SlideShare a Scribd company logo

All your binaries are belong to us

Nullbyte Security Conference
Nullbyte Security Conference

Palestra realizada por Raphael Prudencio aka raph0x88 durante a 2a. edição da Nullbyte Security Conference em 21 de novembro de 2015. Resumo: Cada binário é uma história diferente e toda história pode ser reescrita, ao subverter o fluxo de um binário é possível alterar a sua história para satisfazer as necessidades mais obscuras. Veremos como adulterar um binário é uma tarefa relativamente simples, com bypass de técnicas de proteção e ao estilo “Cracking for fun and profit”!

Technology
1 of 17
Download to read offline
RAPHAEL SANCHEZ PRUDENCIO (RAPH0X88) RSPRUDENCIO@GMAIL.COM
DISCLAIMER ALL THE INFORMATION PROVIDED ON THIS TALK ARE FOR EDUCATIONAL PURPOSES ONLY. THE AUTHOR IS NOT RESPONSIBLE FOR ANY MISUSE OF THE INFORMATION!
MOTIVATION • REVERSE ENGINEERING ROCKS • YOUR COMPUTER, YOUR RULES • AND ABOVE ALL, CURIOSITY! • JUST TO CLARIFY, NOT A TYPO! • AT LEAST NOT MY TYPO • INSPIRED IN ZERO WING FAMOUS MISTRANSLATION MEME
OLLYDBG • OLLYDBG IS A 32-BIT ASSEMBLER LEVEL ANALYZING DEBUGGER FOR WINDOWS. • PRETTY USEFUL TOOL FOR DEBUGGING ON WINDOWS • SUPPORTS PLUGINS, WHICH CAN EXTEND IT’S FEATURES
DEMO TIME!
ANTI-DEBUG • TOO MANY TECHNIQUES TO DESCRIBE ALL • DEBUGGER DETECTION • NTSETINFORMATIONTHREAD - THREADHIDEFROMDEBUGGER • ISDEBUGGERPRESENT • TIMING HOOKS • GETTICKCOUNT • NTQUERYPERFORMANCECOUNTER • BREAKPOINT DETECTION • GETTHREADCONTEXT • INT3 (0XCC) AND INT 3 (0XCD03) • …
ANTI-DISASSEMBLE • JUNK CODE • OVERLAPPING INSTRUCTIONS • CALL/RET ABUSE • SELF-MODIFYING CODE • …
ANTI-ANTI-DEBUG/DISASM • PLENTY OF OPTIONS! • USER SPACE • SCYLLAHIDE • KERNEL SPACE • TITANHIDE
DEMO TIME!
ENCODER /* Parte 1 */ tmp = (data2 << 4) ^ (data2 >> 5); tmp += data2; j = local2 & 3; tmp2 = c[j] + local2; data1 += (tmp ^ tmp2); /* Atualiza local2 */ local2 += local3; /* Parte 2 */ tmp = (data1 << 4) ^ (data1 >> 5); tmp += data1; j = (local2 >> 0xb) & 3; tmp2 = c[j] + local2; data2 += (tmp ^ tmp2);
DEMO TIME!
ROGUE AUTH $state = $_GET["state"]; $name = $_GET["name"]; $pass = $_GET["pass"]; if ($state == "syn") { $session = md5(time()); if (strpos($name,'nullbyte') !== false) { print "ack|" . $session; } else { print "bad|Invalid username or password!"; } } elseif ($state == "synack") { $what1 = md5(time()); $what2 = md5(time() + 1); print "good|" . $what1 . "|" . $what2 . "|ALL YOUR B1N4R13S ARE BELONG TO US!!!"; }
QUESTIONS?
THANK YOU!
BUT REMEMBER…
DON’T TO THIS AT HOME!!!

Recommended

Anti-Anti-Forense de Memória: Abortando o "Abort Factor"
Anti-Anti-Forense de Memória: Abortando o "Abort Factor"Anti-Anti-Forense de Memória: Abortando o "Abort Factor"
Anti-Anti-Forense de Memória: Abortando o "Abort Factor"Nullbyte Security Conference
 
Muito além do alert() em ataques web client side
Muito além do alert() em ataques web client sideMuito além do alert() em ataques web client side
Muito além do alert() em ataques web client sideNullbyte Security Conference
 
Hacking cable modems the later years
Hacking cable modems the later yearsHacking cable modems the later years
Hacking cable modems the later yearsNullbyte Security Conference
 
