Group Number: _________Member Names: ___________________ _______________________ECE4112 Internetwork SecurityLab X: Code Injection and Software CrackingGroup Number: _________Member Names: ___________________ _______________________Date Assigned: xDate Due: xLast Edited: November 26th, 2007Lab Authored By: Jason Fritts, Zener Bayudan, Utsav KananiPlease read the entire lab and any extra materials carefully before starting. Be sure to start early enough sothat you will have time to complete the lab. Answer ALL questions in the Answer Sheet and be sure you turn in ALL materials listed in the Turn-in Checklist on or before the Date Due.Goal: The goal of this lab is to introduce you to the concept of software cracking and how software cracks often contain code injection. We will show you how easy it is to inject any type of code (ie. Malware) in a program and the user will never know it has been executed. We will show you the differentconcepts commonly used by software crackers to bypass any type of authentication the software writer implements, and how a software writer can prevent this from happening.Summary: You will write a common program which requires an authentication check, crack thisprogram using different concepts, and then analyze the results. You will also inject code into a program and have both the host and the injected program run.Background and Theory: Software cracking is the modification of software to remove protection methods: copy prevention, trial/demo version, serial number, hardware key,CD check or software annoyances like nag screens and adware.” (http://en.wikipedia.org/wiki/Software_cracking)Software cracking has become widespread on the Internet, where one can find a crack for almost any commercial software program available on the market. Thousands of websites dedicated to providing programs which will crack commercial software have appeared on the Internet in the last ten years, making it easier than ever before to pirate software.“The most common software crack is the modification of an application's binary to cause or prevent a specific key branch in the program's execution. This is accomplished by reverse engineering the compiled program code using a debugger such as SoftICE, OllyDbg, GDB, or MacsBug until the software cracker reaches the subroutine that contains the primary method of protecting the software (or by disassembling an executable file with a program such as IDA). The binary is then modified using the debugger or a hex editor in a manner that replaces a prior branching opcode with its complement or a NOP opcode so the key branch will either always execute a specific subroutine or skip over it. Almost all common software cracks are a variation 1of this type. Proprietary software developers are constantly developing techniques such as code obfuscation, encryption, and self-modifying code to make this modification increasingly difficult.”Software cracks often contain viruses. This is done through code injection. A virus writer will find a popular crack on the internet, inject his virus code inside of this crack, and then rerelease iton the internet for others to download.Lab Scenario: For this lab you will be writing a sample program which requires the user to authenticate themselves using a serial number. Next you will be cracking this program using a disassembler and hex editor. You will also be writing a serial key generator so there is noneed to modify the original sample program.After doing both of these examples you will be given a brief overview of common cracking countermeasures using the program EXEcryptor.Finally the dangers of using publicly available cracks on the Internet will be discussed, includingcracks which have viruses and backdoors embedded in them.Section 1: Cracking a simple program.1.1 Installing the necessary tools (within Windows XP)For this section you will need the following tools:1. Dev-C++ - for writing and compiling the actual C++ program.2. W32dsm – a program disassembler used for assembly viewing.3. Hex Workshop – a hex editor used for editing the executable program.All of these files should be transferred from the NAS server to your desktop and installed to theirdefault locations.1.2 Writing the crackable program.First we will write a program that requires the user to enter a serial number for authentication before continuing. For this example we will be showing the concepts crackers use to get past this authentication check, and therefore this program doesn't need to be very complicated. Our program will ask the user for their serial number and perform a numerical check versus the defined serial number.Note: This entire lab will be done within your Windows XP Vmware virtual image.21. Open Dev-C++ from the start menu Start-Programs-”Dev-C++”-”Dev-C++”2. Start new C++ console project: File-New Project-Console Application-C++ project3. Name the project “Example1”4. Use the following code:5. Compile the program: Execute-Compile6. Run the program: Execute-Run#include <iostream>using namespace std;int main(int argc, shar * argv[]){int serial;int goodserial = 12345;cout << “Type in your serial number:”);cin >> serial;if (serial == goodserial){cout << “valid serial number, type any character to exit”;cin,ignore(1);cin.get();return 1;}elsecout << “Invalid serial number, type any character to exit”;cin.ignore(1);cin.get();return 0;}Code Example: Example1.exe, code which is exploitable by using a dissassembler.As shown in Screenshot 1, the program should ask you for a serial number.3Screenshot 1: Example of a crackable program requesting user authentication.You should notice that typing any serial number other than the defined serial “12345” will not authenticate you to the program.1.3 Cracking the program.Now that we have created a simple program to crack, we will crack it using the reverse engineering program modification technique.The reverse engineering program modification technique is very simple. First, using a program disassembler the cracker views the assembly code of the program he wants to crack. Next, he uses some means to find the assembly code which compares his typed in serial number with the serial number defined by the program. Next he wants to completely bypass this comparison and jump directly to whatever function an authenticated user will enter after a successful comparison.To accomplish this the cracker notes the program offset (line number)