X hits on this document

321 views

0 shares

0 downloads

0 comments

45 / 120

06: 07: 08: 09: 10: 11: 12: 13: 14: }

getline(cin, specified); if (specified.compare(password) == 0) {

cout << "[OK] Access granted." << endl; } else {

cout << "[Error] Access denied." << endl; }

VerifyPassword.exe disassembly (abbreviated):

.TEXT SECTION

  • #

    "jup!ter"

0040144A MOV DWORD PTR SS:[EBP-1C],Ve

  • #

    "Enter password: "

00401463 MOV DWORD PTR SS:[ESP+4],Ver

  • #

    if (specified.compare(password) ==

rifyPa.00443000

ifyPa.00443008 0)

004014A3 TEST EAX,EAX 004014A5 JNZ SHORT VerifyPa.004014CD

  • #

    "[OK] Access granted."

004014A7 MOV DWORD PTR SS:[ESP+4],Ver

  • #

    "[Error] Access denied."

004014CD MOV DWORD PTR SS:[ESP+4],Ver

ifyPa.00443019

ifyPa.0044302E

.RDATA SECTION

00443000 6A75702174657200456E74657220 00443010 7373776F72643A20005B4F4B5D20 00443020 63657373206772616E7465642E00 00443030 72726F725D204163636573732064 00443040 6965642E00000000000000000000

7061 jup!ter.Enter pa 4163 ssword: .[OK] Ac 5B45 cess granted..[E 656E rror] Access den 0000 ied.............

Using the simple program VerifyPassword.cpp, we now investigate applying

obfuscations to make machine code more difficult to reverse engineer. The first

obfuscation that will be applied is a data transformation technique which [5] calls

Modifying Variable Encoding”. Essentially this technique prescribes that all

meaningful and sensitive constants in a program be stored or represented in an alternate

encoding, such as ciphertext. For numerics, one can imagine storing or working with a

function of a number instead of the number itself; for example, instead of testing for α <

37

Document info
Document views321
Page views322
Page last viewedSun Dec 04 17:40:34 UTC 2016
Pages120
Paragraphs2913
Words25794

Comments