gdb
, objdump --disassemble
, and readelf -a
to analyze and reverse-engineer the program. To edit the program, you may use your hexadecimal editor of choice.
One nice hex editing solution is this: convert the binary to an editable ASCII file with xxd
. Edit the file with any editor. Convert back to binary with xxd -r
. Don't forget to chmod +x
the final file if you want to run it, xxd doesn't do that by default.
One or more of the protection mechanisms in this homework are incompatible with the new address space randomization system in Linux. This makes the template binary crash. Always run your program like this:
LD_LIBRARY_PATH=. setarch `uname -m` -R ./hw4Note: you are expected to edit the binary executable and library, not produce a binaries by reverse-engineering and re-writing in C, nor by disassembling and reassembling. We'll compare the turned-in binary to the original with
cmp
, and we expect to see only several modified bytes.
License key valid, thank you.
The second one dynamically updates a GOT entry to make the program call real_server_license_validation, which is what you want, instead of what the entry points to in the binary. After you have subverted the second one (this could happen in one step, depending on your approach), it outputs:
Everything seems to be in order. Moving along to server license key validation.
Your program then "activates" with the license server, which reports activations on this page: http://bits.cs.uic.edu/cs361/activations.txt
You'll note that the server accepts any license key. However, the most insidious aspect of the report is the IP address, which identifies you as the license violator, and which is not within your control to change. You must stop this activation from happening. Important function calls for the network activation are connect()
and send()
.
However, you'll find that simply skipping the network activation step results in a broken program: the server sends back binary code with crucial functionality as part of the activation process. You need to capture this binary code, and store it permanently in your program so it can run without activation.
Without the code from the server, the program crashes or doesn't do anything. With the code, it displays a little ASCII animation.
The cracked binaries differ in roughly 20 bytes total, and the program runs without activating with the server.
svn up
. The folder contains a binarie (hw4) and a shared library (lib.so). It may be a good idea to keep a copy of the original files around for reference, though if you misplace them, it's always available through svn.
Make your changes to hw4, and lib.so and svn commit
when finished. In addition, create a new file called "patches_applied.txt", where you describe each change you made briefly, in the format hw4: 0af8-0b70 replaced foo with bar to make a better foobar
Copyright 2016 The Board of Trustees of the University of Illinois.webmaster@cs.uic.edu |
WISEST Helping Women Faculty Advance Funded by NSF | ![]() | ![]() |