how to protect data in executable file?



SpIcH
07-09-2005, 10:51 PM
Hi All,

This is all about protecting my data in Executable file.

I have developed a program in Visual Basic .NET 2002. I have many
questions in mind... please help me to complete my project.

1. I have very much data to be incorporated into the executable file. I
have to add much data into my developed program into 2 Combo Boxes and 1
List Box control. For that i have created an xml element with all of the
data i required. The program was running nice. But when i accidentally
opened that file into notepad, I shocked. I was able to see everything what
i have created in the xml element and it contains all passwords. please help
me how can i solve my problem?

2. In the same time i was able to see all the functions and sub routine
names i have used in my code. Its another shock for me. please help me how
to protect these names from the people.

3. What is the best way to incorporate large data into an executable
file. I can not create either xml file or mdb like that. because there is
possiblity that people can get that xml file and get all the data. I
literally want to protect my data completely as it contains many passwords
and usernames.

4. One of my friend told that there exists some software like softice
which will debug everything in executable file and gets the code. is this
true. if yes what happens to my program? is it can be cracked or can be
reproduced? please help me a way to protect my program and code from the
thefts.

5. I am running another executable file from my program. in the
background i am giving the filename with password using shell function. is
there is any chance for the people to find out what is passing to the
executable file? if yes, what is the right way to start a program by sending
the password to that file, but to stop the theft.

Please help me in the above problems.

waiting for the replies.

With Regards

Dave
07-09-2005, 10:51 PM
given enough time and the right tools anything you write can be taken apart
and stolen. there is no absolute way to protect data or code... the best
you can do is to make it hard enough so that it is unlikely that anyone will
bother. of course the higher the value of the data the more likely it is to
be attacked.

for code there are code obfuscators that make dissassembly harder and less
useful when done.

you say you are distributing lots of user names and passwords with your
application, this sounds odd. there are better ways of controlling access
to resources.

xml is inherently insecure. as you have seen it is simply text. try
opening it with ie to get an even better view of your data and structure.
it can also be easily imported into access to reconstruct tables to make
them even easier to view. if you really have sensitive data that must be
hidden you should look at encryption techniques... but note, if your program
has to decrypt it then any decent debugger can look into your memory space
and read the decrypted contents. you also have to be careful to not let the
memory get sent to the swapfile or it could live on the disk to be found by
disk browsing tools.

passing command line parameters to another executable through shell commands
is also easy to capture. all that is needed is a dummy exe with the right
name that just accepts the command line and prints it out to display...
something almost anyone who has written a 'hello world' application could
do. again an encrypted activation string or some other communications
mechanism would be more appropriate.

"SpIcH" <vangasd@gmail.com> wrote in message
news:uUFYiP9VFHA.3488@TK2MSFTNGP10.phx.gbl...
> Hi All,
>
> This is all about protecting my data in Executable file.
>
> I have developed a program in Visual Basic .NET 2002. I have many
> questions in mind... please help me to complete my project.
>
> 1. I have very much data to be incorporated into the executable file. I
> have to add much data into my developed program into 2 Combo Boxes and 1
> List Box control. For that i have created an xml element with all of the
> data i required. The program was running nice. But when i accidentally
> opened that file into notepad, I shocked. I was able to see everything
> what
> i have created in the xml element and it contains all passwords. please
> help
> me how can i solve my problem?
>
> 2. In the same time i was able to see all the functions and sub routine
> names i have used in my code. Its another shock for me. please help me how
> to protect these names from the people.
>
> 3. What is the best way to incorporate large data into an executable
> file. I can not create either xml file or mdb like that. because there is
> possiblity that people can get that xml file and get all the data. I
> literally want to protect my data completely as it contains many passwords
> and usernames.
>
> 4. One of my friend told that there exists some software like softice
> which will debug everything in executable file and gets the code. is this
> true. if yes what happens to my program? is it can be cracked or can be
> reproduced? please help me a way to protect my program and code from the
> thefts.
>
> 5. I am running another executable file from my program. in the
> background i am giving the filename with password using shell function. is
> there is any chance for the people to find out what is passing to the
> executable file? if yes, what is the right way to start a program by
> sending
> the password to that file, but to stop the theft.
>
> Please help me in the above problems.
>
> waiting for the replies.
>
> With Regards
>
>
>

Roger Abell
07-09-2005, 10:51 PM
Perhaps you should seek advise on the MSDN forums . . .
Here, any security professional will likely tell you that you have
a basic design issue if you are needing to store credentials, as
that is a basic no no.