C&C Botnet Factory
C&C Botnet FactoryC&C Botnet Factory
C&C Botnet FactoryNullbyte Security Conference
 
Stealth post-exploitation with phpsploit
Stealth post-exploitation with phpsploitStealth post-exploitation with phpsploit
Stealth post-exploitation with phpsploitNullbyte Security Conference
 
Making Agile Choices in Software Technology
Making Agile Choices in Software TechnologyMaking Agile Choices in Software Technology
Making Agile Choices in Software TechnologyDaniel Doubrovkine
 
TDD: seriously, try it! 
TDD: seriously, try it! TDD: seriously, try it! 
TDD: seriously, try it! Nacho Cougil
 
Reverse Engineering and It’s Basic by Prasenjit Kanti Paul.pptx
Reverse Engineering and It’s Basic by Prasenjit Kanti Paul.pptxReverse Engineering and It’s Basic by Prasenjit Kanti Paul.pptx
Reverse Engineering and It’s Basic by Prasenjit Kanti Paul.pptxnull - The Open Security Community
 

Recommended

Anti-Anti-Forense de Memória: Abortando o "Abort Factor"
Anti-Anti-Forense de Memória: Abortando o "Abort Factor"Anti-Anti-Forense de Memória: Abortando o "Abort Factor"
Anti-Anti-Forense de Memória: Abortando o "Abort Factor"Nullbyte Security Conference
 
Muito além do alert() em ataques web client side
Muito além do alert() em ataques web client sideMuito além do alert() em ataques web client side
Muito além do alert() em ataques web client sideNullbyte Security Conference
 
Hacking cable modems the later years
Hacking cable modems the later yearsHacking cable modems the later years
Hacking cable modems the later yearsNullbyte Security Conference
 
C&C Botnet Factory
C&C Botnet FactoryC&C Botnet Factory
C&C Botnet FactoryNullbyte Security Conference
 
Stealth post-exploitation with phpsploit
Stealth post-exploitation with phpsploitStealth post-exploitation with phpsploit
Stealth post-exploitation with phpsploitNullbyte Security Conference
 
Making Agile Choices in Software Technology
Making Agile Choices in Software TechnologyMaking Agile Choices in Software Technology
Making Agile Choices in Software TechnologyDaniel Doubrovkine
 
TDD: seriously, try it! 
TDD: seriously, try it! TDD: seriously, try it! 
TDD: seriously, try it! Nacho Cougil
 
Reverse Engineering and It’s Basic by Prasenjit Kanti Paul.pptx
Reverse Engineering and It’s Basic by Prasenjit Kanti Paul.pptxReverse Engineering and It’s Basic by Prasenjit Kanti Paul.pptx
Reverse Engineering and It’s Basic by Prasenjit Kanti Paul.pptxnull - The Open Security Community
 
How to be come a hacker slide for 2600 laos
How to be come a hacker slide for 2600 laosHow to be come a hacker slide for 2600 laos
How to be come a hacker slide for 2600 laosOuthai SAIOUDOM
 
Buffer overflow Attacks
Buffer overflow AttacksBuffer overflow Attacks
Buffer overflow AttacksCysinfo Cyber Security Community
 
Buffer Overflow Attacks
Buffer Overflow AttacksBuffer Overflow Attacks
Buffer Overflow Attackssecurityxploded
 
Redundant Virtual Private Clouds
Redundant Virtual Private CloudsRedundant Virtual Private Clouds
Redundant Virtual Private CloudsShapeBlue
 
[2012 CodeEngn Conference 06] beist - Everyone has his or her own fuzzer
[2012 CodeEngn Conference 06] beist - Everyone has his or her own fuzzer[2012 CodeEngn Conference 06] beist - Everyone has his or her own fuzzer
[2012 CodeEngn Conference 06] beist - Everyone has his or her own fuzzerGangSeok Lee
 
Miguel Vargas.CV
Miguel Vargas.CVMiguel Vargas.CV
Miguel Vargas.CVJose Miguel Vargas Felix
 
Dumb Smart Contracts (TBBUG).pdf
Dumb Smart Contracts (TBBUG).pdfDumb Smart Contracts (TBBUG).pdf
Dumb Smart Contracts (TBBUG).pdfParesh Yadav
 
