Code Injection and Software Cracking’s Effect on Network Security - PowerPoint PPT Presentation

Code injection and software cracking s effect on network security
Download
1 / 26

  • 90 Views
  • Uploaded on
  • Presentation posted in: General

Code Injection and Software Cracking’s Effect on Network Security. Group 5 Jason Fritts Utsav Kanani Zener Bayudan. ECE 4112 Fall 2007. Background. Lab 8 – Viruses But how are they hidden? Code Injection Injecting unwanted code into a program.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

Download Presentation

Code Injection and Software Cracking’s Effect on Network Security

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Code injection and software cracking s effect on network security

Code Injection and Software Cracking’s Effect on Network Security

Group 5

Jason Fritts

Utsav Kanani

Zener Bayudan

ECE 4112

Fall 2007


Background

Background

  • Lab 8 – Viruses

    • But how are they hidden?

  • Code Injection

    • Injecting unwanted code into a program.

    • Used by virus writers to inject a virus procedure in the interior of a executable file (Trojans)

  • Software Cracking

    • Modifying software to remove protection methods such as copy prevention, trial/demo, serial number authentication.


Trojan statistics

Trojan Statistics


Tools used

Tools Used

  • W32Dasm

    • Disassembler used to translate machine language to readable assembly language.

  • Hex Workshop

    • Hex editor used to edit raw binary applications.

  • OllyDBG

    • Debugger used to trace through program step by step.


W32dasm

W32dasm


Hex workshop

Hex Workshop


Ollydbg

OllyDBG


Software cracking

Software Cracking

  • Major component of software piracy

  • “U.S. software industry lost over $2.9 billion in the U.S. and $11 billion in international sales from software theft”

  • Pre-compiled cracks widely distributed on websites.

  • Often contain malware injected in their code

    • Windows Vista activation crack


Lab contents

Lab Contents

  • Software Serial Crack

  • Key Generator

  • Code Injection Example

  • Defenses against code disassembly


Serial key crack

Serial Key Crack

  • Software distribution done online

  • Serial Keys used as a type of user authentication


Finding authentication code

Finding authentication code

  • In disassembler W32dasm or debugger

  • Search for string comparison (cmp)

  • Jumps to “Invalid serial” if not equal (jne)

  • Note offset


Removing authentication

Removing authentication

  • In Hex Editor

  • Go to offset of JNE

  • Change JNE to NOP (0x9090)


Checking your crack

Checking your crack

  • Code bypasses JNE (Jump to “Invalid serial number”)

  • Any serial number can be used.


Key generators

Key Generators

  • Requirements during Software Installation

    • Product Id

    • Serial Key

  • A variety of Authentication algorithms used

    • Algebraic expression( output = ((pid*2 + 73)*3) - 28)

    • Key gives a checksum of 25


Key generators1

KEY-GENERATORS

One of the major contributors to Software Piracy

Available for free download on several websites

Program that generates a serial key or Registration number for a software

Automated knowledge of Assembly language not required by the end user


Making a key generator

Making a Key-Generator


Code injection example

Code Injection Example

  • Find code caves (DB 00)

    • Unused memory locations in executable

  • Overwrite code caves with malicious codes

  • Redirect JMP instructions to malicious codes

  • Redirect back to original code

  • Resume normal operation


Code caves

Code Caves


Code injection example1

Code Injection Example


Code injection example2

Code Injection Example

  • Injected code executes as well as original program


Prevention

Prevention

  • Product Activation

    • Online Activation

    • Telephone Activation

  • Encryption

  • Self Modifying Code


Execryptor bullet proof software protection

EXECryptor-Bullet Proof Software Protection

  • Features

    • Anti-cracking, anti-debugging, and anti-trace

    • Secure creation of custom evaluation and trial versions of your software

    • Built-in registration and license management

    • Compatible with several programming languages (Delphi, Microsoft Visual C++, Power Basic, Visual Basic)

    • Protection of several file types (EXE files, DLL and ActiveX components)

  • Uses Code Morphing

    • Obfuscates the code on the level of the CPU commands rather than the source level.

    • “EXECryptor's Code Morphing turns binary code into an undecipherable mess that is not similar to normal compiled code, and completely hides execution logic of the protected code. “


Unprotected code

Unprotected Code


Protected code

Protected Code


References

References

  • Code Injection

    • http://www.codeproject.com/KB/system/inject2exe.aspx#BuildanImportTableandReconstructtheOriginalImportTable6

  • Software Cracking

    • http://en.wikipedia.org/wiki/Software_cracking

  • Windows Vista Crack

    • http://apcmag.com/node/4737


  • Login