Encryption in C
In this tut, I'll explain how to use simple encryption in C.
As an application, we'll encrypt the serial-generation routine of a keygen.
1. The C listing
Look at the zip file
2. Algorithm
If user clicks on "Generate serial !" bouton then :
- Decrypt serial-generation routine
- Execute serial-generation routine (get name, compute serial, display serial)
- Encrypt serial-generation routine
End if
3. "Manual" encryption
After compilation, the keygen.exe program won't be encrypted, you'll have to do it yourself.
Let's say we want to encrypt/decrypt using an "5 XOR encryption" :
# Encrypted_byte = Original_byte XOR 05h
# Original_byte = Encrypted_byte XOR 05h
After compilation, take you favorite hexeditor, locate the code you want to encrypt and replace each
byte with (Original_byte XOR 05h). As you guessed, there are 2 problems to solve :
- Where I can find in the hexeditor the bytes I want to encrypt ?
- Your method is pretty long if I have a lot of bytes to encrypt : can't it be faster ?
3.1. How to locate the code to encrypt in the hexeditor
If you look at the source code, you'll see that I've placed the two following lines :
__asm inc eax
__asm dec eax
before and after the routine to encrypt. And, as you all know, the equivalent opcodes are 0x40 and 0x48
(inc eax = 0x40 ; dec eax = 0x48).So, take you hexeditor, and look for the two following bytes :
0x40 and 0x48
Now you know that :
- Code to encrypt begins at file offset 0x53B and ends at file offset 0x58B
- Code to encrypt is 0x50 bytes long (0x58B - 0x53B)
Now, just replace each byte with ( byte XOR 05h) and you're done...
3.2. How to encrypt the 0x50 bytes
So, you're too lazy to do it by hand ? So do I !
That's why I coded a little tool called "Byte encrypter" that does the job for you. Here is the screenshot :
Now, the keygen is encrypted, but if you run it, it will crash. why ? keep reading !
4. How to make the .text section writeable
After compilation, the .text section of keygen.exe is read only (the .text section is where all your main
code is stored, read docs on the PE format for more information).
BUT if you don't want the keygen to crash, this section must also be writeable (because of the
xor byte ptr[esi],al instruction).
To do that, you can use Procdump and change the .text section characterics to 0xE0000020 or you can use
my E0000020 program, which does the same job :
Here you are : the keygen is now encrypted and ready to use !
(C) 02/03/2000 by TSCube