михаил дударев
михаил дударевмихаил дударев
михаил дударевapps4allru
 
Low Code Neuro-Symbolic Agents.pdf
Low Code Neuro-Symbolic Agents.pdfLow Code Neuro-Symbolic Agents.pdf
Low Code Neuro-Symbolic Agents.pdfDenis Gagné
 
Old code doesn't stink - Detroit
Old code doesn't stink - DetroitOld code doesn't stink - Detroit
Old code doesn't stink - DetroitMartin Gutenbrunner
 
Software Security : From school to reality and back!
Software Security : From school to reality and back!Software Security : From school to reality and back!
Software Security : From school to reality and back!Peter Hlavaty
 
Hacklu2011 tricaud
Hacklu2011 tricaudHacklu2011 tricaud
Hacklu2011 tricaudstricaud
 
Unleashing your parish geeks
Unleashing your parish geeksUnleashing your parish geeks
Unleashing your parish geeksNicoleParrot
 
Ready set hack
Ready set hackReady set hack
Ready set hackGDSCBVCOENM
 
Ruby codebases in an entropic universe
Ruby codebases in an entropic universeRuby codebases in an entropic universe
Ruby codebases in an entropic universeNiranjan Paranjape
 
Goto Chicago; Journeys To Cloud Native Architecture: Sun, Sea And Emergencies...
Goto Chicago; Journeys To Cloud Native Architecture: Sun, Sea And Emergencies...Goto Chicago; Journeys To Cloud Native Architecture: Sun, Sea And Emergencies...
Goto Chicago; Journeys To Cloud Native Architecture: Sun, Sea And Emergencies...OpenCredo
 
Intro to Software Engineering for non-IT Audience
Intro to Software Engineering for non-IT AudienceIntro to Software Engineering for non-IT Audience
Intro to Software Engineering for non-IT AudienceYuriy Guts
 
THOTCON - The War over your DNS Queries
THOTCON - The War over your DNS QueriesTHOTCON - The War over your DNS Queries
THOTCON - The War over your DNS QueriesJohn Bambenek
 
ANALYZE'15 - Bulk Malware Analysis at Scale
ANALYZE'15 - Bulk Malware Analysis at ScaleANALYZE'15 - Bulk Malware Analysis at Scale
ANALYZE'15 - Bulk Malware Analysis at ScaleJohn Bambenek
 
The Rugged Way in the Cloud--Building Reliability and Security into Software
The Rugged Way in the Cloud--Building Reliability and Security into SoftwareThe Rugged Way in the Cloud--Building Reliability and Security into Software
The Rugged Way in the Cloud--Building Reliability and Security into SoftwareJames Wickett
 
Speeding up Red Team engagements with carnivorall
Speeding up Red Team engagements with carnivorallSpeeding up Red Team engagements with carnivorall
Speeding up Red Team engagements with carnivorallNullbyte Security Conference
 
Gitminer 2.0 - Advance Search on Github
Gitminer 2.0 - Advance Search on GithubGitminer 2.0 - Advance Search on Github
Gitminer 2.0 - Advance Search on GithubNullbyte Security Conference
 

More Related Content

Similar to All your binaries are belong to us

How to be come a hacker slide for 2600 laos
How to be come a hacker slide for 2600 laosHow to be come a hacker slide for 2600 laos
How to be come a hacker slide for 2600 laosOuthai SAIOUDOM
 
Redundant Virtual Private Clouds
Redundant Virtual Private CloudsRedundant Virtual Private Clouds
Redundant Virtual Private CloudsShapeBlue
 
[2012 CodeEngn Conference 06] beist - Everyone has his or her own fuzzer
[2012 CodeEngn Conference 06] beist - Everyone has his or her own fuzzer[2012 CodeEngn Conference 06] beist - Everyone has his or her own fuzzer
[2012 CodeEngn Conference 06] beist - Everyone has his or her own fuzzerGangSeok Lee
 
Dumb Smart Contracts (TBBUG).pdf
Dumb Smart Contracts (TBBUG).pdfDumb Smart Contracts (TBBUG).pdf
Dumb Smart Contracts (TBBUG).pdfParesh Yadav
 
михаил дударев
михаил дударевмихаил дударев
михаил дударевapps4allru
 
Low Code Neuro-Symbolic Agents.pdf
Low Code Neuro-Symbolic Agents.pdfLow Code Neuro-Symbolic Agents.pdf
Low Code Neuro-Symbolic Agents.pdfDenis Gagné
 
