Unswindle is written in the Python programming language. It cracks the unique key that Amazon distributes per book. Previously Amazon had patched their Kindle for PC product, rendering Unswindle useless. However Labbu provided an update which got past the latest fix from Amazon.
Labbu did say that Amazon had some good security in place for their Kindle for PC. The development began in response to a challenge posted on a hacker site. This was not for illegal use of Amazon books. Some dude just wanted to open a Kindle file on a PC other than the one that was authorized through the DRM. Labbu responded in full force with Unswindle. Nice.
The book stated that there are 23,000 professionals with the CISSP certification. An alternate certification is the Certified Ethical Hacker. There is an entire industry built around ethical hacking. This is where you conduct legal security testing. It is also called penetration testing. Another word for ethical hackers is White Hat Hackers.
Here is a cop out. The author states that he is not responsible for hacks performed by his readers. Yeah right. Let's get some terms right. A hacker is somebody who likes to tinker with stuff. A cracker, on the other hand, is someone who likes breaking into systems.
Be aware that the subject line for an email is not encrypted even when the contents of the email are. Here is a good recommendation. You should back up your public and private keys to different locations.
Static encryption is where the system encrypts the information before it transmits the data. The MD5 and SHA-1 algorithms do not encrypt data. They just allow the recipient to detect whether the contents of the message have been tampered with during transmission.
Finally you should not install and set up a cryptographic system if you are not 100% sure what you are doing. Good luck with your encryption exploits. Next time I think I will talk about another book I read in the past. Can you guess the title? It was Hacking for Dummies.
The source code for DECAF has not been released. However it is being licensed for free as long as you use it for personal and noncommercial uses. The app looks like a really simple Windows app. It does real time monitoring. And it claims to be highly configurable. You can disable all kinds of things on your machine.
In the future, the developers of DECAF intend to modify the program so that it can be remotely controlled. This sounds like some good stuff. I guess to test it out I will have to install COFEE on a memory stick and see what DECAF can do
Definitely get an unlisted phone number. You can also sign up for the phone line under a misspelled or fake name. Don’t put down you address when signing up for the phone line. Use something else like a post office box.
Request that web sites take down information with your name and/or address. Use an anonymous remailer for sending out e-mail. Change you e-mail address frequently. This is easy with free e-mail services like Gmail.
Don’t use credit cards at all. And don’t use your real name for anything. This just scratches the surface of how to lay low. I am sure you could write a whole book to take the undercover living to the next level. I found this all very interesting. I myself write under a pen name so stalkers have to work hard to determine my identity. So far it has worked for me.
But there were some tricky ones too. People will leave you a message. When you call back, they try to keep you on the line. That's because its a pay line like the old 900 numbers. Scammed.
Another con is a play on the chain mail letter. You get a program which enforces the chain. You have to pay the 5 or 6 people on the list. Then you get a new version of the program with your name on the list. The theory is that you will then receive cash from people who receive your program. The funny part about this is that the con software program can be hacked without you coughing up any money.
The last con was pretty interesting. You get a stock tip from a broker who says a certain stock is going up in price. Then like magic it goes up. Next the broker gives you another tip saying a different stock is going down. Like clockwork the stock price falls. Then they ask for your money to "invest". The con is that they send out a lot of e-mails, mixing up their guesses as to which stocks go up and down. For some percentage of the people they contact, their picks will be right. Go figure.
At home I read the back cover. I got a little scared. There was a warning on it that said the book was not to be used for illegal activities. Then the author's bio stated he was a stand up comic. Great. I may have checked out a spoof.
Luckily, when I skimmed through the interesting chapters, I found you could not judge this book by its cover. Here are some kewl facts I learned by reading it.
Hacker sites seem to appear and disappear. You got to keep up to stay current. There are sites devoted to providing links to the best sites. I have seen those before and thought they were just spam. Nope. They are the real deal.
The top conferences for hackers are DefCon, HOPE (from 2600 magazine), SummerCon and ToorCon. Next time I will go into some more gems I pulled from this book. That includes some nasty cons, and how to prevent yourself from being found.
Keys are not generic. They are specific to the algorithm that uses them. Keys are set up to be generated by a key server. This server distributes new keys when necessary. The downside to this approach is that if the server becomes compromised, the whole show is bust.
A key escrow is a way to store keys and/or pass phrases in case the keys are lost. This allows them to be recovered in the future. You require the answers to some secret questions before the keys can be recovered from the escrow.
Next time I will go over some of the acronyms which usually stand for security protocols. Examples are TLS, SSH, SSML, and S/MIME.
A session key is a key which is disposed of when transmission of the data is complete. Do not take the short cut of choosing options which generate keys faster. That makes them less secure. You can choose short key sizes for data that is transient. But it is best to pick long keys and pass phrases.
A key ring is a list of public keys. Since a key is a file, you would think it should be stored on a hard drive. However you should put them on removable drives that you can physically take with you. Make sure you also backup your keys.
There is a lot more to talk about with keys. Next time I plan to cover key wrappers, escrow, services, and recovery.
One related technology that seems to have taken hold is tokenization. A user has a credit card number that needs to be protected. So a system will instead use a token for the duration of the session. The token is a 64-bit number that is used in lieu of the credit card number.
So what are some other factors inhibiting the adoption of encryption? There is no clear standard for systems to work with each other. The Oasis group is working on KMIP (Key Management Interoperability Protocol). And the IEE is pitching P1619. The authors of the article I read were hopefully that Microsoft would lead the way with their Active Directory. Good luck with that.
- employees had to be fingerprinted
- all data sent must be encrypted
- data sitting around needed sharding
- access to data had to be limited
It is difficult to convince a customer that the cloud is secure. The technology is relatively new. There are no standards. The act of adding encryption slows things down.
You know the hackers are going to want to target cloud repositories. There is potentially a lot of corporate data out there waiting to be stolen. I do not know enough about Cloud Computing to determine whether the thing is secure enough for my trust.
PKCS #10 defines the syntax or format of a request to a certificate authority. PKCS #11 is Cryptoki (crypto key). This is a hardware solution like using smart cards for authentication.
PKCS #12 defines how users can share private keys. PKCS #13 is the advanced topic of elliptical curves. I am not an expert in the technology. From a distance it looks like a lot of math.
PKCS #14 defines a pseudo random number generator. Generating true random numbers is difficult. Finally PKCS #15 covers tokens. That is PKCS in a nutshell. Although it goes up to PKCS #15, there are only 13 distinct parts as #2 and #4 are rolled into the standard for PKCS #1.
Next time I plan to get deep into keys. Stay tuned.
What I found very interesting were the details of a bunch of time activated scripts this guy left behind at Fannie Mae. His first act was to add some code to the end of a daily script. This code would retrieve and install a bunch of other scripts.
Here is an example of what of the payload scripts did. It would generate a list of servers in the company. Then it would disable monitoring. Finally it would disable the ability to log into all the servers that it found. Well that is bad, but is not too evil.
Next the terminated contractor wrote a script that would clear server logs. Then it would remove root access to machines and delete the data on them. Finally it would shut down the servers automatically.
The last script was especially evil. It would attempt to corrupt any systems it could find in the company. Then it would go after the backup machine, clear out the backups, and turn them off. This hacker was just plain thorough.
Luckily another engineer detected the original script that was to install all the other rogue code. Upon detection, he shut everything down in the company until they could figure out what was going on. That was the one smart move the company made. These rogue scripts could have done severe damage to the bank.
Props to The Inquirer for providing the facts for this blog post.
SAML stands for Security Assertion Markup Language. It is based on XML. You can tell from the name. SAML is used for authentication between domains. For practical purposes, it helps implement single sign on. You type in your user name and password once. Then you can go everywhere and be automatically authenticated. You do not have to retype in your credentials.
CAS stands for Code Access Security. It is part of the .NET framework. CAS prevents untrusted code from executing privileged instructions. An administrator sets up the security policy for your machine. The .NET common language run time (CLR) then maps programs to code groups. These code groups have permissions set. The CLR then either allows or disallows the instructions to execute.
STS is the Security Token Service. A client wants to access a web service. The client first gets a token from an STS server. Then the client passes the token to the web service. The web service validates the token against the STS. Finally the web service honors the client request if the token checks out with the STS.
