Presentation is loading. Please wait.

Presentation is loading. Please wait.

Code Injection and Software Cracking’s Effect on Network Security Group 5 Jason Fritts Utsav Kanani Zener Bayudan ECE 4112 Fall 2007.

Published byClifton Hopkins Modified over 9 years ago

Similar presentations

Presentation on theme: "Code Injection and Software Cracking’s Effect on Network Security Group 5 Jason Fritts Utsav Kanani Zener Bayudan ECE 4112 Fall 2007."— Presentation transcript:

1 Code Injection and Software Cracking’s Effect on Network Security Group 5 Jason Fritts Utsav Kanani Zener Bayudan ECE 4112 Fall 2007

2 Background Lab 8 – Viruses – But how are they hidden? Code Injection – Injecting unwanted code into a program. – Used by virus writers to inject a virus procedure in the interior of a executable file (Trojans) Software Cracking – Modifying software to remove protection methods such as copy prevention, trial/demo, serial number authentication.

3 Trojan Statistics

4 Tools Used W32Dasm – Disassembler used to translate machine language to readable assembly language. Hex Workshop – Hex editor used to edit raw binary applications. OllyDBG – Debugger used to trace through program step by step.

5 W32dasm

6 Hex Workshop

7 OllyDBG

8 Software Cracking Major component of software piracy “U.S. software industry lost over $2.9 billion in the U.S. and $11 billion in international sales from software theft” Pre-compiled cracks widely distributed on websites. Often contain malware injected in their code – Windows Vista activation crack

9 Lab Contents Software Serial Crack Key Generator Code Injection Example Defenses against code disassembly

10 Serial Key Crack Software distribution done online Serial Keys used as a type of user authentication

11 Finding authentication code In disassembler W32dasm or debugger Search for string comparison (cmp) Jumps to “Invalid serial” if not equal (jne) Note offset

12 Removing authentication In Hex Editor Go to offset of JNE Change JNE to NOP (0x9090)

13 Checking your crack Code bypasses JNE (Jump to “Invalid serial number”) Any serial number can be used.

14 Key Generators Requirements during Software Installation – Product Id – Serial Key A variety of Authentication algorithms used – Algebraic expression( output = ((pid*2 + 73)*3) - 28) – Key gives a checksum of 25

15 KEY-GENERATORS One of the major contributors to Software Piracy Available for free download on several websites Program that generates a serial key or Registration number for a software Automated knowledge of Assembly language not required by the end user

16 Making a Key-Generator DisassemblingExtractionCode Writing

17 Code Injection Example Find code caves (DB 00) – Unused memory locations in executable Overwrite code caves with malicious codes Redirect JMP instructions to malicious codes Redirect back to original code Resume normal operation

18 Code Caves

19 Code Injection Example

20 Injected code executes as well as original program

21 Prevention Product Activation – Online Activation – Telephone Activation Encryption Self Modifying Code

22 EXECryptor-Bullet Proof Software Protection Features – Anti-cracking, anti-debugging, and anti-trace – Secure creation of custom evaluation and trial versions of your software – Built-in registration and license management – Compatible with several programming languages (Delphi, Microsoft Visual C++, Power Basic, Visual Basic) – Protection of several file types (EXE files, DLL and ActiveX components) Uses Code Morphing – Obfuscates the code on the level of the CPU commands rather than the source level. – “EXECryptor's Code Morphing turns binary code into an undecipherable mess that is not similar to normal compiled code, and completely hides execution logic of the protected code. “

23

24 Unprotected Code

25 Protected Code

26 References Code Injection – http://www.codeproject.com/KB/system/inject2exe.aspx#BuildanImportTableandReconstructtheOrigi nalImportTable6 Software Cracking – http://en.wikipedia.org/wiki/Software_cracking Windows Vista Crack – http://apcmag.com/node/4737 http://apcmag.com/node/4737

Download ppt "Code Injection and Software Cracking’s Effect on Network Security Group 5 Jason Fritts Utsav Kanani Zener Bayudan ECE 4112 Fall 2007."

