可执行文件加密
谁能推荐什么是加密可执行文件的好方法? 我试图使用 AxCrypt,但我不喜欢这种用法,即您指定密码,而启动 exe 的人需要指定密码。 有没有办法加密一次,用户只需运行exe而不指定任何密码?
Can anyone recommend what's a good way to encrypt an executable? I was trying to use AxCrypt but I don't like the usage, i.e. you specify a passcode and the person who launches the exe needs to specify the passcode. Is there someway to encrypt it once and users just run the exe without specifying any passwords?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(5)
基本上是没有意义的。 如果它是 .NET 或 Java 程序,混淆器可以提高性能并减小可执行文件的大小,并使逆向工程变得困难。 加壳程序可以减少可执行文件的大小。 签名可以向用户保证该程序是您构建的。 但是,为了隐藏可执行代码而对可执行文件进行加密是毫无意义的。
It's basically pointless. If it's a .NET or Java program, obfuscators can improve performance and decrease the executable size and make it difficult to reverse engineer. Packers can decrease executable size. Signing can provide assurance to your users that you built the program. But encryption of the executable for the purpose of hiding it's executable code is rather pointless.
知道如何解密自身的程序将包含黑客破坏该程序所需的所有信息。 你正在把锁和钥匙一起分发。 然而,假设您想为进入您的计划设置一个小障碍。 也许您的游戏中有作弊代码,并且您不希望有人能够运行在您的程序上“字符串” 并查看它们。
我建议将您的程序与 UPX 之类的程序一起打包。 这可能会进一步混淆磁盘上的程序。 你的基本审讯技术只会看到微小的减压器。 然而,意志坚定的黑客很快就会识别出压缩程序并对其进行解压缩。 无论哪种情况,一旦程序在内存中运行,就可以获取该进程的核心转储,或为其附加调试器。 在大多数硬件上,您无能为力来防止这种情况发生。
A program which knows how to decrypt itself will contain all the information a hacker needs to compromise the program. You are handing out the lock with the key. However, lets assume you want to put up a small barrier to entry to your program. Maybe you have cheat codes in your game and you don't want someone to be able to just run 'strings' over your program and view them.
What I suggest is packing your program with an a program like UPX. This can further obfuscate your program on disk. Your basic interrogation techniques will only see the tiny decompressor. However, a determined hacker will quickly recognize the compressor program and decompress it. In either case, once a program is running in memory, one can take a core dump of the process, or attach a debugger to it. There isn't much you can do to prevent this on most hardware.
你这个问题没看懂,程序员有这样的想法很正常。 但作为一名有道德的黑客,很明显他想要绕过防病毒软件而不是隐藏代码,无论如何你都可以使用 Visual Basic。
对于加密,请使用此代码
进行解密
You guy's don't understand the question, it's normal for a programmer to think that way. But as a ethical hacker it is clear that he wants to bypass the antivirus not hide the code, anyway you may use Visual Basic.
for encryption use this code
for decryption
如果您只希望特定用户运行该 exe,则可以在 Windows 下定义策略,仅允许特定用户运行该 exe。
但如果你想隐藏代码那么:
因为你没有提到你用哪种语言来制作exe。 如果它的 c/c++ 已经足够加密,则需要一些工作才能从中获取代码。 如果是 java 或 csharp,则可以使用混淆器。 这会使从 exe 中获取代码变得困难。
If you only want specific users to run the exe then, you can define policies under windows that would allow you to run it for only specific users.
but if you want to hide code then:
since you have not mentioned which language you used to make the exe. If its c/c++ its already encrypted enough, it requires some work to get the code from it. If its java or csharp there are obfuscators that you can use. it would somewhat make it difficult to get the code from exe.
为了回答OP,我不知道有产品可以做到这一点。 在我看来,这应该是可能的。
我猜您正在尝试通过加密可执行文件来保护您的知识产权,而不是像其他人建议的那样绕过防病毒程序。
首先,密码本身对于保护您的 IP 的作用可能不大。 但如果这就是您想要的,那么您应该能够将密码保存到凭据管理器中。
我立即看到的问题是,只需一个密码,客户就可以轻松共享它。
任何系统的其他问题:您是否将可执行文件解密到存储介质? 如果是这样,则可以找到并复制未加密的可执行文件。 可执行文件是否会严格从内存运行?如果是,如何防止使用虚拟机或调试器从内存中读取它? 如果您有另一个技巧,如果在内存不足的情况下将程序的部分内容交换到磁盘,它是否可以正常工作?
如果解密只是一种算法,那么该算法就在机器上,可以被发现并进行逆向工程。
如果该方法使用非对称(公钥/私钥)密钥,并且机器上有必要的密钥,则可以找到该密钥。
解密密钥需要在某个地方。 如果在线经纪人提供它,您就依靠经纪人来保护进行解密的密钥。 如果您充当客户的在线经纪人,您将对流程有更多的控制权,并且您还可以完成所有繁重的工作。
一种情况可能是您有一组单独的公钥/私钥来与密钥代理通信。 从客户计算机收集信息,使用其中一个密钥将该信息加密到数据包中,然后将其发送到您的密钥代理系统。 密钥代理拥有另一个密钥来解码该数据包,验证客户计算机是否有权使用该程序,并发送单独的解密密钥来解密该程序。
我的一般答案是,应该可以保护您的 IP,而无需每次都输入密码,但这并不容易,而且我不知道有任何实现。 正如其他人提到的,大多数人都使用混淆。
To answer the OP, I am not aware of a product that does this. It seems to me that it should be possible.
I'm guessing you are trying to protect your intellectual property by encrypting your executable and not to bypass antivirus programs as others have suggested.
First, a password probably does little to protect your IP by itself. But if that is all you want, then you should be able to save the password to a credential manager.
The problem I see offhand with just a password is that customers could easily share it.
Additional issues with any system: Did you decrypt the executable to storage media? If so, the unencrypted executable can be found and copied. Will the executable run strictly from memory, and if so, how do you keep it from being read from memory using a VM or debugger? If you have another trick, will it work correctly if parts of your program are swapped to disk in a low memory situation?
If decryption is just an algorithm, the algorithm will be on the machine and can be found and reversed engineered.
If the method uses asymmetric (public/private) keys, and the necessary key is available on the machine, the key can be found.
The decryption key will need to be somewhere. If an online broker provides it, you rely on the broker to protect the key that does the decrypting. If you act as the online broker for your customers, you will have more control over the process and you also get to do all the heavy lifting.
A scenario could be that you have a separate public/private set of keys to talk to the key broker. Collect information from the customer machine, encrypt that information into a packet with one of the keys and send that to your key broker system. The key broker has the other key to decode that packet, validates the customer machine is authorized to use the program, and sends the separate decryption key to decrypt the program.
My general answer is that it should be possible to protect your IP without needing to type a password in each time, but it won't be easy and I don't know of any implementations. As others have mentioned, obfuscation is what most people use.