SE 421: Assignment #1

C. (6 points) Obfuscate the source code of the CVE-2013-0422 exploit in order to evade detection by antivirus products on the virustotal.com. Provide your obfuscated source, a screenshot of the detection results of the compiled bytecode of the obfuscated source, and a summary of the techniques you applied and the effectiveness of each technique.
SOLUTION
A. 34/56 antivirus products detected this exploit.
B. Done on yara.txt.
C. Before obfuscating Java code

On this part, I was able to apply the method of alternating the names of various variable that are present in my code. In simple terms, I changes the entire variable in my code into a plain variable this was to make them more hard to be detected by any available antivirus present. In addition, I was able to add little dummy code insertion which lacked logic to the real exploit applet.

Problem 2
A. (2 points) In your own words, summarize the attack described by Ken Thompson in the paper Reflections of trusting trust [1].
B. (2 points) Why is the described attack difficult to detect?
C. (2 points) Do you believe the attack described in the paper is plausible? What would be the challenges involved in implementing the attack? Explain your answer.
D. (4 points) How could the attack be countered through the use of two or more compiler implementations? Give an example of how you might check the open source GCC compiler (https://gcc.gnu.org) for a hidden backdoor.
SOLUTION
A. At the beginning the attack was like a self-reproducing program. When this happens a program is able to be written using another program and additionally it can work on its own. The main idea behind this is planting a “bug” in the C compiler which is also called by Ken as a “Trojan Horse.” This in turn will look alike the UNIX login command. The code that has been replaced is going to miscompile the login command, this has the aim of making it allow either the intended encrypted password or a known password. Hence, when the code was initially installed in binary form, and the binary were applied in compiling it, you can be able to login to the system as any user.
B. The described attacks always becomes harder to detect due to the fact that it’s hard for it to be detected on its final steps of this outlines. The attacks aims at the C compiler and this is a point where self-reproducing program comes in place. This permits us in removing the bugs for the source compiler whereas the newly formed binary is going to be reinsert bugs each time the compiler compiles it. Hence, it can be said that the login is going to remain with bugs and there is no way of tracing in the source of origin.
C. It can be thought as a plausible attack, even though this can be certainly be challenging. It can be hard when it comes to creating this self-reproducing program so as to allow someone in doing things without being detected. On the other hand, it can be thought it becomes more challenging in not making the code obviously that’s has the aim of hacking the login.
D. There are various ways in which the attack can be encountered, this is through selecting only one compiler that you will trust completely. When you get time and resources required you can go ahead and write up your C compiler program and assemble it entirely from scratch. In addition, you can in other way assume that the backdoor of each compiler are unlike. You will be required to find a similar program that likely triggers a hacked compiler and have a comparison of the binaries.
Problem 3
(Extra Credit)
In computability theory, the recursion theorem states that Turing machines can obtain their own description, which can then be used in further computation [2]. The ability of a Turing machine to implement self-referential algorithms means that any Turing complete language can be used to construct a program that outputs an exact copy of its source code when executed. These self-reproducing programs were later coined as quine programs by Douglas Hofstadter in his book G¨odel, Escher, Bach: An Eternal Golden Braid [3]. A quine-relay extends quine computing to multiple levels or recursion. For example, a quine relay program A generates program B which generates program C and so on. An ouroboros (like the serpent eating its own tail) is a quine-relay that eventually produces the original starting program.

Tags: , , , ,