PKCS #1 is encryption using the RSA algorithm. PKCS #3 uses the Diffie-Hellman algorithms. It is how you exchange a key between two people. PKCS #5 covers passwords.
PKCS #6 is the extended certificate syntax. It describes the extra information like e-mail addresses within certificates. PKCS #7 covers the use of envelopes. An example is S/MIME.
PKCS #8 is for private key encryption. I will cover PKCS 9 through 15 next time around. Be ready for things such as Cryptoki.
Now that we know what digital certificates are, we can define a key server as a machine which holds the public keys of the digital certificates. There are some potential problems with certificate use. Some applications do not take them. And some unscrupulous individuals forge digital certificates. Finally it can take a lot of work to get the certificates in the first place.
Let us put aside the certificate problems and talk some more about them. A digital certificate can hold a lot of information such as the version, serial number, issuer name, period of validity, and public key. For companies, you are going to want to set up a certificate policy. The policy covers issues like where logs are stored, whether keys get backed up, and validity periods. Armed with all this information, I am ready to discuss what PKCS is next time. See you then.
There was just one problem. The dude posted the key on his blog. The result was a cease and desist order from Texas Instruments. Damn. Apparently he was charged with violating the DCMA. The guy submitted and took down his post. Ouch. That's weak.
Another dude wrong about the incident. He linked to a page that had the signing key. I bet you can guess what happened. Texas Instruments slapped him with a cease and desist order. WTF?
Now I don't want to waste any time right now discussing whether it is wrong or right to block export of encryption technology. What I did find interesting was the top encryption algorithms used by open source developers. These include familiar names like DES, AES, and Diffie-Hellman. However another top algorithm was ElGamal. I have never heard of ElGamal before.
A little research shows that ElGamal is an asymmetric algorithm. It dates all the way back to 1985. It is mostly found in open source cryptographic applications. Perhaps that is why it is foreign to me. I normally do not keep on top of the open source scene.
If you want to encrypt email you send, there are two main options: (1) S/MIME and (2) PGP. MIME is an old standard that let's you attach binary files (like images) to email. S/MIME is a secure version of that protocol.
PGP stands for Pretty Good Privacy. It is a program written by Phil Zimmerman. There is a free version called GnuPGP. This program covers encryption and the storing of keys on your machine.
Let me close by talking about secure network connections. A VPN is a virtual private network. It let's you connect to a machine over the Internet. The encryption can be applied to just the data. You can also do tunneling where even the packet headers of the transmitted data as well. Popular tunneling protocols include IPSec and PPTP.
Next time look for a discussion on passwords, keys, and certificates.
The event was held in Taiwan. Many said it was the wrong place for such lewd behavior. Others thought it was fine to skip being politically correct. They have this thing going on at DefCon right?
Hey. The hackers conferences are fully of dudes. And most of those dudes will probably enjoy a bunch of booth babes making things interesting. So if they give out free lap dances, I say more power to them. Next time I will return to our regularly scheduled cryptography discussion.
The Diffie Hellman algorithm is one that allows two parties to perform a key exchange over an insecure connection. The use a technique where it would be hard for a person watching the communications to reverse engineer the key they share. The end communication is a symmetric one, where the two parties share the same key.
Next let me briefly cover PGP. It stands for pretty good privacy. This is an encryption program that allows users to communicate via secure email. This is a system that uses asymmetric keys.
Finally there is also a newer topic in cryptography called elliptical curve cryptography (ECC). It also uses asymmetric keys. This technique is good for encrypting large amounts of data. I will not go into the mathematics behind this technique right now. Perhaps that is a research topic for another day. Next time I will go over some other mail encryption methods, and also discuss tunnelling.
RSA was invented by Ron Rivest, Adi Shamir, and Leonard Adleman. Thus you get R-S-A for their last names. You can use RSA to encrypt keys which themselves can later be used to do symmetric encryption/decryption.
Next time I will talk about Diffie Hellman and PGP.
DES stands for Digital Encryption Standard. It is a block cipher with a 56 bit key. The algorithm goes through 16 rounds to get the final data.
3DES stands for Triple DES. You can probably guess that it is three times as strong as plain DES. It uses three different 56-bit keys for encryption.
IDEA is the International Data Encryption Algorithm. IDEA is part of PGP. It uses a 128 bit encryption key.
Finally AES is the Advanced Encryption Standard. AES uses the Rijndal algorithm. It is named after the two creators of the algorithm. You pronounce it rhine-doll.
Next time I am going to start up with asymmetric keys.
A block cipher works on a chunk of characters at a time. Examples of block ciphers are the popular DES, 3DES, and AES ciphers. You should also know about Cipher Block Chaining (CBC). This is where you exclusive OR (XOR) data with itself and the key table to encrypt the data.
Stream ciphers on the other hand work on one character at a time. An example of a stream cipher is RC4. Another example is the Secure Telephone Unit #3 (STU-III).
Next time I will enumerate the popular block ciphers, including DES and AES.
The generation of random numbers is an integral part to encryption. So how exactly do you generate random numbers? When a computer does it, we call it the RNG (Random Number Generator). However there is a technique generate quasi-random numbers called PRNG, or Pseudo RNG. It allows you to "seed" the generator with a value. That value determines what numbers get generated. Every time you use the same seed, you get the same results.
Finally I want to go a little further with symmetric encryption algorithms. In particular, I want to mention a few implementations of symmetric encrption. The popular ones are DES, 3DES, and AES. However there is also IDEA and TwoFish. I will not go into the particulars of these right now. Perhaps we will review them next time.
Mathematicians create cryptographic systems. One example is RC4, which was created by RSA Data Security. RC4 is used by SSL. Keys for encryption are made from long prime numbers. I have mentioned before that the keys themselves are frequently encrypted.
Know this. Every algorithm is breakable. You just want to ensure you are using an algorithm that is difficult enough to break based on the data carried in the payload. Hackers don't know or care about crypto algorithms. They are too light weight for such work. Instead they work on tricking people out of their passwords.
Encryption stronger than 40 bits is prohibited from being exported out of the USA. This seems like a strange rule. But it is enforced. Be careful with strong encryption methods. Next time I will cover topics like the key table, as well as different techniques for random number generation.
They are two varieties of keys: symmetric and asymmetric. The main difference is that the same keys encrypts and decrypts the data in symmetric processing. While asymmetric processing uses a different key for encrypting and decrypting.
I just had a college class exam. One of the choice in a multiple choice questions was S-HTTP. Now I will share what I know with you. S-HTTP stands for Secure HTTP. It allows encryption to be added to web browsing. In my next post I will go into some SSL details.
Another cipher example is the transposition cipher. This is where you change the order of characters. It can become complicated depending on the strategy used to do the reordering.
Next let's talk about the hash. A hash is a one way function. That means you can transform your original data using the hash. However you cannot easily transform the hashed data back into your original text.
Hashes are used to validate the integrity of some data. You send your original data unencrypted. Then you also send the hash of the data using encrypted methods. The recipient can also compute the has of your original data, verifying that it was unaltered in transit.
Next time I will go over keys and their use in encryption.
The subject of cryptography is complex. They have a lot of classes in my college on cryptography and security in general. That does not mean cryptography is all hi tech. You can use it in low tech systems.
An algorithm is a technology to hide data. It is also called a cipher. The specification on the DES algorithm is 7 pages long. Time for another read I guess.
I plan to be writing about the lessons I learned from this book for a long time. My next post will start with different types of ciphers.
First this software author decided to be able to detect a cracked version. He decided to make his applications “phone home” over the Internet. They would use some type of public/private key encryption to make sure he knew it was his applications. Each app he sold would have some unique keys. Once he found the same key phone home from all over the place, he could assume that people were stealing his software.
Here was the big decision. What was he to do when the software detected unauthorized use? Some say he should just make his app behave poorly. If people think his app is no good, they will not use it. That might defeat the purpose of marketing though. He did not want to be known to legitimate buyers as making shoddy software. That’s when the evil plan clicked in his head.
