Code Obfuscation Techniques For Software Protection

Dotfuscator-Visual-Studio-2012-Screen.png' alt='Code Obfuscation Techniques For Software Protection' title='Code Obfuscation Techniques For Software Protection' />Powerful code obfuscation system for Windows, Linux and Mac OS X applications that helps developers to protect their sensitive code areas against Reverse Engineering. Submissions handled through EasyChair. ISP Internatonal Summer School. The 8th International Summer School on Information Security and Protection will be held at. Code Obfuscation Techniques For Software Protection' title='Code Obfuscation Techniques For Software Protection' />Rootkit Wikipedia. A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or areas of its software that would not otherwise be allowed for example, to an unauthorized user and often masks its existence or the existence of other software. The term rootkit is a concatenation of root the traditional name of the privileged account on Unix like operating systems and the word kit which refers to the software components that implement the tool. The term rootkit has negative connotations through its association with malware. Rootkit installation can be automated, or an attacker can install it once theyve obtained root or Administrator access. Obtaining this access is a result of direct attack on a system, i. Once installed, it becomes possible to hide the intrusion as well as to maintain privileged access. The key is the root or administrator access. Full control over a system means that existing software can be modified, including software that might otherwise be used to detect or circumvent it. Rootkit detection is difficult because a rootkit may be able to subvert the software that is intended to find it. Detection methods include using an alternative and trusted operating system, behavioral based methods, signature scanning, difference scanning, and memory dump analysis. Removal can be complicated or practically impossible, especially in cases where the rootkit resides in the kernel reinstallation of the operating system may be the only available solution to the problem. When dealing with firmware rootkits, removal may require hardware replacement, or specialized equipment. HistoryeditThe term rootkit or root kit originally referred to a maliciously modified set of administrative tools for a Unix likeoperating system that granted root access. If an intruder could replace the standard administrative tools on a system with a rootkit, the intruder could obtain root access over the system whilst simultaneously concealing these activities from the legitimate system administrator. These first generation rootkits were trivial to detect by using tools such as Tripwire that had not been compromised to access the same information. Lane Davis and Steven Dake wrote the earliest known rootkit in 1. Sun Microsystems Sun. OS UNIX operating system. In the lecture he gave upon receiving the Turing award in 1. Ken Thompson of Bell Labs, one of the creators of Unix, theorized about subverting the C compiler in a Unix distribution and discussed the exploit. The modified compiler would detect attempts to compile the Unix login command and generate altered code that would accept not only the users correct password, but an additional backdoor password known to the attacker. Additionally, the compiler would detect attempts to compile a new version of the compiler, and would insert the same exploits into the new compiler. A review of the source code for the login command or the updated compiler would not reveal any malicious code. This exploit was equivalent to a rootkit. The first documented computer virus to target the personal computer, discovered in 1. Brain virus intercepted attempts to read the boot sector, and redirected these to elsewhere on the disk, where a copy of the original boot sector was kept. Over time, DOS virus cloaking methods became more sophisticated, with advanced techniques including the hooking of low level disk INT 1. Universe At War Patch 3 No Cd. H BIOS interrupt calls to hide unauthorized modifications to files. The first malicious rootkit for the Windows NT operating system appeared in 1. NTRootkit created by Greg Hoglund. It was followed by Hacker. Defender in 2. 00. The first rootkit targeting Mac OS X appeared in 2. Stuxnet worm was the first to target programmable logic controllers PLC. Sony BMG copy protection rootkit scandaleditIn 2. Sony BMG published CDs with copy protection and digital rights management software called Extended Copy Protection, created by software company First 4 Internet. Microsoft Office 2008 For Mac Trial. The software included a music player but silently installed a rootkit which limited the users ability to access the CD. Software engineer Mark Russinovich, who created the rootkit detection tool Rootkit. Revealer, discovered the rootkit on one of his computers. The ensuing scandal raised the publics awareness of rootkits. To cloak itself, the rootkit hid from the user any file starting with sys. Soon after Russinovichs report, malware appeared which took advantage of that vulnerability of affected systems. One BBC analyst called it a public relations nightmare. Sony BMG released patches to uninstall the rootkit, but it exposed users to an even more serious vulnerability. The company eventually recalled the CDs. In the United States, a class action lawsuit was brought against Sony BMG. Greek wiretapping case 2. The Greek wiretapping case of 2. Greek Watergate,1. Vodafone Greece network belonging mostly to members of the Greek government and top ranking civil servants. The taps began sometime near the beginning of August 2. Sphinx 4 Jar more. March 2. 00. 5 without discovering the identity of the perpetrators. The intruders installed a rootkit targeting Ericssons AXE telephone exchange. According to IEEE Spectrum, this was the first time a rootkit has been observed on a special purpose system, in this case an Ericsson telephone switch. The rootkit was designed to patch the memory of the exchange while it was running, enable wiretapping while disabling audit logs, patch the commands that list active processes and active data blocks, and modify the data block checksum verification command. A backdoor allowed an operator with sysadmin status to deactivate the exchanges transaction log, alarms and access commands related to the surveillance capability. The rootkit was discovered after the intruders installed a faulty update, which caused SMS texts to be undelivered, leading to an automated failure report being generated. Ericsson engineers were called in to investigate the fault and discovered the hidden data blocks containing the list of phone numbers being monitored, along with the rootkit and illicit monitoring software. Modern rootkits do not elevate access,3 but rather are used to make another software payload undetectable by adding stealth capabilities. Most rootkits are classified as malware, because the payloads they are bundled with are malicious. For example, a payload might covertly steal user passwords, credit card information, computing resources, or conduct other unauthorized activities. A small number of rootkits may be considered utility applications by their users for example, a rootkit might cloak a CD ROM emulation driver, allowing video game users to defeat anti piracy measures that require insertion of the original installation media into a physical optical drive to verify that the software was legitimately purchased. Rootkits and their payloads have many uses Provide an attacker with full access via a backdoor, permitting unauthorized access to, for example, steal or falsify documents. One of the ways to carry this out is to subvert the login mechanism, such as the binlogin program on Unix like systems or GINA on Windows. The replacement appears to function normally, but also accepts a secret login combination that allows an attacker direct access to the system with administrative privileges, bypassing standard authentication and authorization mechanisms. Conceal other malware, notably password stealing key loggers and computer viruses. Appropriate the compromised machine as a zombie computer for attacks on other computers. The attack originates from the compromised system or network, instead of the attackers system. Zombie computers are typically members of large botnets that can launch denial of service attacks, distribute e mailspam, conduct click fraud, etc. Enforcement of digital rights management DRM.