Reverse Engineering Contemporary Countermeasures By: Joshua Schwartz.

Slides:



Advertisements
Similar presentations
Compliance and Robustness Rules for Windows Media DRM Implementations Microsoft Corporation.
Advertisements

Software Part 4  Software 2 Software Reverse Engineering (SRE)
White-Box Cryptography
RIVERSIDE RESEARCH INSTITUTE Helikaon Linux Debugger: A Stealthy Custom Debugger For Linux Jason Raber, Team Lead - Reverse Engineer.
Dean Carlson and Beth Anne Byrd CpSc 420.  What is reverse engineering?  Brief History  Usefulness  The process  Bagle Virus example.
CS266 Software Reverse Engineering (SRE) Applying Anti-Reversing Techniques to Java Bytecode Teodoro (Ted) Cipresso,
DR. MIGUEL ÁNGEL OROS HERNÁNDEZ 9. Técnicas anti-ingeniería inversa.
Disclaimer The Content, Demonstration, Source Code and Programs presented here is "AS IS" without any warranty or conditions.
© 2007 Aladdin Knowledge Systems Ltd. All rights reserved. Aladdin, Aladdin Knowledge Systems, the Aladdin Knowledge Systems logo, HASP, HASP SRM, HASP.
18/03/2007Obfuscation 1 Software protection Mariano Ceccato FBK - Fondazione Bruno Kessler
Name: Hao Yuan Supervisor: Len Hamey ITEC810 ProjectTransformations for Obfuscating Object-Oriented Programs1.
Software Reverse Engineering Software Cracking
Code Obfuscation Its limits in today Software & Hardware By Shahid Razzaq.
Reverse Engineering Ian Kayne For School of Computer Science, University of Birmingham 2 nd February 2009.
OllyDbg Debuger.
SRE  Introduction 1 Software Reverse Engineering (SRE)
DIGITAL RIGHT MANAGEMENT Bùi Thành Đ ạ t Nguy ễ n Hoàng Nh ậ t Đông Nguy ễ n Duy C ườ ng
Code Injection and Software Cracking’s Effect on Network Security Group 5 Jason Fritts Utsav Kanani Zener Bayudan ECE 4112 Fall 2007.
Software Analysis & Deobfuscation Engine. Page  2  Project Name: SADE  Project Members: Faiza Khalid, Komal Babar and Abdul Wahab  Project Supervisor.
Trying to like a boss… REVERSE ENGINEERING. WHAT EVEN IS… REVERSE ENGINEERING?? Reverse engineering is the process of disassembling and analyzing a particular.
Application Security Tom Chothia Computer Security, Lecture 14.
Practical Malware Analysis Ch 8: Debugging Rev
Software Construction and Evolution - CSSE 375 Reverse Engineering Tools and Techniques Shawn & Steve Left – Reengineering from the competition can be.
Vijay Krishnan Avinesh Dupat. A rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators.
Part 3: Advanced Dynamic Analysis Chapter 8: Debugging.
Binary Auditing Geller Bedoya Michael Wozniak. Background  Binary auditing is a technique used to test the security and discover the inner workings of.
Ether: Malware Analysis via Hardware Virtualization Extensions Author: Artem Dinaburg, Paul Royal, Monirul Sharif, Wenke Lee Presenter: Yi Yang Presenter:
EECS 354 Network Security Reverse Engineering. Introduction Preventing Reverse Engineering Reversing High Level Languages Reversing an ELF Executable.
Malware Analysis Jaimin Shah & Krunal Patel Vishal Patel & Shreyas Patel Georgia Institute of Technology School of Electrical and Computer Engineering.
Mathieu Castets October 17th,  What is a rootkit?  History  Uses  Types  Detection  Removal  References 2/11.
RIVERSIDE RESEARCH INSTITUTE Deobfuscator: An Automated Approach to the Identification and Removal of Code Obfuscation Eric Laspe, Reverse Engineer Jason.
1 Diversifying Sensors to Improve Network Resilience Wenliang (Kevin) Du Electrical Engineering & Computer Science Syracuse University.
Protecting Software Code By Guards The George Washington University Cs297 YU-HAO HU.
Analyzing Malicious Code Nicolas Brulez Ryan Russell Disassembly with a time constraint Recon 2005.
LOGOPolyUnpack: Automating the Hidden-Code Extraction of Unpack-Executing Malware Royal, P.; Halpin, M.; Dagon, D.; Edmonds, R.; Wenke Lee; Computer Security.
Disclaimer The Content, Demonstration, Source Code and Programs presented here is "AS IS" without any warranty or conditions.
Stealing Passwords Remotely & Malware Analysis PacITPros May 8, 2012.
“Software reverse engineering involves taking an existing system for which source code or proper documentation is not available and attempting to recover.
E-Commerce and Security Dr. John P. Abraham Professor University of Texas Pan American.
Software mechanism of Genesis --- a cheating software for Warcraft3 Yang Chen Wen Sun.
Lecture 5 Rootkits Hoglund/Butler (Chapters 1-3).
Lecture 11 Example Rootkit. Intel internship Intel CTG (Corporate Technology Group) –Advanced research & development –System integrity services using.
Friday, 23 August 2013 Session Work out Presented By: Abhijit Pal.
Lecture 10 Anti-debugger techniques. Anti-debuggers Making reverse-engineering and disassembly painful –Polymorphism –Encryption –Interrupt disabling.
Week-14 (Lecture-1) Malicious software and antivirus: 1. Malware A user can be tricked or forced into downloading malware comes in many forms, Ex. viruses,
Software Reverse Engineering Binary analysis: concepts, methods and tools. Catalin Patulea Mar 5, 2008.
PV204 Security technologies Reverse engineering of binary applications Petr Švenda Faculty of Informatics, Masaryk University.
Polymorphic Virus Analysis Nicolas BRULEZ Senior Virus Researcher Websense Security Labs IMPROVISED TALK MMMKAY?!
Malware malicious software which is specifically designed to disrupt, damage, or gain authorized access to a computer system Analysis detailed examination.
Lab assignments Follow each lab walkthrough in textbook
Live Malware Analysis for the Incident Responder
Detect Malware No One Else Can… Rapidly Identify it’s capabilities, Mitigate the Threat with Actionable Risk Intelligence.
Reverse Engineering Dr. Tyler Bletsch and Jiaming Li
Live Phishing Attack Authentication Activity from a Foreign Address.
Malware Recognition with Binary Fingerprint Final Meeting
Chapter 1. Basic Static Techniques
Dynamic Analysis ddaa.
Defeat Tomorrow’s Threats Today
Techniques, Tools, and Research Issues
Lesson Objectives Aims You should be able to:
R4H Reversing for Humans
Malware Incident Response  Dynamic Analysis - 2
Lab assignments Follow each lab walkthrough in textbook
Enhanced Security Testing- Do Automate Debuggers
DEBUGGING JAVA PROGRAMS USING ECLIPSE DEBUGGER
SoK: Automated Software Diversity
Topic 5: Communication and the Internet
Security Flaws 2 Ian Kayne
Reverse engineering through full system simulations
CMSC 491/691 Malware Analysis
Presentation transcript:

