|
This thread is locked; no one can reply to it. |
1
2
|
"anything is hackable" |
Mark Oates
Member #1,146
March 2001
|
Is that true? Surely there are limits. Isn't there something that's not hackable? I would think that there is a mathematical proof somewhere that categorizes computational spaces by their susceptibility to hacking. Thoughts? -- |
verthex
Member #11,340
September 2009
|
Sure kid, take notepad.exe and reverse engineer that and post the code here. Its only 2 megs in size. I've tried reverse engineering my own code after its been compiled with gcc for release with a disassembler and that isn't possible to make sense of. Even kernel level debuggers are limited since understanding OOP on an assembler level is next to impossible therefore nothing written with design patterns in mind should be easy, I could be wrong. But unless someone knows the general idea behind a program, its design structure is next to impossible to debug. You can chalk it up to incompetence. There are code obfuscation contests where people create code which seeems easy to read but even that is next to impossible to hack apart without consuming vast amounts of time. TL:DR No, especially everything compiled with a microsoft .dll next to it.
|
relpatseht
Member #5,034
September 2004
|
It may not be possible for you, but it is certainly more than possible to reverse engineer pretty much anything. For my current job, part of the interview process was reverse engineering the assembly output of an obscure compiler I'd never heard of for an obscure processor I'd never heard of either. I'm used to assembly debugging and can make sense of most mnemonics, however, so it wasn't too hard. As far as I can tell, if you're an administrator doing something on your system, everything is hackable. If part of the application is server side, there are ways of making things unhackable, but there are almost always bugs.
|
Matthew Leverton
Supreme Loser
January 1999
|
It depends on your definitions. Loosely speaking, anything is hackable. |
Neil Walker
Member #210
April 2000
|
Hack my brain. Neil. wii:0356-1384-6687-2022, kart:3308-4806-6002. XBOX:chucklepie |
Arthur Kalliokoski
Second in Command
February 2005
|
I find that optimizations make the disassembly easier to understand, since it's just saving things in registers instead of every little thing in [ebp+n] They all watch too much MSNBC... they get ideas. |
verthex
Member #11,340
September 2009
|
Here are some obfuscated code contest winners from 2011. Heres one entry, its Blakely.c... OMG theres a goto 1
2d b,x,h;o q[9802],f[9802];void w(d i){fflush(stdout);printf(
3"%c" , ( i>b)?(i%b>0?q[i-b-1]:10):5*(b==i?2:9));if(i<x+b
4- 1 )w(i+1) ; } d p(o*e,d i ) { e +=i;n h = ( - b-1
5) [ e ] % 2 + ( - b
6) [ e ] % 2 +
7(-b+1)[ e ] % 2 +( - 1 ) [ e
8] % 2+ e [1 ]% 2 +b [ e - 1]% 2 + b[ e ]% 2 +
9b [ e+1 ] %2 ;}d m ( d i ){ n
10( i == x - 1 ) ?0 :( f [ i +
111 ]=m (i + 1) ) ,32 +3 / (
12( p( q , i )> 3 || h < 2 )? 7 :
13( ( h == 2 &&q[ i ] == 32
14 )? 8 : 1 ) );}d y
15( d i ){ d j , s , t ,a ,u
16;if ( x - 1== i ) n 1 ;if ( f [i]==2) {
17f [i ] <<=4;if(y( i))n 1;f[i ]-=- 3 ; if (
18y(i ) )n 1;n 0 ; };if((i % b ) ==
19 0 ||( i % b ) == b-
201 ) n y (i+1 ) ;j
21= -1 ; l : ; j =j + 1 ;
22if ( j >= ( i - i / b + 2
23 == b ? 1 : i > 2 * b ?i% b!=
24 1 ?2 : 2 * 1<< 1 :8 )) goto
25c; u = p( f, i ) ; if ( i <
26x - 2*b - 1 ) { a =( s =(( t=i % b==
27 1) ? 1 : i % b != b
28 - 2 ) ) && i < 2 * b;u+= (
29a ? ( j& 4 )
30> 2 : 0 ) + (t ? ( j & 2 ) / 2 : 0) + (
31s? ( j&1):0);}else a =t=s=0;if((u&2)+(u&4)!= 2 &&
32(q[ i]& 2 ) ==2||u==2&& (f[i]+q[i]) % 2 ==1 ||u
33== 3 && ( q [ i]&2)== 0 )
34 goto l ; b
35[i + f ] ^= ! t ? 0
36 : b[ i + f ] ^ ( 10 + ( j & 2 )
37/ 2 ) * 3+2;b[ i + f + 1 - b ] ^= !
38a ?0 : b [i + f +1 - b]^ (10+ (
39j & 4) / 4 )* 3 +2 ; b [ i
40+f + 1 ] ^= ! s ?0 : b [i+ f + 1
41] ^ (10 + ( j &1) ) *3+ 2 ; if ( y ( i
42+ 1) ){ n 1 ; }; ( a ?
43i + 1 : 0 ) [ f ] =( t
44? i+ b :0
45) [ f ] = ( s ? i
46 + b +1:0) [ f ] = 2 ;goto l ; c:n 0 ; } d
47 main(d c,o**v){d i; x=b=0;while((q[x++]=getchar() ) !=
48 EOF ){x-=(q[x-1]==10)? b+=1,1:0;q[x-1]^= (q[x-1] ==
4932)? 0 : q [ x - 1 ] ^ 35 ; } ; w ( 0 );
50for ( ; ;
51) { z ( f , 2 , x *
52 k ( o ) ) ; for ( i = 0;i<=x - 1;
53i = i + b )q [ i / b] = q [ x - b+ i /b
54] = q [ i ]= q [ i - (
55(i == 0) ? 0: 1) ] =f [ i /
56b ] = f[ x -b -1+ i/ b] = f [i ] =f[
57 i - ( ( i == 0 ) ?
580 :1 ) ] = 32; if ( c ==
591 ) m ( 0 ); else
60if (y ( b + 1)
61==0)n 1;f[0]<<=1<<2;memcpy(q,f,x*k(o));w(0);sleep(1);};n 0;}
|
Sirocco
Member #88
April 2000
|
And once that's compiled it'll be much more readable. If someone can make it, someone can change it. --> |
verthex
Member #11,340
September 2009
|
Sirocco said: And once that's compiled it'll be much more readable. If someone can make it, someone can change it. Yeah like timers at the most. I've tried changing things on a vb level for simple database using access, something related to tabs and clicking events (this was for a job) and all I got were errors. Me and the fifty people employed before me. And thats in a GUI environment with vb code.
|
Jonatan Hedborg
Member #4,886
July 2004
|
The question here isn't if you can do it verthex, but if it can be done.
|
Mark Oates
Member #1,146
March 2001
|
I'm convinced that anything that you have access to is hackable. Binary, compiled, source, encrypted, whatever, it doesn't matter. I guess I'm more interested about:
(this is a free-form discussion ) -- |
verthex
Member #11,340
September 2009
|
Jonatan Hedborg said: The question here isn't if you can do it verthex, but if it can be done. Yes, with a big enough brain. The same question shows up in understanding physics and the final theory of everything and the problem with that is the question of solving quantum mechanics and relativity. So far everyone claims string theory is a solution but many physicists such as Feynman have claimed that until someone smart enough comes along to understand quantum mechanics from some different perspective, it will never be solved. So I'll just be practical and say no, its not possible. RSA is unhackable with current computers.
|
james_lohr
Member #1,947
February 2002
|
Mark Oates said: the limits of hackability of remote systems I think the question transcends computers. A "remote" system could be anything that may be controlled externally by someone or something. So the question then becomes whether it is possible to uniquely identify someone or something remotely with 100% certainty.
|
Specter Phoenix
Member #1,425
July 2001
|
I'd say anything is hackable. It more depends on the time the programmer is willing to put into hacking it and the complexity of the program.
|
someone972
Member #7,719
August 2006
|
It's definitely possible (and pretty easy actually) to reverse engineer and change programs. I've done it extensively with the old game Driver: You are the Wheelman, and have done other reverse engineering projects as well on a much smaller scale (disabling registry edits for instance, or when the serial key I got with the Penumbra Collection worked on everything except Overture I just disabled the key check). Simple changes take hardly any time at all. ______________________________________ |
bamccaig
Member #7,536
July 2006
|
For something to be unhackable it would have to have no vulnerabilities to exploit, and vulnerabilities are basically synonymous with bugs, and all non-trivial software has bugs, so in practical terms it's fair to say that nothing is unhackable. In theory, it should be possible to create software that is unhackable, but in practice it's generally an iterative process. One can never really be too sure that a complex system is unhackable because the vulnerabilities/bugs are generally not easy to detect. The best approach is to assume that everything is hackable and weigh the value of compromise against the level of deterrence. -- acc.js | al4anim - Allegro 4 Animation library | Allegro 5 VS/NuGet Guide | Allegro.cc Mockup | Allegro.cc <code> Tag | Allegro 4 Timer Example (w/ Semaphores) | Allegro 5 "Winpkg" (MSVC readme) | Bambot | Blog | C++ STL Container Flowchart | Castopulence Software | Check Return Values | Derail? | Is This A Discussion? Flow Chart | Filesystem Hierarchy Standard | Clean Code Talks - Global State and Singletons | How To Use Header Files | GNU/Linux (Debian, Fedora, Gentoo) | rot (rot13, rot47, rotN) | Streaming |
jmasterx
Member #11,410
October 2009
|
I always wondered why there wasn't ever any decent reverse engineering app. At the assembly level, I think at least an algorithm could shove all variables as static globals and then reconstruct functions that could pass pointers or basic types. exe2C myexe.exe bignewsourcefile.c Ex: 1int var1;
2int var2;
3int var3;
4
5
6int func2(int a, int b)
7{
8 ...
