Cracking code August 5, 2007Posted by reversengineering in RCE.
Cracking code – Introduction
from this link:
To defend, you must have some idea of what you’re defending, and who and what you’re defending against, specifically, which attacks. Failure do understand and know these things means that your defense will most likely not be effective, and could in fact decrease your security. Here’s an example:
Near where I live, thieves were stealing cars that people parked in the street. The neighbourhood committee decided that they’d stop this. The solution they implemented was to put gates at all entrances and exits of their area, and have guards that only allow cars with a particular sticker get through. This makes people FEEL more secure. However, for the cost (guardhouses and gates construction, guard salaries), it’s not as effective as it could be. A thief can still walk in just as easily (gates only block roads), and when driving a stolen car out, the guards will see the car and sticker, recognize it, and let them leave. If they had thought about how thieves operated, then they would have realised this and done something more effective, perhaps hiring the same number of guards, but setting them on a patrol, instead of just sitting at their posts. With unlimited resources, they could do both things, and give each member a special remote key-code to unlock the gate when they are driving. However, the tradeoff in cost and convenience is too high for them.
This is how security is, in the physical and electronic worlds. We have many possibilities, each with their tradeoffs. Deciding which measures to implement requires us to understand how our opponent is going to operate, as well as the details of how exactly our defenses work.
In this series, I’m going to show you how to crack simple code. I’m going to make a series of samples to try this out on (to avoid DMCA problems with real code), so as to get a feel of what crackers do to code. It is not going to be in-depth or show how to become a master cracker. Just enough so that we could attack a simple Windows/.NET program’s licensing key system, which is a common theme in software protection.
Continue to Part 1, where we’ll crack some simple code…
Cracking code – Part 1
Cracking code – Part 2: Other simple attacks
Cracking code 3: Cracking an obfuscated .NET assembly
Cracking Code 4: Replacing a strong name
Cracking code 5.1: Increasing your configuration