SoylentNews is people
SoylentNews
from the cracker-jack-anti-crack-hack dept.
Software reverse engineering, the art of pulling programs apart to figure out how they work, is what makes it possible for sophisticated hackers to scour code for exploitable bugs. It’s also what allows those same hackers’ dangerous malware to be deconstructed and neutered. Now a new encryption trick could make both those tasks much, much harder.
At the SyScan conference next month in Singapore, security researcher Jacob Torrey plans to present a new scheme he calls Hardened Anti-Reverse Engineering System, or HARES. Torrey’s method encrypts software code such that it’s only decrypted by the computer’s processor at the last possible moment before the code is executed. This prevents reverse engineering tools from reading the decrypted code as it’s being run. The result is tough-to-crack protection from any hacker who would pirate the software, suss out security flaws that could compromise users, and even in some cases understand its basic functions.
http://www.wired.com/2015/02/crypto-trick-makes-software-nearly-impossible-reverse-engineer/
(Score: 5, Insightful) by Kell on Wednesday February 18 2015, @05:03AM
What prevents me from extracting the flash binary code, running the binary in a sandbox emulator and stepping through each code instruction one at a time and extracting the machine code sequentially? Unless there is something very subtle here, this appears to give no protection whatsoever if you control the environment. If you don't control the environment, then you don't have a problem in the first place.
Scientists ask questions. Engineers solve problems.
(Score: 3, Informative) by kaszz on Wednesday February 18 2015, @05:13AM
Exactly!
And you could also do a black box analyze. Do X see what I/O action steps is taken to do that.
(Score: 5, Insightful) by bzipitidoo on Wednesday February 18 2015, @05:26AM
Shh! He has to sell it to a bunch of gullible music executives and software vendors first.
Say any more, and you might be accused of reverse engineering his scheme. That would be a serious violation of the DMCA.
Just like Creationists, they want to believe!
(Score: 5, Interesting) by linuxrocks123 on Wednesday February 18 2015, @05:57AM
Nothing. It uses a well-known trick, called the TLB Split. Also, the CPU claims that the cold boot attack wouldn't work on it, but it would.
I posted a detailed analysis when this was discussed on Slashdot: http://slashdot.org/comments.pl?sid=6967529&cid=49051091 [slashdot.org]
(Score: 3, Informative) by Kell on Wednesday February 18 2015, @07:08AM
Your analysis (and very polite response to idiot trolls) on the green site is well written and informative. I look forward to seeing more of your comments on Soylent!
Scientists ask questions. Engineers solve problems.
(Score: 0) by Anonymous Coward on Wednesday February 18 2015, @09:22AM
To my surprise, following that link I didn't get the beta design, but the old one. Did Slashdot finally drop beta?
(Score: 2) by kaszz on Saturday February 21 2015, @03:34AM
Asfaik that green mess just gives you a sane page sometimes. Kind of like jackpot on the casino. You won't win everytime ;)
(Score: 2) by FatPhil on Wednesday February 18 2015, @09:32AM
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 5, Funny) by q.kontinuum on Wednesday February 18 2015, @10:28AM
I think the right term is soylenced?
Registered IRC nick on chat.soylentnews.org: qkontinuum
(Score: 5, Funny) by Nerdfest on Wednesday February 18 2015, @11:06AM
I prefer "it has soyled itself".
(Score: 2) by FatPhil on Wednesday February 18 2015, @02:08PM
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 2) by FatPhil on Wednesday February 18 2015, @01:59PM
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 0) by Anonymous Coward on Wednesday February 18 2015, @09:55AM
And oddly enough, the first time I try to visit Slashdot in the year since migrating here it spits out a 503 service offline error.
(Score: 2) by francois.barbier on Wednesday February 18 2015, @10:43AM
The website you linked doesn't appear to work.
It returns "503 Service Temporarily Unavailable" in the HTTP header.
It says "404 File Not Found" in the title bar.
It says "503 - Service Offline" in the page content
Sounds like great programming !
(Score: 2) by tibman on Wednesday February 18 2015, @06:41PM
Errors Beta.
SN won't survive on lurkers alone. Write comments.
(Score: 0) by Anonymous Coward on Wednesday February 18 2015, @05:13PM
On your slashdot reply chain, you went over why DMA attacks through Firewire should in theory work, but can be blocked by disabling it in the firmware (usually fine because Firewire peripherals are not too common these days.) However, under the responses about it also being an issue with PCI/PCI express, etc I think something got missed: aren't most of the common/modern PCMCIA-cardbus (and whatever that smaller port that is replacing it is called) just hot-swappable PIC/PCI express? If so, that becomes a potential attack vector that is more commonly used (although it too is way less popular these days thanks to the overwhelming success of USB.)
(Score: 2) by linuxrocks123 on Wednesday February 18 2015, @10:06PM
Yeah, evil PCMCIA cards might be an issue, but, like you said, the ports are becoming very rare. I think they can be disabled similar to FireWire, too, but I'm not 100% positive.
(Score: 2) by kaszz on Saturday February 21 2015, @03:36AM
Modern Cardbus is a PCI-express x1 lane (asfair).
Just build yourself a memory snoop client and have fun..