outline
play

Outline The Adversary 1 A Cracking Example! 2 The Adversary - PowerPoint PPT Presentation

Sep 26, 2022 •489 likes •1.14k views

Outline The Adversary 1 A Cracking Example! 2 The Adversary 1/44 Whos our adversary? What does a typical program look like? The Adversary 2/44 Whos our adversary? What does a typical program look like? What valuables does the

  1. Outline The Adversary 1 A Cracking Example! 2 The Adversary 1/44

  2. Who’s our adversary? What does a typical program look like? The Adversary 2/44

  3. Who’s our adversary? What does a typical program look like? What valuables does the program contain? The Adversary 2/44

  4. Who’s our adversary? What does a typical program look like? What valuables does the program contain? What is the adversary’s motivation for attacking your program? The Adversary 2/44

  5. Who’s our adversary? What does a typical program look like? What valuables does the program contain? What is the adversary’s motivation for attacking your program? What information does he start out with as he attacks your program? The Adversary 2/44

  6. Who’s our adversary? What does a typical program look like? What valuables does the program contain? What is the adversary’s motivation for attacking your program? What information does he start out with as he attacks your program? What is his overall strategy for reaching his goals? The Adversary 2/44

  7. Who’s our adversary? What does a typical program look like? What valuables does the program contain? What is the adversary’s motivation for attacking your program? What information does he start out with as he attacks your program? What is his overall strategy for reaching his goals? What tools does he have to his disposal? The Adversary 2/44

  8. Who’s our adversary? What does a typical program look like? What valuables does the program contain? What is the adversary’s motivation for attacking your program? What information does he start out with as he attacks your program? What is his overall strategy for reaching his goals? What tools does he have to his disposal? What specific techniques does he use to attack the program? The Adversary 2/44

  9. Example Program user key encrypted media decode decrypt analogue player key audio activation license−check tamper−detect code violation−response fingerprint The Adversary 3/44

  10. Example Program ✞ ☎ typedef unsigned u i n t ; int 1 typedef u i n t ∗ waddr t ; 2 u i n t p l a y e r k e y = 0 xbabeca75 ; 3 u i n t the key ; 4 u i n t ∗ key = & the key ; 5 FILE ∗ audio ; 6 int a c t i v a t i o n c o d e = 42; 7 8 void FIRST FUN() {} 9 u i n t hash ( waddr t addr , waddr t l a s t ) { 10 u i n t h = ∗ addr ; 11 for ( ; addr < =l a s t ; addr++) hˆ= ∗ addr ; 12 return h ; 13 } 14 d i e ( char ∗ msg ) { void 15 f p r i n t f ( s t d er r , ”%s ! \ n” ,msg ) ; 16 The Adversary 4/44

  11. Example Program ✞ ☎ u i n t play ( u i n t user key , 19 u i n t encrypted media [ ] , 20 int media len ) { 21 code ; int 22 p r i n t f ( ” Please en t er a c t i v a t i o n code : ” ) ; 23 scanf ( ”%i ”,&code ) ; 24 i f ( code!= a c t i v a t i o n c o d e ) d i e ( ”wrong code” ) ; 25 26 ∗ key = u s er key ˆ p l a y e r k e y ; 27 ✝ ✆ The Adversary 5/44

  12. Example Program ✞ ☎ int i ; 27 for ( i =0; i < media len ; i ++) { 28 u i n t decrypted = ∗ key ˆ encrypted media [ i ] ; 29 asm ( v o l a t i l e 30 ”jmp L1 \ n \ t ” 31 ” . a l i g n 4 \ n \ t ” 32 ” . long 0xb0b5b0b5 \ n \ t ” 33 ”L1 : \ n \ t ” 34 ) ; 35 i f ( time (0) > 1221011472) d i e ( ” ex p i r ed ” ) ; 36 decoded = ( f l o a t ) decrypted ; f l o a t 37 f p r i n t f ( audio , ”%f \ n” , decoded ) ; f f l u s h ( audio ) ; 38 } 39 } 40 ✝ ✆ The Adversary 6/44

  13. Example Program ✞ ☎ void LAST FUN() {} 41 u i n t player main ( u i n t argc , char ∗ argv [ ] ) { 42 u i n t u s er key = · · · 43 u i n t encrypted media [100] = · · · 44 u i n t media len = · · · 45 u i n t hashVal = hash (( waddr t )FIRST FUN , 46 ( waddr t )LAST FUN ) ; 47 ( hashVal != HASH) d i e ( ”tampered ” ) ; i f 48 play ( user key , encrypted media , media len ) ; 49 } 50 ✝ ✆ The Adversary 7/44

  14. What’s the Adversary’s Motivation? The adversary’s wants to remove the protection semantics. P Core P Semantics Core Semantics Protection Semantics Protection Semantics Attack Semantics The Adversary 8/44

  15. What’s the Adversary’s Motivation? The adversary’s wants to remove the protection semantics. add his own attack semantics (ability to save game-state, print,. . . ) P Core P Semantics Core Semantics Protection Semantics Protection Semantics Attack Semantics The Adversary 8/44

  16. What’s the Adversary’s Motivation? The adversary’s wants to remove the protection semantics. add his own attack semantics (ability to save game-state, print,. . . ) ensure that the core semantics remains unchanged. P Core P Semantics Core Semantics Protection Semantics Protection Semantics Attack Semantics The Adversary 8/44

  17. What does he want to do to our Player program? get decrypted digital media The Adversary 9/44

  18. What does he want to do to our Player program? get decrypted digital media extract the player key The Adversary 9/44

  19. What does he want to do to our Player program? get decrypted digital media extract the player key use the program after the expiration date remove use-before check remove activation code The Adversary 9/44

  20. What does he want to do to our Player program? get decrypted digital media extract the player key use the program after the expiration date remove use-before check remove activation code distribute the program to other users remove fingerprint 0xb0b5b0b5 The Adversary 9/44

  21. What does he want to do to our Player program? get decrypted digital media extract the player key use the program after the expiration date remove use-before check remove activation code distribute the program to other users remove fingerprint 0xb0b5b0b5 reverse engineer the algorithms in the player The Adversary 9/44

  22. What are the methods of attack? 1 the black box phase feed the program inputs, record its outputs, draw conclusions about its behavior. The Adversary 10/44

  23. What are the methods of attack? 1 the black box phase feed the program inputs, record its outputs, draw conclusions about its behavior. 2 the dynamic analysis phase execute the program record which parts get executed for different inputs. The Adversary 10/44

  24. What are the methods of attack? 1 the black box phase feed the program inputs, record its outputs, draw conclusions about its behavior. 2 the dynamic analysis phase execute the program record which parts get executed for different inputs. 3 the static analysis phase examining the executable code directly use disassembler, decompiler, . . . The Adversary 10/44

  25. What are the methods of attack? 4 the editing phase use understanding of the internals of the program modify the executable disable license checks The Adversary 11/44

  26. What are the methods of attack? 4 the editing phase use understanding of the internals of the program modify the executable disable license checks 5 the automation phase. encapsulates his knowledge of the attack in an automated script use in future attacks. The Adversary 11/44

  27. Outline The Adversary 1 A Cracking Example! 2 A Cracking Example! 12/44

  28. Let’s crack! Let’s get a feel for the types of techniques attackers typically use. Our example cracking target will be the DRM player. Our chief cracking tool will be the gdb debugger. A Cracking Example! 13/44

  29. Step 1: Learn about the executable file ✞ ☎ > f i l e p l a y e r p l a y e r : ELF 64 − b i t LSB executable , dynamically l i n k e > objdump − T p l a y e r DYNAMIC SYMBOL TABLE: 0xa4 scanf 0x90 f p r i n t f 0x12 time > objdump − x p l a y e r | egrep ’ rodata | t ex t | Name ’ Name Size VMA LMA F i l e o f f . t ex t 0 x4f8 0x4006a0 0x4006a0 0x6a0 . rodata 0x84 0x400ba8 0x400ba8 0xba8 > objdump − f p l a y e r | grep s t a r t s t a r t address 0 x4006a0 A Cracking Example! 14/44

