Objectives
In this lab you will learn about the fundamental difficulties in restricting what users can do with the data on their computers. You will also:
Overview
For many years, software companies have tried to restrict what users may do with the applications they buy. Often, these efforts have focused on preventing users from running applications on more than one computer. More recently, they've tried to restrict what users may do with data such as video, audio and even text.
In 1998, congress passed the Digital Millenium Copyright Act. Among other things, it specifies that “No person shall circumvent a technological measure that effectively controls access to a work protected under this title.” The problem with this clause as it relates to computers is that in their present state, no technological measures can effectively prevent a computer owner from accessing the data on his own machine!
Requirements
Download
fortune_static, a statically linked linux executable, and
fortunes.enc, a file with encrypted content. When you run fortune, it will ask you for the “CD key,” a password designed to restrict access to the program. You will not be given a valid CD key.
Use a debugger to bypass this password mechanism and make the program function normally. (Instead of exiting, it will print out a random quote from the file fortunes.enc.) This is done by modifying variables, registers, return addresses, etc. using the debugger. (See the
ddd manual or
gdb manual for help)
Now that you understand the code, open the executable in a hex editor (khexedit on the Linux machines) and modify the assembly code so that you can obtain a fortune every time you run the program. Perhaps any cdkey that you enter will now work, for instance. You may be able to insert noops (0x90) to effectively crack the executable. Dr. Seamons was able to do this by modifying just one byte in the executable
using vim as a hex editor. (vim works better for this than vi.) The result will be a new executable file that you can run and obtain a fortune.
Passoff
Generate a written pdf report for the lab that addresses the following items. Please number each item for clarity.
How did you use the debugger to bypass the password mechanism? What variables were modified? Please include a screenshot of the debugger in the report.
How did you edit the program to bypass the cdkey mechanism?
How did you obtain all the fortunes from the encrypted file?
Include the following in your report.
Please include a plain text section containing the list of all fortunes from the fortunes.enc file.
Please include a screenshot of the debugger that shows you were able to access the plain text fortunes in memory (in your report or a separate file).
Tips
Back to top