Allegro.cc - Online Community

Allegro.cc Forums » Programming Questions » "anything is hackable"

This thread is locked; no one can reply to it. rss feed Print
 1   2 
"anything is hackable"
David Sopala
Member #5,056
September 2004

So lets first define hack(ing).

To make/modify an existing system do something it was not intended to do. This is the core thought of hacking.

This could mean creating a CnC out of a Dremel tool.

This could mean modifying a FPS to let you see wire frames instead of textured walls.

Using notepad to edit data files.

What is the limit? Human creativity.

What makes it easier to do? Human ignorance.

Something that is "not" hackable is something you can not interface with directly or indirectly.

AMCerasoli
Member #11,955
May 2010
avatar

Using notepad to edit data files.

I use to hack text all the time with notepad.

Quote:

What makes it easier to do? Human ignorance.

Now we need to define human ignorance. Because I think that human ignorance is relative. How much ignorant am I? depends on how much ignorant you are. ;D

Edit:
Who did it? >:(

David Sopala
Member #5,056
September 2004

Ignorance is based on working knowledge of a subject. Your better off being able to say FFS I have no idea how to get from here to there. Knowing what you don't know is more important than knowing what you do know.

bamccaig
Member #7,536
July 2006
avatar

I'm not sure I agree. Even if the service itself has no exploits, it would still be possible to hack it if you for example convince a user to give you the proper credentials, gain (direct or indirect) physical access to the server machine, subvert a software patch etc etc.

I suppose that depends on your definition of hacking. I consider hacking breaking into a system itself. Merely socially engineering the credentials isn't hacking, IMO. Similarly, getting into the system by compromising another system (e.g., the kernel) isn't hacking the software itself, but rather hacking the operating system, for example. The end result may be the same, but I don't think it's accurate to describe them all equally as hacking your software.

Jonatan Hedborg
Member #4,886
July 2004
avatar

bamccaig said:

I suppose that depends on your definition of hacking

For me at least, it means (in the context of software security) "gaining access to functionality or data on a system that the owner/designer does not want you to have access to". It would include anything from using/finding exploits, brute force password search, social engineering (which I would say is by far the most common and effective form of hacking), infiltration (getting hired at the company that hosts the server perhaps, or installing keyloggers under the guise of a cleaner) and possibly even breaking in to get physical access (though this would depend on what you did once you have access to the server - stealing the whole computer would for example not count as hacking ;)).

But if you subscribe to a narrower definition of the word, then it should be theoretically possible to write a 100% hack-proof system. An http server that simply responds to any and all requests (does not even look at the request) with the content of a file for example, should be pretty much un-hackable.

Mark Oates
Member #1,146
March 2001
avatar

social engineering (which I would say is by far the most common and effective form of hacking)

True dat. Wearing the right costume (suit and tie) can get you inside all kinds of bullshit.

Quote:

An http server that simply responds to any and all requests (does not even look at the request) with the content of a file for example, should be pretty much un-hackable.

Hmm... does the act of sorting requests somehow open a hole? Or is it just that it opens the possibility that the person who wrote the sorter made a mistake?

I use to hack text all the time with notepad.

Me too:

Before:
{"name":"605898","src":"\/\/djungxnpq2nug.cloudfront.net\/image\/cache\/7\/6\/7627b3cf815f498b662fa5601a4a0e99.png","w":326,"h":248,"tn":"\/\/djungxnpq2nug.cloudfront.net\/image\/cache\/7\/6\/7627b3cf815f498b662fa5601a4a0e99"}605898
After:
{"name":"605899","src":"\/\/djungxnpq2nug.cloudfront.net\/image\/cache\/a\/a\/aa949aa34f05ea5b28b530ff33f3717c.png","w":326,"h":248,"tn":"\/\/djungxnpq2nug.cloudfront.net\/image\/cache\/a\/a\/aa949aa34f05ea5b28b530ff33f3717c"}605899
8-)

--
Visit CLUBCATT.com for cat shirts, cat mugs, puzzles, art and more <-- coupon code ALLEGRO4LIFE at checkout and get $3 off any order of 3 or more items!

AllegroFlareAllegroFlare DocsAllegroFlare GitHub

David Sopala
Member #5,056
September 2004

Simple enough. Buy some usb sticks with the auto launch preloader. Write some code to do some key logging hook into window's API. Take handful of USB sticks to company put in candy jar. People will take the USB sticks and plug them in it's that ignorance factor again. Log passwords and the like. You don't need to do social engineering, people do that for you, just give them the right tools.

Neil Roy
Member #2,229
April 2002
avatar

It's all hackable, the key is to make hacking difficult, of course, real hackers find the greater the challenge the more enjoyable it is.

There was a video game many many years ago where they made it so that when hackers "cracked" the game for pirating and released it, the game worked, but left out important parts of the game required to complete it, which in turn got the public angry at the hackers for distributing a game that wasn't totally hacked. The games creators had put in several road blocks that would make the game appear cracked when it in fact was missing pieces. If I remember, the hackers actually thanked the publisher for providing such a challenge. But they eventually did crack it.

Nice software I like to use that reduces the size of your exe and makes it more difficult to hack is UPX. Nothing is foolproof but this is very nice, plus the reduction in file size is sweet.

Throwing in road blocks will stop the casual hacker, but anyone who enjoys a challenge will only appreciate your efforts. Still, the vast majority will give up. I use password protection on my high score files to prevent the casual player from cheating for example. That is who I target.

---
“I love you too.” - last words of Wanda Roy

type568
Member #8,381
March 2007
avatar

@ML

My statement is only limited to when the hacker has limited access to a system(please spare me time to define what I mean under the word "limited").

I do believe any program you can have on your hard disk can be cracked to do anything the cracker desires.

In short, if the targeted system is remote, the final word belongs to the security(it ca be flawless). However, if the system is brutally unconditionally accessible the final word belongs to the attacker.

I thought about it many, many years ago. Before I first came here I guess. :)

Matthew Leverton
Supreme Loser
January 1999
avatar

A program can definitely be written such that it has no faults in terms of processing input. So, for the sake of discussion, if you are able to limit access to only the approved methods of input, then you can build a secure system.

But in reality software is complex and you generally only own and are responsible for a small slice of the stack, and there are many ways to hack something that isn't directly due to your own code. For instance, perhaps somebody could gain entry to a remote web server via a simple "Hello World" page if he's able to overload the server, crash a process, and run some arbitrary code.

In practice, the best security is having nothing that is worth hacking.

type568
Member #8,381
March 2007
avatar

It's more about having a system that is too hard to hack for it to be worth it, even if you have something worthy.

That includes prosecution of the attacker, not bragging around how secure you are & many other things. Good security is first in the list.

I agree with the other points though. My original response was addressed to the OP which referred to mathematical proof. That science is far from reality :P

bamccaig
Member #7,536
July 2006
avatar

@Mark: :D

@David Sopala: That's a pretty slick idea. :o I see you've put some thought into this. ;)

@Neil Roy: IIRC, the Spyro series had tons of checks in it to guard against cracks. Apparently it took a couple of months to get cracked in comparison to a couple of hours, as most games are.

weapon_S
Member #7,859
October 2006
avatar

David Sopala
Member #5,056
September 2004

It was just a story I picked up somewhere. Then again when I was a kid just learning computer games and how to play them our loading screens were all about who cracked the game and to "call our(their) boards if you dare!" Back in dial up days there.

Youtube remembers:

http://www.youtube.com/watch?v=rZEd6TeUibU

http://www.youtube.com/watch?v=x4nXtdJiFc8

Neil Roy
Member #2,229
April 2002
avatar

@bamccaig, yes, I believe that was the game I was talking about, it rings a bell!

Other methods to alter a game that have been used to create "trainers" or cheats is not to hack the game directly, but to modify the memory it uses to store variables to do with life, score etc... I'm not sure if you can do that anymore, but I once read an article on how to create your own "trainers" for games, it was quite an interesting read and fairly simple to do at the time.

---
“I love you too.” - last words of Wanda Roy

Jonatan Hedborg
Member #4,886
July 2004
avatar

Neil Roy said:

I'm not sure if you can do that anymore

Games are still stored in memory, so sure ;)
There are quite sophisticated tools for it these days (like cheat engine)

Neil Roy
Member #2,229
April 2002
avatar

I was just thinking that perhaps operating systems might prevent software from accessing the memory allocated for use by another program, but I guess not. I haven't been into programming much in the past 7 or more years, my enthusiasm isn't what it used to be so I figured I may be behind a bit. ;)

---
“I love you too.” - last words of Wanda Roy

relpatseht
Member #5,034
September 2004
avatar

Windows actually has nice easy APIs for reading and modifying another process's memory. On Linux, it is possible on some kernel configurations, but slow (1 byte at a time), and a real pain.

Arthur Kalliokoski
Second in Command
February 2005
avatar

IIRC, reading/writing /proc/kcore works fine (as root)

They all watch too much MSNBC... they get ideas.

bamccaig
Member #7,536
July 2006
avatar

Neil Roy said:

Other methods to alter a game that have been used to create "trainers" or cheats is not to hack the game directly, but to modify the memory it uses to store variables to do with life, score etc... I'm not sure if you can do that anymore, but I once read an article on how to create your own "trainers" for games, it was quite an interesting read and fairly simple to do at the time.

AFAIK, this is how GameShark and other such cheat systems worked. I guess the "codes" were hexadecimal memory addresses and values (or perhaps just keys to pre-designed codes)? :-/ I know that it made FFVII much more fun for an RPG n00b. :P Which inevitably allowed me to fall in love with the game and learn to play it for real. :)

Specter Phoenix
Member #1,425
July 2001
avatar

bamccaig said:

AFAIK, this is how GameShark and other such cheat systems worked. I guess the "codes" were hexadecimal memory addresses and values (or perhaps just keys to pre-designed codes)?

Yeah, I had a GS on the old PSX (before they went to PS1). It made it so you could make your own codes if none existed. The way it worked was you would do something, like for infinite money or HP, you would have the GS scan the memory locations, spend money or lose health, scan again, repeat one or two more times to narrow it down. The Hex was the memory locations of the game item and the numbers at the end was the values to lock it to what you wanted. Down side was it had a high risk of locking your system up so you were better off waiting for others to make the codes.

 1   2 


Go to: