BLACKFIRE69
Новичок
* I was searching for a method to prevent InnoSetup from being unpacked by unpacking tools such as Innounp, InnoExtractor, innoextract, etc. I found some interesting things, such as modified versions of InnoSetup, old versions of InnoSetup, etc., and some utilities like InnoSProtect. However, I was unable to find a proper way to prevent unpacking with the latest vanilla version of InnoSetup. That's why I came up with this idea.
* I slightly modified FXPcker.exe, which can now store InnoSetup's encryption password, and we can also retrieve it using FXPckerAPI.dll whenever we want.
* So, what are FXPcker.exe and FXPckrAPI.dll?
Well, FXPckr is a data/resources protection tool created by me for the FMXInno project. It creates a password-protected and encrypted data file (often called 'Setup.dat') from the files that we need to hide from others to prevent theft. We place this Setup.dat file along with the Setup.exe, and using FXPckrAPI.dll, we can extract those files as local files or a stream.
If FXPckrAPI.dll allows extraction of data from the Setup.dat at any time, then anyone with the password can extract files from the Setup.dat file, right?
No, it works differently. Before creating a data file (Setup.dat), FXPckr.exe asks the client app (Setup.exe) from which we intend to extract encrypted files using FXPckrAPI.dll. Once we define this client app (Setup.exe), we have to use the same app to extract the files from the Setup.dat.
You can create any custom client app using FXPckrAPI.dll, but you cannot extract any file from the Setup.dat, and it throws an error message "Unauthorized access" if you try.
That's basically how FXPckr protects data from theft.
* There's one thing: FXPckr.exe has an option called 'Debug Mode', which means if you enable it, the 'FXUnPckrInit' won't validate the client app anymore; it will only validate the password. During the testing stage of our script, we have to compile the script numerous times. This 'Debug Mode' helps us here because if it's off, then each time we compile the script, we have to create a new data file.
So, remember to turn off the 'Debug Mode' and create a new Setup.dat file without Debug Mode enabled before you ship your Setup.exe.
* In the current case, I've modified FXPckr a little bit so we can store InnoSetup's encrypted password inside the Setup.dat and use it as follows to prevent unpacking:
Remember to use the ' noencryption ' flag for ' FXPckrAPI.dll '. Here, I've used the InnoSetup's encryption password as ' krinkels.org ', but you can use anything you want instead.
* As you saw above, first 'FXUnPckrInit' verifies the correct client app (as defined in FXPckr.exe) and the encrypted password. If successful, we can use the 'FXUnPckrGetInnoEncryptedPasscode' function to retrieve InnoSetup's encrypted password.
In case 'FXUnPckrInit' fails, 'FXUnPckrGetInnoEncryptedPasscode' will output a string like 'FXPckr_Invalid_Str: 0x4B7C', meaning 'FXUnPckrInit' has failed.
* Please read the attached Readme files first; they provide step-by-step instructions on how to use this.
* I know this may not be the finest solution because we have to have Setup.dat along with Setup.exe every time, which is a drawback for single executable files. However, you can try this with installers like 'Repack Installer' that come with multiple files instead of a single executable file.
Note:
* If someone knows a better way to prevent InnoSetup from unpacking, let me know; I'd like to hear about it.
* I'm referring to the latest vanilla version of InnoSetup. As mentioned previously, modified versions, old versions, and some utilities like 'InnoSProtect' don't work for me.
* I slightly modified FXPcker.exe, which can now store InnoSetup's encryption password, and we can also retrieve it using FXPckerAPI.dll whenever we want.
* So, what are FXPcker.exe and FXPckrAPI.dll?
Well, FXPckr is a data/resources protection tool created by me for the FMXInno project. It creates a password-protected and encrypted data file (often called 'Setup.dat') from the files that we need to hide from others to prevent theft. We place this Setup.dat file along with the Setup.exe, and using FXPckrAPI.dll, we can extract those files as local files or a stream.
If FXPckrAPI.dll allows extraction of data from the Setup.dat at any time, then anyone with the password can extract files from the Setup.dat file, right?
No, it works differently. Before creating a data file (Setup.dat), FXPckr.exe asks the client app (Setup.exe) from which we intend to extract encrypted files using FXPckrAPI.dll. Once we define this client app (Setup.exe), we have to use the same app to extract the files from the Setup.dat.
You can create any custom client app using FXPckrAPI.dll, but you cannot extract any file from the Setup.dat, and it throws an error message "Unauthorized access" if you try.
That's basically how FXPckr protects data from theft.
* There's one thing: FXPckr.exe has an option called 'Debug Mode', which means if you enable it, the 'FXUnPckrInit' won't validate the client app anymore; it will only validate the password. During the testing stage of our script, we have to compile the script numerous times. This 'Debug Mode' helps us here because if it's off, then each time we compile the script, we have to create a new data file.
So, remember to turn off the 'Debug Mode' and create a new Setup.dat file without Debug Mode enabled before you ship your Setup.exe.
* In the current case, I've modified FXPckr a little bit so we can store InnoSetup's encrypted password inside the Setup.dat and use it as follows to prevent unpacking:
Remember to use the ' noencryption ' flag for ' FXPckrAPI.dll '. Here, I've used the InnoSetup's encryption password as ' krinkels.org ', but you can use anything you want instead.
* As you saw above, first 'FXUnPckrInit' verifies the correct client app (as defined in FXPckr.exe) and the encrypted password. If successful, we can use the 'FXUnPckrGetInnoEncryptedPasscode' function to retrieve InnoSetup's encrypted password.
In case 'FXUnPckrInit' fails, 'FXUnPckrGetInnoEncryptedPasscode' will output a string like 'FXPckr_Invalid_Str: 0x4B7C', meaning 'FXUnPckrInit' has failed.
* Please read the attached Readme files first; they provide step-by-step instructions on how to use this.
* I know this may not be the finest solution because we have to have Setup.dat along with Setup.exe every time, which is a drawback for single executable files. However, you can try this with installers like 'Repack Installer' that come with multiple files instead of a single executable file.
Note:
* If someone knows a better way to prevent InnoSetup from unpacking, let me know; I'd like to hear about it.
* I'm referring to the latest vanilla version of InnoSetup. As mentioned previously, modified versions, old versions, and some utilities like 'InnoSProtect' don't work for me.