Reverse EngineerZINE
Released by: The Immortal
Descendants
Editor:Volatility
Forward
Well, it's been a couple months since a release of the zine. I'm not going to
go into details explaining the circumstances, I'll just concentrate on picking
up where I left off. I'll have to say I was a bit disappointed in the lack of
feedback during the downtime... if you'll allow me to go on a bit of a rant here,
why are more and more people just constantly demanding things, but don't have
the time of day to give anything back to the community... not even so much as
a thanks? That said, let's try to get back into the swing of things here... I
hope you enjoy the issue!
Volatility
Scene News
- IDA 4.04 is the latest release. You can grab the demo at http://www.datarescue.com
- Most of you probably know about the Reverse
Course... if not, you're in for alot of fun and learning!
- If you've found this issue, you've probably found us... but we're back at http://www.immortaldescendants.org
- The Reverse Engineering Knowledge Mailing List has moved to a an eGroup
format here: http://rekml.cjb.net
- The Cracking For All
forum, and +Sandman's Newbie
forum have been REALLY active lately, with lots of good knowledge being spread...
let's keep it up!
Tools of the Trade
If any of you are developing, or know of any new tools, please let me know!
* amante4 has released three plugins for IDA (4.04 or better, including the demo)
which provide w32dasm-like string ref, export and import viewing functions, which
will greatly help newbies to IDA. Grab them here.
* DaFixer's adequately titled DeDe, is a developing Delphi decompiler... here's
what DaFixer has to say:
DeDe is a very fast program that can analize executables compiled with Delphi
3,4,5 and give you the following
: - All dfm files of the target. You will be able to open and edit them with Delphi
- All published methods in well commented ASM code with references to strings,
imported function calls, classes methods calls, components in the unit, Try-Except
and Try-Finally blocks. By default DeDe retreives only the published methods sources,
but you may also process another procedure in a executable if you know the RVA
offset using the Tools|Disassemble Proc menu
- A lot of additional information.
- You can create a Delphi project folder with all dfm, pas, dpr files. Note: pas
files contains the mentioned above well commented ASM code. They can not be recompiled
!
You can also:
- Dump and process active processes from memory.
- View the PE Header of all PE Files and change/edit the sections flags
- Spy a program for WinAPI calls with the API Spy tool
- Use the opcode-to-asm tool for translating intel opcode to assembler
- Use RVA-to-PhysOffset tool for fast converting physical and RVA addresses
- Use the DCU Dumper (view dcu2int.txt for more details) to retreive near to pascal
code of your DCU files
- Use BPL Dumper to see BPL exports and create symbol files to use with DeDe Disassembler
You can grab DeDe at Protools under the
"decompiler" section
* defiler is developing a VXD that adds functionality to Soft Ice, called SEX
(Soft Ice Extender). This project is open source, and he invites you to join in
the development! defiler's site can be found at http://defiler.cjb.net
Coded Stupidity
Nothing much for this section this issue... we just went through a domain change,
so anyone submitting for this section probably had their mail returned.... nonetheless,
here's one that was submitted a couple months ago, which was never published due
to the lack of the last two month's issues:
hi
just read your kewl e-zine... loved it :)
hey just cracked vmware 2.0... excellent example of stupid protection.. ya install
the 1.0.x license (with the 1.0 keymaker by damn) then try vmware.. says "need
new license for blahblah" look for "new license" string ref found one force the
jump just before... that's it.. regged. ouahahaa
cya
NOTE: The Immortal Descendants do not condone, nor endorse using cracks or key
generators, in fact, we're highly against them... but this protection was lame
enough to be keygenned in the first place, and then cracked again even AFTER using
a keygen... when will they learn?
Links of Interest
Keep the link submissions coming in, as the editors don't have all the time they'd
wish to scour the web looking for interesting sites :)
The Reverse Engineering Knowledge Mailing List
has recently been changed to an eGroup format, which relieves the stress of dealing
with so many users, but also adds some nifty options, like adding your own links,
files, etc. If you haven't discovered this excellent resource yet, check it out!
The CoDeX is a collective of reversers and
reversing groups, who are proud of their work, and are coming together to exploit
those who steal their work to claim as their own. If you put long hours into your
work, and don't want to see it simply stolen, join and exploit the slackers!
mammon_'s site has always been
a top-notch resource, but he's really been putting a breath of fresh energy into
his site lately... move to the next level!
Articles, Essays and Associated
Literature
If you read the previous issue, you know we started a C programming tutorial-style
installment series... well, things change... and usually for the worst... I'm
currently looking for someone willing to volunteer a bit of time to contribute
an installment-series programming essay (C/C++ or ASM). I'm looking for long-term
here, as a part would be published each issue. If this is you, please let me know!
For this issue, I've gathered a nifty article strangely entitled "EXPLOITING
QUANTUM "SPOOKINESS" TO CREATE SECRET CODES"... have fun reading :)
Physics News Update
The American Institute of Physics Bulletin of Physics News
Number
480 (Story #1), April 24, 2000 by Phillip F. Schewe and Ben Stein
EXPLOITING QUANTUM "SPOOKINESS" TO CREATE SECRET CODES has been demonstrated for
the first time by three independent research groups, advancing hopes for eventually
protecting sensitive data from any kind of computer attack. In the latest--and
most foolproof--variation yet of the data-encryption scheme known as quantum cryptography,
researchers employ pairs of "entangled" photons, particles that can be so intimately
interlinked even when far apart that a perplexed Einstein once derided their behavior
as "spooky action at a distance."
Entanglement-based quantum cryptography has unique features for sending coded
data at practical transmission rates and detecting eavesdroppers. In short, the
entanglement process can generate a completely random sequence of 0s and 1s distributed
exclusively to two users at remote locations. Any eavesdropper's attempt to intercept
this sequence will alter the message in a detectable way, enabling the users to
discard the appropriate parts of the data. This random sequence of digits, or
"key," can then be plugged into a code scheme known as a "one-time pad cipher,"which
converts the message into a completely random sequence of letters.
This code scheme--mathematically proven to be unbreakable without knowledge of
the key--actually dates back to World War I, but its main flaw had been that the
key could be intercepted by an intermediary. In the 1990s, Oxford's Artur Ekert
(artur.ekert@qubit.org) proposed an entanglement-based version of this scheme,
not realized until now. In the most basic version, a specially prepared crystal
splits a single photon into a pair of entangled photons. Both the message sender
(traditionally called Alice) and the receiver (called Bob) get one of the photons.
Alice and Bob each have a detector for measuring their photon's polarization,
the direction in which its electric field vibrates. Different polarizations could
represent different digits, such as the 0 and 1 of binary code. But according
to quantum mechanics, each photon can be in a combination (or superposition) of
polarization states, and essentially be a 0 and 1 at the same time. Only when
one of them is measured or otherwise disturbed does it "collapse" to a definite
value of 0 and 1, in a random way. But once one particle collapses, its entangled
partner is also forced to collapse into a specific digit correlated with the first
digit. With the right combination of detector settings on each end, Alice and
Bob will get the exact same digit. After receiving a string of entangled photons,
Alice and Bob discuss which detector settings they used, rather than the actual
readings they obtained, and they discard readings made with the incorrect settings.
At that point, Alice and Bob have a random string of digits that can serve as
a completely secure key for the mathematically unbreakable one-time pad cipher.
In their demonstration, Los Alamos researchers (Paul Kwiat, 505-667-6173, kwiat@lanl.gov)
simulated an eavesdropper (by passing the photons through a filter on their way
to Alice and Bob) and readily detected disturbances in their transmissions (by
employing what may be the first practical application of the quantum-mechanical
test known as Bell's theorem), enabling them to discard the purloined information.
In a separate demonstration of entangled cryptography for completely isolated
Alice and Bob stations separated by 1 km of fiber optics, an Austrian research
team (Thomas Jennewein, University of Vienna, 011-43-1-4277-51207, thomas.jennewein@univie.ac.at)
created a secret key and then securely transmitted an image of the "Venus" von
Willendorf, one of the earliest known works of art. (See figures at http://www.quantum.at/
and Physics
News Graphics.)
Meanwhile, a University of Geneva group (Nicholas Gisin, Nicolas.Gisin@physics.unige.ch,
011-41 22 702 65 97) demonstrates entangled cryptography over many kilometers
of fiber using a photon frequency closest to what is used on real-life fiber optics
lines. In these first experiments, the three groups demonstrated relatively slow
data transmission rates. However, entanglement-based cryptography is potentially
faster than non-entangled quantum cryptography, which requires single-photon sources
(and therefore, faint light sources) to foil eavesdropping. Entangled cryptography
also produces relatively small amounts of excess photons which an eavesdropper
could conceivably skim for information. (Three upcoming papers in Physical Review
Letters; Select Article.)
Physics News Update
Email: physnews@aip.org
Phone: 301-209-3090
© 2000 American Institute of Physics
One Physics Ellipse, College Park, MD 20740-3843
Email: aipinfo@aip.org
Phone: 301-209-3100
Fax: 301-209-0843
Interview
None this issue. Expect one for the next issue :)
Exercises
From the little bit of past feedback I did get, I gathered that newbies were either
too intimidated to try the previous exercises, or they failed... so here is one
that shouldn't prove too difficult - SantMat's ReverseMe 1 available here.
Please send me your solutions, and I'll publish them.
Credits, Greetings
Thanks for checking out this
issue. I hope you've found it helpful, and interesting. Please don't hesitate
to send me your comments. Any additions for the next issue will be MUCH appreciated.
Credits and thanks for
this issue go to: amante4, Carpathia, CoDeX,
DaFixer, Data Rescue, defiler,
kaai and Sepulcrum with the Reverse Course,
mammon_, +Sandman's Newbie
Forum
My personal greetings
fly out to: ACiD_BuRN, alpine, amante4, Carpathia, Corn, kaai, Latigo, LaZaRuS,
Lord Soth, Lucifer48, Neural, _pain, +Sandman, SantMat, S^witz, Tornado, Yoshi,
all the regulars in #immortaldescendants, and everyone I forgot (probably MANY)
Copyright 2000
Volatility and the Immortal
Descendants
All Rights Reserved.