Posted By: DeltaAziz 29-12-2007, 12:52 PM
إقتباس :Scan of the Month 33: Anti Reverse Engineering Uncovered
By Nicolas Brulez
Rather than doing another complete analysis of the binary, i will rather present the techniques i have used in the challenge, and how i have implemented them. The Scan of the Month 33 was released by the Honeynet Project in November 2004. I invite everyone to read the excellent submissions we received this month once they have read my paper. I am presenting the binary from the protection author point of view, while they presented it from the analyst point of view. You will learn the methods and techniques used to Protect / Unprotect a binary with this month's challenge. A lot of weaknesses were left on purpose in this binary and they will be presented here.
Contents
The Challenge
Identify and explain any techniques in the binary that protect it from being analyzed or reverse engineered
Something uncommon has been used to protect the code from beeing reverse engineered, can you identificate what it is and how it works?
Provide a mean to "quickly" analyse this uncommon feature
Which tools are the most suited for analysing such binaries, and why?
Identify the purpose (fictitious or not) of the binary
What is the binary waiting from the user? Please detail how you found it
Bonus Question - What techniques or methods can you think of that would make the binary harder to reverse engineer?
Conclusion
Acknowledgement
About the Author
http://www.honeynet.org/scans/scan33/nico/
لَّا إِلَٰهَ إِلَّا أَنتَ سُبْحَانَكَ إِنِّي كُنتُ مِنَ الظَّالِمِينْ.
عن أبي هريرة -رضي الله عنه- أن رسول الله -صلى الله عليه وسلم- كانَ يقولُ في سجودِهِ: «اللَّهُمَّ اغْفِرْ لي ذَنْبِي كُلَّهُ: دِقَّهُ وَجِلَّهُ، وَأَوَّلَهُ وَآخِرَهُ، وَعَلاَنِيَتَهُ وَسِرَّهُ».
(صحيح - رواه مسلم).
عن أبي هريرة -رضي الله عنه- أن رسول الله -صلى الله عليه وسلم- كانَ يقولُ في سجودِهِ: «اللَّهُمَّ اغْفِرْ لي ذَنْبِي كُلَّهُ: دِقَّهُ وَجِلَّهُ، وَأَوَّلَهُ وَآخِرَهُ، وَعَلاَنِيَتَهُ وَسِرَّهُ».
(صحيح - رواه مسلم).