Code Injection and Software Cracking’s Effect on Network Security Group 5 Jason Fritts Utsav Kanani Zener Bayudan ECE 4112 Fall 2007.

Slides:

Advertisements

Similar presentations

Tutorial 8: Developing an Excel Application

Advertisements

Operating System Security : David Phillips A Study of Windows Rootkits.

Systems Software.

RIVERSIDE RESEARCH INSTITUTE Helikaon Linux Debugger: A Stealthy Custom Debugger For Linux Jason Raber, Team Lead - Reverse Engineer.

1 Code/DLL Injection ECE4112 – Internetwork Security Georgia Institute of Technology By Andrei Bersatti and Brandon Harrington.

LINUX-WINDOWS INTERACTION. One software allowing interaction between Linux and Windows is WINE. Wine allows Linux users to load Windows programs while.

Bypassing antivirus detection with encryption

Lab6 – Debug Assembly Language Lab

Disclaimer The Content, Demonstration, Source Code and Programs presented here is "AS IS" without any warranty or conditions.

.NET IL Obfuscation Presented by: Sarath Chandra Dorbala.

© 2007 Aladdin Knowledge Systems Ltd. All rights reserved. Aladdin, Aladdin Knowledge Systems, the Aladdin Knowledge Systems logo, HASP, HASP SRM, HASP.

Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.

1-1 Embedded Software Development Tools and Processes Hardware & Software Hardware – Host development system Software – Compilers, simulators etc. Target.

Reverse Engineering Ian Kayne For School of Computer Science, University of Birmingham 2 nd February 2009.

OllyDbg Debuger.

SRE  Introduction 1 Software Reverse Engineering (SRE)

I Information Systems Technology Ross Malaga 3 "Part I Understanding Information Systems Technology" Copyright © 2005 Prentice Hall, Inc. 3-1 SOFTWARE.

Computer Software.

Object Oriented Software Development 1. Introduction to C# and Visual Studio.

Get More from Your Software The Genuine Windows Vista™ Experience.

Viruses and their Cures Catherine Agnew CEDu 581 – Oconomowoc.

Henric Johnson1 Chapter 10 Malicious Software Henric Johnson Blekinge Institute of Technology, Sweden

1GMS-VU : Module 2 Introduction to Information and Communication Technologies Module 2 Computer Software.

1 Chap 10 Malicious Software. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on.

Trying to like a boss… REVERSE ENGINEERING. WHAT EVEN IS… REVERSE ENGINEERING?? Reverse engineering is the process of disassembling and analyzing a particular.

Tutorial 11 Installing, Updating, and Configuring Software

COMPUTER SOFTWARE Section 2 “System Software: Computer System Management ” CHAPTER 4 Lecture-6/ T. Nouf Almujally 1.

Application Security Tom Chothia Computer Security, Lecture 14.

Online Game Trojan SecurityLabs.websense.com Hermes Li.

Spyware and Viruses Group 6 Magen Price, Candice Fitzgerald, & Brittnee Breze.

Digital Planet: Tomorrow’s Technology and You

Introduction to Interactive Media Interactive Media Tools: Software.

Attacking Applications: SQL Injection & Buffer Overflows.

Binary Auditing Geller Bedoya Michael Wozniak. Background  Binary auditing is a technique used to test the security and discover the inner workings of.

1 Chap 10 Virus. 2 Viruses and ”Malicious Programs ” Computer “Viruses” and related programs have the ability to replicate themselves on an ever increasing.

Chapter 11 An Introduction to Visual Basic 2008 Why Windows and Why Visual Basic How You Develop a Visual Basic Application The Different Versions of Visual.

Chapter 10 Malicious software. Viruses and ” Malicious Programs Computer “ Viruses ” and related programs have the ability to replicate themselves on.

EECS 354 Network Security Reverse Engineering. Introduction Preventing Reverse Engineering Reversing High Level Languages Reversing an ELF Executable.

1 Course Title: Visual Basic Programming Topic: Introduction to programming Languages (Visual basic 6.0) Lecturer: Mahamud Ahmed Jimale, BsIT, MsCs, CCNA,

Malware Analysis Jaimin Shah & Krunal Patel Vishal Patel & Shreyas Patel Georgia Institute of Technology School of Electrical and Computer Engineering.

Chapter 11 An Introduction to Visual Basic 2005 Why Windows and Why Visual Basic How You Develop a Visual Basic Application The Different Versions of Visual.

System Software Chapter Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved.

1 CHAPTER 5 DIFFING. 2 What is Diffing? Practice of comparing two sets of data, before and after a changed has occurred Practice of comparing two sets.

Panda Anti-Rootkit & password storage tools

© 2008, Renesas Technology America, Inc., All Rights Reserved 1 Introduction Purpose  This course gives an overview of the Toolchain feature of the High.

Disclaimer The Content, Demonstration, Source Code and Programs presented here is "AS IS" without any warranty or conditions.

Homework tar file Download your course tarball from web page – Named using your PSU ID – Chapter labeled for each binary.

Computer Skills and Applications Computer Security.

 Programming - the process of creating computer programs.

Internet safety By Suman Nazir

Chapter 11 Enhancing an Online Form and Using Macros Microsoft Word 2013.

Introduction to UNIX CS465. What is UNIX? (1) UNIX is an Operating System (OS). An operating system is a control program that allocates the computer's.

Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.

Programming 2 Intro to Java Machine code Assembly languages Fortran Basic Pascal Scheme CC++ Java LISP Smalltalk Smalltalk-80.

Some of the utilities associated with the development of programs. These program development tools allow users to write and construct programs that the.

Software Engineering Algorithms, Compilers, & Lifecycle.

For more information on Rouge, visit:

Lab (6) Introduction to Assembly Language 1. Introduction Objectives : Learn EMU8086 installation EMU8086 environment Learn how to: Assemble instructions.

Computer safety Filip Hruby.

LINUX WINDOWS Vs..

Computer Organization, Eclipse Intro

Microprocessor and Assembly Language

Step-By-Step Guide To Install Kaspersky Internet Security For Mac.

Microsoft Windows Technical Support Setup,Install,Activate

Webroot Product Key code for Serial Key Activation

Unit# 8: Introduction to Computer Programming

CSC235 - Visual Studio Getting Started.

Chapter 1 Introduction(1.1)

SOFTWARE TECHNOLOGIES

Presentation transcript:

Code Injection and Software Cracking’s Effect on Network Security Group 5 Jason Fritts Utsav Kanani Zener Bayudan ECE 4112 Fall 2007

Background Lab 8 – Viruses – But how are they hidden? Code Injection – Injecting unwanted code into a program. – Used by virus writers to inject a virus procedure in the interior of a executable file (Trojans) Software Cracking – Modifying software to remove protection methods such as copy prevention, trial/demo, serial number authentication.

Trojan Statistics

Tools Used W32Dasm – Disassembler used to translate machine language to readable assembly language. Hex Workshop – Hex editor used to edit raw binary applications. OllyDBG – Debugger used to trace through program step by step.

W32dasm

Hex Workshop

OllyDBG

Software Cracking Major component of software piracy “U.S. software industry lost over $2.9 billion in the U.S. and $11 billion in international sales from software theft” Pre-compiled cracks widely distributed on websites. Often contain malware injected in their code – Windows Vista activation crack

Lab Contents Software Serial Crack Key Generator Code Injection Example Defenses against code disassembly

Serial Key Crack Software distribution done online Serial Keys used as a type of user authentication

Finding authentication code In disassembler W32dasm or debugger Search for string comparison (cmp) Jumps to “Invalid serial” if not equal (jne) Note offset

Removing authentication In Hex Editor Go to offset of JNE Change JNE to NOP (0x9090)

Checking your crack Code bypasses JNE (Jump to “Invalid serial number”) Any serial number can be used.

Key Generators Requirements during Software Installation – Product Id – Serial Key A variety of Authentication algorithms used – Algebraic expression( output = ((pid*2 + 73)*3) - 28) – Key gives a checksum of 25

KEY-GENERATORS One of the major contributors to Software Piracy Available for free download on several websites Program that generates a serial key or Registration number for a software Automated knowledge of Assembly language not required by the end user

Making a Key-Generator DisassemblingExtractionCode Writing

Code Injection Example Find code caves (DB 00) – Unused memory locations in executable Overwrite code caves with malicious codes Redirect JMP instructions to malicious codes Redirect back to original code Resume normal operation

Code Caves

Code Injection Example

Injected code executes as well as original program

Prevention Product Activation – Online Activation – Telephone Activation Encryption Self Modifying Code

EXECryptor-Bullet Proof Software Protection Features – Anti-cracking, anti-debugging, and anti-trace – Secure creation of custom evaluation and trial versions of your software – Built-in registration and license management – Compatible with several programming languages (Delphi, Microsoft Visual C++, Power Basic, Visual Basic) – Protection of several file types (EXE files, DLL and ActiveX components) Uses Code Morphing – Obfuscates the code on the level of the CPU commands rather than the source level. – “EXECryptor's Code Morphing turns binary code into an undecipherable mess that is not similar to normal compiled code, and completely hides execution logic of the protected code. “

Unprotected Code

Protected Code

References Code Injection – nalImportTable6 Software Cracking – Windows Vista Crack –