Introduction

In the first part of this course we will learn how to "crack" programs, i.e. how hackers break into software to extract secrets, remove license checks, etc. In the second part we will use this knowledge to learn how to defend against such attacks.

Learning about this type of computer security is important because many current systems are vulnerable to cracking attacks. This includes computer games, the national power grid, military systems, medical systems, etc.

To follow this course you need to know C and Unix. Some understanding of assembly code, cryptography, and compilers is also useful, but not necessary.

The course will have practical homework exercises where you will crack small programs, and use tools to protect against cracking.

The course will be given in English.


 

Lectures


 

Exercise 1


 

Tools


 

Books and papers

If you want to learn more, please consider attending the next Int. Summer School on Information Security and Protection (ISSISP), the fifth in the series, which will take place in Verona Italy, July 28-August 2. The summer school is open to graduate students and computing professionals. Previous summer schools were held in Beijing (2010), Gent (2011), Tucson (2012), and in Xi'an (2013).

Also, please get involved in the software protection community by joining DAPA, The Digital Asset Protection Association.


 

Important News


 

Final Exam

Introduction

To get started, do the following:
  1. Download the exam:
  2. unzip exam_*.zip
  3. cd exam/YOURFIRSTNAME_YOURLASTNAME
  4. ls

You will find several files:

   README
   3-answer.c   3-challenge.c 
   4-answer.c   4-challenge.c 
   5-*-challenge
   6-*-challenge

Your task is to reverse engineer one of 3-challenge.c or 4-challenge.c by removing the obfuscation that I (or Tigress, actually) has added.

For the 5-*-challenge you should instead disable the password check and the expired-time check that prevent the program from running.

Proceedure

You only have to solve and hand in one of the three challenges! It is up to you which one you decide to work on.

Notice that for 3-challenge and 4-challenge I have given you obfuscated source code to reverse engineer (I'm so nice!). 5-*-challenge is binary only, however.

You should edit 3-answer.c, 4-answer.c, or 5-answer.c, writing your reverse-engineered code in the empty function SECRET that has been provided for you. In a successful solution to N-challenge

  1. N-answer should have the same input-output behavior as N-challenge;
  2. N-answer should be idiomatic C, i.e. have a structure that "looks like normal C written by a human";
  3. all unnecessary code (i.e. code added or transformed by the obfuscator) will have been removed.

For example, I expect loops in the source program to have corresponding loops in the recovered program, flattened or virtualized code will have been returned to its pre-obfuscated state, and compound data types (arrays, structs, and unions) should be identified as such.

Grading

The idea is that if you hand in a successful solution to the 3-challenge you get a grade of "3", 4-challenge a grade of "4", and 5-challenge a grade of "5". I decide what "successful solution" means, and, I may give a grade of 2 to a bad 3-answer, or a grade of 5 to a particularly good 4-answer.

Academic Integrity

This is a take-home exam and it is obviously possible for you to get help solving it. This, however, IS NOT ALLOWED. You are bound by your University's rules of academic conduct as well as these rules:
  1. You may use any technique that you want to work the exam.
  2. You are not allowed to discuss the exam with any human.
  3. You cannot get help from any classmates, nor anyone outside class.
  4. You may not provide help to your classmates.

If you recieve or give help with the exam, I will make sure that you (at least) fail the class.

If you have any questions about the exam you should see me.

Submitting the solution

You should email me your solution to

   collberg@gmail.com. 
The body of the email should look similar to the email you sent me earlier, along with additional information about how you solved the exam:
   FIRSTNAME:       Bob
   LASTNAME:        Jones
   EMAILADDRESS:    bob@cia.gov
   UNDERGRADUATE,MASTERS,PHD (U/M/P): P
   PROBLEM (3/4/5): which problem did you solve
   TOOLS:           what techniques did you use
   TECHNIQUES:      what tools, if any, did you use
   TIME:            how long did it take you
   DIFFICULTY:      was it easy/hard
   CHALLENGES:      what, in particular, did you find particularly easy or hard
   COMMENTS:        was this a reasonable exam (too easy, too hard), did you enjoy it, 
                    comments about the course in general if you wish, etc.

Attach exactly one file named

   3-answer.c, 4-answer.c, or 5-*-answer
to the email.

Make the subject line

   Subject: MGU Software Protection Exam

I should receive your solution no later than 23:59, Sunday, May 11, 2014.

What about 6-*-challenge?

It's the same as 5-*-challenge, only more heavily obfuscated. Hack this if you want to impress me. :) A successful hack of 6-*-challenge counts as a solution to the 5-*-challenge.