Old code doesn't stink - Detroit
Old code doesn't stink - DetroitOld code doesn't stink - Detroit
Old code doesn't stink - DetroitMartin Gutenbrunner
 
Software Security : From school to reality and back!
Software Security : From school to reality and back!Software Security : From school to reality and back!
Software Security : From school to reality and back!Peter Hlavaty
 
Hacklu2011 tricaud
Hacklu2011 tricaudHacklu2011 tricaud
Hacklu2011 tricaudstricaud
 
Unleashing your parish geeks
Unleashing your parish geeksUnleashing your parish geeks
Unleashing your parish geeksNicoleParrot
 
Ruby codebases in an entropic universe
Ruby codebases in an entropic universeRuby codebases in an entropic universe
Ruby codebases in an entropic universeNiranjan Paranjape
 
Goto Chicago; Journeys To Cloud Native Architecture: Sun, Sea And Emergencies...
Goto Chicago; Journeys To Cloud Native Architecture: Sun, Sea And Emergencies...Goto Chicago; Journeys To Cloud Native Architecture: Sun, Sea And Emergencies...
Goto Chicago; Journeys To Cloud Native Architecture: Sun, Sea And Emergencies...OpenCredo
 
Intro to Software Engineering for non-IT Audience
Intro to Software Engineering for non-IT AudienceIntro to Software Engineering for non-IT Audience
Intro to Software Engineering for non-IT AudienceYuriy Guts
 
THOTCON - The War over your DNS Queries
THOTCON - The War over your DNS QueriesTHOTCON - The War over your DNS Queries
THOTCON - The War over your DNS QueriesJohn Bambenek
 
ANALYZE'15 - Bulk Malware Analysis at Scale
ANALYZE'15 - Bulk Malware Analysis at ScaleANALYZE'15 - Bulk Malware Analysis at Scale
ANALYZE'15 - Bulk Malware Analysis at ScaleJohn Bambenek
 
The Rugged Way in the Cloud--Building Reliability and Security into Software
The Rugged Way in the Cloud--Building Reliability and Security into SoftwareThe Rugged Way in the Cloud--Building Reliability and Security into Software
The Rugged Way in the Cloud--Building Reliability and Security into SoftwareJames Wickett
 

Similar to All your binaries are belong to us (20)

How to be come a hacker slide for 2600 laos
How to be come a hacker slide for 2600 laosHow to be come a hacker slide for 2600 laos
How to be come a hacker slide for 2600 laos
 
Buffer overflow Attacks
Buffer overflow AttacksBuffer overflow Attacks
Buffer overflow Attacks
 
Buffer Overflow Attacks
Buffer Overflow AttacksBuffer Overflow Attacks
Buffer Overflow Attacks
 
Redundant Virtual Private Clouds
Redundant Virtual Private CloudsRedundant Virtual Private Clouds
Redundant Virtual Private Clouds
 
[2012 CodeEngn Conference 06] beist - Everyone has his or her own fuzzer
[2012 CodeEngn Conference 06] beist - Everyone has his or her own fuzzer[2012 CodeEngn Conference 06] beist - Everyone has his or her own fuzzer
[2012 CodeEngn Conference 06] beist - Everyone has his or her own fuzzer
 
Miguel Vargas.CV
Miguel Vargas.CVMiguel Vargas.CV
Miguel Vargas.CV
 
Dumb Smart Contracts (TBBUG).pdf
Dumb Smart Contracts (TBBUG).pdfDumb Smart Contracts (TBBUG).pdf
Dumb Smart Contracts (TBBUG).pdf
 
михаил дударев
михаил дударевмихаил дударев
михаил дударев
 
Low Code Neuro-Symbolic Agents.pdf
Low Code Neuro-Symbolic Agents.pdfLow Code Neuro-Symbolic Agents.pdf
Low Code Neuro-Symbolic Agents.pdf
 
Old code doesn't stink - Detroit
Old code doesn't stink - DetroitOld code doesn't stink - Detroit
Old code doesn't stink - Detroit
 
Software Security : From school to reality and back!
Software Security : From school to reality and back!Software Security : From school to reality and back!
Software Security : From school to reality and back!
 
