Reverse Engineering Ian Kayne For School of Computer Science, University of Birmingham 2 nd February 2009.

Slides:



Advertisements
Similar presentations
Pokas x86 Emulator for Generic Unpacking By Amr Thabet
Advertisements

Anti-Cheating Mechanisms for Computer Games Michael Rudolph Jason Cook.
Software Part 4  Software 2 Software Reverse Engineering (SRE)
CS266 Software Reverse Engineering (SRE) Applying Anti-Reversing Techniques to Machine Code Teodoro (Ted) Cipresso,
Systems Software.
Lecture 19 Page 1 CS 111 Online Protecting Operating Systems Resources How do we use these various tools to protect actual OS resources? Memory? Files?
RIVERSIDE RESEARCH INSTITUTE Helikaon Linux Debugger: A Stealthy Custom Debugger For Linux Jason Raber, Team Lead - Reverse Engineer.
1BA3 G Lacey Lecture 51 Evaluating mathematical expressions  How do computers evaluate x + y or any mathematical expression ?  Answer : “Reverse Polish.
DR. MIGUEL ÁNGEL OROS HERNÁNDEZ 9. Técnicas anti-ingeniería inversa.
Chapter 5 Anti-Anti-Virus. Anti-Anti-Virus  All viruses self-replicate  Anti-anti-virus means it’s “openly hostile” to AV  Anti-anti-virus techniques?
Lab6 – Debug Assembly Language Lab
Disclaimer The Content, Demonstration, Source Code and Programs presented here is "AS IS" without any warranty or conditions.
.NET IL Obfuscation Presented by: Sarath Chandra Dorbala.
© 2007 Aladdin Knowledge Systems Ltd. All rights reserved. Aladdin, Aladdin Knowledge Systems, the Aladdin Knowledge Systems logo, HASP, HASP SRM, HASP.
Creating Secret Messages. 2 Why do we need to keep things secret? Historically, secret messages were used in wars and battles For example, the Enigma.
Buffer Overflows Ian Kayne For School of Computer Science, University of Birmingham 16 th February 2009.
Polymorphism in Computer Viruses CS265 Security Engineering Term Project Puneet Mishra.
SE571 Security in Computing
CS 104 Introduction to Computer Science and Graphics Problems Software and Programming Language (2) Programming Languages 09/26/2008 Yang Song (Prepared.
OllyDbg Debuger.
SRE  Introduction 1 Software Reverse Engineering (SRE)
Principles of Procedural Programming
Asst.Prof.Dr.Ahmet Ünveren SPRING Computer Engineering Department Asst.Prof.Dr.Ahmet Ünveren SPRING Computer Engineering Department.
DIGITAL RIGHT MANAGEMENT Bùi Thành Đ ạ t Nguy ễ n Hoàng Nh ậ t Đông Nguy ễ n Duy C ườ ng
Joseph L. Lindo Assembly Programming Sir Joseph Lindo University of the Cordilleras.
Code Injection and Software Cracking’s Effect on Network Security Group 5 Jason Fritts Utsav Kanani Zener Bayudan ECE 4112 Fall 2007.
Cryptography Week-6.
Introduction to High-Level Language Programming
CSC 142 A 1 CSC 142 Introduction to Java [Reading: chapter 0]
Trying to like a boss… REVERSE ENGINEERING. WHAT EVEN IS… REVERSE ENGINEERING?? Reverse engineering is the process of disassembling and analyzing a particular.
M1G Introduction to Programming 2 4. Enhancing a class:Room.
Application Security Tom Chothia Computer Security, Lecture 14.
Practical Malware Analysis Ch 8: Debugging Rev
Windows PE files Infections and Heuristic Detection Nicolas BRULEZ / Digital River PACSEC '04.
Binary Auditing Geller Bedoya Michael Wozniak. Background  Binary auditing is a technique used to test the security and discover the inner workings of.
EECS 354 Network Security Reverse Engineering. Introduction Preventing Reverse Engineering Reversing High Level Languages Reversing an ELF Executable.
Professional Encryption Software FINECRYPT 8.1. Contents Introduction Introduction Features Features Installation Installation Tests Tests Results Results.
11-Basic Cryptography Dr. John P. Abraham Professor UTPA.
Christopher Kruegel University of California Engin Kirda Institute Eurecom Clemens Kolbitsch Thorsten Holz Secure Systems Lab Vienna University of Technology.
National Taiwan University Department of Computer Science and Information Engineering National Taiwan University Department of Computer Science and Information.
RIVERSIDE RESEARCH INSTITUTE Deobfuscator: An Automated Approach to the Identification and Removal of Code Obfuscation Eric Laspe, Reverse Engineer Jason.
Analyzing Malicious Code Nicolas Brulez Ryan Russell Disassembly with a time constraint Recon 2005.
Disclaimer The Content, Demonstration, Source Code and Programs presented here is "AS IS" without any warranty or conditions.
Imagine Creating Software Without a Single Line of Code!
Formal Refinement of Obfuscated Codes Hamidreza Ebtehaj 1.
Software mechanism of Genesis --- a cheating software for Warcraft3 Yang Chen Wen Sun.
Lecture 11 Example Rootkit. Intel internship Intel CTG (Corporate Technology Group) –Advanced research & development –System integrity services using.
CSCI 161 Lecture 3 Martin van Bommel. Operating System Program that acts as interface to other software and the underlying hardware Operating System Utilities.
Lecture 10 Anti-debugger techniques. Anti-debuggers Making reverse-engineering and disassembly painful –Polymorphism –Encryption –Interrupt disabling.
Information Systems Design and Development Security Precautions Computing Science.
Cheaters Gonna Cheat Battling Fake High Scores Nataly Eliyahu CASUAL CONNECT TEL AVIV 19 – 21 OCTOBER 2015.
Some of the utilities associated with the development of programs. These program development tools allow users to write and construct programs that the.
Programming and Debugging with the Dragon and JTAG Many thanks to Dr. James Hawthorne for evaluating the Dragon system and providing the core content for.
Debuggers. Errors in Computer Code Errors in computer programs are commonly known as bugs. Three types of errors in computer programs –Syntax errors –Runtime.
CRYPTOGRAPHY Cryptography is art or science of transforming intelligible message to unintelligible and again transforming that message back to the original.
Reverse Engineering Contemporary Countermeasures By: Joshua Schwartz.
Polymorphic Virus Analysis Nicolas BRULEZ Senior Virus Researcher Websense Security Labs IMPROVISED TALK MMMKAY?!
An introduction to Reverse engineering, the tools and assembly
Application of Obfuscation Techniques on Android Applications
Hardware security: The use of a Trusted Platform Module
Programming in Machine Language
Assembly Language Programming Part 3
ACOE301: Computer Architecture II Labs
CSCI/CMPE 3334 Systems Programming
Assembly Language Programming I: Introduction
Security Flaws 2 Ian Kayne
Microprocessor and Assembly Language
Security Principles Ian Kayne
Outline Operating System Organization Operating System Examples
Preventing Privilege Escalation
Presentation transcript:

