On Thursday, 14 June 2018 at 08:54:16 UTC, Shachar Shemesh wrote:
On 14/06/18 08:21, DigitalDesigns wrote:
On Thursday, 14 June 2018 at 02:13:58 UTC, Shachar Shemesh
wrote:
With that said, what you're trying to achieve is probably not
a good idea anyways. With very few exceptions(1),
reverse-engineering code to figure out what it does is not
considerably more difficult than using the source, even when
none of the identifiers leak at all. Certain aspects of
creating attacks are even easier with good rev-eng tools than
in source form.
Shachar
Just one question! Are you kidding me?
First of all, run your program under strace. For a surprising
percentage of the programs that should give you a fairly good
idea of what the program is doing. ltrace goes further, but it
can be easily defeated by statically linking, so probably
irrelevant for our current discussion.
Next, try loading your program in Ida Pro
(https://www.hex-rays.com/products/ida/index.shtml). You will
notice that program flow practically jumps out at you with no
further work on your part.
Other tricks require a little more knowledge, but are still
exceedingly effective.
In a demonstration I saw in 2002, Halvar Flake showed how he
uses Ida to graph the branches, and then use a tool he built to
place breakpoints on the branch points. Next he started feeding
inputs to the program, and colored the graph where the input
sent the code. He used that to find the correct input that
would bring the code path to the line he thought might be
vulnerable.
If I had to do this trick today for *my own* programs, I'd
still use Ida and the compiled code.
So, no, I was not kidding. Not even close.
Shachar
Wait? Are you sure you are not kidding? Do you want another shot?
