Reference no: EM13936262
This exercise looks at reverse engineering and \cracking" applications. For this exercise you should log into the VM as user: dan, password: dan!dan. In Dan's home directory you will nd two jarles, two ELF executables, the tool JD-GUI and the evaluation version of IDA pro.
For this exercise you need to use JD-GUI and IDA to analyse the applications and gain a complete understanding of what they do.
Part 1: Java Byte Code
The jar les employ two of the most common methods of protecting code: encryption and obfus- cation. As you will see neither of these methods will stop a determined analyst.
The rst jar le encrypts some of its code, however, the decryption key must be embedded in the application, and so an analyst can read the code. This is an example of \packing" which is a protection method often use by malware. This is done mainly to avoid signature based detection from malware scanners; the malware will re-encrypt itself with a di erent key each time it infects a computer, so making it look di erent each time it spreads.
The second jar le has been obfuscated, i.e., made deliberately hard to understand. This method of protection is often used by drive-by-download attack code which has been injected into a website. The point of this is to make it di cult for a casual observer to tell what the code is doing and so delaying the time it takes for anyone to realise that the code is malicious.
Question 1: exercise1.jar
The rst Java application is a simple password check (you can run the password check jar le by typing java -jar exercise1.jar at the command line). Use JD-GUI to nd the password for this program, describe in detail how the jar le tries to protect the password and how you found the password, explain each of the steps you took. Another version of this application (with the same password) is also running on one of the ports of the VM. Use nmap to nd out which ports are open and netcat (nc) to connect to them and nd the application. The version of the application listening on the port will give you a token in response to the correct password.
Question 2: exercise2.jar
The second Java application opens a dialog box that asks for a registration key. Find a registration key that this application will accept. Describe in detail how the jar le tries to protect the password and how you found the password (there is no token for this application).
Part 2: ELF Binaries
Executable and Linkable Format (ELF) is the standard format for linux executables. The two ELF executables in Dan's home directory can be run from the command line by typing ./exercise-03 and ./exercise-04. The rst is a simple password check program and the second is a more complex application for viewing GPG keys.
Question 3: exercise-03
The application exercise-03 asks you to enter a password in order to be given a message. Open this application in IDA by typing ./idaq exercise-03, examine the assembly code and run it in the IDA debugger. Work out how the password is being checked and what the message is. Describe in detail how the application checks the password and how you discovered this. In particular, describe the steps you went through and why. Another version of this application (with the same password) is also running on one of the ports of the VM. Use nmap to nd out which ports are open and netcat (nc) to connect to them and nd the application. The version of the application listening on the port will give you a token in response to the correct password. Submit this token on the website.
Question 4: exercise-04
The application exercise-04 is a larger program to display information about public keys. This application contains a back door that can be used to get a shell. Open this application in IDA, examine it, and nd the back door. This application is also running and listening on one of the ports of the VM as root. Use nmap to nd out which port it is running on, connect to it using netcat and exploit the backdoor to get root access to the VM. Describe in detail how the backdoor works and how you discovered it. In particular, describe the steps you went through and why. Once you have root access to the VM you will nd a nal token in the Ex5rootToken le, submit this to the token submission website
Review the firms internal environment
: Briefly review the firm's internal environment (what type of firm is it, what do they do, what products/services do they provide and where are they located), external environment (what are the key external factors that impact on the firm and its b..
|
Software designed to damage or perform undesirable actions
: Background Malware (short for malicious software) refers to software designed to damage or perform undesirable actions on a computer system. Malware has become an increasingly profitable industry for business savvy hackers. Malware has also become..
|
Is this a real economic consequence
: Comment on the claim that small companies wouldn't be able to invest as much cash in their own growth if they couldn't capitalize many costs. Is this a real economic consequence?
|
Explain how the euro may affect uk international trade
: Explain how the euro may affect UK international trade. When South Korea's export growth stalled, some South Korean firms suggested that South Korea's primary export problem was the weakness in the Japanese yen.
|
Most common methods of protecting code
: This exercise looks at reverse engineering and \cracking" applications. For this exercise you should log into the VM as user: dan, password: dan!dan. In Dan's home directory you will nd two jarles, two ELF executables, the tool JD-GUI and the eval..
|
What is underlying reason for strong demand for uk exports
: Demand for exports. A relatively small UK balance of trade deficit is commonly attributed to a strong demand for UK exports. What do you think is the underlying reason for the strong demand for UK exports?
|
Is demand elastic, inelastic, or unitary elastic
: Your boss tells you that the price elasticity of demand for hospital services is inelastic and therefore if you change the price there will be no change in the demand for hospital services. Explain whether she is correct or incorrect.
|
Explain what is useful or problematic in his approach
: To prepare for this Discussion, review the resources. Post your perspective on Holland's properties and mechanisms of complex adaptive systems. Next, explain what is useful and/or problematic in his approach
|
Calculate the price elasticity of demand for medium pizzas
: Calculate the price elasticity of demand for medium pizzas for SUNY Canton students. You must show your work to receive credit for your calculation. If the price of pizza increases by 1%, by what will the percentage change in quantity demanded of ..
|