of why this is happening...
Or if c++, adding an instruction pushes the memory layout around so a memory leak becomes harmless.
I understand these words individually, however I'm difficulty parsing the comprehension.
I think he means that you've got a dangling pointer that gets nudged by the debug print. ...Or whatever it points to gets nudged. ...You get the point.
Maybe. Does reading memory usually "nudge" other memory?
Well, whatever. It's a few extra
log lineswords in stack, function calls, and possibly a library initialization that happen at the very beginning of the program, if it works well enough I'll not question it beyond adding a dragons note...FTFY
Hardly worth the bother when you put it that way!
-
@dkf said in The Official Status Thread:
@mott555 said in The Official Status Thread:
rice down their kitchen sink
Hmm, apparently that takes rodding, really hot water, or strong acid to shift. Yuck. Seek compensation from the building management (who can chase the idiots upstairs).
According to the monthly fliers and emails we get that say "Do not pour rice down your drains!", they're supposed to fine whichever resident is responsible. I guess it's hard to prove who's fault it is. Based on the mix of rice and spices currently marinading in dishwasher discharge in my kitchen sink, counter, and floor, I'm pretty sure it's the gaggle of Indians on our third floor.
-
@acrow In the end, however, it's still just obfuscation. It keeps the entire plaintext of PE image and resources, if any, in memory at almost all times, which is straightforward to read as opposed to the effort required, especially for native image. And that's just ο Ί.
Another approach is to hook file system calls of your application, and when OS is about to read your binary, you do the actual reading from somewhere else.
But that still leaves us with another nontrivial problem - you have to have the decryption key somewhere. Unless it's online auth with custom-baked binaries for every client, your efforts are largely wasted - you've given the key away already, it's just the matter of finding where it is.
Unless your stuff is online by design, all protection depends entirely on how smart is your target audience and for how long you think you can get away with it.
-
@Applied-Mediocrity He's working on a game, AIUI. So this is about DRM, I guess. And some of them use the custom-binary-per-user approach, yes. It's futile in the end, agreed. And that's why he's not very enthusiastic either.
And if it's not for a game, then it only needs to cause effort that buying a license is cheaper than the dev-time for breaking it.
-
@Applied-Mediocrity said in The Official Status Thread:
Properties.Resources.MySecretPonies
You have my attention. Ponies not as awesome as foxes, but they're still 100x better than hoomans!
-
Status: Bought an expensive "XL" ink cartridge for my printer the last time I needed ink, hoping it would last. I used it once a few months ago, just to print a few pages, and it's empty already. That was like $15 of ink per page...
-
@mott555 said in The Official Status Thread:
ink cartridge
-
@Tsaukpaetra So what exactly are they trying to accomplish/thwart?
When I didn't want somebody to keep using my software, I just checked for certain conditions at runtime and pushed the program through the strongest obfuscator I could find. The only parts of it that were even halfway readable in ILspy were calls to the BCL. Put that together with @Applied-Mediocrity's method and you should be fine.
-
Status: Listening to old music tracks I found while waiting for our integration tests to run. (Apparently, they've been migrated from machine to machine several times. )
-
@mott555 said in The Official Status Thread:
Status: Bought an expensive "XL" ink cartridge for my printer the last time I needed ink, hoping it would last. I used it once a few months ago, just to print a few pages, and it's empty already. That was like $15 of ink per page...
You realize it's not empty but rather clogged and dried out, right?
That's why I bought a very low end laser jet for my home use. I only print once a year (tax season woo) and it's way too damn expensive to replace the ink cartridge every time. Toner cartridges don't clog if you don't use them.
-
@Tsaukpaetra said in The Official Status Thread:
Status: I love love LOVE how adding debug output lines causes problems to go away!!!
"Load bearing outputs" are still better than something I saw once during university: Load bearing comments. It made no sense whatsoever, but removing a line consisting entirely of a comment in someone's project would cause it to crash.
-
@hungrier said in The Official Status Thread:
@Tsaukpaetra said in The Official Status Thread:
Status: I love love LOVE how adding debug output lines causes problems to go away!!!
"Load bearing outputs" are still better than something I saw once during university: Load bearing comments. It made no sense whatsoever, but removing a line consisting entirely of a comment in someone's project would cause it to crash.
Did the comment perhaps look like this:
/// Check the frobnicator \\\ if (!frobnicator && !frobnicator->valid) doodad();
-
Status: got an email from HQ, no business trips to China unless explicitly allowed by the local heads of institutes.
I had no plans to do that anyway.
-
@mott555 said in The Official Status Thread:
Status: Bought an expensive "XL" ink cartridge for my printer the last time I needed ink, hoping it would last. I used it once a few months ago, just to print a few pages, and it's empty already. That was like $15 of ink per page...
Based on the printer hate thread (or a cleverly disguised ad) here, I bought an Epson EcoTank printer. So far, it has had no ink problems whatsoever... but, I spent 12x what I normally spend on a printer, so I'm still wondering if it was worth it.
-
@topspin said in The Official Status Thread:
@hungrier said in The Official Status Thread:
@Tsaukpaetra said in The Official Status Thread:
Status: I love love LOVE how adding debug output lines causes problems to go away!!!