Reverse Engineering Contemporary Countermeasures By: Joshua Schwartz

What is RE? “Reverse Engineering is the process of extracting the knowledge or design blue-prints from anything man-made.” -Reversing, The Secrets of Reverse Engineering

Why RE? Legit Legacy Integration Security Research Malware Analysis Illegal Software Cracking Breaking DRM Writing Malware

Who’s affected? Software Developers Can your software be RE’d easily? Intellectual Property Holders Can your source code be stolen from your final product? Big money makers RE protection is important. Big money takers Corporate espionage? Maybe…

Software Scenario… You make some software It has trial mode and paid mode The full software and trail software is the same.exe If registered its good, if not then limit the features. You can code this right? What can the crafty Reverse Engineer do?

The attack Patch the.exe Somewhere is a line that jumps if equal Change this logic and now no one needs to pay for your software.

Types of Reversing Static Analysis Look at the executable line by line Never gets run by the CPU Like a book that you can read. Behavioral Analysis Run the program in a debugger Pause and play execution See what it does

Tools WinDBG OllyDbg IDA Pro Lord PE PEid

IDA Pro

OllyDbg

Anti Reversing Techniques Removing Symbolic Information Java keeps things like class names If it isn’t removed it can make Java very easy to reverse Obfuscation Modifies the program’s layout Doesn’t change the function Anti-debugger Code if debugger attached: crash and burn isDebuggerPresent API

More… Code Encryption Code is encrypted on disk A routine decrypts the code when loading into memory Packers Proprietary algorithms that rearrange/compress code Exe gets unpacked when run similar to encryption.

References Reversing, Secrets of Reverse Engineering – Book Engineering-Malware-Part4.html

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.