How to Protect InnoSetup from Unpacking
* I was searching for a method to prevent InnoSetup from being unpacked by unpacking tools such as
Innounp,
InnoExtractor,
innoextract, etc. I found some interesting things, such as
modified versions of InnoSetup,
old versions of InnoSetup, etc., and some utilities like
InnoSProtect. However, I was unable to find a proper way to prevent unpacking with the
latest vanilla version of InnoSetup. That's why I came up with this idea.
* I slightly modified
FXPcker.exe, which can now store
InnoSetup's encryption password, and we can also retrieve it using
FXPckerAPI.dll whenever we want.
* So, what are
FXPcker.exe and
FXPckrAPI.dll?
- Well, FXPacker is a data/resources protection tool created by me for the FMXInno project. It creates a password-protected and encrypted data file (often called 'Setup.dat') from the files that we need to hide from others to prevent theft. We place this Setup.dat file along with the Setup.exe, and using FXPckrAPI.dll, we can extract those files as local files or a stream.
- If FXPckrAPI.dll allows extraction of data from the Setup.dat at any time, then anyone with the password can extract files from the Setup.dat file, right?
- No, it works differently. Before creating a data file (Setup.dat), FXPckr.exe asks the client app (Setup.exe) from which we intend to extract encrypted files using FXPckrAPI.dll. Once we define this client app (Setup.exe), we have to use the same client app (Setup.exe) to extract the files from the Setup.dat.
- You can create any custom client app using FXPckrAPI.dll, but you cannot extract any file from the Setup.dat, and it throws an error message "Unauthorized File Access." if you try.
That's basically how FXPckr protects data from theft.
* There's one thing:
FXPckr.exe has an option called '
Debug Mode', which means if you enable it, the '
FXUnPckrInit'
won't validate the
client app anymore; it will
only validate the
password. During the testing stage of our script, we have to compile the script numerous times. This '
Debug Mode' helps us here because if it's off, then each time we compile the script, we have to create a
new data file.
- So, remember to disable the 'Debug Mode' and create a new Setup.dat file without Debug Mode enabled before you ship your Setup.exe.
------------------------------------------------------------------------------------------------------------------------------------------------------
* In the current case, I've modified
FXPckr a little bit so we can store
InnoSetup's encrypted password inside the
Setup.dat and use it as follows to prevent unpacking:
- Remember to use the 'noencryption' flag for 'FXPckrAPI.dll'. Here, I've used the InnoSetup's encryption password as 'krinkels.org', but you can use anything you want instead.
* First '
FXUnPckrInit' verifies the
correct client app (as defined in FXPckr.exe ) and the
encrypted password. If
successful, we can use the '
FXUnPckrGetInnoEncryptedPasscode' function to retrieve
InnoSetup's encrypted password.
- In case 'FXUnPckrInit' fails, 'FXUnPckrGetInnoEncryptedPasscode' will output a string like 'FXPckr_Invalid_Str: 0x4B7C', meaning 'FXUnPckrInit' has failed.
* Please read the attached Readme files first; they provide step-by-step instructions on how to use this.
.