  30. Step 2: Breaking on library functions Treat the program as a black box Feed it inputs to see how it behaves. ✞ ☎ > p l a y e r 0 xca7ca115 1 2 3 4 Please en t er a c t i v a t i o n code : 42 ex p i r ed ! Segmentation f a u l t ✝ ✆ Find the assembly code equivalent of if (time(0) > some value ) · · · Replace it with if (time(0) <= some value ) · · · A Cracking Example! 15/44

  31. Example Program ✞ ☎ int i ; 27 for ( i =0; i < media len ; i ++) { 28 u i n t decrypted = ∗ key ˆ encrypted media [ i ] ; 29 asm ( v o l a t i l e 30 ”jmp L1 \ n \ t ” 31 ” . a l i g n 4 \ n \ t ” 32 ” . long 0xb0b5b0b5 \ n \ t ” 33 ”L1 : \ n \ t ” 34 ) ; 35 i f ( time (0) > 1221011472) d i e ( ” ex p i r ed ” ) ; 36 decoded = ( f l o a t ) decrypted ; f l o a t 37 f p r i n t f ( audio , ”%f \ n” , decoded ) ; f f l u s h ( audio ) ; 38 } 39 } 40 ✝ ✆ A Cracking Example! 16/44

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Ins Domingues Breast Cancer Workshop April 7th 2015 Outline Outline Outline Outline

Ins Domingues Breast Cancer Workshop April 7th 2015 Outline Outline Outline Outline

An automatic mammogram system: from screening to diagnosis Ins Domingues Breast Cancer Workshop April 7th 2015 Outline Outline Outline Outline Outline Outline Outline Outline Outline Outline Outline Outline Pectoral muscle

589 views • 45 slides
Presentation Preparation Outline Speech Outline Template ***Use this outline to guide you in

Presentation Preparation Outline Speech Outline Template ***Use this outline to guide you in

Presentation Preparation Outline Speech Outline Template ***Use this outline to guide you in preparing for your presentation; this outline is required. Title: I. Introduction (The speech actually starts here.) A. Attention Getter:

479 views • 3 slides
PT1 TMP Presentation Outline 1 Group Members: ___________________________________ Use this outline

PT1 TMP Presentation Outline 1 Group Members: ___________________________________ Use this outline

PT1 TMP Presentation Outline 1 Group Members: ___________________________________ Use this outline to organize your argument to create a logical flow of information and plan your presentation layout. This outline is worth a group grade (one copy

506 views • 3 slides
1 Web Application Development 2 3 Web Application Development CSS Outline An outline is a

1 Web Application Development 2 3 Web Application Development CSS Outline An outline is a

1 Web Application Development 2 3 Web Application Development CSS Outline An outline is a line that is drawn around elements, OUTSIDE the borders, to make the element &quot;stand out&quot;. CSS has the following outline properties:

1.76k views • 117 slides
Outline Outline Background of the Network Vision Vision Aims Activities

Outline Outline Background of the Network Vision Vision Aims Activities

Asia Pacific Adaptation Network (APAN)- A k A key regional Initiative i l I iti ti Puja Sawhney Coordinator, APAN , Institute for Global Environmental Strategies Thimpu, Bhutan p 16 th November, 2011 Outline Outline Background of the

441 views • 9 slides
When (Low ) Pow er Really Matters When (Low ) Pow er Really Matters When (Low ) Pow er Really

When (Low ) Pow er Really Matters When (Low ) Pow er Really Matters When (Low ) Pow er Really

When (Low ) Pow er Really Matters When (Low ) Pow er Really Matters When (Low ) Pow er Really Matters When (Low ) Pow er Really Matters Yogesh K. Ramadass, AnanthaGroup Microsystems Technology Laboratory Outline Outline Outline Outline