The app could do evil thing to the target computer once it detected that it had been cracked. There was a world of bad things he could do. After all, the guy is a programmer. His disgust at losing cash due to being cracked would drive him on. His goal would be to do the most evil before the user who stole his software knew what hit him. Alas. This fellow programmer had crossed over to the dark side.
It was time to redirect the energy into future improvement to his program. It was time to refocus on the original goal of solving legitimate user problems, and in the process making cash. I still liked the sound of this developer laughing the mad scientist laugh while he worked on code to hack the machines of thieves. And no, this evil programmer is not me. I don’t have any software for sale that someone can crack. I give all my stuff away for free anyway.
One of the first hits on Google for a virtual girlfriend was Kari. I downloaded a trial version. You get to run it three times. I tried to figure out how to bypass this. A data file had a "Run Times" parameter. That was not the trick.
Here is the funny thing. This AI bot is supposed to learn how to deal with you. But I found her more stupid than your average real life bimbo. Here is some of the conversations I had with Kari. I swear that I am not making this up.
Black: How big are you boobs?
Kari: Am I ticklish?
Black: What is 1 + 1?
Kari: I am not much of a girlfriend.
Black: Your voice sounds fake.
Kari: Damn girl.
Black: How can I hack you to run more?
Kari: God damn.
After this severe lack of coherence, I almost want to code up my own virtual girl. Yes it is a monumental task. But I got to be able to produce something a little smarted than this waste of memory. I will share what I come up with. In the mean time I recommend you avoid Kari. She might make you dumber.
I have heard about cool programs that fit in 4k of memory. But a hot prog that runs in only 256 bytes of code? That is wicked. The program name is Puls. And it was written by Rrrola.
Every so often, my system tray has an icon that says my computer is infected. It asks that I click the icon to disinfect. Clicking it take my browser to some rogue web page where they try to get me to buy antivirus software.
LOL. Yeah right. I am not going to pay the guys that actually came up with the virus. How stupid do you think I am? A quick check to the Task Manager shows a "braviax.exe" process running. When I kill the process, the icon goes away. This is the culprit. I find a copy of the file in the C:\Windows folder. So I delete the file and pat myself on the back.
Here is the first trick. When I reboot, the problem comes back. The "briaviax.exe" file comes right back. I run msconfig and find that file it set to run on Startup. How did the file get back there? A little research and I find that there is another copy in C:\Windows\System32. That's actually smart. You have to eradicate both locations.
My system is still full of viruses. Let's try to get rid of them. Then we can find out how modern day PC viruses operate. This is good stuff.
The web proxy hid his computer IP address from Google. That made it like somebody else was clicking on the ads he hosted on his site. This pissed some people off, especially those who were paying Google for displaying ads in its AdWords program.
This sounded like an interesting idea. The guy stated that it was not worth it. So he quit. I wonder whether he was telling the truth. So I decided to investigate. There are a number of drawbacks to this technique.
Not all proxy sites let you see ads on the pages they serve up. Furthermore, some sites that do show ads force you out of the proxy when you click the Google ads. This defeats the purpose as Google can then detect who you are. Still I consider the original idea a great hack. It is thinking outside the box to get a little cash.
Later the company came out and tried to do damage control. They call the malware their "research" module. That is a spin on the act of some software getting installed with their instant messenger, then taking over control of your computer to do their parallel processing.
In the good old days, sneaky code like this was shipped out with free programs. The bad boys just hoped you did not detect that your machine had been compromised. Now it has been taken to another level. When some tech site does detect you app doing sneaky things, you put the marketing spin on the evil deed to make it look like you are doing no evil. LOL. Damn those marketing guys.
Oh yeah. If you are wondering what product I am talking about, it is Digby. I am safe. My IM software is Yahoo Messenger. And Yahoo makes some green backs off me. However they just put the ads in my face. At least they are not trying to hide anything there.
The first thing to realize is that no program is crack proof. You are only trying to delay crackers when you put protection in there. It is a cat and mouse game. Typical cracks insert some intro code which tell the user who cracked the game. Then the crack runs the normal executable that is cracked. The normal executable is compressed to keep the overall size of the game the same.
