SecurityTubeBeta
Watch ... Learn ... Contribute
securitytube home
securitytube videos
securitytube questions
securitytube news
securitytube tools
divider
upload video on SecurityTube
 
 
Video Categories:
Security Basics
Programming
Security Tools
Fun

Reverse Engineering 101 ( Using IDA to break password protections )
 
 

This video is the second in the Reverse Engineering 101 series. I would encourage you to view the first video on finding hidden passwords in binaries using a hex editor. In this video we will use the IDA Pro tool to dissect a binary file and see how to crack a basic password protection.Please download an evaluation copy of IDA here.  Also, please download binary of the program to be disassembled in this reverse engineering exercise from here.









We will use the code from the previous video in this example. Lets look at the program:

------------Code Starts ------------------

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
 
#define password "FindMeIfYouCan"

int main(int argc, char *argv[])
{
  char pass[100];
 
 
  printf("Please enter your password\n\n");
  scanf("%s", pass);
  if ( strcmp(pass, password) == 0 )
  {
       printf("Congrats!! Correct Pass\n\n");
  }
  else
  {
      printf("Wrong Pass\n\n");
  }
      
  system("PAUSE");    
  return 0;
}

-------------------------------- Code Ends ---------------------

 The user entered password is stored in the variable "pass", while the program password is held in "password". The entire protection mechanism in the above program depends on the "srtcmp" function(). If the passwords match, strcmp() returns a "0". The the "If" statement does a comparison to check if "0" was returned. If True, then the user is allowed access, else the user is denied access.

well how do we reverse engineer this program?  well what if somehow we could have "0" placed in the output of the strcmp() operation, so that the If statement yields a "True"? In order to understand how we can accomplish this we need to dive into the assembly language equivalent of the code above. You can watch how its done in the video below. If you are noob to Assembly and would me to create an "Assembly Language Primer to begin Reverse Engineering", please raise a request using the "Feedback" button to the left of the page.

 

The Camtasia Studio video content presented here requires a more recent version of the Adobe Flash Player. If you are you using a browser with JavaScript disabled please enable it now. Otherwise, please update your version of the free Flash Player by downloading here.
 

 
Related Videos from: Reverse Engineering Basics
divider
Reverse Engineering 101 ( Using a Hex Editor to Find Passwords )
You are Viewing this Video Now!
13058 views
21015 views

Author
Vivek-Ramachandran

Vivek Ramachandran is a security evangelist and has been working in computer security related fields for the past 7 years. In 2007, Vivek spoke at world renowned conferences Defcon (WEP Cloaking Exposed) and Toorcon (The Caffe Latte Attack). The discovery of the Caffe Latte Attack was covered by CBS5 news, BBC online, Network World etc news agencies.In 2006, Vivek was announced as one of winners of the Microsoft Security Shootout contest held in India among 65,000 participants. He has also been a recipient of a Team Achievement at Cisco Systems for his work on 802.1x and Port Security modules on the Catalyst 6500 switches. Currently he spends all of his time maintaining Security- Freak.Net , SecurityTube.Net and is the co-founder of Axonize. Vivek, is a Bachelor in Electronics and Communications Engineering from the prestigious Indian Institute of Technology, Guwahati.You can contact him at vivek[at]securitytube.net

 
©2007 Freak Labs