binary auditing
Download
Skip this Video
Download Presentation
Binary Auditing

Loading in 2 Seconds...

play fullscreen
1 / 18

Binary Auditing - PowerPoint PPT Presentation


  • 81 Views
  • Uploaded on

Binary Auditing. Geller Bedoya Michael Wozniak. Background. Binary auditing is a technique used to test the security and discover the inner workings of closed source software. These techniques can be used to find out what malicious software does.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Binary Auditing' - imogene-phelps


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
binary auditing

Binary Auditing

Geller Bedoya

Michael Wozniak

background
Background
  • Binary auditing is a technique used to test the security and discover the inner workings of closed source software.
  • These techniques can be used to find out what malicious software does.
  • They are also used by crackers to bypass authentication systems in programs.
tools
Tools
  • Strings – used to list all printable strings that can be found in a file.
  • File – displays information about the file.
  • Hexedit – allows files to be edited at the binary level in a hex representation.
tools cont
Tools (cont.)
  • Biew – This is a multi-platform tool that can be used as a hex editor and a disassembler.
  • Objdump – Used to disassemble binaries in linux.
  • Gdb – Debugger in linux.
tools cont1
Tools (cont.)
  • IDA – Interactive DisAssembler – This program is a windows only disassembler for windows and linux binaries. This is an advanced disassembler that can be integrated with scripting languages like python and ruby.
a simple binary
A Simple Binary
  • A program that takes in a password and compares it to a reference password to authenticate a user.
  • This type of program can be reverse engineered in many ways.
method 1
Method #1
  • Use hexedit, strings, objdump, or even a text editor.
  • These methods all display the password in plain text because the password is not encrypted.
method 2
Method #2
  • Suppose the input password were encrypted using a hash and compared to a known hash. Method #1 would be useless.
  • Method #2 is to modify the function of the binary by reversing the logic of the if statement.
method 3
Method #3
  • The jump code can be changed to jump to a different place in the program or it can be changed from je to jne.
  • This type of change is independent of the test logic.
anti reverse engineering
Anti-Reverse Engineering
  • Many software engineers attempt to disguise a program’s behaviour.
  • Techniques to do this include:
    • Anti-Virtual-Machine
    • Binary Compression/Packing
    • Binary Encoding
    • Stripping Symbols
    • Anti-Debugger
anti vm
Anti-VM
  • SIDT – Store Interrupt Descriptor Table Register
  • This instruction can be used to find the value of this register which is abnormally high for VM’s.
  • RedPill.exe is a POC program that looks at this register and declare’s whether or not it is in a VM.
redpill exe
RedPill.exe
  • To change this program, the jumps can be changed to manipulate how the program works.
  • The value that the program compares the IDTR to can be changed as well.
key generators
Key Generators
  • Some software uses a username and an algorithm to get a serial number that is used for authentication.
  • The problem with this is that the software must calculate the serial number from the user name, and the algorithm can be reversed.
very simple key generator
Very Simple Key Generator
  • A program needs a user name and a key.
  • The key is the same as the user name, but 1 is added to each character.
  • By running the program in a debugger or through a disassembler, the algorithm can be discovered.
key generator
Key Generator
  • A key generator is a program that is created to run the same algorithm on any input and display the results.
ad