9}
10
11int func1()
12{
13 var2 = 5;
14 var3 = 6;
15
16 return func2(var2,var3);
17}
18
19int main()
20{
21 return func1();
22}
It would be a huge mess but still much easier to manage than assembly. Agui GUI API -> https://github.com/jmasterx/Agui |
Jonatan Hedborg
Member #4,886
July 2004
|
bamccaig said: For something to be unhackable it would have to have no vulnerabilities to exploit I'm not sure I agree. Even if the service itself has no exploits, it would still be possible to hack it if you for example convince a user to give you the proper credentials, gain (direct or indirect) physical access to the server machine, subvert a software patch etc etc.
|
relpatseht
Member #5,034
September 2004
|
Oh, you could even have scoped variables, in your example. The reason it isn't done is because it is really hard to impossible to find the start and end of a function. Once optimized, do you think a function starts with push ebp, esp and ends with ret? The closest I've ever done was a function relocator, and even that only had a 50% success rate. That being said, with heavy analysis and extensive knowledge of the compiler used, it is possible to get a lot of c or c++ code back in an automated process, but I doubt 100%.
|
weapon_S
Member #7,859
October 2006
|
bamccaig said: and vulnerabilities are basically synonymous with bugs, and all non-trivial software has bugs True. Speaking of mathematical impossibilities, I wondered whether it's possible to make a language that only shows behaviour on a (programmer) defined domain. Mark Oates said: the limits of hackability of remote systems. I've never gotten that either. You have a connection that is basically public. WHITE LIST ALL OPERATIONS ON IT YOU MORON. Then again I know very little of networking. >_> Quote: the range of hackability, plotted from easy to hard Plotted against what? Everything? Access? Speaking of access, it seems open-source software gets hit just as hard as closed-source. That may be the result of the target interest. I.e. some open-source webkits get hit pretty hard, and most open-source software is used less than closed-source counterparts.
|
Elias
Member #358
May 2000
|
jmasterx said: Does anyone know why something like this does not exist or maybe why it cannot? http://en.wikipedia.org/wiki/Decompiler And it seems there exist quite a lot of them, some even open source. -- |
verthex
Member #11,340
September 2009
|
James Lohr said: I think the question transcends computers. Quantum mechanics has problems which actually require solving differential equations through recursive methods. And I'm just talking about deriving certain equations which are Sturm-Louisville related.
|
Evert
Member #794
November 2000
|
verthex said: So far everyone claims string theory is a solution
I don't think anyone really claims that. The strongest claim one can make is that string theory might contain a solution and we can certainly learn a lot by studying string theory. Quote: but many physicists such as Feynman have claimed that until someone smart enough comes along to understand quantum mechanics from some different perspective, it will never be solved. Argument from authority is never a good argument. Quote: So I'll just be practical and say no, its not possible. Whether something is possible and whether something is feasible are two separate questions. verthex said: Quantum mechanics has problems which actually require solving differential equations through recursive methods. So? That's not particular to quantum mechanics. Quote: And I'm just talking about deriving certain equations which are Sturm-Louisville related. So? |
type568
Member #8,381
March 2007
|
Concept of proof that not everything is hackable: Assisting Statement (1): No system has infinity of flaws. * I'm sure from here on my concept is easily readable by those ancient ones of the forum without my further explanation. *- An infinity of "similar" flaws can be addressed as a single flaw with a general fix for that infinite group of flaws.
|
Matthew Leverton
Supreme Loser
January 1999
|
That's a good try, but the failure is the assumption that "any single flaw can be fixed." If your definition of hacking (and flaws) includes modifying the executable to do something else, then it's not true. |
|
1
2
|