Presentation is loading. Please wait.

Presentation is loading. Please wait.

Binary Auditing Geller Bedoya Michael Wozniak. Background  Binary auditing is a technique used to test the security and discover the inner workings of.

Published byRodney Melton Modified over 9 years ago

Similar presentations

Presentation on theme: "Binary Auditing Geller Bedoya Michael Wozniak. Background  Binary auditing is a technique used to test the security and discover the inner workings of."— Presentation transcript:

1 Binary Auditing Geller Bedoya Michael Wozniak

2 Background  Binary auditing is a technique used to test the security and discover the inner workings of closed source software.  These techniques can be used to find out what malicious software does.  They are also used by crackers to bypass authentication systems in programs.

3 Tools  Strings – used to list all printable strings that can be found in a file.  File – displays information about the file.  Hexedit – allows files to be edited at the binary level in a hex representation.

4 Tools (cont.)  Biew – This is a multi-platform tool that can be used as a hex editor and a disassembler.  Objdump – Used to disassemble binaries in linux.  Gdb – Debugger in linux.

5 Tools (cont.)  IDA – Interactive DisAssembler – This program is a windows only disassembler for windows and linux binaries. This is an advanced disassembler that can be integrated with scripting languages like python and ruby.

6 A Simple Binary  A program that takes in a password and compares it to a reference password to authenticate a user.  This type of program can be reverse engineered in many ways.

7 Simple.c

8 Method #1  Use hexedit, strings, objdump, or even a text editor.  These methods all display the password in plain text because the password is not encrypted.

9 Method #2  Suppose the input password were encrypted using a hash and compared to a known hash. Method #1 would be useless.  Method #2 is to modify the function of the binary by reversing the logic of the if statement.

10 Method #2

11 Method #3  The jump code can be changed to jump to a different place in the program or it can be changed from je to jne.  This type of change is independent of the test logic.

12 Anti-Reverse Engineering  Many software engineers attempt to disguise a program’s behaviour.  Techniques to do this include: Anti-Virtual-Machine Binary Compression/Packing Binary Encoding Stripping Symbols Anti-Debugger

13 Anti-VM  SIDT – Store Interrupt Descriptor Table Register  This instruction can be used to find the value of this register which is abnormally high for VM’s.  RedPill.exe is a POC program that looks at this register and declare’s whether or not it is in a VM.

14 RedPill.exe  To change this program, the jumps can be changed to manipulate how the program works.  The value that the program compares the IDTR to can be changed as well.

15 Key Generators  Some software uses a username and an algorithm to get a serial number that is used for authentication.  The problem with this is that the software must calculate the serial number from the user name, and the algorithm can be reversed.

16 Very Simple Key Generator  A program needs a user name and a key.  The key is the same as the user name, but 1 is added to each character.  By running the program in a debugger or through a disassembler, the algorithm can be discovered.

17 Key Generator  A key generator is a program that is created to run the same algorithm on any input and display the results.

18 Questions?

Download ppt "Binary Auditing Geller Bedoya Michael Wozniak. Background  Binary auditing is a technique used to test the security and discover the inner workings of."

Similar presentations

Designing a Program & the Java Programming Language

Designing a Program & the Java Programming Language
Etter/Ingber Engineering Problem Solving with C Fundamental Concepts Chapter 1 Engineering Problem Solving.

Etter/Ingber Engineering Problem Solving with C Fundamental Concepts Chapter 1 Engineering Problem Solving.
Utilizing the GDB debugger to analyze programs Background and application.

Utilizing the GDB debugger to analyze programs Background and application.
Web Forms and ASP.NET Programming Right from the Start with Visual Basic.NET 1/e 12.

Web Forms and ASP.NET Programming Right from the Start with Visual Basic.NET 1/e 12.
Engineering Problem Solving With C++ An Object Based Approach Fundamental Concepts Chapter 1 Engineering Problem Solving.

Engineering Problem Solving With C++ An Object Based Approach Fundamental Concepts Chapter 1 Engineering Problem Solving.
Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Starting Out with Programming Logic & Design First Edition by Tony Gaddis.

Copyright © 2008 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Starting Out with Programming Logic & Design First Edition by Tony Gaddis.
1 Engineering Problem Solving With C++ An Object Based Approach Fundamental Concepts Chapter 1 Engineering Problem Solving.

1 Engineering Problem Solving With C++ An Object Based Approach Fundamental Concepts Chapter 1 Engineering Problem Solving.
1 SWE 205 - Introduction to Software Engineering Lecture 22 – Architectural Design (Chapter 13)

1 SWE Introduction to Software Engineering Lecture 22 – Architectural Design (Chapter 13)
Copyright © 2012 Pearson Education, Inc. Chapter 1: Introduction to Computers and Programming.

Copyright © 2012 Pearson Education, Inc. Chapter 1: Introduction to Computers and Programming.
A Guide to MySQL 3. 2 Objectives Start MySQL and learn how to use the MySQL Reference Manual Create a database Change (activate) a database Create tables.

A Guide to MySQL 3. 2 Objectives Start MySQL and learn how to use the MySQL Reference Manual Create a database Change (activate) a database Create tables.
Starting Out with C++: Early Objects 5/e © 2006 Pearson Education. All Rights Reserved Starting Out with C++: Early Objects 5 th Edition Chapter 1 Introduction.

Starting Out with C++: Early Objects 5/e © 2006 Pearson Education. All Rights Reserved Starting Out with C++: Early Objects 5 th Edition Chapter 1 Introduction.
Chapter 7 Managing Data Sources. ASP.NET 2.0, Third Edition2.

Chapter 7 Managing Data Sources. ASP.NET 2.0, Third Edition2.
SRE  Introduction 1 Software Reverse Engineering (SRE)

SRE  Introduction 1 Software Reverse Engineering (SRE)
CS 0008 Day 2 1. Today Hardware and Software How computers store data How a program works Operators, types, input Print function Running the debugger.

CS 0008 Day 2 1. Today Hardware and Software How computers store data How a program works Operators, types, input Print function Running the debugger.
Prof. R. Willingale Department of Physics and Astronomy 2nd Year C+R 2 nd Year C and R Workshop Part of module PA2930 – 2.5 credits Venue: Computer terminal.

Prof. R. Willingale Department of Physics and Astronomy 2nd Year C+R 2 nd Year C and R Workshop Part of module PA2930 – 2.5 credits Venue: Computer terminal.
Copyright 2003 Scott/Jones Publishing Brief Version of Starting Out with C++, 4th Edition Chapter 1 Introduction to Computers and Programming.

Copyright 2003 Scott/Jones Publishing Brief Version of Starting Out with C++, 4th Edition Chapter 1 Introduction to Computers and Programming.
Code Injection and Software Cracking’s Effect on Network Security Group 5 Jason Fritts Utsav Kanani Zener Bayudan ECE 4112 Fall 2007.

Code Injection and Software Cracking’s Effect on Network Security Group 5 Jason Fritts Utsav Kanani Zener Bayudan ECE 4112 Fall 2007.
Alternate Version of STARTING OUT WITH C++ 4 th Edition Chapter 1 Introduction to Computers and Programming.

Alternate Version of STARTING OUT WITH C++ 4 th Edition Chapter 1 Introduction to Computers and Programming.
Chapter Introduction to Computers and Programming 1.

Chapter Introduction to Computers and Programming 1.
A Guide to SQL, Eighth Edition Chapter Three Creating Tables.

A Guide to SQL, Eighth Edition Chapter Three Creating Tables.

Similar presentations

Ads by Google