1 / 18

Introduction to Information Security

Introduction to Information Security. מרצים : Dr. Eran Tromer : tromer@cs.tau.ac.il Prof. Avishai Wool: yash@eng.tau.ac.il מתרגלים : Itamar Gilad (itamargi @ post.tau.ac.il) Nir Krakowski (nirkrako @ post.tau.ac.il). Course g uidlines. The course exercises aren’t easy!

oscar-walsh
Télécharger la présentation

Introduction to Information Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Introduction to Information Security מרצים: Dr. EranTromer: tromer@cs.tau.ac.il Prof. Avishai Wool: yash@eng.tau.ac.il מתרגלים: ItamarGilad (itamargi@post.tau.ac.il) Nir Krakowski (nirkrako@post.tau.ac.il)

  2. Course guidlines • The course exercises aren’t easy! • You will have to learn and do a lot. • Google is your friend, but so are we! • Best 75% of exercises will be used to calculate the average exercise grade. • Exercises are to be submitted the week after the recitation • Ask questions!! • Download exercises from website https://course.cs.tau.ac.il/infosec13/exercises • Fill out the course questionnaire!

  3. Instructors • We’ll be instructing the course together • Reception hour: • Schedule an appointment by email • General note: Please keep in mind that the lectures and recitations will often not match. This is by design, not a mistake.

  4. Recitation #1 • Subjects: • Course IT Framework • X86 Assembly • Reverse Engineering • IDA • Other tools

  5. IT Framework • VirtualBox VM file, with Ubuntu 12.04.2 LTS • Username: ‘student’ • Password: ‘do or do not there is no try’ • Change the password with the command: passwd • Wine: IDA, Hexworkshop • Python • vi, gedit, ghex, hexedit • To get more tools: • sudo apt-get install [toolname] • sudo pip install [pythonmodulename] • Google for more tools • All exercises will be provided to work within the VM Framework. • Most exercises will not work on a standard machine.

  6. VM Demo

  7. X86 assembly • Command elements: • Instruction – a whole command • Opcode – what you want to do • Operand – what do you want to operate on (source) or with (dest) • Opcode types: • Data opcode examples: MOV, XOR, ADD, SUB, INC, SHL, SHR, TEST, CMP • Unconditional control flow (branching) opcode examples: JMP, CALL, RET • Flag based conditional control flow examples: JZ, JNE, JNZ, JBE, JG. • Stack operations: POP, PUSH, PUSHA, POPA

  8. X86 assembly • Operand types: • Registers • Constants • Memory addresses • Pointers • Flags • Commands or Instructions are variable length: • 1 to 8 bytes long.

  9. Command structure • Command structure (no operand): • Opcode • Example: NOP • Example: RET • Command structure (single operand): • Opcode operand • Example: INT 0x3 • Example: JMP [memory address] • Example: POP [register]

  10. Command structure • Command structure (dual operand): • Opcode dest-operand source-operand • Example: MOV EAX, 0 • Example: SAR EBX, 2 • Example: MOV ECX, [EBX] • Cheat Sheet: https://www.ssucet.org/mod/resource/view.php?id=886 • Google: x86 assembly cheat sheet

  11. Reverse Engineering • What does the following code do: • LEA EDX, [address to “Hello, world!”] • MOV ECX, 12 MYLOOP: • PUSH EDX • CALL printf • ADD ESP, 4 • LOOP MYLOOP

  12. Reverse Engineering • What is assembly reverse engineering: • Compiling is like a one-way function. • Information is lost, and we might loose access to: • Variable and function names • Comments • What do we still have: • Import and export name (relations between modules) • Structure of parameters to functions. • Starting point • Hard-coded strings • Constants • Our objectives: • Find the most interesting piece of code in the least amount of time • Understand what it does and how • Find weaknesses and figure out how to exploit them

  13. RE Process • Use leads: • Strings, UI • Dynamic debugging, breakpoints. • Library and system functions • Interpret the assembled code by using intelligent guesses: • Context-based • Code is written by people using regular code conventions • Code is written in an upper level language

  14. IDA • The Interactive Dis-Assembler (IDA) is the most popular reverse engineering tool • Version 5.0 is free-ware and that is what we’ll use. • IDA does several things automatically: • Disassemble x86 binary code into human readable format • Identifies ELF headers (executable file formats) • Signature based recognition for library functions and compiler tricks • Creates code graph by basic blocks • Code and data xrefs(references to memory addresses, functions) • Provides a good environment for research: • Adding comments (‘;’) • Renaming labels: code blocks, variables, function names, structures. (‘n’) • Change interpretation of binary data (code->data, data->code, data type change, etc.) • https://www.hex-rays.com/products/ida/support/freefiles/IDA_Pro_Shortcuts.pdf

  15. IDA Options

  16. IDA Demo • [Helllo World]

  17. IDA Demo • [stricmp]

  18. This week’s exercise • VM setup • First reverse engineering task • It isn’t hard – but please start early and contact us if you have any trouble with the setup

More Related