Atul - Reverse Engineering v/s Secure Coding - ClubHack2008

981 views
907 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
981
On SlideShare
0
From Embeds
0
Number of Embeds
21
Actions
Shares
0
Downloads
12
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Atul - Reverse Engineering v/s Secure Coding - ClubHack2008

  1. 1. Reverse Engineering v/s Secure Coding.
  2. 2. What is Secure Coding? <ul><li>Is Secure Coding simply avoiding certain already discovered vulnerable functions? </li></ul><ul><li>What about Tons of Commercial applications that are released everyday? </li></ul><ul><li>Software Crackers (Reverse Engineers) causing Millions of Dollars of loss Globally due to Software Piracy. </li></ul><ul><li>Are you Programmers taking your Job seriously? </li></ul>
  3. 3. Cryptography?...Hmm… <ul><li>Cryptography in Application Registration routines don’t make sense. </li></ul><ul><li>Cryptographic Algorithm adds to the applications’ size & is Processor intense. </li></ul><ul><li>Cryptographic Algorithm in Registration routines can be either completely ripped off or totally bypassed and they pose no challenge to a Cracker. </li></ul>
  4. 4. Packers & Protectors? <ul><li>What are Packers? </li></ul><ul><li>What are Protectors? </li></ul><ul><li>Packers make Sense but Protectors don’t ! </li></ul><ul><li>Packers == very easy to defeat. </li></ul><ul><li>Protectors == who cares to defeat ? </li></ul><ul><li>Virtual Machines?.... Not again! </li></ul>
  5. 5. .Net & Java == Not Cool? <ul><li>Decompilation & not Disassembling. </li></ul><ul><li>.Net is M$’s take on Java. </li></ul><ul><li>.class files & .net executables rely heavily on Runtime Environment Components. </li></ul><ul><li>Damn easy to break code and Damn tough to prevent us from Tampering with your App. </li></ul>
  6. 6. Mobile Devices…. Yeah! <ul><li>Sony Ericsson’s “.Sest” Feature talked about for the first time ever! </li></ul><ul><li>J2me applications built for Mobile Devices should be “Freewares”. </li></ul><ul><li>J2me Trojans can be very easy to code. </li></ul><ul><li>Don’t even want to talk about Sony Ericsson & Siemens’ “Phone Modding”. </li></ul>
  7. 7. Can I Tackle R.E ? <ul><li>Technically Speaking? No you Can’t! </li></ul><ul><li>Logically ? Bore us to Death! </li></ul><ul><li>How? </li></ul><ul><li>a] Use spaghetti Code. </li></ul><ul><li>b] Jump all over the Place. </li></ul><ul><li>c] Learn Polymorphism. </li></ul><ul><li>d] Learn to use your “Imagination” as a tool. </li></ul><ul><li>e] Think like a Reverse Engineer! </li></ul>
  8. 8. “ Thinking Before Writing, saves the time spent in Editing.” –Pirated. Thank You. <ul><li>Atul Alex Cherian, </li></ul><ul><li>www.OrchidSeven.com . </li></ul><ul><li>Ph:9860056788. </li></ul><ul><li>[email_address] </li></ul>

×