Molebox? for uber security gurusCommunity Forums/Developer Stations/Molebox? for uber security gurus
| I have a question for those more experiejnced with the black arts of circumventing "protection". If Molebox is the only means of protection for my EXE, How strong is this protection if I am just using the "strong encryption" and NOT the CRC check? How easy is it to break the 128bit encryption used in Molebox?|
I am asking because Armadillo is nearing the end of the 3.X series and since it is now owned by Digital River, I will likely not be renewing my registration for the pro version. So I am looking at alternate protection methods and was wondering just how secure MoleBox really is? I use Molebox, but have always used it just to wrap stuff up neatly, not for protection.
Thank you in advance for any advice.
| Well, molebox uses the IDEA 128 bit ecnryption. This is very secure.|
To put this into perspective:
RC5-64 cipher, which is RSA's 64 bit cypher was cracked last year. It did however take the equivalent of an average city's computing power 5 years to break a single key.
So for game use i'd say that 128 bit encryption is pretty damn strong, heck not even the most die hard everquest player could muster a citys computing power then wait five years to finally be able to have "uber staff of crapness".
Hope this answers you question
| Just found the article i read about it last year:|
quote from article:
Is a 128-bit key safe enough? Should encryption users consider even bigger keys?
Callas: A 128-bit key should be safe until and unless quantum computers become viable. And then 256-bit keys should be fine. However, there's no reason to go past that. While many algorithms support longer keys, they aren't tested very well with them and may actually be weaker with longer keys. Security people are conservative, and it's always a good idea to stick to things that are well-tested. I consider it the mark of a duffer to use Blowfish in 448-bit mode (its maximum) or some other algorithm in 512-bit mode. While it was fashionable a decade ago to make algorithms with these huge variable sizes, they haven't been tested at all.
| In basic theory, every additional bit makes the encryption twice as strong, so 65 bit encryption is twice as strong as 64 bit and so on. At the end you'll get a rather large number which represents the number of possible key combinations.. for 128 bit it's around 340,000,000,000,000,000,000,000,000,000,000,000 (I think I put in enough zeros) possible combinations.|
Most security experts suggest 128 bit encryption is safe for the next 10 years at least, at which point you could trivially add just one more bit and make it twice as hard again anyway.
Bear in mind though, with crappily implemented encryption algorithms, there may be holes which significantly reduce the effectiveness of the key length, such as with WEP.
| Thank you very much guys. Very helpful information :c) |
| And keep in mind - as soon as your exe has loaded the encrypted files from the molebox host, it's completely unprotected in the ram and any script kiddy could parse it with a ram-monitor. |
| Its so easy to break packers like Terabit's packer and similar program designed to hide files used in Blitz applications..|
I ran a game using the above techniques, ended it, fired up an undelete program, and voila, access to all the files.
How does Molebox get past this when used with blitz?
How does Molebox get past this when used with blitz?It doesn't use temporary files. Check the FAQ on www.molebox.com for more info.
| oooh.. fascinating! *clicky* |