Similar presentations

Tutorial 8: Developing an Excel Application

Tutorial 8: Developing an Excel Application
Operating System Security : David Phillips A Study of Windows Rootkits.

Operating System Security : David Phillips A Study of Windows Rootkits.
Systems Software.

Systems Software.
RIVERSIDE RESEARCH INSTITUTE Helikaon Linux Debugger: A Stealthy Custom Debugger For Linux Jason Raber, Team Lead - Reverse Engineer.

RIVERSIDE RESEARCH INSTITUTE Helikaon Linux Debugger: A Stealthy Custom Debugger For Linux Jason Raber, Team Lead - Reverse Engineer.
1 Code/DLL Injection ECE4112 – Internetwork Security Georgia Institute of Technology By Andrei Bersatti and Brandon Harrington.

1 Code/DLL Injection ECE4112 – Internetwork Security Georgia Institute of Technology By Andrei Bersatti and Brandon Harrington.
LINUX-WINDOWS INTERACTION. One software allowing interaction between Linux and Windows is WINE. Wine allows Linux users to load Windows programs while.

LINUX-WINDOWS INTERACTION. One software allowing interaction between Linux and Windows is WINE. Wine allows Linux users to load Windows programs while.
Bypassing antivirus detection with encryption

Bypassing antivirus detection with encryption
Lab6 – Debug Assembly Language Lab

Lab6 – Debug Assembly Language Lab
Www.SecurityXploded.com. Disclaimer The Content, Demonstration, Source Code and Programs presented here is AS IS without any warranty or conditions.

Disclaimer The Content, Demonstration, Source Code and Programs presented here is "AS IS" without any warranty or conditions.
.NET IL Obfuscation Presented by: Sarath Chandra Dorbala.

.NET IL Obfuscation Presented by: Sarath Chandra Dorbala.
© 2007 Aladdin Knowledge Systems Ltd. All rights reserved. Aladdin, Aladdin Knowledge Systems, the Aladdin Knowledge Systems logo, HASP, HASP SRM, HASP.

© 2007 Aladdin Knowledge Systems Ltd. All rights reserved. Aladdin, Aladdin Knowledge Systems, the Aladdin Knowledge Systems logo, HASP, HASP SRM, HASP.
Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.

Security A system is secure if its resources are used and accessed as intended under all circumstances. It is not generally possible to achieve total security.
1-1 Embedded Software Development Tools and Processes Hardware & Software Hardware – Host development system Software – Compilers, simulators etc. Target.

1-1 Embedded Software Development Tools and Processes Hardware & Software Hardware – Host development system Software – Compilers, simulators etc. Target.
Reverse Engineering Ian Kayne For School of Computer Science, University of Birmingham 2 nd February 2009.

Reverse Engineering Ian Kayne For School of Computer Science, University of Birmingham 2 nd February 2009.
OllyDbg Debuger.

OllyDbg Debuger.
SRE  Introduction 1 Software Reverse Engineering (SRE)

SRE  Introduction 1 Software Reverse Engineering (SRE)
I Information Systems Technology Ross Malaga 3 Part I Understanding Information Systems Technology Copyright © 2005 Prentice Hall, Inc. 3-1 SOFTWARE.

I Information Systems Technology Ross Malaga 3 "Part I Understanding Information Systems Technology" Copyright © 2005 Prentice Hall, Inc. 3-1 SOFTWARE.
Computer Software.

Computer Software.
Object Oriented Software Development 1. Introduction to C# and Visual Studio.

Object Oriented Software Development 1. Introduction to C# and Visual Studio.
Get More from Your Software The Genuine Windows Vista™ Experience.

Get More from Your Software The Genuine Windows Vista™ Experience.

Similar presentations

Ads by Google