Replace TurbleActive.dll with a fake one?

Hi,

I use TurbleActive.dll exported API IsActived() to check if my software is actived at the startup. Today i wrote a fake TurbleActive.dll with same name API IsActived(), which always return TRUE. And replace TurbleActive.dll with my fake one, no doubt, this fake dll success to cheat my software, passed my SW activation check process. it's too bad.

TurbleActive is a great and powerful service, i love it, I hope it's also a strong system. What's your advise to prevent from this happen?

thanks-Chris

Hey Chris,

Use the static TurboActivate libraries (they're built into your app). Or verify the TurboActivate.dll has a proper Authenticode signature. Or take a hash of TurboActivate, then hard-code that into your app and verify the hash of TurboActivate before you continue with your app.

Hi Wyatt,

thank you for your quick reply and suggestion. Actually, i used solution 2 check signature before call TurboActive.dll.

thanks-Chris

Hi,

Can some one show me how to calculate the hash of the turboActivate.dll ?

Many thanks,

Don

Use MD5, SHA1, or SHA-256. If you tell me your language (C#, VB.NET, C++, etc.) I'll be able to point you in the right direction.

Hi Wyatt,

As many of us are not always thinking of these simple hacker tricks, I would suggest to add a small article in the "intro" documentation of TA/TF on how to secure the DLL to avoid this hack. A simple mention like "Oh, and check the DLL signature or compare it with a hash of your own to make sure a hacker does not drop-replace our DLL with a broken one".

After reading this post couple days ago I simply saw that I completely overlooked this problem and implemented a check in my application.

Best regards,Alexandre Leclerc

You're right, we'll update our articles with a note about this.

So, I'm currently implementing a crc32 check to my Air software, win and osx.

What files does I need to check ? All of them ?Win :systa.exeTurboActivate.datTurboActivate.dll

OSX :systaTurboActivate.datlibTurboActivate.dylib

Well, for Adobe AIR, systa.exe & TurboActivate.dll (or systa & libTurboActivate.dylib on Mac OS X).