"Load bearing outputs" are still better than something I saw once during university: Load bearing comments. It made no sense whatsoever, but removing a line consisting entirely of a comment in someone's project would cause it to crash.
Did the comment perhaps look like this:
/// Check the frobnicator \\\ if (!frobnicator && !frobnicator->valid) doodad();
I don't remember any details, but I don't think it was anything fancy or complicated
-
@hungrier itβs 3 lines, not particularly complicated.
If I ran into that problem, Iβd diff the compiler output. Something must be going on.
-
Status: I REALLY, REALLY hate entity framework
-
@izzion said in The Official Status Thread:
That's why I bought a very low end laser jet for my home use.
I love my Brother... only cost something like $79. Toner runs around $50 for the high capacity cartridge.
-
@dcon I'm still on my original toner, despite it complaining about low toner for a year and a half. I've got a replacement toner cartridge sitting beside it, ready for whenever it finally runs out.
-
@hungrier said in The Official Status Thread:
@dcon I'm still on my original toner, despite it complaining about low toner for a year and a half. I've got a replacement toner cartridge sitting beside it, ready for whenever it finally runs out.
Mine will complain for a while and then just stop printing. It never actually runs out. Sometimes I can shake it, but there's a point where it say "I ain't doin it. Fill me up!"
-
@dcon So far mine hasn't done anything but complain and keep printing
-
@sockbot memegen stay calm and keep printing
-
@error Something something, summoned and appear
-
@acrow said in The Official Status Thread:
@Applied-Mediocrity He's working on a game, AIUI. So this is about DRM, I guess. And some of them use the custom-binary-per-user approach, yes. It's futile in the end, agreed. And that's why he's not very enthusiastic either.
And if it's not for a game, then it only needs to cause effort that buying a license is cheaper than the dev-time for breaking it.
In this case it's not a game, but essentially a 3d model viewer with bells and whistles.
The concept being that not just anyone can download the models and use them anywhere.
-
@Tsaukpaetra Trying to reinvent asset store, but perhaps interactive, so folks can fool around before purchasing, and with added DRM?
-
@Applied-Mediocrity said in The Official Status Thread:
@Tsaukpaetra Trying to reinvent asset store, but perhaps interactive, so folks can fool around before purchasing, and with added DRM?
Kinda, but it's an asset store with only the user's own content.
It almost makes more sense in context.
-
Status: Wishing it were next weekend.
Received my DP-DVI adapter and bed risers yesterday.
Micro-PC is apparently out for delivery.
Target is shipping a batch of small containers due Tuesday.
Container Store is dragging ass on shipping the medium containers so best guess is next Friday.
Plus more money coming in that Friday!I ordered the medium containers to split between under the bed and bottom of this weirdly narrow but deep closet I have. Measuring is so I don't know how many will fit under the bed. I imagine 8 (2x4) or 9 (3x3) leaving 3 or 4 for the closet. Realistically some will be damaged (as usual) but hopefully enough arrive intact to find out what the allocation will be.
-
Status: Unreal Engine, sometimes I hate you so much.
You're right, they don't exist, can you tell me what apparently wants them so I can un-fuck them?
-
-
@HardwareGeek said in The Official Status Thread:
@dcon said in The Official Status Thread:
I love my Brother
What about your Sister?
All boys in the family!
-
@dcon said in The Official Status Thread:
@HardwareGeek said in The Official Status Thread:
@dcon said in The Official Status Thread:
I love my Brother
What about your Sister?
All boys in the family!
Status: Is this the feeling of garage? I must not speak my joking mind...
-
@Tsaukpaetra said in The Official Status Thread:
You're right, they don't exist, can you tell me what apparently wants them so I can un-fuck them?
Hunting ghost still.
![0_1580428217152_1768a26f-b822-4c50-a400-8b0764671acb-image.png](Uploading 100%) ![0_1580428223979_df0664f9-d733-445e-83bf-c85a432dd285-image.png](Uploading 100%)
Okay fine, text then.
LogCollisionProfile: Warning: Profile (NoCollision) - Custom Channel Name = 'GameTraceChannel5' hasn't been found LogClass: Warning: In asset 'None', there is an enum property of type 'EDepthOfFieldMethod' with an invalid value of '(' LogOnline: Display: STEAM: Loading Steam SDK 1.42
Correct, nothing uses
GameTraceChannel5
. Why are you bothering me?
Also,EDepthOfFieldMethod
is deprecated and shouldn't be used. Why is a thing that's not supposed to be used being validated?This is so stupid...
-
@HardwareGeek said in The Official Status Thread:
@dcon said in The Official Status Thread:
I love my Brother
What about your Sister?
I'd be more concerned that it...
only cost something like $79
Probably one of those family package deals. Well, back in those days you could buy a whole lot more for a dollar.
-
@Tsaukpaetra said in The Official Status Thread:
Correct, nothing uses
GameTraceChannel5
. Why are you bothering me?Found it!
Seems some
EditProfiles
object was using it, and I guess you reference things by name unless they're not named and so if something was renamed but not autonamed it becomes invalid to use the auto name and OMGWTFBBQ I had to trawl through so many lines of code to find this out.Ugh.
Still trying to find that
None
that uses the deprecated thing that doesn't exist...