So how to do prevent such a crack? A simple method is to introduce checksums. You see whether the code has been altered. If it has, you do something to prevent the game from continuing. There are ways to store checksum data in tables which makes checksum anticrack methods weak. The better checksum protection interleaves the checksum protection with actual program code.
Crackers do their work in their spare time. Make it hard for them to debug your application. Then it will also be hard for them to crack your app. Another technique that works is to delay what you do on detection of the app being cracked. That way it is hard for crackers to test whether the crack worked. They may also just assume that the crack worked, when in reality you will detect the crack and later halt the game.
I put some simple encryption into a product for work once. It was just a way to encrypt keys that were required to activate the app. Luckily we did not have a lot of general users who wanted a cracked app. This was just a method to keep the business users honest. They were too busy to actually crack the darn thing. If you are selling to the general public, you are going to want to research ways of your own to slow down the crackers. Your profit may hinge on the productivity of this effort.
Having read most of ZF05, I find myself getting bored looking at all their listings of hacking into systems. But get this. Their general writing is very amusing. It is a good read. I laugh out loud at many things they write such as "Dan Kaminsky is a noob".
It is hard to pin down any facts about Zero For 0wned. They are an underground group. In their zine they say they are silent at conferences, not revealing themselves. Their mission appears to be to destroy people or movements they are against.
There are some lessons learned from seeing the mass ownage from their latest zine issue. You should not reuse passwords. If you are a security professional, you had better employ good security practices yourself. And finally, nobody is safe. You are vulnerable if your computer is connected to the net.
A PerlMonks update on their site states that the root password on one of their servers was compromised. They store the user information in plain text. That includes user passwords as well. It was thus easy for Zero For Owned to, well, conduct mass ownage.
This was just a demonstration by Zero For Owned. Their e-zine states they just exposed the weakness, and did no harm to any code repositories. It is still a sad state of affairs. I have been e-mailed users that were affected. I was not sure if PerlMonks was doing this already.
I think part of the problem with this case was the poor choice of lawyer. He had some professor that used the case to increase his own popularity instead of trying to get his client off the hook.
The individual found guilty was Joel Tenenbaum. He does not have the $600k that the verdict handed down. If the decision does not get overturned, he will just file bankruptcy. There has not been a lot of cases where the individual was sued for a huge amount like this. However we can see where this is going. The record labels want their money. And they are tired of file sharing sights "stealing" their profits.
So what are we to do? Should we stop downloading songs for free illegally? Normally I would say no. But you have to do a cost benefit analysis. If the legit song costs a buck, and you might get sued for $20k or $30k if you get caught, you might just want to pay that buck. Or you can do what I do. Just listen to the radio. No charge.
Today I came across a zine called "Zero For Owned". Apparently these dudes target high profile security professionals and hack their sites. Then they show logs of the hacking activity. To tell the truth, I am not that interested in their hacking. I just love their commentary.
The latest issue of the zine is ZF05. They go after Kevin Mitnick. I quote ZF05 as stating, "You can move your box anywhere Kevin, we'll find you and own you." Their take is that blames his host for the hackage he endures. Ha ha.
ZF05 seems to really hate Dan Kaminsky. They label him a script kiddie and a noob. Their attack uncovered a lot of Dan's emails. You may recall that he came out with a press release about DNS poisoning about a year ago. That's when they set their sites on Dan.
I tell you. These guys at ZF05 are hilarious. They recommend that some guy "Go up to the mountains and train under a Shaolin monk in the art of hax". On a serious note, they close out this issue of their zine by telling peeps to learn to code really well. That is sound advice.
Reading this issue of Zero For Owned gave me an idea for a program. Their zine is filled with huge logs of hacking. I just want to read their commentary. Perhaps I will write a program to strip out all the hack loggage and just get to the good stuff. To make this experiment educational, I shall try my hand at coding it in Java.
But today I read one of his essays on Misinterpreting Copyright. Wow. The thing blew me away. That was some serious critical thinking and analysis of the history of copyright from the United States Constitution. It made me rethink some of the copyright ideas that I assumed were the truth, which may have been planted in my head by big business (e.g. book publishers).