507 views • 36 slides
Presentation Outline Worksheet You can use part or all of this outline to help you. This is YOUR

Presentation Outline Worksheet You can use part or all of this outline to help you. This is YOUR

Presentation Outline Worksheet You can use part or all of this outline to help you. This is YOUR personal presentation so you can create it however you want. These are just suggestions to help you get started. The purpose is to educate your

618 views • 3 slides
Outline 2 Outline 2 ZSim core simulation techniques Outline 2 ZSim core simulation

Outline 2 Outline 2 ZSim core simulation techniques Outline 2 ZSim core simulation

ZSim Tutorial MICRO 2015 S TATS AND C ONFIGURATION Core Models Po-An Tsai Outline 2 Outline 2 ZSim core simulation techniques Outline 2 ZSim core simulation techniques ZSim core structure I1D I1I Simple IPC 1 core

1.96k views • 120 slides
Outline Outline Motivation Motivation 1 1. Email Speech Acts 2. Modeling textual intention

Outline Outline Motivation Motivation 1 1. Email Speech Acts 2. Modeling textual intention

Modeling Intention in Email : Speech Acts, Information Leaks and User Ranking Methods p g Vitor R. Carvalho Carnegie Mellon University William Cohen Ramnath a at Tom Tom Jon Jon Balasubramanyan Mitchell Elsas Outline Outline

1.09k views • 65 slides
Session Outline Course themes imperative problem solving (think: outline form) C

Session Outline Course themes imperative problem solving (think: outline form) C

Session Outline Course themes imperative problem solving (think: outline form) C programming (close to the machine) storage and processing of data Linux operating system control of robots Demo Course Web site

780 views • 9 slides
Outline : Outline : Our method to perform periodicity search Candidates of the next Geminga The

Outline : Outline : Our method to perform periodicity search Candidates of the next Geminga The

Periodicity Sear Periodicity Search of ch of the the Geming Geminga-lik -like Pulsar e Pulsars Lupin Chun-Che Lin () Institute of Astronomy, National Central University, Taiwan Outline : Outline : Our method to perform periodicity

654 views • 19 slides
Outline for St Outline for St Outline for

Outline for St Outline for St Outline for

Outline for St Outline for St Outline for St Outline for St Francis Participation Francis Participation Francis Participation Francis Participation St Francis Overview Current Work on

120 views • 10 slides
RDF Beyond RDF Beyond Outline Outline RDFa RDFa Microformat Schema.org S h RDFa

RDF Beyond RDF Beyond Outline Outline RDFa RDFa Microformat Schema.org S h RDFa

RDF Beyond RDF Beyond Outline Outline RDFa RDFa Microformat Schema.org S h RDFa RDFa RDFa RDFa RDFa: A collection of attributes and processing p g rules for extending XHTML to support RDF. HTML contains structured data,

768 views • 37 slides
Appendix J: Capstone Presentation Outline Revised Spring 2016 CAPSTONE PRESENTATION OUTLINE This

Appendix J: Capstone Presentation Outline Revised Spring 2016 CAPSTONE PRESENTATION OUTLINE This

Appendix J: Capstone Presentation Outline Revised Spring 2016 CAPSTONE PRESENTATION OUTLINE This is a suggested outline only. Students should work closely with their Faculty Advisors to adapt this format the presentation to the needs of the

418 views • 4 slides
1 Course Outline Course Outline Course Outline Course Outline 3D Graphics Pipeline 3D

1 Course Outline Course Outline Course Outline Course Outline 3D Graphics Pipeline 3D

Goals Goals Foundations of Computer Graphics Foundations of Computer Graphics Systems: Write complex 3D graphics programs (Spring 2010) (Spring 2010) (real-time in OpenGL, offline raytracer, animation) CS 184, Lecture 1: Overview and

176 views • 5 slides
Outline Outline 1. About Cambodia 1. About Cambodia 2. Overview of disaster Hazards &amp;

