x86 Software Reverse-Engineering, Cracking, and Counter-Measures
Beschreibung
x86 Software Reverse-Engineering, Cracking, and Counter-Measures is centered around the world of disassembling software. It will start with the basics of the x86 assembly language, and progress to how that knowledge empowers you to reverse-engineer and circumvent software protections. No knowledge of assembly, reverse engineering, or software cracking is required.
The book begins with a bootcamp on x86, learning how to read, write, and build in the assembly that powers a massive amount of the world's computers. Then the book will shift to reverse engineering applications using a handful of industry favorites such as IDA, Ghidra, Olly, and more. Next, we move to cracking with techniques such as patching and key generation, all harnessing the power of assembly and reverse engineering. Lastly, we'll examine cracking from a defensive perspective. Providing learners with techniques to be a better defender of their own software, or knowledge to crack these techniques more effectively.
* Assembly: computer Architecture, x86, system calls, building and linking, ASCII, condition codes, GDB, control flow, stack, calling conventions
* Reverse Engineering: reconnaissance, strings, RE strategy, stripping, linking, optimizations, compilers, industry tools
* Cracking: patching, key checkers, key generators, resource hacking, dependency walking
* Defense: anti-debugging, anti-tamper, packing, cryptors/decryptors, whitelist, blacklist, RASP, code signing, obfuscation
A practical and hands-on resource for security professionals to hobbyists, this book is for anyone who wants to learn to take apart, understand, and modify black-box software. x86 Software Reverse-Engineering, Cracking, and Counter-Measures is a vital resource for security researchers, reverse engineers and defenders who analyze, research, crack or defend software applications.
Weitere Details
Weitere Ausgaben
Personen
CHRISTOPHER DOMAS is a security researcher primarily focused on firmware, hardware, and low level processor exploitation. He is best known for releasing impractical solutions to non-existent problems, including the world's first single instruction C compiler (M/o/Vfuscator), toolchains for generating images in program control flow graphs (REpsych), and Turing-machines in the vi text editor.
Inhalt
Chapter 1 Decompilation and Architecture 1
Chapter 2 x86 Assembly: Data, Modes, Registers, and Memory Access 13
Chapter 3 x86 Assembly: Instructions 31
Chapter 4 Building and Running Assembly Programs 43
Chapter 5 Understanding Condition Codes 57
Chapter 6 Analyzing and Debugging Assembly Code 65
Chapter 7 Functions and Control Flow 77
Chapter 8 Compilers and Optimizers 127
Chapter 9 Reverse Engineering: Tools and Strategies 137
Chapter 10 Cracking: Tools and Strategies 147
Chapter 11 Patching and Advanced Tooling 179
Chapter 12 Defense 203
Chapter 13 Advanced Defensive Techniques 217
Chapter 14 Detection and Prevention 229
Chapter 15 Legal 239
Chapter 16 Advanced Techniques 245
Chapter 17 Bonus Topics 251
Conclusion 271
Index 273
Introduction
Reverse engineering and software cracking are disciplines with a long, rich history. For decades, software developers have attempted to build defenses into their applications to protect intellectual property or to prevent modifications to the program code. The art of cracking has been around nearly as long as reverse engineers have been examining and modifying code for fun or profit.
Before diving into the details of how reverse engineering works, it is useful to understand the context in which these disciplines reside. This chapter describes what to expect from this book and dives into the history and legal considerations of software reverse engineering and cracking.
Who Should Read This Book
From security professionals to hobbyists, this book is for anyone who wants to learn to take apart, understand, and modify black-box software. This book takes a curious security-minded individual behind the curtain to how software cracking and computers work. Learning how an x86 computer works is not only powerful from a reverse-engineering and cracking perspective, but will make each reader a stronger developer, with advanced knowledge they can apply to code optimization, efficiency, debugging, compiler settings and chip selection. Then the curtain continues to pull back as readers learn how software cracking happens. Readers will learn about tools and techniques that real-world software crackers use, and they will set their newfound knowledge to the test by cracking real-world applications of their own in numerous hands-on labs. We then circle back to understand defensive techniques for combating software cracking. By learning both the offensive and defensive techniques, readers will walk away as strong software crackers or software defenders.
What to Expect from This Book
This book is based on these three core tenets of reverse engineering:
- There is no such thing as uncrackable software.
- The goal in offense is to try to go faster.
- The goal in defense is to try to slow down.
Based on this philosophy, any software can be reverse engineered and have its secrets stolen and protections circumvented. It's just a matter of time.
Like other areas of cybersecurity, both offensive and defensive reverse engineers benefit from having a similar set of skills. This book is designed to provide an introduction to these three interrelated skill sets:
- Reverse engineering: Reverse engineering is the process of taking software apart and figuring out how it works.
- Cracking: Cracking builds on reverse engineering by manipulating a program's internals to get it to do something that it was not intended to.
- Defense: While all software is crackable, defenses can make a program more difficult and time-consuming to crack.
