Announcement

Collapse
No announcement yet.

Avoid blacklist trick for DT

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Avoid blacklist trick for DT

    This is probably too late for DT4, but could be useful in the future.

    Anyway, I once used a keylogger that allowed the user to change the names of the files to a single name at the end of the installation, that could trick a user in thinking it was legitimate software. Sounds complicated, so I've given an example below.

    If this was implemented in DT3, and I choose the name of the files to be "mshelp", then the name of the DT3 files in the install dir would be as follows:
    • daemon.exe = mshelp.exe
    • pfctoc.dll = mshelp.dll
    • 1033.chm = mshelp.chm
    • 1033.dll = mshelp.dll
    • etc
    • etc


    I reckon this could be useful against copy protections that might (in the future) look for common file name. At the rate Starforce invades privacy, who know what they might cook up next.

    I ain't no programmer :-(, but I'm sure the DT team would find a way to implement this.

  • #2
    sorry, sounds like a totally idiotic idea, the blacklisting usually isnt just a simple name check, its a bit more advanced than that
    my views are 100% personal views..

    Comment


    • #3
      Give the man a break! These days nothing seems stupid anymore, at the rate protections are "cooked" up by night. And quit that attitude with, I'm smart, big programmer, and the rest of you suck.
      Cheers!
      So, mother goose has been messin' around in your egg salad, huh kid?

      Comment


      • #4
        Originally Posted by evlncrn8
        sorry, sounds like a totally idiotic idea
        Lets hear the opinion of the DT team first

        Comment


        • #5
          nowadays, copyprotections are very advanced complex
          applications. They usually don't search for file-names as
          it's simply too easy for us to change them, f.e. we can
          without a problem release every day new version with new
          filenames - but the "advanced" protections search for bitpatterns
          in memory (just as an example), or other traces, registry-
          entries and so on.

          Important corefiles can be even now renamed to whatever user
          want them to be named. (because protections searched
          for the old driver-names). So yes, the idea is not bad in
          general but already implemented where it is necessary

          Comment


          • #6
            Alright, cheers.

            Comment


            • #7
              Originally Posted by LocutusofBorg
              nowadays, copyprotections are very advanced complex
              applications. They usually don't search for file-names as
              it's simply too easy for us to change them, f.e. we can
              without a problem release every day new version with new
              filenames - but the "advanced" protections search for bitpatterns
              in memory (just as an example), or other traces, registry-
              entries and so on.

              Important corefiles can be even now renamed to whatever user
              want them to be named. (because protections searched
              for the old driver-names). So yes, the idea is not bad in
              general but already implemented where it is necessary

              Now that is how you answer ppl!

              Comment


              • #8
                Originally Posted by LocutusofBorg
                but the "advanced" protections search for bitpatterns
                in memory (just as an example)
                Hmm. I'm not aware of any protection that does that (yet).
                To contact me privately, pray. I might answer.

                Comment


                • #9
                  I'll take his word for it.

                  Comment


                  • #10
                    Does anyone else think that copy protection is bordering on being rediculous?

                    Comment


                    • #11
                      ...

                      I think that's the whole point of hanging out on this forum.
                      the modern world:
                      net helpmsg 4006

                      Comment

                      Working...
                      X