The jury is still out on Richard Stallman. I bet he is a tough guy to get along with. Now I have never met the man. But the stories about him are too specific to overlook. But who cares. Maybe the guy is nuts or is a dick. From reading one of his essays, I was able to determine that the guy has the ability to think clearly and communicate effectively. Even if somebody is crazy, that does not mean that everything they say is without merit. Maybe this rms dude deserves a second look. I highly advise you to take a look at the copyright essay I read. You will be enlightened.
Let's try to think about the second technique. How can we write a virus? Essentially we want to run our own malicious code. What better way to do that than to latch onto a trusted existing program that users run. The key here is how to latch on. The program you want to act as your host is an executable. That means it has a section which consists of the code it runs. We want to have that program run our code instead.
Therefore we have two tasks to accomplish: put our code somewhere in the file, and make sure our code gets executed. How about we just tack our code on to the end of the file? There is an existing entry point for the original executable. Let's just substitute the original entry point with the location our of rogue code which is now at the end? Sure that's a good plan. Now let's get back to our original objective. How can we produce a virus detector that can find instances where a legit program has been jacked. Easy. Just check whether the entry point for the program points to the code at the end of the file. If so, you are probably looking at an infected application.
Of course all of this is very simple. Existing virus scanner probably do all this as part of their most simple virus detection techniques. However we are on the right track. We could think up more complicated ways to achieve takeover of a program. And thinking of those methods, and the means to detect/remove them is the very topic I am interested in. Perhaps I shall spend some time furthering this idea. Come with me as I venture into the world of computer viruses.
An open source alternative for this type of software is Adeona. The main benefit of this software is that it does not rely on a central server. The owner can track a thief with their computer. The Mac version of this software also snaps pictures of the perpetrator using the web cam.
These software solutions are not fool proof. However they can give you some details of the person who ripped off your laptop. There are other techniques to combat laptop theft. An example is Foo Zoo Lockdown which is a Mac anti theft software package.
My company and our client both have software on their laptops to combat theft. However the main goal in the corporate setting is to prevent the loss of the crucial data on the laptop. It is not as high a priority to locate the thief to retrieve the hardware. I have both my laptops set up with such software. They essentially encrypt the entire contents of the hard disk.
One thing that slipped up the hacker is compiler optimizations. Yes this will slow down your application build. But you can turn it on at the end when you are doing the final release of your software. The compiler will work harder to make your code fast and/or small. The result is that it is more difficult for somebody looking at the binary to figure out what is going on.
Another thing that trips up decompilation is the use of user defined types. In the C programming language, that means use structures. Somehow the access to memory of such constructs makes it hard to reverse engineer. This is good news. Using structure is good programming practice anyway. We use that for our production code at work. I might a well use it on home programming projects where I want to keep the source code secret.
To truly combat the decompilation process, you probably need to spend some time trying to crack binary executables. Then you will have first hand knowledge on how to make it harder. However I figure I could take one expert’s advice and use it to my advantage. That is a way to work smarter and not harder.
At first I had some success. My program spawned Internet Explorer and navigated to the URL for my profile. It waited, killed Internet Explorer, and started again. However Google must have figured out what was going on. The view count capped out around 1000.
I thought perhaps the blocking had something to do with how frequently my program visited the profile. So I tried delaying the visit to be about 5 minutes apart. That did not help. Now my view counts are getting capped around 100 to 300. Do you think Google has logged my IP address as a script generator or something? I can only try some more tests to figure this out. The logical next step might be to use web proxies to hide my IP from Google.
Now let’s get down to business. Here is the pattern you will follow to encode data. You start by calling the cryptmsgopentoencode function. Then you call cryptmsgupdate as many times as you have data to add. On the last data addition, you call cryptmsgupdate with the fFinal parameter set to true. To end the encoding, you call the cryptmsgclose function. These are the basics in a nutshell.
The algorithm to decode data mimics the one to encode. There is one extra step in the beginning where you call the cryptmsgcalculateencodedlength function. Then you call the cryptmsgopentodecode function. Does that sound familiar? You call the cryptmsgupdate function. And you end by calling the cryptmsgclose function.