Hacklu2011 tricaud
Hacklu2011 tricaudHacklu2011 tricaud
Hacklu2011 tricaud
 
Unleashing your parish geeks
Unleashing your parish geeksUnleashing your parish geeks
Unleashing your parish geeks
 
Ready set hack
Ready set hackReady set hack
Ready set hack
 
Ruby codebases in an entropic universe
Ruby codebases in an entropic universeRuby codebases in an entropic universe
Ruby codebases in an entropic universe
 
Goto Chicago; Journeys To Cloud Native Architecture: Sun, Sea And Emergencies...
Goto Chicago; Journeys To Cloud Native Architecture: Sun, Sea And Emergencies...Goto Chicago; Journeys To Cloud Native Architecture: Sun, Sea And Emergencies...
Goto Chicago; Journeys To Cloud Native Architecture: Sun, Sea And Emergencies...
 
Intro to Software Engineering for non-IT Audience
Intro to Software Engineering for non-IT AudienceIntro to Software Engineering for non-IT Audience
Intro to Software Engineering for non-IT Audience
 
THOTCON - The War over your DNS Queries
THOTCON - The War over your DNS QueriesTHOTCON - The War over your DNS Queries
THOTCON - The War over your DNS Queries
 
ANALYZE'15 - Bulk Malware Analysis at Scale
ANALYZE'15 - Bulk Malware Analysis at ScaleANALYZE'15 - Bulk Malware Analysis at Scale
ANALYZE'15 - Bulk Malware Analysis at Scale
 
The Rugged Way in the Cloud--Building Reliability and Security into Software
The Rugged Way in the Cloud--Building Reliability and Security into SoftwareThe Rugged Way in the Cloud--Building Reliability and Security into Software
The Rugged Way in the Cloud--Building Reliability and Security into Software
 

More from Nullbyte Security Conference

Windows Internals: fuzzing, hijacking and weaponizing kernel objects
Windows Internals: fuzzing, hijacking and weaponizing kernel objectsWindows Internals: fuzzing, hijacking and weaponizing kernel objects
Windows Internals: fuzzing, hijacking and weaponizing kernel objectsNullbyte Security Conference
 
Windows's Kindnesses - Commoner to D-K(d)OM (Direct Kernel Object Manipulation)
Windows's Kindnesses - Commoner to D-K(d)OM (Direct Kernel Object Manipulation)Windows's Kindnesses - Commoner to D-K(d)OM (Direct Kernel Object Manipulation)
Windows's Kindnesses - Commoner to D-K(d)OM (Direct Kernel Object Manipulation)Nullbyte Security Conference
 
Rootkits em kernel space - Redshift, um rootkit para o kernel do FreeBSD
Rootkits em kernel space - Redshift, um rootkit para o kernel do FreeBSDRootkits em kernel space - Redshift, um rootkit para o kernel do FreeBSD
Rootkits em kernel space - Redshift, um rootkit para o kernel do FreeBSDNullbyte Security Conference
 
How i cracked millions of “pt br” hashed passwords
How i cracked millions of “pt br” hashed passwordsHow i cracked millions of “pt br” hashed passwords
How i cracked millions of “pt br” hashed passwordsNullbyte Security Conference
 
Evitando execução de códigos arbitrários com GRsecurity e PaX
Evitando execução de códigos arbitrários com GRsecurity e PaXEvitando execução de códigos arbitrários com GRsecurity e PaX
Evitando execução de códigos arbitrários com GRsecurity e PaXNullbyte Security Conference
 

More from Nullbyte Security Conference (10)

Speeding up Red Team engagements with carnivorall
Speeding up Red Team engagements with carnivorallSpeeding up Red Team engagements with carnivorall
Speeding up Red Team engagements with carnivorall
 
Gitminer 2.0 - Advance Search on Github
Gitminer 2.0 - Advance Search on GithubGitminer 2.0 - Advance Search on Github
Gitminer 2.0 - Advance Search on Github
 
Automatizando o abuso de repositórios expostos
Automatizando o abuso de repositórios expostosAutomatizando o abuso de repositórios expostos
Automatizando o abuso de repositórios expostos
 
Windows Internals: fuzzing, hijacking and weaponizing kernel objects
Windows Internals: fuzzing, hijacking and weaponizing kernel objectsWindows Internals: fuzzing, hijacking and weaponizing kernel objects
Windows Internals: fuzzing, hijacking and weaponizing kernel objects
 
Windows's Kindnesses - Commoner to D-K(d)OM (Direct Kernel Object Manipulation)
Windows's Kindnesses - Commoner to D-K(d)OM (Direct Kernel Object Manipulation)Windows's Kindnesses - Commoner to D-K(d)OM (Direct Kernel Object Manipulation)
Windows's Kindnesses - Commoner to D-K(d)OM (Direct Kernel Object Manipulation)
 
Is rust language really safe?
Is rust language really safe? Is rust language really safe?
Is rust language really safe?
 
Cabra Arretado Aperriando o WordPress
Cabra Arretado Aperriando o WordPressCabra Arretado Aperriando o WordPress
Cabra Arretado Aperriando o WordPress
 
Rootkits em kernel space - Redshift, um rootkit para o kernel do FreeBSD
Rootkits em kernel space - Redshift, um rootkit para o kernel do FreeBSDRootkits em kernel space - Redshift, um rootkit para o kernel do FreeBSD
Rootkits em kernel space - Redshift, um rootkit para o kernel do FreeBSD
 
How i cracked millions of “pt br” hashed passwords
How i cracked millions of “pt br” hashed passwordsHow i cracked millions of “pt br” hashed passwords
How i cracked millions of “pt br” hashed passwords
 
Evitando execução de códigos arbitrários com GRsecurity e PaX
Evitando execução de códigos arbitrários com GRsecurity e PaXEvitando execução de códigos arbitrários com GRsecurity e PaX
Evitando execução de códigos arbitrários com GRsecurity e PaX
 

Recently uploaded

A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????blackmambaettijean
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 

Recently uploaded (20)

A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
What is Artificial Intelligence?????????
What is Artificial Intelligence?????????What is Artificial Intelligence?????????
What is Artificial Intelligence?????????
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 

All your binaries are belong to us

  • 2. DISCLAIMER ALL THE INFORMATION PROVIDED ON THIS TALK ARE FOR EDUCATIONAL PURPOSES ONLY. THE AUTHOR IS NOT RESPONSIBLE FOR ANY MISUSE OF THE INFORMATION!
  • 3. MOTIVATION • REVERSE ENGINEERING ROCKS • YOUR COMPUTER, YOUR RULES • AND ABOVE ALL, CURIOSITY! • JUST TO CLARIFY, NOT A TYPO! • AT LEAST NOT MY TYPO • INSPIRED IN ZERO WING FAMOUS MISTRANSLATION MEME
  • 4. OLLYDBG • OLLYDBG IS A 32-BIT ASSEMBLER LEVEL ANALYZING DEBUGGER FOR WINDOWS. • PRETTY USEFUL TOOL FOR DEBUGGING ON WINDOWS • SUPPORTS PLUGINS, WHICH CAN EXTEND IT’S FEATURES
  • 6. ANTI-DEBUG • TOO MANY TECHNIQUES TO DESCRIBE ALL • DEBUGGER DETECTION • NTSETINFORMATIONTHREAD - THREADHIDEFROMDEBUGGER • ISDEBUGGERPRESENT • TIMING HOOKS • GETTICKCOUNT • NTQUERYPERFORMANCECOUNTER • BREAKPOINT DETECTION • GETTHREADCONTEXT • INT3 (0XCC) AND INT 3 (0XCD03) • …
  • 7. ANTI-DISASSEMBLE • JUNK CODE • OVERLAPPING INSTRUCTIONS • CALL/RET ABUSE • SELF-MODIFYING CODE • …
  • 8.
  • 9. ANTI-ANTI-DEBUG/DISASM • PLENTY OF OPTIONS! • USER SPACE • SCYLLAHIDE • KERNEL SPACE • TITANHIDE
  • 11. ENCODER /* Parte 1 */ tmp = (data2 << 4) ^ (data2 >> 5); tmp += data2; j = local2 & 3; tmp2 = c[j] + local2; data1 += (tmp ^ tmp2); /* Atualiza local2 */ local2 += local3; /* Parte 2 */ tmp = (data1 << 4) ^ (data1 >> 5); tmp += data1; j = (local2 >> 0xb) & 3; tmp2 = c[j] + local2; data2 += (tmp ^ tmp2);
  • 13. ROGUE AUTH $state = $_GET["state"]; $name = $_GET["name"]; $pass = $_GET["pass"]; if ($state == "syn") { $session = md5(time()); if (strpos($name,'nullbyte') !== false) { print "ack|" . $session; } else { print "bad|Invalid username or password!"; } } elseif ($state == "synack") { $what1 = md5(time()); $what2 = md5(time() + 1); print "good|" . $what1 . "|" . $what2 . "|ALL YOUR B1N4R13S ARE BELONG TO US!!!"; }