260 likes | 684 Views
Code Injection and Software Cracking’s Effect on Network Security. Group 5 Jason Fritts Utsav Kanani Zener Bayudan. ECE 4112 Fall 2007. Background. Lab 8 – Viruses But how are they hidden? Code Injection Injecting unwanted code into a program.
E N D
Code Injection and Software Cracking’s Effect on Network Security Group 5 Jason Fritts Utsav Kanani Zener Bayudan ECE 4112 Fall 2007
Background • Lab 8 – Viruses • But how are they hidden? • Code Injection • Injecting unwanted code into a program. • Used by virus writers to inject a virus procedure in the interior of a executable file (Trojans) • Software Cracking • Modifying software to remove protection methods such as copy prevention, trial/demo, serial number authentication.
Tools Used • W32Dasm • Disassembler used to translate machine language to readable assembly language. • Hex Workshop • Hex editor used to edit raw binary applications. • OllyDBG • Debugger used to trace through program step by step.
Software Cracking • Major component of software piracy • “U.S. software industry lost over $2.9 billion in the U.S. and $11 billion in international sales from software theft” • Pre-compiled cracks widely distributed on websites. • Often contain malware injected in their code • Windows Vista activation crack
Lab Contents • Software Serial Crack • Key Generator • Code Injection Example • Defenses against code disassembly
Serial Key Crack • Software distribution done online • Serial Keys used as a type of user authentication
Finding authentication code • In disassembler W32dasm or debugger • Search for string comparison (cmp) • Jumps to “Invalid serial” if not equal (jne) • Note offset
Removing authentication • In Hex Editor • Go to offset of JNE • Change JNE to NOP (0x9090)
Checking your crack • Code bypasses JNE (Jump to “Invalid serial number”) • Any serial number can be used.
Key Generators • Requirements during Software Installation • Product Id • Serial Key • A variety of Authentication algorithms used • Algebraic expression( output = ((pid*2 + 73)*3) - 28) • Key gives a checksum of 25
KEY-GENERATORS One of the major contributors to Software Piracy Available for free download on several websites Program that generates a serial key or Registration number for a software Automated knowledge of Assembly language not required by the end user
Code Injection Example • Find code caves (DB 00) • Unused memory locations in executable • Overwrite code caves with malicious codes • Redirect JMP instructions to malicious codes • Redirect back to original code • Resume normal operation
Code Injection Example • Injected code executes as well as original program
Prevention • Product Activation • Online Activation • Telephone Activation • Encryption • Self Modifying Code
EXECryptor-Bullet Proof Software Protection • Features • Anti-cracking, anti-debugging, and anti-trace • Secure creation of custom evaluation and trial versions of your software • Built-in registration and license management • Compatible with several programming languages (Delphi, Microsoft Visual C++, Power Basic, Visual Basic) • Protection of several file types (EXE files, DLL and ActiveX components) • Uses Code Morphing • Obfuscates the code on the level of the CPU commands rather than the source level. • “EXECryptor's Code Morphing turns binary code into an undecipherable mess that is not similar to normal compiled code, and completely hides execution logic of the protected code. “
References • Code Injection • http://www.codeproject.com/KB/system/inject2exe.aspx#BuildanImportTableandReconstructtheOriginalImportTable6 • Software Cracking • http://en.wikipedia.org/wiki/Software_cracking • Windows Vista Crack • http://apcmag.com/node/4737