(ebook) x86 software reverse-engineering, cracking, and counter-measures (tech today) by domas, step
(Ebook) x86 Software Reverse-Engineering, Cracking, and Counter-Measures (Tech Today) by Domas, Stephanie, Domas, Christopher ISBN 9781394199884, 1394199880 download
(Ebook) Cambridge IGCSE and O Level History Workbook 2C - Depth Study: the United States, 1919-41 2nd Edition by Benjamin Harrison ISBN 9781398375147, 9781398375048, 1398375144, 1398375047
(Ebook) Implementing Reverse Engineering: The Real Practice of X86 Internals, Code Calling Conventions, Ransomware Decryption, Application Cracking, Assembly Language, ... Open Source Tools (English Edition) by Jitender Narula
No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 750-4470, or on the web at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at www.wiley.com/go/permission.
Trademarks: Wiley and the Wiley logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates in the United States and other countries and may not be used without written permission. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book.
Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Further, readers should be aware that websites listed in this work may have changed or disappeared between when this work was written and when it is read. Neither the publisher nor authors shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.
For general information on our other products and services or for technical support, please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002.
If you believe you’ve found a mistake in this book, please bring it to our attention by emailing our reader support team at wileysupport@wiley.com with the subject line “Possible Book Errata Submission.”
Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic formats. For more information about Wiley products, visit our web site at www .wiley.com
With more than 10 years of ethical hacking, reverse engineering, and advanced vulnerability analysis as a defense contractor, Stephanie Domas has a deep knowledge of and passion for the hacker mindset. Pivoting her offensive skills to the defense, she built and led two cybersecurity businesses focused on defense of embedded systems, medical devices, and the healthcare industry. She currently serves as a prominent industry consultant and advisor with a broad range of tech companies and device manufacturers, from the newest startups to the industry giants, and is the CISO of Canonical, driving Canonical to be the most trusted computational partner in all of open source. Previously, she served as the chief security technology strategist at Intel where she owned the cross- Intel security technology strategy, formulating and implementing strategies that would accelerate Intel’s strength, competitiveness, and revenue growth in the area of security. Stephanie is a passionate educator, strategist, speaker, advisor, and security enthusiast.
Christopher Domas is a security researcher primarily focused on firmware, hardware, and low-level processor exploitation. He is best known for releasing impractical solutions to nonexistent problems, including the world’s first single instruction C compiler (M/o/Vfuscator), toolchains for generating images in program control flow graphs (REpsych), and Turing machines in the vi text editor. His more relevant work includes the sandsifter processor fuzzer, rosenbridge backdoor, the binary visualization tool ..cantor.dust.., and the memory sinkhole privilege escalation exploit.
About the Technical Writer
Howard Poston is a copywriter, author, and course developer with experience in cybersecurity and blockchain security, cryptography, and malware analysis. He has a master’s degree in cyber operations, a decade of experience in cybersecurity, and more than five years of experience as a freelance consultant providing training and content creation for cyber and blockchain security. He is also the creator of more than a dozen cybersecurity courses, has authored two books, and has spoken at numerous cybersecurity conferences.
About the Technical Editor
John Toterhi is a senior security researcher specializing in embedded system reverse engineering, vulnerability research, and capability development. John started his career in 2010 as a civilian malware analyst for the United States Air Force, where he reverse-engineered malicious software threats to U.S. air and space assets. Since then, John has worked for multiple government and private organizations on large-scale software vulnerability discovery and CNO tool development. John is also a guest lecturer at Ohio State University, teaching reverse engineering and malware analysis, and co-leads a private offensive security bootcamp that helps prepare the next generation of cyber engineers to solve tomorrow’s cyber challenges.
Introduction
Reverse engineering and software cracking are disciplines with a long, rich history. For decades, software developers have attempted to build defenses into their applications to protect intellectual property or to prevent modifications to the program code. The art of cracking has been around nearly as long as reverse engineers have been examining and modifying code for fun or profit.
Before diving into the details of how reverse engineering works, it is useful to understand the context in which these disciplines reside. This chapter describes what to expect from this book and dives into the history and legal considerations of software reverse engineering and cracking.
Who Should Read This Book
From security professionals to hobbyists, this book is for anyone who wants to learn to take apart, understand, and modify black-box software. This book takes a curious security-minded individual behind the curtain to how software cracking and computers work. Learning how an x86 computer works is not only powerful from a reverse-engineering and cracking perspective, but will make each reader a stronger developer, with advanced knowledge they can apply to code optimization, efficiency, debugging, compiler settings and chip selection. Then the curtain continues to pull back as readers learn how software cracking happens. Readers will learn about tools and techniques that real-world software crackers use, and they will set their newfound knowledge to the test by cracking real-world applications of their own in numerous hands- on labs. We then circle back to understand defensive techniques for combating software cracking.
By learning both the offensive and defensive techniques, readers will walk away as strong software crackers or software defenders.
What to Expect from This Book
This book is based on these three core tenets of reverse engineering:
■ There is no such thing as uncrackable software.
■ The goal in offense is to try to go faster.
■ The goal in defense is to try to slow down.
Based on this philosophy, any software can be reverse engineered and have its secrets stolen and protections circumvented. It’s just a matter of time.
Like other areas of cybersecurity, both offensive and defensive reverse engineers benefit from having a similar set of skills. This book is designed to provide an introduction to these three interrelated skill sets:
■ Reverse engineering: Reverse engineering is the process of taking software apart and figuring out how it works.
■ Cracking: Cracking builds on reverse engineering by manipulating a program’s internals to get it to do something that it was not intended to.
■ Defense: While all software is crackable, defenses can make a program more difficult and time-consuming to crack.
Both offensive and defensive reverse engineers benefit from the same set of skills. Without an understanding of reverse engineering and cracking, a defender can’t craft effective protections. On the other hand, an attacker can more effectively bypass and overcome these protections if they can understand and manipulate how a program works.
Structure of the Book
This book is organized based on these three core capabilities and skill sets. The structure is as follows:
PART TOPICS
Part 2: Software
Reverse Engineering
Part 3: Software
Cracking
Part 4: Defenses, Countermeasures, and Advanced Topics
Reconnaissance
Key checkers
Key generators
Process monitoring
Resource manipulation
Static analysis
Dynamic analysis
Writing key gens
Cracking software
Manual patching
Automated patchers
Advanced dynamic analysis
Execution tracing
Advanced static analysis
Trial periods
Nag screens
More key gens
More cracks
Obfuscation/deobfuscation
Anti- debugging/ anti-anti- debugging
Packing/unpacking
Cryptors/decryptors
Architectural defenses
Legal
Timeless debugging
Binary instrumentation
Intermediate representations
Decompiling
Automatic structure recovery
Visualization
Theorem provers
Symbolic analysis
Cracking extravaganza
GOAL
Master the tools, approaches, and mindset required to take software apart and understand its inner workings.
Master the tools, approaches, and mindset necessary to isolate behavior and modify software.
Master defenses and counter- defenses.
Evaluate defensive posture and tradeoffs.
Explore advanced topics.
Exercise reverse engineering and cracking tools, techniques, and mindset.
Hands- On Experience and Labs
The best way to learn reverse engineering and software cracking is by doing it. For this reason, this book will include several hands-on labs that demonstrate the concepts described in the text.
The goal of this book isn’t to teach a particular set of tools and techniques. While the focus is on x86 software running in Windows, many of the approaches and techniques will translate to other platforms. This book will attempt to demonstrate a wide range of tools, including open- source, freeware, shareware, and commercial solutions. With an understanding of what tools are available and their relative strengths and weaknesses, you can more effectively select the right tool for the job.
Hands-on labs and exercises will also focus on reverse engineering and cracking a variety of different targets, including the following:
■ Real software: Some exercises will use real-world software carefully selected to avoid copyright violations.
■ Manufactured examples: Software written specifically for this book to illustrate concepts that are impractical to demonstrate with real-world examples.
■ Crackmes: Manufactured software developed by crackers to illustrate a concept or challenge others.
Companion Download Files
The book mentions some additional files, such as labs or tools. These items are available for download from https://github.com/DazzleCatDuo/ X86-SOFTWARE-REVERSE-ENGINEERING-CRACKING-AND-COUNTER-MEASURES
History
Before diving into the nitty-gritty details of cracking and reverse engineering, it is useful to understand its history. Software protections and the tricks and techniques used to overcome them have been evolving for decades.
The First Software Protections
The first software copy protections emerged in the 1970s. Some of the early movers in the space were as follows:
■ Apple II: The Apple II incorporated proprietary disk drivers that would allow writing at half-tracks, writing extra rings, and staggering and overlapping sectors. The purpose of this was to make the disks unusable by non-Apple machines and software that wouldn’t know to read and write at these odd offsets.
■ Atari 800: Atari 800 systems would intentionally include bad sectors in their disks and attempt to load these sectors. If these loads didn’t return a “bad sector” error, then the software knew it wasn’t a valid disk and would halt execution.
■ Commodore 64: Legitimate Commodore 64 software was distributed only on read-only disks. The software would attempt to overwrite the disk, and, if it succeeded, it knew the disk was counterfeit.
These protections all depended on unusual behavior by the software, such as the use of invalid memory or attempting to overwrite the program’s own code. Defeating these protections required an understanding of how the software worked.
The Rise of Cracking and Reverse Engineering
The rise of cracking and reverse engineering began in the 1980s. However, these early crackers weren’t in it for the money. Cracking was a contest to determine who could figure out and bypass software protections the quickest.
Over the next several decades, the reverse engineering and cracking scene evolved. These are some of the key dates in the history of reverse engineering:
1987: Fairlight’s formation in 1987 by Bacchus defines one of the first operational groups. Fairlight will later come to prominence in FBI crackdowns of the early 2000s. For more historic details visit www.fairlight.to and csdb.dk.
1990: Elliot J. Chikofsky and James H. Cross II defined reverse engineering as “the process of analyzing a subject system to identify the system’s components and their interrelationships and to create representations of the system in another form or at a higher level of abstraction. (“Reverse Engineering and Design Recovery: A Taxonomy.” IEEE Software, Vol. 7, Issue 1, Jan 1990).
1997: Old Red Cracker (handle +ORC) founds the Internet-based High Cracking University (+HCU) to allow everyone to learn about cracking. +ORC released “how to crack” lessons online and authored academic papers. +HCU students had handles that began with an +.
1997–2009: The “warez scene” emerges with groups competing to be the first to release copyrighted material. Insiders (aka “suppliers”) provided early access to their groups, “crackers” broke the protections, and “couriers” distributed cracked software to FTP sites. Between 2003 and 2009, approximately 3,164 active groups were on “the scene”, competing primarily for pride and bragging rights, not money.
2004: The FBI and other countries begin raids against “the scene”. Operation Fastlink (2004) led to the conviction of 60 warez members, and Operation Site Down (2005) took down 25 warez groups.
The arms race between software protections and crackers continues to rage, and reverse engineering is an invaluable skill set on both sides. Crackers need to understand how a program works to manipulate it and bypass defenses. On the defensive side, it’s important to understand the latest cracking techniques to develop defenses that protect intellectual property and other sensitive data.
Legal
The best way to learn is by doing. This is why this book includes labs and exercises with real-world software as well as manufactured examples and crackmes. We are not lawyers, and those with concerns should consult a lawyer. We recommend the Electronic Frontier Foundation ( www.eff.org). Chapter 15 covers legal topics because we feel it’s important for everyone to understand the US-based laws that affect this area. There are two main laws to be aware of: the Copyright Act and the Digital Millennium Copyright Act (DMCA).
The Fair Use Clause of the Copyright Act (Copyright Act, 17 U.S.C. § 107) states that reverse engineering falls under “fair use” when done for “. . .purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research. . ..” This exception is balanced against “the effect of the use upon the potential market for or value of the copyrighted work.” In essence, reverse engineering used for educational purposes is legal if you don’t share or sell the cracked software.
In October 2016, the DMCA also added an exception for good faith security research. It states, “accessing a computer program solely for purposes of goodfaith testing, . . .where such activity is carried out in a controlled environment designed to avoid any harm to individuals or the public, . . .and is not used or maintained in a manner that facilitates copyright infringement.”
The software examined in this book and used in exercises was carefully selected to fall under the fair use and DMCA exceptions. If you are planning to reverse engineer and crack software for anything other than self-education, you should consult a lawyer. The legal considerations of reverse engineering will also be explored in greater detail in a later chapter.
Software reverse engineering and cracking have a rich history, and this skill set has both offensive and defensive applications. However, it is important to understand the laws around these disciplines and ensure that your activities fall under the good-faith testing and fair use exemptions.
This book is designed to provide a strong foundation in the skills and tools used for software reverse engineering and cracking. Beginning with the fundamentals, the book will move on through sections on software reverse engineering and cracking to end with an exploration of advanced offensive and defensive techniques.
x86 Software ReverseEngineering, Cracking, and Counter-Measures
