Weblog entry #1 for Pooya
See all weblog entries made by Pooya.
#1
cheating gdb :D
Posted by Pooya on Mon 3 Jan 2011 at 18:47
Do you know GDB?
Have you ever worked with GDB?
to get enough information about GDB recourse to this link :
http://www.gnu.org/software/gdb/
“What is GDB?
GDB, the GNU Project debugger, allows you to see what is going on `inside’ another program while it executes — or what another program was doing at the moment it crashed.
GDB can do four main kinds of things (plus other things in support of these) to help you catch bugs in the act:
* Start your program, specifying anything that might affect its behavior.
* Make your program stop on specified conditions.
* Examine what has happened, when your program has stopped.
* Change things in your program, so you can experiment with correcting the effects of one bug and go on to learn about another. ”
Now, i expect, you know the some essential information about GDB,GNU debugger.
it’s a time of cerebrating! ;) .
if you have hacking brain!, i bet you’ll think How we can cheat GDB to prevent of debugging our program!
Let me , to clear the purpose .
For example, you have the C program and you’ll compile it by GCC . by default your program is debuggable!
How can we prevent of debugging it?
Can we cheat the debuggers?!
Now, It’s a time of using TCC ! ;)
TCC or Tiny C is a compiler as same as the GCC with a little difference.
TCC helps us by 2 way :
1 – generate obfuscated code
2 – affecting the executable essence of our executable file!
see also :
http://bellard.org/tcc/
Just see the result and enjoy!! ;)
It’s result of using gcc :
view source
print?
01 pooya@pooya:~/t$ gcc a.c
02 pooya@pooya:~/t$ gdb a.out
03 GNU gdb (GDB) 7.1-ubuntu
04 Copyright (C) 2010 Free Software Foundation, Inc.
05 License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>;
06 This is free software: you are free to change and redistribute it.
07 There is NO WARRANTY, to the extent permitted by law. Type "show copying"
08 and "show warranty" for details.
09 This GDB was configured as "i486-linux-gnu".
10 For bug reporting instructions, please see:
11 <http://www.gnu.org/software/gdb/bugs/>;...
12 Reading symbols from /home/pooya/t/a.out...(no debugging symbols found)...done.
13 (gdb) disass main
14 Dump of assembler code for function main:
15 0x080483e4 <+0>: push %ebp
16 0x080483e5 <+1>: mov %esp,%ebp
17 0x080483e7 <+3>: and $0xfffffff0,%esp
18 0x080483ea <+6>: sub $0x20,%esp
19 0x080483ed <+9>: mov $0x80484d0,%eax
20 0x080483f2 <+14>: mov %eax,(%esp)
21 0x080483f5 <+17>: call 0x804831c <printf@plt>
22 0x080483fa <+22>: mov $0x0,%eax
23 0x080483ff <+27>: leave
24 0x08048400 <+28>: ret
25 End of assembler dump.
26 (gdb)
but it’s result of using TCC :
view source
print?
01 pooya@pooya:~/t$ tcc a.c
02 pooya@pooya:~/t$ gdb a.out
03 GNU gdb (GDB) 7.1-ubuntu
04 Copyright (C) 2010 Free Software Foundation, Inc.
05 License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>;
06 This is free software: you are free to change and redistribute it.
07 There is NO WARRANTY, to the extent permitted by law. Type "show copying"
08 and "show warranty" for details.
09 This GDB was configured as "i486-linux-gnu".
10 For bug reporting instructions, please see:
11 <http://www.gnu.org/software/gdb/bugs/>;...
12 /home/pooya/t/a.out: not in executable format: File format not recognized <====
13 (gdb)
the results are illustrative of anything! ;)
*** It’s very essential to thing about TCC algorithm!! yeah! it’s very important! because you mustn’t be Script Kiddie!
I hate Script Kiddies!
Have you ever worked with GDB?
to get enough information about GDB recourse to this link :
http://www.gnu.org/software/gdb/
“What is GDB?
GDB, the GNU Project debugger, allows you to see what is going on `inside’ another program while it executes — or what another program was doing at the moment it crashed.
GDB can do four main kinds of things (plus other things in support of these) to help you catch bugs in the act:
* Start your program, specifying anything that might affect its behavior.
* Make your program stop on specified conditions.
* Examine what has happened, when your program has stopped.
* Change things in your program, so you can experiment with correcting the effects of one bug and go on to learn about another. ”
Now, i expect, you know the some essential information about GDB,GNU debugger.
it’s a time of cerebrating! ;) .
if you have hacking brain!, i bet you’ll think How we can cheat GDB to prevent of debugging our program!
Let me , to clear the purpose .
For example, you have the C program and you’ll compile it by GCC . by default your program is debuggable!