Both offensive and defensive reverse engineers benefit from the same set of skills. Without an understanding of reverse engineering and cracking, a defender can't craft effective protections. On the other hand, an attacker can more effectively bypass and overcome these protections if they can understand and manipulate how a program works.
Structure of the Book
This book is organized based on these three core capabilities and skill sets. The structure is as follows:
PART TOPICS GOAL Part 1: Background History and legal considerationsx86 crash course Understand x86 and learn to move quickly. Part 2: Software Reverse Engineering Reconnaissance
Key checkers
Key generators
Process monitoring
Resource manipulation
Static analysis
Dynamic analysis
Writing key gens
Cracking software Master the tools, approaches, and mindset required to take software apart and understand its inner workings. Part 3: Software Cracking Manual patching
Automated patchers
Advanced dynamic analysis
Execution tracing
Advanced static analysis
Trial periods
Nag screens
More key gens
More cracks Master the tools, approaches, and mindset necessary to isolate behavior and modify software. Part 4: Defenses, Countermeasures, and Advanced Topics Obfuscation/deobfuscation
Anti-debugging/anti-anti-debugging
Packing/unpacking
Cryptors/decryptors
Architectural defenses
Legal
Timeless debugging
Binary instrumentation
Intermediate representations
Decompiling
Automatic structure recovery
Visualization
Theorem provers
Symbolic analysis
Cracking extravaganza Master defenses and counter-defenses.
Evaluate defensive posture and tradeoffs.
Explore advanced topics.
Exercise reverse engineering and cracking tools, techniques, and mindset.
Hands-On Experience and Labs
The best way to learn reverse engineering and software cracking is by doing it. For this reason, this book will include several hands-on labs that demonstrate the concepts described in the text.
The goal of this book isn't to teach a particular set of tools and techniques. While the focus is on x86 software running in Windows, many of the approaches and techniques will translate to other platforms. This book will attempt to demonstrate a wide range of tools, including open-source, freeware, shareware, and commercial solutions. With an understanding of what tools are available and their relative strengths and weaknesses, you can more effectively select the right tool for the job.
Hands-on labs and exercises will also focus on reverse engineering and cracking a variety of different targets, including the following:
- Real software: Some exercises will use real-world software carefully selected to avoid copyright violations.
- Manufactured examples: Software written specifically for this book to illustrate concepts that are impractical to demonstrate with real-world examples.
- Crackmes: Manufactured software developed by crackers to illustrate a concept or challenge others.
Companion Download Files
The book mentions some additional files, such as labs or tools. These items are available for download from https://github.com/DazzleCatDuo/X86-SOFTWARE-REVERSE-ENGINEERING-CRACKING-AND-COUNTER-MEASURES.
History
Before diving into the nitty-gritty details of cracking and reverse engineering, it is useful to understand its history. Software protections and the tricks and techniques used to overcome them have been evolving for decades.
The First Software Protections
The first software copy protections emerged in the 1970s. Some of the early movers in the space were as follows:
- Apple II: The Apple II incorporated proprietary disk drivers that would allow writing at half-tracks, writing extra rings, and staggering and overlapping sectors. The purpose of this was to make the disks unusable by non-Apple machines and software that wouldn't know to read and write at these odd offsets.
- Atari 800: Atari 800 systems would intentionally include bad sectors in their disks and attempt to load these sectors. If these loads didn't return a "bad sector" error, then the software knew it wasn't a valid disk and would halt execution.
- Commodore 64: Legitimate Commodore 64 software was distributed only on read-only disks. The software would attempt to overwrite the disk, and, if it succeeded, it knew the disk was counterfeit.
These protections all depended on unusual behavior by the software, such as the use of invalid memory or attempting to overwrite the program's own code. Defeating these protections required an understanding of how the software worked.
The Rise of Cracking and Reverse Engineering
The rise of cracking and reverse engineering began in the 1980s. However, these early crackers weren't in it for the money. Cracking was a contest to determine who could figure out and bypass software protections the quickest.
Over the next several decades, the reverse engineering and cracking scene evolved. These are some of the key dates in the history of reverse engineering:
- 1987: Fairlight's formation in 1987 by Bacchus defines one of the first operational groups. Fairlight will later come to prominence in FBI crackdowns of the early 2000s. For more historic details visit
www.fairlight.toandcsdb.dk. - 1990: Elliot J. Chikofsky and James H. Cross II defined reverse engineering as "the process of analyzing a subject system to identify the system's components and their interrelationships and to create representations of the system in another form or at a higher level of abstraction. ("Reverse Engineering and Design Recovery: A Taxonomy." IEEE Software, Vol. 7, Issue 1, Jan 1990).
- 1997: Old Red Cracker (handle +ORC) founds the Internet-based High Cracking University (+HCU) to allow everyone to learn about cracking. +ORC released "how to crack" lessons online and authored academic papers. +HCU students had handles that began with an +.
- 1997-2009: The "warez scene" emerges with groups competing to be the first to release copyrighted material. Insiders (aka...
