Beware Vista SP1

[LordDelacroix]

QUOTE (spideycw @ Feb 23 2008, 03:49 PM) NGEN?

Yup - Native Image Generator and it comes with each version of the framework. If you really, really don't want the people out there to see the code with something like Reflector, then NGEN it and it will become native code.

But then, I submit that it's just as EASY to take what's going on over the wire (ala packet sniffer) and replicate that to decode what's actually happening.

IF people really wanted to hack and crack this they would have and not Xenocode or some other obfuscation product is going to stop them. Hell, the LAW doesn't stop 'em either. All you can do is make more difficult. In the end, the prospect of jail time and fines doesn't deter some people.

Bottom line for me though - if it's good enough for Microsoft, it's good enough for me.

[madpeople]

so it's just a compiler?
http://www.google.co.uk/search?hl=en&q=NGEN+decompiler

*shrugs*

[mesial]

Looks like M$ is getting sued again. This time over releasing Vista too soon.
http://www.msnbc.msn.com/id/23322174

[LordDelacroix]

QUOTE (madpeople @ Feb 24 2008, 01:22 PM) http://en.wikipedia.org/wiki/Common_Interm....29_Compilation

i think, though it doesn't really look like a security thing, more like a compiler

It's not a compiler. It's a translator. What it does is produce native OS images from .NET Assemblies so you can't use Reflector to see the actual code. - BUT - you could still use SoftICE to see the native image and step through it.

partial class myClass
{
myClass(Int32 a) { _a = a; }
}

is pretty easy to read and anything using the CODEDOM namespace in any .NET language can see it and replicate it.

Native images are the same things you'd get if you'd built it with C, C++ or any of the non .NET compilers. They're called native images because they're in the same language that the OS uses internally - in our Windows / Intel world that would be binary with low bits last meaning word order is backwards if you've ever done anything with a mainframe. BTW - the .NET compilers really aren't compilers in as much as they do NOT produce an executable or library that an OS can use. They produce IL code that is easily interpreted and read via ILDASM an intermediate "decompiler' of sorts. Adn require the .NET Runtime to do anything useful.

Bottom line - even with the assembly scrambled up with XenoCode, you can STILL attach a debugger and step through it all. Xeno adds a bunch of additional calls and renames the internal variables and such as whats so that your variables named m_Username and m_Password become something like e34a98d and efaa993d so it's a little more difficult to read and follow but with patience it CAN be done. there are even Commercial DEOBFUCATORS out there and they can and do a STELLAR job in most cases of unscrambling the obfuscated code. Sure m_Username won't be m_Username but they attempt to identify and remove the obfuscated 'crap' and do it quite well actually.

Fact is when ASGS first crapped out on me after updating to .NET 2.0 SP1 the first time (yes - the first time; I've done it 4 times in total because I need the 3.0 and 3.5 frameworks for my job; but I finally got Virtual Server installed and am doing my work in VM's now) I spent nearly 4 hours going through the obfuscated stuff - by the end of that 4 hours I was so pissed at the ASGS team for even doing this @#(! I just quit the debug session and deleted ASGS and Allegiance too. In the end my addiction won out and here I am ... still ...

[LordDelacroix]

QUOTE (Mesial @ Feb 24 2008, 03:17 PM) Looks like M$ is getting sued again. This time over releasing Vista too soon.
http://www.msnbc.msn.com/id/23322174

OH! SO now the courts get to decide when a Company can and should release product and what gets to go into those products?

Question with regards to the claims there on that link as I read it:
Does the system have Vista installed?Does the system boot?
Answers as I see them:
YesYes
Must be running Vista then ... CASE CLOSED GET OUTTA MY COURT ROOM

[madpeople]

QUOTE (LordDelacroix @ Feb 24 2008, 10:24 PM) Fact is when ASGS first crapped out on me after updating to .NET 2.0 SP1 the first time (yes - the first time; I've done it 4 times in total because I need the 3.0 and 3.5 frameworks for my job; but I finally got Virtual Server installed and am doing my work in VM's now) I spent nearly 4 hours going through the obfuscated stuff - by the end of that 4 hours I was so pissed at the ASGS team for even doing this @#(! I just quit the debug session and deleted ASGS and Allegiance too. In the end my addiction won out and here I am ... still ...

you were pissed off that our security program was hard to understand due to the obfuscation?

QUOTE (Mesial @ Feb 24 2008, 10:17 PM) Looks like M$ is getting sued again. This time over releasing Vista too soon.
http://www.msnbc.msn.com/id/23322174

that's just silly

its like advertising a car as road legal or movement capable.

then suing the company because its top speed is 30mph
(the company never said that it was motorway legal, in fact, they said it probably wasn't)

[ogorass]

QUOTE (fuzzylunkin1 @ Feb 23 2008, 07:04 PM) /me rants about .NET being used anyway.

If you think you can do it better, then do it and stop whining. Sheesh.

QUOTE (Badp @ Feb 23 2008, 10:19 PM) *snip*
Nearly two months have passed since this was first noted (and, I assume, since this was reported by us) and it's always easy to call for shenanigans. Honestly, I don't know what to think.

It's a problem known way longer than that. I posted a topic about this in the Helpline nearly a year ago (I installed Orcas, that came with .NET 3.5).
QUOTE I'd just hate to think that a community that has gone through so much like this one might struggle to an obfuscation company.

New computers will be sold with SP1 preinstalled. More people might want or be forced to make the switch to Vista, and will install SP1 straight away. Time goes by. I sense danger.[/quote]

Once agian: NOTHING stops you (or any other people for that matter) from removing .NET 2.0/3.0/3.5 from your system after you install the SP1 for Vista. There is NO need to panic. It's not like it's the end of the world, it's just a minor inconvieniece to 90% of folk playing this game. About the only people, that are really affected by the .NET 2.0 SP1+ incompatibility are .NET developers owning just one box, that they also use for work. If Xenocode guys say they are working on it, there is no reason not to believe them. For the first 6 months it's safe to assume, that the problem required way more changes than they originally thought it would. That happens all the time. Have patience and don't panic please /smile.gif" style="vertical-align:middle" emoid=":)" border="0" alt="smile.gif" />

[LordDelacroix]

QUOTE (madpeople @ Feb 24 2008, 03:34 PM) you were pissed off that our security program was hard to understand due to the obfuscation?
that's just silly

its like advertising a car as road legal or movement capable.

then suing the company because its top speed is 30mph
(the company never said that it was motorway legal, in fact, they said it probably wasn't)

No - pissed that we have to go through @#(! because of the child bull@#(! antics of a few. Pissed that the choices led to obfuscation of a .NET Assembly. Pissed that we can't just RELEASE the bitch and be done with it. Pissed they won't consider NGEN or any OTHER alternative means of trying to keep the nefarious bastards from ruining our favorite game - you get my point yet?

[BlackViper]

Do you know how many people in this community would die to have a chance to reverse engineer ASGS? Do you know how many people have tried via several methods to get it?

Sorry, but we will wait. There are reasons why Pook is doing it this way.

[Grimmwolf_GB]

It is being worked on and you will have to wait like the rest. Same stuff can happen with other parts of the software, as you can see with Allegiance and nVidia drivers (which affects me...) . @#(! happens in the software department all the time.