Reverse Engineering Ian Kayne For School of Computer Science, University of Birmingham 2 nd February 2009

02/09/092 RCE  Reverse (Code) Engineering – “reversing”  What is it?  Why is it done?  Malware research & defence  System interoperability requirements  Review and audit of software/security system  Why is it useful to security specialists?  “Learn the principles”

02/09/093 RCE  Required knowledge/skills (x86)  Platform knowledge – stack, registers etc  “Some” assembly language  C/C++ & as many other languages as possible  Operating system mechanisms  win32api  Toolset (debugger, disasm, hex editor…)  Mindset (patterns, logic)

02/09/094 Complex math RCE  Imagine a strong protection mechanism Asymmetric Shareware-style crippled features Symmetric Checksums

02/09/095 RCE  Reversing demonstration

02/09/096 RCE  After the demonstration, recap: 1.Analysed executable 2.Set breakpoints on likely API calls 3.Traced up the call stack 4.Analysed the code 5.Found the good boy/bad boy “switch” 6.Patched the jump “live” to test 7.Converted RVA to file offset, patched file  1 byte patch

02/09/097 Protection  Imagine a strong protection mechanism again  License key system  CRC  Anti-debugging techniques  Encryption

02/09/098 Protection  Encryption for protection  Data must be decrypted before use  Code must be decrypted before execution  UPX (packer), Armadillo, Themida…  Can be made very hard, but not impossible  Remember the jump loop – EB FE  Generics – break one, break all  Homebrew is risky – “learn the principles”

02/09/099 Protection  Some obfuscation techniques:  Encode obvious “beacon” strings  Avoid win32api/library functions:  bpx MessageboxA  Use alternative functions/mechanisms  E.g.: SetWindowPos instead of ShowWindow  Roll your own api/GUI functions  Can’t break on GetWindowText if you don’t use it!  Hide code within the executable  Self modifying code, PE sections etc

02/09/0910 Protection  Some anti-debugger techniques  Deliberate exceptions (code in SEH)  Self-debugging (can’t “stack” debuggers)  Timers and counters  Alter DR0 – DR7 hardware debug registers  IsDebuggerPresent()  Check for/attack known debugger processes, windows, services, drivers… (Starforce) 

02/09/0911 RCE  Why are these low-level technical techniques important?  “Learn the principles”  Your first job: consultant to betting company about to release online gambling game  The basics:  Internet security  Server security  Data security  But… what about the end-user software?

02/09/0912 Review  Thank you!  Questions  Comments  Items to review  Further study

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.