Introduction
In the first part of this course we will learn how to "crack" programs, i.e. how hackers break into software to extract secrets, remove license checks, etc. In the second part we will use this knowledge to learn how to defend against such attacks.
Learning about this type of computer security is important because many current systems are vulnerable to cracking attacks. This includes computer games, the national power grid, military systems, medical systems, etc.
To follow this course you need to know C and Unix. Some understanding of assembly code, cryptography, and compilers is also useful, but not necessary.
The course will have practical homework exercises where you will crack small programs, and use tools to protect against cracking.
The course will be given in English.
Lectures
- Introduction
- Attacks
- Analysis
- Obfuscation I
- Obfuscation II
- Tamperproofing I
- Tamperproofing II
- Hardware
- Watermarking
Assignment 1
- In this assignment you are given a program that has been lightly obfuscated using the Tigress tool.
- You are given source code, and your task is to remove the obfuscation from the functions (except main), and give me the "minimal" (shortest) and most well structured "original" program.
- MGU students, download the assignment from here: Due date: April 6.
- TSU students, download the assignment from here: Your unique assignment is in the folder with your name. Due date: Friday May 1. You should email your solution to collberg@gmail.com using the subject line TSU, Assignment 1.
- SibSAU students, download the assignment from here: Your unique assignment is in the folder with your name. Due date: Monday June 15. You should email your solution to collberg@gmail.com using the subject line SibSAU, Assignment 1.
- You can see here what the original program typically looks like.
-
The body of the email should look like this
FIRSTNAME: Bob LASTNAME: Jones EMAILADDRESS: bob@cia.gov UNDERGRADUATE,MASTERS,PHD (U/M/P): P TOOLS: what techniques did you use TECHNIQUES: what tools, if any, did you use TIME: how long did it take you DIFFICULTY: was it easy/hard CHALLENGES: what, in particular, did you find particularly easy or hard COMMENTS: was this a reasonable exam (too easy, too hard), did you enjoy it, comments about the course in general if you wish, etc. BEGIN-ANSWER Here is where you put the de-obfuscated code of your assignment! END-ANSWER
- Your de-obfuscated program should have the same input-output behavior as the challenge. The answer should be idiomatic C, i.e. have a structure that "looks like normal C written by a human". All unnecessary code (i.e. code added or transformed by the obfuscator) should be removed. For example, I expect loops in the source program to have corresponding loops in the recovered program, flattened or virtualized code will have been returned to its pre-obfuscated state, and compound data types (arrays, structs, and unions) should be identified as such.
Assignment 2
- To try out Tigress, do the following:
- Download and unzip the latest version of tigress from here.
- Depending on your shell, set the following environment variables:
> setenv TIGRESS_HOME /PATH_TO/tigress-unstable > setenv PATH /PATH_TO/tigress-unstable:$PATH
or> export TIGRESS_HOME=/PATH_TO/tigress-unstable > export PATH=$PATH:/PATH_TO/tigress-unstable
- Try out Tigress:
tigress --Transform=Virtualize --Functions=main --out=result.c test2.c
This should construct a trivial interpreter from test2.c in result.c. - Some useful commands:
*) tigress --help : Show how to use tigress *) tigress --options : Show complete list of options to tigress *) tigress --license : Display the tigress license *) tigress --bibtex : See how to cite us *) tigress --apple : See how to get past some Darwin issues
- Read all the documentation of Tigress, here.
- Now do the following:
- Write a short (around 50 lines of code) C program (called program.c) that has some sort of ``asset'' that you would like to protect/hide, such as a license check, an algorithm, or a piece of data.
- Use Tigress to protect your program. I want you to experiment with writing scripts (commands that call tigress with different sequences of transformations) to get different levels of protection, at different slowdowns.
- Construct at least three different scripts and
a makefile (called makefile-C) that generates the differently protected versions
of your program. The makefile should look something like this:
all: out1.c out2.c out3.c out1.c : program.c tigress transformations --out=out1.c program.c out2.c : program.c tigress transformations --out=out2.c program.c out3.c : program.c tigress transformations --out=out3.c program.c
In other words, I will only typemake -f makefilee
to generat your protected programs. - Construct a file README.txt that describes what you did:
FIRSTNAME: Bob LASTNAME: Jones EMAILADDRESS: bob@cia.gov UNDERGRADUATE,MASTERS,PHD (U/M/P): P PROGRAM: what does your program do? ASSET: what asset are you protecting? SCRIPT1: why did you choose the particular sequence of transformations for script one, how well do you think your asset is protected, and what slowdown did you see? SCRIPT2: same as SCRIPT1, but for the second script SCRIPT3: same as SCRIPT1, but for the third script COMMENTS: how hard was this, did you enjoy it, what could have been done differently, what transformation did you need from Tigress that it does not have, what bugs did you find in Tigress, etc.
- You should email your solution to collberg@gmail.com.
- MGU students: Due date: April 18, email subject line MGU, Assignment 2.
- TSU students: Due date: Friday May 8, email subject line TSU, Assignment 2.
- SibSAU students: Due date: Monday June 22, email subject line SibSAU, Assignment 2.
- The submission should be in the form of an attached zip-file named
FIRSTNAME_LASTNAME.zip containg
a directory FIRSTNAME_LASTNAME with, at least, these files:
- program.c
- makefile
- README.txt
- out1.c
- out2.c
- out3.c
Assignment 3/Final Exam
- The program given to you crashes with a segmentation fault due to an expired time check. Your task is to edit the binary code in a way such that the program runs as normal (takes an integer as input, and produces an integer as output, as in the previous assignments).
- MGU students, download the assignment from here:
- TSU students, download the assignment from here:
- Construct a file README.txt that describes what you did:
FIRSTNAME: Bob LASTNAME: Jones EMAILADDRESS: bob@cia.gov UNDERGRADUATE,MASTERS,PHD (U/M/P): P TOOLS: what techniques did you use TECHNIQUES: what tools, if any, did you use TIME: how long did it take you DIFFICULTY: was it easy/hard CHALLENGES: what, in particular, did you find particularly easy or hard COMMENTS: was this a reasonable exam (too easy, too hard), did you enjoy it, comments about the course in general if you wish, etc.
- Due date: Monday June 15.
- You should email your solution to collberg@gmail.com using the subject line MGU, Assignment 3 or TSU, Assignment 3.
- The submission should be in the form of an attached zip-file named
FIRSTNAME_LASTNAME.zip containg
a directory FIRSTNAME_LASTNAME with, at least,
- the hacked challenge file
- README.txt