Outline Outline 1. About Cambodia 1. About Cambodia 2. Overview of disaster Hazards &amp;

Sophak PHOEUN, National DRR Forum Coordinat or &amp; Executive Assistant to Vice President of NCDM , National Committee for Disaster Management. Outline Outline 1. About Cambodia 1. About Cambodia 2. Overview of disaster Hazards &amp;

346 views • 15 slides
Purpose The goals of this document are Provide an introduction to CT (more appropriate

Purpose The goals of this document are Provide an introduction to CT (more appropriate

Purpose The goals of this document are Provide an introduction to CT (more appropriate for an architecture document, but ) Define mis-issuance Establish a taxonomy of attacks in the CT context, by examining

506 views • 15 slides
Semantic analysis of simple sentences: the way to go for Estonian Neeme Kahusk University of

Semantic analysis of simple sentences: the way to go for Estonian Neeme Kahusk University of

Motivation Steps to Go Frames and Semantic Roles Summary Semantic analysis of simple sentences: the way to go for Estonian Neeme Kahusk University of Tartu Institute of Computer Science Liivi 2 308, Tartu, Estonia Nelijrve 2011

560 views • 17 slides
Semantic Analysis The role of semantic analysis in a compiler A laundry list of tasks

Semantic Analysis The role of semantic analysis in a compiler A laundry list of tasks

Outline Semantic Analysis The role of semantic analysis in a compiler A laundry list of tasks Scope Static vs. Dynamic scoping Implementation: symbol tables Types Static analyses that detect type errors

134 views • 10 slides
Linking Syntax and Semantics Introduction Semantics Interpretation and Compositionality

Linking Syntax and Semantics Introduction Semantics Interpretation and Compositionality

Linking Syntax and Semantics Introduction Semantics Interpretation and Compositionality A Simple Grammar with Semantic Interpretation Ch. 9 Linking Syntax and Semantics 1 Introduction Semantic analysis follows syntactic

355 views • 16 slides
Algorithms for Dynamic Argumentation Frameworks: An Incremental SAT-Based Approach Andreas

Algorithms for Dynamic Argumentation Frameworks: An Incremental SAT-Based Approach Andreas

Algorithms for Dynamic Argumentation Frameworks: An Incremental SAT-Based Approach Andreas Niskanen Matti J arvisalo HIIT, Department of Computer Science, University of Helsinki, Finland ECAI 2020 Niskanen and J arvisalo (HIIT, UH)

460 views • 14 slides
Games, equilibrium semantics and many-valued connectives Chris Ferm uller Technische

Games, equilibrium semantics and many-valued connectives Chris Ferm uller Technische

ManyVal 2013 Prague, September 4, 2013 Games, equilibrium semantics and many-valued connectives Chris Ferm uller Technische Universit at Wien Theory and Logic Group www.logic.at/people/chrisf/ Motivation: Motivation: Two kinds of

970 views • 68 slides
Preservation of Semantic Properties during the Aggregation of Abstract Argumentation Frameworks

Preservation of Semantic Properties during the Aggregation of Abstract Argumentation Frameworks

Preservation of Semantic Properties during the Aggregation of Abstract Argumentation Frameworks Weiwei Chen Sun Yat-sen University University of Amsterdam [Joint work with Ulle Endriss] Outline When a group of agents are engaged in a debate,

141 views • 12 slides
KNOWLEDGE REPRESENTATION AND REASONING@UNL Joo Leite Who are we? Alfredo Gabaldon Carlos

KNOWLEDGE REPRESENTATION AND REASONING@UNL Joo Leite Who are we? Alfredo Gabaldon Carlos

KNOWLEDGE REPRESENTATION AND REASONING@UNL Joo Leite Who are we? Alfredo Gabaldon Carlos Damsio Joo Leite Joo Martins Joo Moura Joo Moura Pires Jos Alferes Marco Alberti Martin Slota Matthias Knorr Nuno Datia Ricardo

651 views • 61 slides

More recommend