--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA
"SpIcH" <vangasd@gmail.com> wrote in message
news:uUFYiP9VFHA.3488@TK2MSFTNGP10.phx.gbl...
> Hi All,
>
> This is all about protecting my data in Executable file.
>
> I have developed a program in Visual Basic .NET 2002. I have many
> questions in mind... please help me to complete my project.
>
> 1. I have very much data to be incorporated into the executable file. I
> have to add much data into my developed program into 2 Combo Boxes and 1
> List Box control. For that i have created an xml element with all of the
> data i required. The program was running nice. But when i accidentally
> opened that file into notepad, I shocked. I was able to see everything
what
> i have created in the xml element and it contains all passwords. please
help
> me how can i solve my problem?
>
> 2. In the same time i was able to see all the functions and sub routine
> names i have used in my code. Its another shock for me. please help me how
> to protect these names from the people.
>
> 3. What is the best way to incorporate large data into an executable
> file. I can not create either xml file or mdb like that. because there is
> possiblity that people can get that xml file and get all the data. I
> literally want to protect my data completely as it contains many passwords
> and usernames.
>
> 4. One of my friend told that there exists some software like softice
> which will debug everything in executable file and gets the code. is this
> true. if yes what happens to my program? is it can be cracked or can be
> reproduced? please help me a way to protect my program and code from the
> thefts.
>
> 5. I am running another executable file from my program. in the
> background i am giving the filename with password using shell function. is
> there is any chance for the people to find out what is passing to the
> executable file? if yes, what is the right way to start a program by
sending
> the password to that file, but to stop the theft.
>
> Please help me in the above problems.
>
> waiting for the replies.
>
> With Regards
>
>
>

Mark Randall
07-09-2005, 10:51 PM
Your combo boxes could be ripped via a (reasonably) simple API loop that
sends messages to your application anyway. Its simple really, most
dissasemblers (and the God of em all, IDA) will extra any plaintext strings
from your code within quarter of a second (average size).

You could store them in the code manually scrambled, something like that...
but all in all if your data ever exists unecrypted (ie: presented to the
user) forget it.

--
- Mark Randall
http://zetech.swehli.com

"SpIcH" <vangasd@gmail.com> wrote in message
news:uUFYiP9VFHA.3488@TK2MSFTNGP10.phx.gbl...
> Hi All,
>
> This is all about protecting my data in Executable file.
>
> I have developed a program in Visual Basic .NET 2002. I have many
> questions in mind... please help me to complete my project.
>
> 1. I have very much data to be incorporated into the executable file. I
> have to add much data into my developed program into 2 Combo Boxes and 1
> List Box control. For that i have created an xml element with all of the
> data i required. The program was running nice. But when i accidentally
> opened that file into notepad, I shocked. I was able to see everything
> what
> i have created in the xml element and it contains all passwords. please
> help
> me how can i solve my problem?
>
> 2. In the same time i was able to see all the functions and sub routine
> names i have used in my code. Its another shock for me. please help me how
> to protect these names from the people.
>
> 3. What is the best way to incorporate large data into an executable
> file. I can not create either xml file or mdb like that. because there is
> possiblity that people can get that xml file and get all the data. I
> literally want to protect my data completely as it contains many passwords
> and usernames.
>
> 4. One of my friend told that there exists some software like softice
> which will debug everything in executable file and gets the code. is this
> true. if yes what happens to my program? is it can be cracked or can be
> reproduced? please help me a way to protect my program and code from the
> thefts.
>
> 5. I am running another executable file from my program. in the
> background i am giving the filename with password using shell function. is
> there is any chance for the people to find out what is passing to the
> executable file? if yes, what is the right way to start a program by
> sending
> the password to that file, but to stop the theft.
>
> Please help me in the above problems.
>
> waiting for the replies.
>
> With Regards
>
>
>


how to protect data in executable file?