puts("enter password"); scanf("%d",&pass); if(pass==4568)
Event though this way may seem secure, since after compilation this password will be converted to one's and zeros inside the binary file, this is not the case.
A simple disassembly will reveal the true password.
To prove my point I have designed a shell script which cracks passwords from such types of password verifying constructs. This shell file will not work on all naive password check but will deal with some of these types.
Anyone who understands a little bit of assembly along with a little bit a reverse engineering can easily crack variations of this type of password check, even if this script fails.
Consider this source file in C.
#include<stdio.h> #include<stdlib.h> int main(){ puts("Enter password"); int pass; scanf("%d",&pass); while(pass!=1234){ puts("Wrong password enter again"); scanf("%d",&pass); } return 0; }
Copy the contents of this source file into a text file. And compile it using gcc compiler.This password can be easily be cracked by using the following script.
echo "Binary cracker v1.0-Abhishek Munagekar" echo "A script to crack naively protected binaries" echo "This script works on if(pass==int_pasword_value) only" echo "Mail:avm.abhishek@gmail.com" echo "Blog:www.prgwonders.blogspot.in" #test for number of arguments if [ "$#" -ne 1 ]; then echo "Usage $0 name_of_binary" exit 1 fi #test for executable if [ -x "$1" ]; then echo "File '$1' is executable" else echo "File '$1' is not executable or found" exit 2 fi #begining actual execution echo "list of possible points to check" echo "Ignore any value than doesn't appear to be hex" objdump -M intel -D "$1" > revit egrep -nr -w 'je|jne' revit| cut -d : -f 1 echo "enter 0 to exit, else point number to check" while true do read point if [ "$point" -eq 0 ]; then break fi echo "possible password in hex @ point '$point' " point=$((point - 1)) #to go to cmp line sed -n "$point"p revit | cut -d , -f 2 done # cleanup operation rm revit echo "Thankyou for using this script"
Run this script giving the binary file name as argument.
I have demonstrated cracking a integer password using this script. A slight modification of source code and this script will be rendered useless. String passwords for example can do the trick. Even though the script is rendered useless I will still be able to decode the passwords using disassembly of the code.
Please do refrain from using such naive password protections. Since users of your binary will have to remember a password to use it. While those who are say unauthorized can crack it anyway.
No comments:
Post a Comment