This project is can be completed by running virtual machine that we have prebuilt for you. You can find the details of how to get it up and runing HERE . You are welcome to install the virtual machine on inside your CS account, or anywhere you have access to a commputer that you can run virtualbox on. You can also install the software manually on any linux system you have administrative access to.
In this lab you will learn about the fundamental difficulties in restricting what users can do with the data on their computers. You will also:
Learn how any traditional content restriction mechanism can be circumvented.
Learn how "protected" data can be extracted from any application.
For many years, software companies have tried to restrict what users may do with the applications they buy. Often, these efforts have focused on preventing users from running applications on more than one computer. More recently, they've tried to restrict what users may do with data such as video, audio and even text.
In 1998, congress passed the Digital Millenium Copyright Act. Among other things, it specifies that "No person shall circumvent a technological measure that effectively controls access to a work protected under this title." The problem with this clause as it relates to computers is that in their present state, no technological measures can effectively prevent a computer owner from accessing the data on his own machine!
As you go out into the workforce, many of you will be responsible for protecting important data. This data could range from company secrets to personal medical history. Software you write will have to be able to withstand attacks in a hostile environment. As you learn more about security measures and how they can be circumvented, take note of what does and doesn't work.
treasures.enc, an encrypted file (right click link to 'save-as') You can download them from these links or they are already preloaded in the virtual machine.
When run, the secret_treasure executable will ask for a secret key. If given an incorrect key, the program will exit.
Use a debugger to bypass this password mechanism and make the
program function normally. Instead of exiting, it will print out a
random quote from the file treasures.enc. This is done by modifying
variables, registers, return addresses, etc. using the
debugger. (See the ddd manual or gdb manual for help)
Now that you understand the code, open the executable in a hex editor (e.g., bless, vim) and modify the assembly code so that you can obtain a treasure every time you run the program. Perhaps any key that you enter will now work, for instance. You may be able to insert noops (0x90) or change a comparison to effectively crack the executable. The result will be a new executable file that you can run to obtain a treasure.
Find a way to obtain all of the plaintext treasures from treasures.enc using the debugger.
There may be some treasures that never print when running secret_treasure normally...
Generate a written report for the lab that addresses the following list of items. These items are listed in no particular order. Organize your report as needed.
A discussion of how you used the debugger to bypass the password mechanism. What variables did you modify? Please include a screenshot of the debugger in your report.
A discussion of how you edited the program to bypass the password mechanism.
A brief description of how you obtained all the treasures and what you did to ensure that you have extracted all the treasures. There are many possible methods of doing this which are likely acceptable.
A plain text section containing the list of all treasures from the treasures.enc file
A summary of the project, the goal, and the steps you took. Include enough detail that I could understand what the purposes of this project were, what steps you took and what your results were. The goal is that you will be able to go back, 2 years from now, and read this report to help you remember everything you did.
Submit a PDF of your report on Learning Suite, including all the things asked for in each section.
You can run secret_treasure with the following command:
./secret_treasure treasures.enc
To disassemble secret_treasure while keeping the hex values for each
instruction that is executed, use the following command in the
terminal:
objdump -M intel -d secret_treasure > dump.txt
This will disassemble the entire program and store the result in the file dump.txt
You can edit binary files with a text editor such as vim. After opening the binary file in vim with vi -b secret_treasure (the -b flag makes editing binary files easier), run the following command to display hex values instead:
:%! xxd
After editing any hex values, convert it back to binary with the following command:
:%! xxd -r
To do well on this project, you should know how to use a debugger and understand the architecture of a x86-64 computer. Here are some resources to help you get started: