Allegro.cc - Online Community

Allegro.cc Forums » Programming Questions » "anything is hackable"

This thread is locked; no one can reply to it. rss feed Print
 1   2 
"anything is hackable"
Mark Oates
Member #1,146
March 2001
avatar

Is that true?

Surely there are limits. Isn't there something that's not hackable? I would think that there is a mathematical proof somewhere that categorizes computational spaces by their susceptibility to hacking.

Thoughts? :)

--
Visit CLUBCATT.com for cat shirts, cat mugs, puzzles, art and more <-- coupon code ALLEGRO4LIFE at checkout and get $3 off any order of 3 or more items!

AllegroFlareAllegroFlare DocsAllegroFlare GitHub

verthex
Member #11,340
September 2009
avatar

Sure kid, take notepad.exe and reverse engineer that and post the code here. Its only 2 megs in size. I've tried reverse engineering my own code after its been compiled with gcc for release with a disassembler and that isn't possible to make sense of. Even kernel level debuggers are limited since understanding OOP on an assembler level is next to impossible therefore nothing written with design patterns in mind should be easy, I could be wrong. But unless someone knows the general idea behind a program, its design structure is next to impossible to debug. You can chalk it up to incompetence. There are code obfuscation contests where people create code which seeems easy to read but even that is next to impossible to hack apart without consuming vast amounts of time.

TL:DR

No, especially everything compiled with a microsoft .dll next to it.

relpatseht
Member #5,034
September 2004
avatar

It may not be possible for you, but it is certainly more than possible to reverse engineer pretty much anything. For my current job, part of the interview process was reverse engineering the assembly output of an obscure compiler I'd never heard of for an obscure processor I'd never heard of either. I'm used to assembly debugging and can make sense of most mnemonics, however, so it wasn't too hard.

As far as I can tell, if you're an administrator doing something on your system, everything is hackable. If part of the application is server side, there are ways of making things unhackable, but there are almost always bugs.

Matthew Leverton
Supreme Loser
January 1999
avatar

It depends on your definitions. Loosely speaking, anything is hackable.

Neil Walker
Member #210
April 2000
avatar

Hack my brain.

Neil.
MAME Cabinet Blog / AXL LIBRARY (a games framework) / AXL Documentation and Tutorial

wii:0356-1384-6687-2022, kart:3308-4806-6002. XBOX:chucklepie

Arthur Kalliokoski
Second in Command
February 2005
avatar

I find that optimizations make the disassembly easier to understand, since it's just saving things in registers instead of every little thing in [ebp+n]

They all watch too much MSNBC... they get ideas.

verthex
Member #11,340
September 2009
avatar

Here are some obfuscated code contest winners from 2011. Heres one entry, its Blakely.c...

OMG theres a goto :o

#SelectExpand
1 2d b,x,h;o q[9802],f[9802];void w(d i){fflush(stdout);printf( 3"%c" , ( i>b)?(i%b>0?q[i-b-1]:10):5*(b==i?2:9));if(i<x+b 4- 1 )w(i+1) ; } d p(o*e,d i ) { e +=i;n h = ( - b-1 5) [ e ] % 2 + ( - b 6) [ e ] % 2 + 7(-b+1)[ e ] % 2 +( - 1 ) [ e 8] % 2+ e [1 ]% 2 +b [ e - 1]% 2 + b[ e ]% 2 + 9b [ e+1 ] %2 ;}d m ( d i ){ n 10( i == x - 1 ) ?0 :( f [ i + 111 ]=m (i + 1) ) ,32 +3 / ( 12( p( q , i )> 3 || h < 2 )? 7 : 13( ( h == 2 &&q[ i ] == 32 14 )? 8 : 1 ) );}d y 15( d i ){ d j , s , t ,a ,u 16;if ( x - 1== i ) n 1 ;if ( f [i]==2) { 17f [i ] <<=4;if(y( i))n 1;f[i ]-=- 3 ; if ( 18y(i ) )n 1;n 0 ; };if((i % b ) == 19 0 ||( i % b ) == b- 201 ) n y (i+1 ) ;j 21= -1 ; l : ; j =j + 1 ; 22if ( j >= ( i - i / b + 2 23 == b ? 1 : i > 2 * b ?i% b!= 24 1 ?2 : 2 * 1<< 1 :8 )) goto 25c; u = p( f, i ) ; if ( i < 26x - 2*b - 1 ) { a =( s =(( t=i % b== 27 1) ? 1 : i % b != b 28 - 2 ) ) && i < 2 * b;u+= ( 29a ? ( j& 4 ) 30> 2 : 0 ) + (t ? ( j & 2 ) / 2 : 0) + ( 31s? ( j&1):0);}else a =t=s=0;if((u&2)+(u&4)!= 2 && 32(q[ i]& 2 ) ==2||u==2&& (f[i]+q[i]) % 2 ==1 ||u 33== 3 && ( q [ i]&2)== 0 ) 34 goto l ; b 35[i + f ] ^= ! t ? 0 36 : b[ i + f ] ^ ( 10 + ( j & 2 ) 37/ 2 ) * 3+2;b[ i + f + 1 - b ] ^= ! 38a ?0 : b [i + f +1 - b]^ (10+ ( 39j & 4) / 4 )* 3 +2 ; b [ i 40+f + 1 ] ^= ! s ?0 : b [i+ f + 1 41] ^ (10 + ( j &1) ) *3+ 2 ; if ( y ( i 42+ 1) ){ n 1 ; }; ( a ? 43i + 1 : 0 ) [ f ] =( t 44? i+ b :0 45) [ f ] = ( s ? i 46 + b +1:0) [ f ] = 2 ;goto l ; c:n 0 ; } d 47 main(d c,o**v){d i; x=b=0;while((q[x++]=getchar() ) != 48 EOF ){x-=(q[x-1]==10)? b+=1,1:0;q[x-1]^= (q[x-1] == 4932)? 0 : q [ x - 1 ] ^ 35 ; } ; w ( 0 ); 50for ( ; ; 51) { z ( f , 2 , x * 52 k ( o ) ) ; for ( i = 0;i<=x - 1; 53i = i + b )q [ i / b] = q [ x - b+ i /b 54] = q [ i ]= q [ i - ( 55(i == 0) ? 0: 1) ] =f [ i / 56b ] = f[ x -b -1+ i/ b] = f [i ] =f[ 57 i - ( ( i == 0 ) ? 580 :1 ) ] = 32; if ( c == 591 ) m ( 0 ); else 60if (y ( b + 1) 61==0)n 1;f[0]<<=1<<2;memcpy(q,f,x*k(o));w(0);sleep(1);};n 0;}