How can we prevent of debugging it?
Can we cheat the debuggers?!
Now, It’s a time of using TCC ! ;)
TCC or Tiny C is a compiler as same as the GCC with a little difference.
TCC helps us by 2 way :
1 – generate obfuscated code
2 – affecting the executable essence of our executable file!
see also :
http://bellard.org/tcc/
Just see the result and enjoy!! ;)
It’s result of using gcc :
view source
print?
01 pooya@pooya:~/t$ gcc a.c
02 pooya@pooya:~/t$ gdb a.out
03 GNU gdb (GDB) 7.1-ubuntu
04 Copyright (C) 2010 Free Software Foundation, Inc.
05 License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>;
06 This is free software: you are free to change and redistribute it.
07 There is NO WARRANTY, to the extent permitted by law. Type "show copying"
08 and "show warranty" for details.
09 This GDB was configured as "i486-linux-gnu".
10 For bug reporting instructions, please see:
11 <http://www.gnu.org/software/gdb/bugs/>;...
12 Reading symbols from /home/pooya/t/a.out...(no debugging symbols found)...done.
13 (gdb) disass main
14 Dump of assembler code for function main:
15 0x080483e4 <+0>: push %ebp
16 0x080483e5 <+1>: mov %esp,%ebp
17 0x080483e7 <+3>: and $0xfffffff0,%esp
18 0x080483ea <+6>: sub $0x20,%esp
19 0x080483ed <+9>: mov $0x80484d0,%eax
20 0x080483f2 <+14>: mov %eax,(%esp)
21 0x080483f5 <+17>: call 0x804831c <printf@plt>
22 0x080483fa <+22>: mov $0x0,%eax
23 0x080483ff <+27>: leave
24 0x08048400 <+28>: ret
25 End of assembler dump.
26 (gdb)
but it’s result of using TCC :
view source
print?
01 pooya@pooya:~/t$ tcc a.c
02 pooya@pooya:~/t$ gdb a.out
03 GNU gdb (GDB) 7.1-ubuntu
04 Copyright (C) 2010 Free Software Foundation, Inc.
05 License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>;
06 This is free software: you are free to change and redistribute it.
07 There is NO WARRANTY, to the extent permitted by law. Type "show copying"
08 and "show warranty" for details.
09 This GDB was configured as "i486-linux-gnu".
10 For bug reporting instructions, please see:
11 <http://www.gnu.org/software/gdb/bugs/>;...
12 /home/pooya/t/a.out: not in executable format: File format not recognized <====
13 (gdb)
the results are illustrative of anything! ;)
*** It’s very essential to thing about TCC algorithm!! yeah! it’s very important! because you mustn’t be Script Kiddie!
I hate Script Kiddies!
Comments on this Entry
Well...
I love open source for letting me have access to the source code... :-)
I love open source for letting me have access to the source code... :-)
[ Parent | Reply to this comment ]
Only one question: why do you want to obfuscate your code?
[ Parent | Reply to this comment ]
imagine you programmed the special program. and you want to use it.
many hackers use debuggers to find and exploit dangerous bugs in the programs such as buffer overflow , one of the most dangerous bugs.
now if they can debug and investigate program, they may exploit your program.
so it's important to prevent of debugging. it is not very hard and extraordinary.
i introduced one way from many ways.
many hackers use debuggers to find and exploit dangerous bugs in the programs such as buffer overflow , one of the most dangerous bugs.
now if they can debug and investigate program, they may exploit your program.
so it's important to prevent of debugging. it is not very hard and extraordinary.
i introduced one way from many ways.
[ Parent | Reply to this comment ]
We're not going to discuss whether a closed-source program is safer than an open-source one, are we? Looks like you opt for the former, but I doubt you'll find many fans on this site!
[ Parent | Reply to this comment ]
your mistake is that there is difference between open source and debugable!
the binary file should be undebugable anywhere! and doesn't have any relative to open source or ....
for example your compiled C program and your binary file is a.out.
a.out doesn't have regular source! you can test! view the source of binary and you can't understand anything!
but when you make it undebugable you can view source of it too but you can't debug it by debuggers.
and using tcc or gcc is depends on you.
the binary file should be undebugable anywhere! and doesn't have any relative to open source or ....
for example your compiled C program and your binary file is a.out.
a.out doesn't have regular source! you can test! view the source of binary and you can't understand anything!
but when you make it undebugable you can view source of it too but you can't debug it by debuggers.
and using tcc or gcc is depends on you.
[ Parent | Reply to this comment ]
If the source is open, it is debuggable by whoever.
If the source is not open, then that's a different story, and the point in my post was that this site is about Debian, so not a lot of people here will be happy to engage in discussions about closed-source programs.
[ Parent | Reply to this comment ]