Since we are down to the details of actual coding here, I also have the algorithms to encrypt and decrypt data. Perhaps I will share that with you in my next post. For now I will leave you with the concept of enveloping data. This is where you would like to encrypt a message for a whole set of recipients. You encrypt the message with a key. Then you in turn encrypt that key for each of the recipients on your distribution list for the message. The encryption is done in PKCS 7 format. Each recipient can then decrypt their key, and subsequently decrypt the message.
So what happened? Things were going fine for the first 250 visits to my web site. Then Google redirected me to another page, preventing my page view count from increasing. It seems Google had blocked me. They said that my query looked similar to automated requests. Duh. They were automated.
Google did not always enforce non-automation. This must be some new defense against the Black Arts. I tried to delete my cookies. Still blocked. Then I deleted all cached info in my browser. No luck. I even tried switching to another browser. Google still would not let me view the pages I had automatically visited.
As a last resort, I went to a web proxy site. From there I was able to view my web pages. What's a programmer to do? I need to code web proxy use into my program. That's what. When I am done, I will release my program here. Perhaps we shall call this The Return of Click. See you soon.
Zed is an outspoken guy who lives in New York. Not surprisingly the first Freehackers Union meeting was held in New York. Zed is known for previously working in the financial markets. I think he was an employee at Bear Sterns. He was previously associated with Ruby (and maybe Ruby on Rails). I think he got into too many arguments with the powers that be in the RoR world. Zed talks like a tough guy. This may be due to his surroundings (New York), or perhaps because he knows some martial arts, or maybe even because he thinks he is a tough guy,
Enough about Zed. I listened to the first Freehackers Union audio broadcast from Zed’s web site. It seemed like a big rant about ideas. I guess that was the whole point of the meetings. Most people in the crowd did not present anything that day. There seemed to be a rule that you could not present using PowerPoint (remember that this was about rallying against the business guys).
One presenter had written an Objective C program for the iPhone. He got a lot of applause. There were a bunch of other technical presentations. I heard that there were plans to have such a meeting near my house. Initially it sounded exciting. Doesn’t everyone want to be part of some cool underground and elite group? Unfortunately it appears that the Freehackers Union did not really materialize past the initial New York meeting. Oh well. Maybe it is time to look around for a local 2600 Magazine meetup.
I have written at length regarding Crypto API details that I have reverse engineered by browsing the C header files provided by Microsoft. In addition, I discovered some Crypto API documentation in the Microsoft Developer Network web site. So without further ado, let’s get into some Crypto API details.
The Crypto API supports PKCS #7. Recall that this is a standard published by RSA Laboratories, a division of RSA Data Securities. PKCS #7 covers cryptographic message syntax (CMS) structures. Going back to terminology, a digest is the result of applying a hash to data. The digest is sometimes called the hash itself.
Although “message” is a generic term, it has a more specific meaning within the Crypto API and security. A message is data that has already been encoded. Normally this data has been signed. It includes a certificate.
One goal of the Crypto API are to provide simplified message functions. The functions are very high level. They in turn wrap many lower level messages. They shorten the code required to accomplish security purposes.
Finally I want to define some file extensions used by the Crypto API. The “.cat” files are those with a digital thumbprint. And a “.stl” is a file with a certificate trust list. On that note, I may provide another Crypto API post in the future which covers certificate services. For now I bid you a good day.
I consider myself a relatively experienced C programmer. There was not any C programming language issues I had. I could understand what the code was doing. However like I mentioned earlier, the algorithm was complex. It was too hard for me to keep everything in my head to follow the algorithm.
There was a big discussion in the comments of Reddit about this challenge. Somebody with security insight identified this decoder as decrypting 12345678 under RSA with two public keys. Thus the goal was to factor one of those keys. You could also add one of those keys to a working existing key. I got the feeling that the algorithm in the decoder was a PK algorithm.
Once the RSA was identified, people commented that RSA uses much larger prime numbers than used in this decoder. Thus it should be easier to crack and provide a key generator. The comments led into a general discussion on security. Some people talked about the use of key servers by companies. It was recommended that zero and the letter O should be mapped to the same number to make things easier. It was also mentioned that a dongle cannot guarantee security. This is because a hacker can create a dongle emulator.