Presentation is loading. Please wait.

Presentation is loading. Please wait.

Reverse Engineering Contemporary Countermeasures By: Joshua Schwartz.

Published byRaymond Watson Modified over 7 years ago

Similar presentations

Presentation on theme: "Reverse Engineering Contemporary Countermeasures By: Joshua Schwartz."— Presentation transcript:

1 Reverse Engineering Contemporary Countermeasures By: Joshua Schwartz

2 What is RE? “Reverse Engineering is the process of extracting the knowledge or design blue-prints from anything man-made.” -Reversing, The Secrets of Reverse Engineering

3 Why RE? Legit Legacy Integration Security Research Malware Analysis Illegal Software Cracking Breaking DRM Writing Malware

4 Who’s affected? Software Developers Can your software be RE’d easily? Intellectual Property Holders Can your source code be stolen from your final product? Big money makers RE protection is important. Big money takers Corporate espionage? Maybe…

5 Software Scenario… You make some software It has trial mode and paid mode The full software and trail software is the same.exe If registered its good, if not then limit the features. You can code this right? What can the crafty Reverse Engineer do?

6 The attack Patch the.exe Somewhere is a line that jumps if equal Change this logic and now no one needs to pay for your software.

7 Types of Reversing Static Analysis Look at the executable line by line Never gets run by the CPU Like a book that you can read. Behavioral Analysis Run the program in a debugger Pause and play execution See what it does

8 Tools WinDBG OllyDbg IDA Pro Lord PE PEid

9 IDA Pro

10 OllyDbg

11 Anti Reversing Techniques Removing Symbolic Information Java keeps things like class names If it isn’t removed it can make Java very easy to reverse Obfuscation Modifies the program’s layout Doesn’t change the function Anti-debugger Code if debugger attached: crash and burn isDebuggerPresent API

12 More… Code Encryption Code is encrypted on disk A routine decrypts the code when loading into memory Packers Proprietary algorithms that rearrange/compress code Exe gets unpacked when run similar to encryption.

13 References Reversing, Secrets of Reverse Engineering – Book http://www.tuts4you.com http://pentest.cryptocity.com http://www.windowsecurity.com/articles/Reverse- Engineering-Malware-Part4.html

Download ppt "Reverse Engineering Contemporary Countermeasures By: Joshua Schwartz."

Similar presentations

Compliance and Robustness Rules for Windows Media DRM Implementations Microsoft Corporation.

Compliance and Robustness Rules for Windows Media DRM Implementations Microsoft Corporation.
Software Part 4  Software 2 Software Reverse Engineering (SRE)

Software Part 4  Software 2 Software Reverse Engineering (SRE)
White-Box Cryptography

White-Box Cryptography
RIVERSIDE RESEARCH INSTITUTE Helikaon Linux Debugger: A Stealthy Custom Debugger For Linux Jason Raber, Team Lead - Reverse Engineer.

RIVERSIDE RESEARCH INSTITUTE Helikaon Linux Debugger: A Stealthy Custom Debugger For Linux Jason Raber, Team Lead - Reverse Engineer.
Dean Carlson and Beth Anne Byrd CpSc 420.  What is reverse engineering?  Brief History  Usefulness  The process  Bagle Virus example.

Dean Carlson and Beth Anne Byrd CpSc 420.  What is reverse engineering?  Brief History  Usefulness  The process  Bagle Virus example.
CS266 Software Reverse Engineering (SRE) Applying Anti-Reversing Techniques to Java Bytecode Teodoro (Ted) Cipresso,

CS266 Software Reverse Engineering (SRE) Applying Anti-Reversing Techniques to Java Bytecode Teodoro (Ted) Cipresso,
DR. MIGUEL ÁNGEL OROS HERNÁNDEZ 9. Técnicas anti-ingeniería inversa.

DR. MIGUEL ÁNGEL OROS HERNÁNDEZ 9. Técnicas anti-ingeniería inversa.
Www.SecurityXploded.com. Disclaimer The Content, Demonstration, Source Code and Programs presented here is AS IS without any warranty or conditions.

Disclaimer The Content, Demonstration, Source Code and Programs presented here is "AS IS" without any warranty or conditions.
© 2007 Aladdin Knowledge Systems Ltd. All rights reserved. Aladdin, Aladdin Knowledge Systems, the Aladdin Knowledge Systems logo, HASP, HASP SRM, HASP.

© 2007 Aladdin Knowledge Systems Ltd. All rights reserved. Aladdin, Aladdin Knowledge Systems, the Aladdin Knowledge Systems logo, HASP, HASP SRM, HASP.
18/03/2007Obfuscation 1 Software protection Mariano Ceccato FBK - Fondazione Bruno Kessler

18/03/2007Obfuscation 1 Software protection Mariano Ceccato FBK - Fondazione Bruno Kessler
Name: Hao Yuan Supervisor: Len Hamey ITEC810 ProjectTransformations for Obfuscating Object-Oriented Programs1.

Name: Hao Yuan Supervisor: Len Hamey ITEC810 ProjectTransformations for Obfuscating Object-Oriented Programs1.
Software Reverse Engineering Software Cracking

Software Reverse Engineering Software Cracking
Code Obfuscation Its limits in today Software & Hardware By Shahid Razzaq.

Code Obfuscation Its limits in today Software & Hardware By Shahid Razzaq.
Reverse Engineering Ian Kayne For School of Computer Science, University of Birmingham 2 nd February 2009.

Reverse Engineering Ian Kayne For School of Computer Science, University of Birmingham 2 nd February 2009.
OllyDbg Debuger.

OllyDbg Debuger.
SRE  Introduction 1 Software Reverse Engineering (SRE)

SRE  Introduction 1 Software Reverse Engineering (SRE)
DIGITAL RIGHT MANAGEMENT Bùi Thành Đ ạ t 50700480 Nguy ễ n Hoàng Nh ậ t Đông 50700542 Nguy ễ n Duy C ườ ng 50700287 1.

DIGITAL RIGHT MANAGEMENT Bùi Thành Đ ạ t Nguy ễ n Hoàng Nh ậ t Đông Nguy ễ n Duy C ườ ng
Code Injection and Software Cracking’s Effect on Network Security Group 5 Jason Fritts Utsav Kanani Zener Bayudan ECE 4112 Fall 2007.

Code Injection and Software Cracking’s Effect on Network Security Group 5 Jason Fritts Utsav Kanani Zener Bayudan ECE 4112 Fall 2007.
Software Analysis & Deobfuscation Engine. Page  2  Project Name: SADE  Project Members: Faiza Khalid, Komal Babar and Abdul Wahab  Project Supervisor.

Software Analysis & Deobfuscation Engine. Page  2  Project Name: SADE  Project Members: Faiza Khalid, Komal Babar and Abdul Wahab  Project Supervisor.
Trying to like a boss… REVERSE ENGINEERING. WHAT EVEN IS… REVERSE ENGINEERING?? Reverse engineering is the process of disassembling and analyzing a particular.

Trying to like a boss… REVERSE ENGINEERING. WHAT EVEN IS… REVERSE ENGINEERING?? Reverse engineering is the process of disassembling and analyzing a particular.

Similar presentations

Ads by Google