Code injection and software cracking s effect on network security
This presentation is the property of its rightful owner.
Sponsored Links
1 / 26

Code Injection and Software Cracking’s Effect on Network Security PowerPoint PPT Presentation


  • 49 Views
  • Uploaded on
  • Presentation posted in: General

Code Injection and Software Cracking’s Effect on Network Security. Group 5 Jason Fritts Utsav Kanani Zener Bayudan. ECE 4112 Fall 2007. Background. Lab 8 – Viruses But how are they hidden? Code Injection Injecting unwanted code into a program.

Download Presentation

Code Injection and Software Cracking’s Effect on Network Security

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Code injection and software cracking s effect on network security

Code Injection and Software Cracking’s Effect on Network Security

Group 5

Jason Fritts

Utsav Kanani

Zener Bayudan

ECE 4112

Fall 2007


Background

Background

  • Lab 8 – Viruses

    • But how are they hidden?

  • Code Injection

    • Injecting unwanted code into a program.

    • Used by virus writers to inject a virus procedure in the interior of a executable file (Trojans)

  • Software Cracking

    • Modifying software to remove protection methods such as copy prevention, trial/demo, serial number authentication.


Trojan statistics

Trojan Statistics


Tools used

Tools Used

  • W32Dasm

    • Disassembler used to translate machine language to readable assembly language.

  • Hex Workshop

    • Hex editor used to edit raw binary applications.

  • OllyDBG

    • Debugger used to trace through program step by step.


W32dasm

W32dasm


Hex workshop

Hex Workshop


Ollydbg

OllyDBG


Software cracking

Software Cracking

  • Major component of software piracy

  • “U.S. software industry lost over $2.9 billion in the U.S. and $11 billion in international sales from software theft”

  • Pre-compiled cracks widely distributed on websites.

  • Often contain malware injected in their code

    • Windows Vista activation crack


Lab contents

Lab Contents

  • Software Serial Crack

  • Key Generator

  • Code Injection Example

  • Defenses against code disassembly


Serial key crack

Serial Key Crack

  • Software distribution done online

  • Serial Keys used as a type of user authentication


Finding authentication code

Finding authentication code

  • In disassembler W32dasm or debugger

  • Search for string comparison (cmp)

  • Jumps to “Invalid serial” if not equal (jne)

  • Note offset


Removing authentication

Removing authentication

  • In Hex Editor

  • Go to offset of JNE

  • Change JNE to NOP (0x9090)


Checking your crack

Checking your crack

  • Code bypasses JNE (Jump to “Invalid serial number”)

  • Any serial number can be used.


Key generators

Key Generators

  • Requirements during Software Installation

    • Product Id

    • Serial Key

  • A variety of Authentication algorithms used

    • Algebraic expression( output = ((pid*2 + 73)*3) - 28)

    • Key gives a checksum of 25


Key generators1

KEY-GENERATORS

One of the major contributors to Software Piracy

Available for free download on several websites

Program that generates a serial key or Registration number for a software

Automated knowledge of Assembly language not required by the end user


Making a key generator

Making a Key-Generator


Code injection example

Code Injection Example

  • Find code caves (DB 00)

    • Unused memory locations in executable

  • Overwrite code caves with malicious codes

  • Redirect JMP instructions to malicious codes

  • Redirect back to original code

  • Resume normal operation


Code caves

Code Caves


Code injection example1

Code Injection Example


Code injection example2

Code Injection Example

  • Injected code executes as well as original program


Prevention

Prevention

  • Product Activation

    • Online Activation

    • Telephone Activation

  • Encryption

  • Self Modifying Code


Execryptor bullet proof software protection

EXECryptor-Bullet Proof Software Protection

  • Features

    • Anti-cracking, anti-debugging, and anti-trace

    • Secure creation of custom evaluation and trial versions of your software

    • Built-in registration and license management

    • Compatible with several programming languages (Delphi, Microsoft Visual C++, Power Basic, Visual Basic)

    • Protection of several file types (EXE files, DLL and ActiveX components)

  • Uses Code Morphing

    • Obfuscates the code on the level of the CPU commands rather than the source level.

    • “EXECryptor's Code Morphing turns binary code into an undecipherable mess that is not similar to normal compiled code, and completely hides execution logic of the protected code. “


Unprotected code

Unprotected Code


Protected code

Protected Code


References

References

  • Code Injection

    • http://www.codeproject.com/KB/system/inject2exe.aspx#BuildanImportTableandReconstructtheOriginalImportTable6

  • Software Cracking

    • http://en.wikipedia.org/wiki/Software_cracking

  • Windows Vista Crack

    • http://apcmag.com/node/4737


  • Login