OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: LS (hydraxnetvision.net.il)
Date: Mon Apr 08 2002 - 14:05:31 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    I know what you mean. I wasn't suggesting blindly breaking on APIs
    or library calls of course. I think in today's scene you need to use
    both a disassembler and a debugger to get a good grasp of what
    is going on.
    A personal note: I've looked at so many programs before, my eyes can't
    stand the sight of asm code anymore ;-)
    I've learned quite a lot of things, but one of them is certain and that is
    finding WHERE in the code user input is entered.. What is done with
    it, is something else....

    Lord Soth

    06/04/02 01:25:08, Pedro Hugo <fractalghighspeedweb.net> wrote:

    >Well that could be done breakpointing system api's like strcpy etc etc
    >etc or the equivalent in windows.
    >But doing that without any reference would be a pain in the ass task.
    >One of the tricks in reverse engineering is breakpointing the right
    >place. After you get the right place things go a lot easier.
    >One of the most used tricks in software protections is making it
    >difficult to find the right places to breakpoint (much others exist of
    >course, but these ones try to avoid easy dead listing approaches for
    >example). Without the "entry point" it's much harder to go to the place
    >you want. So you still have the usual problem about finding the place
    >with problems. Being in assembler it makes things much harder to
    >understand. Debugging and disassembling could be, in my opinion, more
    >helpful to track more complex bugs and to help understanding foreign
    >code, like trojans and backdoors.
    >As in Phrack 58 article about runtime binary encryption:
    >"Forensic work on binary executeables will become very difficult, and
    >most
    >of the people who do forensics nowadays will drop out of the field. Most
    >likely some people from the reverse engineering 'scene' will convert
    >more
    >to network security and become forensics."
    >I think this field is one of the possible futures in the security scene.
    >Good tools are rare, and good people doing it not very common too.
    >Encryption and packing is one of the biggest challenges in the reverse
    >engineering field. Look at popular Windows shareware programs and you
    >will understand.
    >
    >
    >