Well, I know this board is mostly dedicated to Windows, and I'm as big a Windows user as anybody - I've tried Linux versions over the past and never really liked them much. HOwever, the new versions of Linux are coming along pretty good finally, basically you can do everything now in Linux that you can do in WIndows, except for play games (most are DirectX) and write code (like system drivers and reversing). The writing code thing is because file formats are different, system API's are different, etc.

Just wondering, granted, most programs for Linux may be Open Source themselves, but has anyone seen packers for ELF executables? Or other forms of "protection" used in *nix sytems...

I know this is a boring question and most aren't interested in this *nix stuff, but I'm just curious, and that's the mark of every reverse engineer, isn't it.

-nt20

Um,,,

DUH to me...I just did a search and found UPX can do ELF's, and some other program called exepak (why the hell would it be called exepak if it's for ELF's ? That is more stupid than I am for not searching)

Well, if UPX is the only "big" name for compressors in linux...they I guess there won't be much of a challenge for a while ..

-nt20

hi,

i coded once a elf encryptor. it only work with 'special' elf files, and its in h**p://coderz.net/vecna/linux.htm

the UPX packer create a loader, with your ELF as a packed overlay... when run, it unpack and save it to disk, and run.

ancev

Hi,

I think the most famous ELF protector is burneye. (used to protect 0days sploits)

You can find it there:

h**p://teso.scene.at/releases.php

Even if it has been defeated now, it is still nice. Sources are published.
A new version exists and is by far harder..

Edit: Apparently there is a burneye 2 on the site, but it doesn't look like the one i thought.

Have fun

Why not enumerate all protections while you're at it.

If other people know some comercial protections I suggest they add it to the list aswell.

FLEXlm:
http://www.macrovision.com/products/flexlm/tech_specs.shtml

HASP:
http://www.ealaddin.com/support/hasp/vendor.asp#api

There also exist hasp envelope for linux. So far I remember the binaries are not stripped so there are alot of useful information when you put it into ida.

Sentinel SuperPro:
http://www.rainbow.com/products/sentinel/superpro_specs.asp

Sentinel LM:
http://www.rainbow.com/products/sentinel/lm_specs.asp

IBM LUM:
http://www-3.ibm.com/software/awdtools/lum/sysrequirements.html

Cloackware:
http://206.191.60.52/products/transcoder.html

Supposedly platform independent. However I am not sure how much marketing there is in this product and how much fact. Still it's limited success in my eyes because it only works with C code. This is more like a obfuscater then a real protection. If anyone knows more about this product I'd like to hear about it either here or in private because I find it more interesting then most others.

Any other contributions?

Most of these protections I havn't seen beeing used in software though.
I suspect though that it's not worth making a elf encryptor for most companies. The amount of work and maintaince will mostlikely be large. My understanding is that it's not so easy to protect all kinds of binaries like it is with PE files. Both vecna's and Hasp envelope says that they only work on some files.

// CyberHeg