Create an Account
username: password:
  MemeStreams Logo

bmitchell's MemeStream


My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

bmitchell's topics
Health and Wellness
Home and Garden
Current Events
Local Information

support us

Get MemeStreams Stuff!

Current Topic: Technology

Advanced binary analysis of CherryOS: proof of theft
Topic: Technology 10:40 am EST, Mar 31, 2005

just incase anyone didn't believe them already here goes the analysis (I do this sort of thing for a living) first off CherryOS.exe is what we call in the security industry "packed", that means that they have taken a compiled binary and run it through an obfuscator to make it hard to reverse engineer (or at least with hard if all you're doing is strings)...this is common for virus writers, worm writers, 31337 bot net kiddies, and on the legitimate side, game developers do this a lot...its not very common among the commercial (or free) legitimate software market (mostly because it doesn't work and doesn't do any good) so, the easiest way to defeat the packing is simply to let it start up (this one has several annoying checks for debuggers so its easiest to just attach after its loaded)...

the eula for this thing says its a violation to reverse engineer it, but if you do disassemble it you find they never had the rights to license it in the first place, so I don't feel worried to put this here...

if you want to follow along I downloaded a trial copy of CherryOS this morning and I got the latest version of pearpc as of this morning off of sourceforge (not from cvs, just the tarball), I am using windows XP with Interactive Disassembler (IDA)... goes:

so the first thing we want to do is find some strings which are common to both, they will not in and of themselves give you the answer you're looking for but they will give us a good starting point, we will then use these to get a context on the code that uses these strings, we will then compare the functions (or in this case class methods) to see if they are similar (or in this case identical)

so, example number one lets look at something in the cpu emulation code (because that is the heart of the code)

direct your editor to cpu/cpu_jitc_x86/ line 465 you will see the following small function

extern "C" void FASTCALL jitc_error_program(uint32 a, uint32 b) {
if (a != 0x00020000) { // Filter out trap exceptions, no need to report them
ht_printf("JITC Warning: program exception: %08x %08x\n", a, b);

first lets see if we can find the format string "JITC Warning: program exception: %08x %08x\n" somewhere in the core memory image of CherryOS

now if you're using IDA attach to an already running CherryOs.exe (not to be confused with mainCherryOs.exe) and regenerate strings or do a direct string search, and search for this exact string...

you will find it in the text segment located at the fact that it exists alone is almost enough to pass summary judgment, but lets keep going so its painfully obvious...

in cherryos.exe at .text:0040E8C0 you will see a reference to the format string from pearpc the disassembled function at this address looks like this (don't worry details will be explained in a bit)

.text:0040E8C0 sub esp, 0Ch
.text:0040E8C3 cmp ... [ Read More (1.6k in body) ]

Advanced binary analysis of CherryOS: proof of theft

Publishing exploit code ruled illegal in france
Topic: Technology 8:24 am EST, Mar 10, 2005

Researchers that reverse engineer software to discover programming flaws can no longer legally publish their findings in France after a court fined a security expert on Tuesday.

Publishing exploit code ruled illegal in france

US spamming conviction overturned
Topic: Technology 8:50 pm EST, Mar  3, 2005

This is sort of interesting. I was under the assumption that jury decisions can't be overturned strictly on the basis of their decisions alone (only for process problems, and other associated problems with the way the trial was conducted), and that jury nullification was indeed possible.

US spamming conviction overturned

Court preserves aftermarket competition under the DMCA
Topic: Technology 7:30 pm EST, Feb 24, 2005

This is a good overview of two cases where the court has limited the reach of the DMCA.

Court preserves aftermarket competition under the DMCA

[economist] High-tech passports are not working
Topic: Technology 5:54 pm EST, Feb 23, 2005

[linked from Schneier's blog]

IN OLDEN days (before the first world war, that is) the traveller simply pulled his boots on and went. The idea that he might need a piece of paper to prove to foreigners who he was would not have crossed his mind. Alas, things have changed. In the name of security (spies then, terrorists now), travellers have to put up with all sorts of inconvenience when they cross borders. The purpose of that inconvenience is to prove that the passport's bearer is who he says he is.

The original technology for doing this was photography. It proved adequate for many years. But apparently it is no longer enough. At America's insistence, passports are about to get their biggest overhaul since they were introduced. They are to be fitted with computer chips that have been loaded with digital photographs of the bearer (so that the process of comparing the face on the passport with the face on the person can be automated), digitised fingerprints and even scans of the bearer's irises, which are as unique to people as their fingerprints.

[economist] High-tech passports are not working

Decision to sell antivirus products places Microsoft in quandary
Topic: Technology 7:52 pm EST, Feb 22, 2005

If Microsoft Corp. doesn't do more to stem Internet attacks, the company risks further alienating customers unhappy with the multitude of threats already facing its ubiquitous software.

Sell its own security products, on the other hand, and Microsoft faces a potential backlash from some of its allies -- the companies that now provide an extra layer of security for its Windows operating system, Internet Explorer browser and other products.

Decision to sell antivirus products places Microsoft in quandary

Researchers: Typing Style Can Be Password
Topic: Technology 9:45 am EST, Feb 18, 2005

The way you type is as unique as your eye color or speech patterns and can be used instead of a password to protect your computer, researchers at Louisiana Tech and Penn State say.

Their discovery will bring Louisiana Tech its first direct royalty income, university president Daniel D. Reneau said in signing a joint licensing agreement with BioPassword Inc. of Issaquah, Wash.

[ It seems to me that this has some serious problems, the first being it is easy to record, and a device can be made to play back keystrokes with correct timing.

Of course, you could argue that passwords can be stolen, but the difference is users know passwords should be kept secret. They don't know that they now need to type in secret, or be very careful about where they type. ]

Researchers: Typing Style Can Be Password

Microsoft recalls 14 million cords around the globe
Topic: Technology 8:04 pm EST, Feb 17, 2005

The recall affects the majority of Xbox consoles sold. As of December 31, Microsoft had sold 19.9 million consoles worldwide, 13.2 million of which were in North America, 5.0 million in Europe, and 1.7 million in the Japan/Asia Pacific region, according to the company.

Microsoft recalls 14 million cords around the globe

CodeBreakers Journal
Topic: Technology 10:47 am EST, Feb 16, 2005

New issue (Vol 2 Number 1) of CodeBreaker's Journal has been released. An interesting publication for those interested in lower level programming.

CodeBreakers Journal

Hackers sued for tinkering with Xbox games
Topic: Technology 6:35 am EST, Feb 10, 2005

In the first case of its kind, a California video game maker is suing an entire community of software tinkerers for reverse engineering and modifying Xbox games that they legally purchased.

Hackers sued for tinkering with Xbox games

(Last) Newer << 1 - 2 - 3 - 4 >> Older (First)
Powered By Industrial Memetics