Sirocco
Member #88
April 2000
avatar

And once that's compiled it'll be much more readable.

If someone can make it, someone can change it.

-->
Graphic file formats used to fascinate me, but now I find them rather satanic.

verthex
Member #11,340
September 2009
avatar

Sirocco said:

And once that's compiled it'll be much more readable.

If someone can make it, someone can change it.

Yeah like timers at the most. I've tried changing things on a vb level for simple database using access, something related to tabs and clicking events (this was for a job) and all I got were errors. Me and the fifty people employed before me. :-/

And thats in a GUI environment with vb code.

Jonatan Hedborg
Member #4,886
July 2004
avatar

The question here isn't if you can do it verthex, but if it can be done.

Mark Oates
Member #1,146
March 2001
avatar

I'm convinced that anything that you have access to is hackable. Binary, compiled, source, encrypted, whatever, it doesn't matter.

I guess I'm more interested about:

  1. the limits of hackability of remote systems.

  2. the range of hackability, plotted from easy to hard, of something that you do have access to. e.g. something on your hard drive.

(this is a free-form discussion :))

--
Visit CLUBCATT.com for cat shirts, cat mugs, puzzles, art and more <-- coupon code ALLEGRO4LIFE at checkout and get $3 off any order of 3 or more items!

AllegroFlareAllegroFlare DocsAllegroFlare GitHub

verthex
Member #11,340
September 2009
avatar

The question here isn't if you can do it verthex, but if it can be done.

Yes, with a big enough brain. The same question shows up in understanding physics and the final theory of everything and the problem with that is the question of solving quantum mechanics and relativity. So far everyone claims string theory is a solution but many physicists such as Feynman have claimed that until someone smart enough comes along to understand quantum mechanics from some different perspective, it will never be solved.

So I'll just be practical and say no, its not possible. RSA is unhackable with current computers.

james_lohr
Member #1,947
February 2002

the limits of hackability of remote systems

I think the question transcends computers. A "remote" system could be anything that may be controlled externally by someone or something. So the question then becomes whether it is possible to uniquely identify someone or something remotely with 100% certainty.

Specter Phoenix
Member #1,425
July 2001
avatar

I'd say anything is hackable. It more depends on the time the programmer is willing to put into hacking it and the complexity of the program.

someone972
Member #7,719
August 2006
avatar

It's definitely possible (and pretty easy actually) to reverse engineer and change programs. I've done it extensively with the old game Driver: You are the Wheelman, and have done other reverse engineering projects as well on a much smaller scale (disabling registry edits for instance, or when the serial key I got with the Penumbra Collection worked on everything except Overture I just disabled the key check). Simple changes take hardly any time at all.

______________________________________
As long as it remains classified how long it took me to make I'll be deemed a computer game genius. - William Labbett
Theory is when you know something, but it doesn't work. Practice is when something works, but you don't know why. Programmers combine theory and practice: Nothing works and they don't know why. -Unknown
I have recklessly set in motion a chain of events with the potential to so-drastically change the path of my life that I can only find it to be beautifully frightening.

bamccaig
Member #7,536
July 2006
avatar

For something to be unhackable it would have to have no vulnerabilities to exploit, and vulnerabilities are basically synonymous with bugs, and all non-trivial software has bugs, so in practical terms it's fair to say that nothing is unhackable. In theory, it should be possible to create software that is unhackable, but in practice it's generally an iterative process. One can never really be too sure that a complex system is unhackable because the vulnerabilities/bugs are generally not easy to detect. The best approach is to assume that everything is hackable and weigh the value of compromise against the level of deterrence.

jmasterx
Member #11,410
October 2009

I always wondered why there wasn't ever any decent reverse engineering app. At the assembly level, I think at least an algorithm could shove all variables as static globals and then reconstruct functions that could pass pointers or basic types.

exe2C myexe.exe bignewsourcefile.c

Ex:

#SelectExpand
1int var1; 2int var2; 3int var3; 4 5 6int func2(int a, int b) 7{ 8 ... 9} 10 11int func1() 12{ 13 var2 = 5; 14 var3 = 6; 15 16 return func2(var2,var3); 17} 18 19int main() 20{ 21 return func1(); 22}

It would be a huge mess but still much easier to manage than assembly.
Does anyone know why something like this does not exist or maybe why it cannot?

Jonatan Hedborg
Member #4,886
July 2004
avatar

bamccaig said:

For something to be unhackable it would have to have no vulnerabilities to exploit

I'm not sure I agree. Even if the service itself has no exploits, it would still be possible to hack it if you for example convince a user to give you the proper credentials, gain (direct or indirect) physical access to the server machine, subvert a software patch etc etc.

relpatseht
Member #5,034
September 2004
avatar

Oh, you could even have scoped variables, in your example.

The reason it isn't done is because it is really hard to impossible to find the start and end of a function. Once optimized, do you think a function starts with push ebp, esp and ends with ret?

The closest I've ever done was a function relocator, and even that only had a 50% success rate.

That being said, with heavy analysis and extensive knowledge of the compiler used, it is possible to get a lot of c or c++ code back in an automated process, but I doubt 100%.

weapon_S
Member #7,859
October 2006
avatar

bamccaig said:

and vulnerabilities are basically synonymous with bugs, and all non-trivial software has bugs

True. Speaking of mathematical impossibilities, I wondered whether it's possible to make a language that only shows behaviour on a (programmer) defined domain.

the limits of hackability of remote systems.

I've never gotten that either. You have a connection that is basically public. WHITE LIST ALL OPERATIONS ON IT YOU MORON. Then again I know very little of networking. >_>
I'm guessing spoofing can simulate edge cases, which the programmer hasn't defined/handled very well.
Something on your disk is by definition 'hackable'. :o Is this why they are pushing cloud so hard? Those bastards.

Quote:

the range of hackability, plotted from easy to hard

Plotted against what? Everything? Access? Speaking of access, it seems open-source software gets hit just as hard as closed-source. That may be the result of the target interest. I.e. some open-source webkits get hit pretty hard, and most open-source software is used less than closed-source counterparts.
Reminds me of the good old practice of hacking phone booths, teller machines, photo booths, and arcade machines. If you are given infinite time to try something out, and there is a vulnerability, it will be found. (A thousand monkeys on a thousand keyboards ;D)
So I think the variables for making something easy are:

  • Access. (Amount of time you get without having to pay/identify yourself. Times number of people having this ability?)

  • Fluidity. Time target needs to change obsoleting 'hack'.

  • Spread. Willingness of 'hacker' to share vulnerability/mass-exploit it. (It will likely expose similar weaknesses, and incite more hacking activity.) Depends on gain from 'hack'.

Elias
Member #358
May 2000

jmasterx said:

Does anyone know why something like this does not exist or maybe why it cannot?

http://en.wikipedia.org/wiki/Decompiler

And it seems there exist quite a lot of them, some even open source.

--
"Either help out or stop whining" - Evert

verthex
Member #11,340
September 2009
avatar

I think the question transcends computers.

Quantum mechanics has problems which actually require solving differential equations through recursive methods. And I'm just talking about deriving certain equations which are Sturm-Louisville related.

Evert
Member #794
November 2000
avatar

verthex said:

So far everyone claims string theory is a solution

I don't think anyone really claims that. The strongest claim one can make is that string theory might contain a solution and we can certainly learn a lot by studying string theory.
Having said that, there was a lot of excitement about string theory 10 years ago. Not as much these days...

Quote:

but many physicists such as Feynman have claimed that until someone smart enough comes along to understand quantum mechanics from some different perspective, it will never be solved.

Argument from authority is never a good argument.

Quote:

So I'll just be practical and say no, its not possible.

Whether something is possible and whether something is feasible are two separate questions.

verthex said:

Quantum mechanics has problems which actually require solving differential equations through recursive methods.

So? That's not particular to quantum mechanics.

Quote:

And I'm just talking about deriving certain equations which are Sturm-Louisville related.

So?

type568
Member #8,381
March 2007
avatar

Concept of proof that not everything is hackable:

Assisting Statement (1): No system has infinity of flaws. *
Assisting Statement (2): Any single flaw can be fixed.

I'm sure from here on my concept is easily readable by those ancient ones of the forum without my further explanation.

*- An infinity of "similar" flaws can be addressed as a single flaw with a general fix for that infinite group of flaws.

Matthew Leverton
Supreme Loser
January 1999
avatar

That's a good try, but the failure is the assumption that "any single flaw can be fixed." If your definition of hacking (and flaws) includes modifying the executable to do something else, then it's not true.

 1   2 


Go to: