Code injection and software cracking s effect on network security
Download
1 / 26

Code Injection and Software Cracking s Effect on Network Security - PowerPoint PPT Presentation


  • 234 Views
  • Uploaded on

Code Injection and Software Cracking’s Effect on Network Security. Group 5 Jason Fritts Utsav Kanani Zener Bayudan. ECE 4112 Fall 2007. Background. Lab 8 – Viruses But how are they hidden? Code Injection Injecting unwanted code into a program.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Code Injection and Software Cracking s Effect on Network Security' - erna


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Code injection and software cracking s effect on network security l.jpg

Code Injection and Software Cracking’s Effect on Network Security

Group 5

Jason Fritts

Utsav Kanani

Zener Bayudan

ECE 4112

Fall 2007


Background l.jpg
Background Security

  • Lab 8 – Viruses

    • But how are they hidden?

  • Code Injection

    • Injecting unwanted code into a program.

    • Used by virus writers to inject a virus procedure in the interior of a executable file (Trojans)

  • Software Cracking

    • Modifying software to remove protection methods such as copy prevention, trial/demo, serial number authentication.



Tools used l.jpg
Tools Used Security

  • W32Dasm

    • Disassembler used to translate machine language to readable assembly language.

  • Hex Workshop

    • Hex editor used to edit raw binary applications.

  • OllyDBG

    • Debugger used to trace through program step by step.


W32dasm l.jpg
W32dasm Security


Hex workshop l.jpg
Hex Workshop Security


Ollydbg l.jpg
OllyDBG Security


Software cracking l.jpg
Software Cracking Security

  • Major component of software piracy

  • “U.S. software industry lost over $2.9 billion in the U.S. and $11 billion in international sales from software theft”

  • Pre-compiled cracks widely distributed on websites.

  • Often contain malware injected in their code

    • Windows Vista activation crack


Lab contents l.jpg
Lab Contents Security

  • Software Serial Crack

  • Key Generator

  • Code Injection Example

  • Defenses against code disassembly


Serial key crack l.jpg
Serial Key Crack Security

  • Software distribution done online

  • Serial Keys used as a type of user authentication


Finding authentication code l.jpg
Finding authentication code Security

  • In disassembler W32dasm or debugger

  • Search for string comparison (cmp)

  • Jumps to “Invalid serial” if not equal (jne)

  • Note offset


Removing authentication l.jpg
Removing authentication Security

  • In Hex Editor

  • Go to offset of JNE

  • Change JNE to NOP (0x9090)


Checking your crack l.jpg
Checking your crack Security

  • Code bypasses JNE (Jump to “Invalid serial number”)

  • Any serial number can be used.


Key generators l.jpg
Key Generators Security

  • Requirements during Software Installation

    • Product Id

    • Serial Key

  • A variety of Authentication algorithms used

    • Algebraic expression( output = ((pid*2 + 73)*3) - 28)

    • Key gives a checksum of 25


Key generators15 l.jpg
KEY-GENERATORS Security

One of the major contributors to Software Piracy

Available for free download on several websites

Program that generates a serial key or Registration number for a software

Automated knowledge of Assembly language not required by the end user



Code injection example l.jpg
Code Injection Example Security

  • Find code caves (DB 00)

    • Unused memory locations in executable

  • Overwrite code caves with malicious codes

  • Redirect JMP instructions to malicious codes

  • Redirect back to original code

  • Resume normal operation


Code caves l.jpg
Code Caves Security



Code injection example20 l.jpg
Code Injection Example Security

  • Injected code executes as well as original program


Prevention l.jpg
Prevention Security

  • Product Activation

    • Online Activation

    • Telephone Activation

  • Encryption

  • Self Modifying Code


Execryptor bullet proof software protection l.jpg
EXECryptor-Bullet Proof Software SecurityProtection

  • Features

    • Anti-cracking, anti-debugging, and anti-trace

    • Secure creation of custom evaluation and trial versions of your software

    • Built-in registration and license management

    • Compatible with several programming languages (Delphi, Microsoft Visual C++, Power Basic, Visual Basic)

    • Protection of several file types (EXE files, DLL and ActiveX components)

  • Uses Code Morphing

    • Obfuscates the code on the level of the CPU commands rather than the source level.

    • “EXECryptor's Code Morphing turns binary code into an undecipherable mess that is not similar to normal compiled code, and completely hides execution logic of the protected code. “



Protected code l.jpg
Protected Code Security


References l.jpg
References Security

  • Code Injection

    • http://www.codeproject.com/KB/system/inject2exe.aspx#BuildanImportTableandReconstructtheOriginalImportTable6

  • Software Cracking

    • http://en.wikipedia.org/wiki/Software_cracking

  • Windows Vista Crack

    • http://apcmag.com/node/4737


ad