Chat with
Hackers

How to Defend
Your Computer 

The Heretic! 
A Hacker Thriller

The Guides
to (mostly) 
Harmless Hacking

Happy Hacker 
Digests 

Hacker Links 

Hacker
Wargames 

Meet the 
Happy Hacksters 

Help for 
Beginners 

Hacker 
Bookstore 

Humor 

It Sucks 
to Be Me!

How to Commit
Computer Crime! 

What Is a 
Hacker, Anyhow? 

Have a 
Great Life! 

News from the 
Hacker War Front

GUIDE to (mostly) Harmless Hacking

More on Shortcuts to Discovering New Ways to Break into Computers
___________________________________________________________
*** Disassemblers and Decompilers
___________________________________________________________

Many companies, for example Microsoft, ship products that hide what appear to be an almost infinite number of break-in vulnerabilities. They try to hide these problems by keeping their source code secret. Indeed, this does make your job harder but not impossible. In fact, it might even be easier because these programs usually have many more hidden flaws than programs for which you can get source code.

One solution to lack of source code is get it anyhow. Nope, I am not suggesting that you steal code. There are legal, fun ways to get it (sometimes). A disassembler program can take a compiled program and convert it into assembly language, which a sufficiently talented programmer can analyze. The problem with disassemblers is that they can only process small programs. Despite this, they are still the tools of choice to analyze worms, viruses, CGI and other small programs.
___________________________________________________________
Newbie note: Assembly language is specific to a type of central processing unit (CPU). The assembly language for a Motorola PowerPC CPU (used by Apple computers) is different from that used by the Intel compatible CPUs, and both of these are different from the assembly language used by Sun SPARC CPUs.
___________________________________________________________

The big problem with using a disassembler is that assembly code takes a lot of brain power to understand. If at all possible, you want to get source code in a high level language because it is much easier to understand. They have obvious commands such as "goto" (for example in FORTRAN), "include" (for example in C) or "macrocopy" (MS Office macro programming). By contrast, examples of assembly language commands are "je" and "lea".

Some free decompilers and disassemblers are:
· The SourceTec Java decompiler: http://www.sothink.com/decompiler/index.htm
· Interactive Disassembler: http://www.datarescue.com
· IDA-Pro: http://www.idapro.com
___________________________________________________________
*** Debuggers
___________________________________________________________

It's pretty hard go through the output of a disassembler or even a decompiler and figure our what represents security flaws. Oftentimes it is easier to find flaws by running a program through a debugger, which operates a program one step at a time and allows you to view what is in memory at each step. Of course, you need to understand what all those things in memory mean: another good excuse to get that college degree!

Some examples of debuggers are:
· SoftIce: http://www.compuware.com
· Dumpbin, a Windows program that is bundled with the Microsoft C++ compiler
· Free Microsoft debugging tool for 32-bit systems: http://www.microsoft.com/whdc/devtools/debugging/installx86.mspx
· Free Microsoft debugging tool for 64-bit systems: http://www.microsoft.com/whdc/devtools/debugging/install64bit.mspx
· OllyDbg: http://www.ollydbg.de/
· Microsoft Visual C++ Debugger
· WinDbg: http://support.microsoft.com/kb/q201793/

Tutorials on how to use debuggers:
· Tutorial on WinDbg debugging tool: http://www.codeproject.com/debug/windbg_part1.asp
· Tutorial on Windows debugging: http://www.microsoft.com/whdc/devtools/debugging/default.mspx
___________________________________________________________
*** Fault Injection
___________________________________________________________

Some programs are staggeringly large. The Windows XP operating systems confront the analyst/hacker with forty million lines of code. No decompiler or even debugger can do much with such a big program. Nevertheless, there are ways to get around this.

A program that automatically tests suspect code with "fault injection" tools will often discover security flaws. Fault injection means entering data or commands to the program that cause bugs to show up. Examples are a database query that commands the server to erase everything, or a ridiculously long web browser URL that infects a webserver with a worm, as was the case with the Nimda and various Code Red worms.

An excellent book on the topic is Software Fault Injection: Innoculating Programs Against Errors, by Jeffrey Voas and Gary McGraw. Actually, that's Gary McGraw, Ph.D. He's one of the most brilliant people at finding computer security flaws, and his Ph.D. has something to do with it.

Some examples of fault injection tools are:
· Hailstorm: http://Cenzic.com
· Failure Simulation Tool: http://Cigital.com (McGraw's company)
· Holodeck: http://www.securityinnovation.com/holodeck/index.shtml

More --->>

Back to the Guides to (mostly) Harmless Hacking --->>   
Carolyn's most
popular book,
in 4th edition now!

For advanced
hacker studies,
read Carolyn's

© 2005 Happy Hacker All rights reserved.