Hacking with Reverse Engineering and Defense against it

1,811 views

Published on

Published in: Education, Technology
0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,811
On SlideShare
0
From Embeds
0
Number of Embeds
109
Actions
Shares
0
Downloads
24
Comments
0
Likes
4
Embeds 0
No embeds

No notes for slide

Hacking with Reverse Engineering and Defense against it

  1. 1. Reverse  Code  Engineering   Reverser  view  to  application  security  
  2. 2. Speaker  Info     Krishs  Patil   Hold  master  degree  in  computer  application   Computer  programmer   Reverser   And  hobbyist  security  researcher  
  3. 3. Outline   —  Introduction   —  Reversing  Process   —  Tools  and  Techniques   —  Reversing  in  different  context  (Practice)   —  Lab  demonstration   —  Defeating  Reverse  Engineering   —  Resources  
  4. 4. Introduction   —   “Reverse  engineering  is  the  process  of  extracting  the   knowledge  or  design  blueprints  from  anything  man-­‐ made”.     —  It  is  usually  conducted  to  obtain  missing  knowledge,   ideas  and  design  philosophy  when  such  information  is   unavailable.   —  In  computer  science,  It  is  the  process  of  dis-­‐ assembling  or  de-­‐compiling  the  binary  code  of   computer  program  for  various  purpose.   —  Requires  skills  and  understanding  of  computer  and   software  development  
  5. 5. Introduction  Cont…      Why  reverse  engineering…    different  people  do  it  for  different  purpose  …        But,  Specifically  in  the  field  of  Cyber  Security…      …  If  you  want  to  be  serious  security  researcher,  you   must  posses  skills  of  reverse  code  engineering.  
  6. 6. Reversing  Process    Defining  scope  of  reversing…   —  System  Reverse  Engineering   —  Code  Reverse  Engineering   —  Data  Reverse  Engineering   —  Protocol  Reverse  Engineering      
  7. 7. Reversing  Process  Cont…      Setting  up  environment…     —  Setup  Isolated  environment  (VMware,  Virtual  Box)   —  System  monitoring  (SysInternal  Tools)   —  Static  Analysis   —  Dynamic  Analysis    (Debugging/Tracing)  
  8. 8. Reversing  Process  Cont…      Disassembling  Vs  Decompiling…     —  Native  Code  –  Directly  perform  operations  on  CPU      (Compiled  with  C,C++,Delphi)   —  Intermediate  Code  –  Interpreter  drives  it  to  perform   operations  on  CPU    (Java  byte  code,  MSIL)  
  9. 9. Reversing  Process  Cont…      Program  structure…      Higher  level  perspective  …   —  Modules   —  Data   —  Control  flow        Lower  level  perspective  …   —  Just  assembly  language!!!  
  10. 10. Reversing  Process  Cont…        So  what  I  need  to  know  prior  reversing  binary  code  ...               Just  a  computer  and  brain  J  would  be  enough  but  …         …  mastering  it    might  take  time  if  you  don’t  know  about       —  Computer  architecture     —   Programming  in  Assembly  Language  and  C,C++   —  Operating  System-­‐Platform  and  HEX  numbering        
  11. 11. Assembly  Language   —  Lowest  level  in  software     —  Platform  specific  (IA-­‐32,    IA-­‐64,AMD)   —  Machine  code  (OpCode)  ó  Assembly  commands   —  Assembler  converts  assembly  program  into  machine   code  that  is  executable  by  CPU   —  Dis-­‐assembler  is  the  program  that  coverts  machine   code  into  textual  presentation  of  assembly   commands   —  Mastering  reversing  without  knowing  assembly  is   almost  impossible.  
  12. 12. Assembly  Language  
  13. 13. Assembly  Language    Registers   —  Internal  memory  in  processor   —  IA-­‐32  has  eight  generic  registers   (EAX,EBX,ECX,EDX,ESI,EDI,EBP  and  ESP)   —  Floating  point  and  debug  registers   —  Special  register  –  EFLAGS  for  flag  management    flags   —  OF,  SF,  ZF,  AF,  PF,  CF    
  14. 14. Assembly  Language    Basic  Instructions   —  MOV    -­‐  data  copying   —  LEA  –  address  loading  (POINTER)   —  ADD,  SUB,  MUL,  DIV,  IMUL,  IDIV  –  arithmetic   —  CMP,  TEST  –  comparison   —  CALL  ,  RET  –  function  call  and  Return   —  J**    -­‐  conditional  branching   —  PUSH/POP    -­‐  stack  management   —  NOP  –  do  nothing    
  15. 15. System  Calls   —  Used  as  interface  between  application  and  operating   system.   —  System  calls  ask  OS  to  perform  specific  task   —  Most  operating  system  are  written  in  “C”  language,  so   providing  SYSTEM  Calls  as  “C”  api’s        -­‐  NIX  system  calls  –  unistd.h      -­‐  WINDOWS  system  calls    -­‐  windows.h   —  Studying  OS  platform  and  system  calls  is  necessary   part  of  reverse  engineering  
  16. 16. PE  –  Portable  Executable  file  
  17. 17. Tools  and  Techniques   —  Various  tools  helps  in  reverse-­‐engineering  the  binary   code/program.   —  Compiler  is  the  tool  used  to  convert  high  level  language   like  C,C++  into  machine  code.   —  Assembler  is  the  tool  used  to  convert  pseudo-­‐code  written   specific  to  processor  into  machine  code.   —  At  reverse  Dis-­‐Assembler  and  De-­‐Compilers  help  us  in   reversing  the  process,  recovering  the  high  level  code  from   machine  code.   —  Debuggers  are  the  tools  used  to  debug  live  running   program.   —  Virtual  machines  might  help  in  providing  protective/ isolated  environment  for  analysis.  
  18. 18. Tools  and  Techniques  Cont…    Broad  category  of  tools  are  divided  into  two  category.   q Static  Analysis  Tools              -­‐Tools  helps  us  to  analysis  program  without  even   running  it.                -­‐  Tools  includes  Dis-­‐assembler  and  De-­‐Compilers   q Dynamic  Analysis  Tools   -­‐  Tools  in  this  category  helps  us  dive  deep  into   program  by  analyzing  it  while  running  it.            -­‐  Tools  includes  Debuggers,  Loaders  and  System   Monitoring  tools  
  19. 19. Tools  and  Techniques  Cont…   —  Compilers            (VC  compiler,  GCC  compiler  suite,  .NET  framework)   —  Assemblers          (MASM,  NASM,  TASM,  FASM)   —  Dis-­‐assemblers  and  Debuggers          (IDAPro,  OllyDbg,  Immunity  Debugger,  WinDbg)   —  Hypervisors          (VMWare  Workstation/Player,  VirtualBox,QUEMU)   —  System  monitoring  withSysInternals  tools   —  Hex  Editors  and  Other  system  utilities  
  20. 20. Tools  and  Techniques  Cont…  
  21. 21. Tools  and  Techniques  Cont…  
  22. 22. Tools  and  Techniques  Cont…  
  23. 23. Tools  and  Techniques  Cont…  
  24. 24. RCE  in  various  context   Time  to  understand  field  work!!!   —  Cracking  (Illegal/Un-­‐Ethical)   —  Malware  analysis   —  Vulnerability  analysis  (exploit  development)   —  Clean  house  RE  (Chinese  Wall)   —  Recovering  lost  source  code  (legacy)   —  Investigating  and  solving  faults  cause  in  released   software.  (Microsoft  global  escalation  support  team)  
  25. 25. Cool  Huh  …     Lets  play  around  some  practical  reversing  lab  exercise       Lets  see  some  cool  stuff  J  
  26. 26. Lab  –  Cracking  for  serial.   —  This  is  for  purely  demonstration  and  educational   purpose  only.     —  Anything  you  do  to  obtain  or  provide  fake  registration   key  for  software  is  considered  cracking  and  a  serious   offense.   —  In  lab  we  are  going  to  study  and  recover  serial  key  and   defeat  registration  mechanism  by  various  ways.  
  27. 27. Defeating  RE   —  Lot  of  research  has  been  done,  many  ways  to  make  it   harden  for  reversing  process.              …  But  no  solution  is  100%  perfect  and  secure.    
  28. 28. Defeating  RE  Cont…          Software  armoring              Obfuscation              “  deliberate  act  of  creating  obfuscated  code,  i.e.   source  or  machine  code  that  is  difficult  for  human  to   understand”  -­‐-­‐  Wikipedia    
  29. 29. Defeating  RE  Cont…    Some  techniques  for  anti-­‐analysis  …       —  Packers    (Compression)   —  Protectors  (Encryption)     —   Anti-­‐Debugging   —  Garbage  Code  and  Code  Permutation   —  Anti-­‐Assembly   —  Hypervisor/Emulator  detection  
  30. 30. Defeating  RE  Cont…  
  31. 31. Defeating  RE  Cont…          Advanced  technologies…   —  Mutation   —  Code  Virtualization  
  32. 32. Resources   —  REVERSING  –  secrets  of  reverse  engineering  (By   Eldad  Eilam)   —  Microsoft  windows  internals  (By  Mark  Russinovich   and  David  Solomon)   —  Reverseme.de  –  cool  reverseme.exe  collections   —  InfoSec  Institute  Resources.  –  cool  articles  on  security     —  NtDebugging  blog  (Microsoft  global  escalation   support  team)    -­‐  fine  gain  exposure  in  windows  insides   —  And  finally  some  good  book  on  x86  assembly  tut  and   reference.  
  33. 33. Questions???   Still  there  anything  struggling  in  your  mind.    
  34. 34. Thank  you!!!   Hope  you  enjoyed  it.  

×