shiva高强度加壳软件介绍.pptVIP

Shiva Advances in ELF Binary Encryption Shaun Clowes (shaun@.au) Neel Mehta (nmehta@) The Encryptor’s Dilemma: To be able to execute, a program’s code must eventually be decrypted A Losing Game Thus binary encryption is fundamentally an arms race. The encryptors cannot win. Just make life hard for the attackers Encryption Keys If the encrypted executable has access to the encryption keys for the image: By definition a solid attack must be able to retrieve those keys and decrypt the program To reiterate, binary encryption can only slow a determined attacker Our Aim Introduce some novel new techniques. Advance the state of the art: Unix executable encryption technology trails Windows dramatically Promote interest in Reverse Engineering on Unix platforms Really a losing game By describing the details of our encryptor in this speech were making it dramatically easier to attack Well release an encrypted version of the encryptor today Source release in 3 months We expect generic attacks will exist by then What’s the point? An encryptor can be used to: Prevent trivial reverse engineering of algorithms Protect setuid programs (with passwords) Hide sensitive data/code in programs Standard Attacks A good encryptor will try to deter standard attacks: strace – System Call Tracing ltrace – Library Call Tracing fenris – Execution Path Tracing gdb – Application Level Debugging /proc – Memory Dumping strings – Don’t Ask Deterring Standard Attacks strings Encrypting the binary image in any manner will scramble the strings Deterring Standard Attacks ltrace, strace, fenris and gdb These tools are all based around the ptrace() debugging API Making that API ineffective against encrypted binaries would be a big step towards making them difficult to attack Deterring Standard Attacks /proc memory dumping Based on the idea that the memory image of the running process must contain the unencrypted executable A logical fallacy A good encryptor will invalidate it Countermeasures The