"So
you wanna be a Hacker?"
Code
Hacks
my own personal
demon.
I have broken this
page down into several sections to make it easier to deal with.
·
Introduction Some general notes before you get started.
·
Hacker Ethics Ya gotta start here.
·
What is Hacking? What do I mean by hacking.
·
The Basics How do you get started?
·
Common Fatal Flaws and Back Doors.
The easy ways.
·
The Techniques What to look for.
·
The Tools You gotta have the right tool for the job.
·
Breaking cyphers/passwords How to protect your code.
·
Getting paid to Hack Legitimate jobs for hackers.
·
The Computer Police Yup there are a lot cops out looking for hackers.
·
Hacking Links Some other places you really should visit.
Introduction
Computer Security
is a very hot topic these days. There will be lots of jobs available on both
sides of the line. When most people think of a hacker, they see a curious 14
year old, using his computer to spray electronic graffiti on some corporate
computer. Well the are also other hackers out there. The criminal hacker has
arrived. This new breed of hacker is breaking into computer systems, and
cracking code, not out of curiosity, but out of greed!
There is a definite
need to protect data from unauthorized access. Maybe it is a user wanting to
protect his email, or a major corp protecting their corporate secrets, we all
need a little privacy sometimes. Some of those who hack do it for fun, and out
of curiosity, but others have mischief or worse in mind. Hacking is the art of
getting into places where you don't belong, and taking control.
If you write
software and/or work on a network, this has become a major issue. To be
uninformed is to be compromised.
As a programmer I
am often called upon to provide for secure access to data. Providing my clients
with good security is very important to me, therefore code hacking is a serious
concern to me. There will be a lot here on how to protect your code from getting
hacked! If you want to know how to keep your own stuff safe you have to know how
it can be hacked. Thus the better you are at hacking the better you can protect
yourself. Remember that all of this is just a primer.. It is intended to get you
thinking like a hacker. Hacking is as much an art, a way of thinking, as it is a
science. To hack really something serious like a good password routine, then you
have to be able to think like the original programmer did. Find the flaw in his
logic and use it to break the system. Find that back door, pick lock and you are
in.
The trick of course
is preventing others from doing this to you!
I will only deal with MS DOS and
Windows code here. Hey it's what I know! The basic techniques will be the same
but you will need different tools to work under other OS's.
The best
way to protect your code is to hack it yourself first!
Hacker Ethics
I am personally
very opposed to malicious hacking in any form. But that is me... I look at it as
a Good vs. Evil thing.
I know that there are malicious hackers out there, I have meet some of them.
Some are just old timers like me, that went over to the "Dark Side"
and now hack for the corporations. But a lot of them are just young amoral kids,
who will trash something just for fun.
Most people seem to
think that because you are a hacker you have the morals of a snake. I have found
this to be far from the truth. The vast majority of hackers are just very
intelligent and curious individuals. These were the kid's who kept takeing thier
toys apart just to see how it works.
The bad image comes from the perception that all hacking is illegal.
Well that happens to be true. Almost any form of hacking is illegal! By hacking
into a computer system you could go to prison for up to 10 years! The Secret
Service and the CCD are real busy these days. You know those silly little
license agreements you agree to when you buy or download new software?
Well if you actually read them, it turns out that you have now agreed with the
following:
"You may not reverse engineer, decompile, or disassemble the SOFTWARE
PRODUCT"
Well this basically means don't hack it!
There is an out to all of this however.... There is also normally a line like
this too:
"except and only to the extent that such activity is expressly permitted by
applicable law notwithstanding this limitation"
This usually means it is NOT illegal
if....
You are not doing the hacking for profit, or
to steal their ideas and code, or
harm producer of the software.
Hey the real good news is... That it is
perfectly legal to hack your OWN code!
IF you wrote it, then you are allowed to hack it. In fact to really debug
your code, you must hack it! This is a great way to learn about how your
software REALLY works. Most people who have been writing code for a while do a
lot of hacking. They call it debugging... Hacking
is basically debugging someone else's code, maybe making a few changes along the
way!
Therefore if you
only purpose is to learn more about all things code then you are probably ok.
Please don't take my word for it though, if you have any questions about the
legal aspects of hacking ask a lawyer. I'm sure you will get a straight answer.
:-)
Remember that the penalties for illegally hacking code can be very stiff!
Crossing
the line into illegal hacking could have very serious consequences. You can
spend a long time in prison for illegal hacking.
What is
Hacking?
Hacking code is the
art of making changes to software after it has be compiled. This is done for
many reasons, some legal some not. Generally when you hack code it is because
you want it to do something it was not intended to do, like adding a feature. Or
maybe stop it from doing something it was designed to do, like needing a
password to run. Sometimes it is just for fun.
Here are some
of the most common reasons:
For you own amusement and bragging rights.
Basically cause you can, and it's fun. (probably the biggest reason most hackers
do it.) There is a definite rush when you crack open some program, and all its
secrets lie before you! Be careful! Such power is addicting! I have stayed up
many a night hacking some program. Getting it to reveal all.. I just wanted to
know... How did they do that!
Adding Import features to you own programs.
Nice big gray area this one is.. If you want to be able to use the files created
by another program then you usually gotta hack out the file structure. Big
software companies do it all the time, so we can too? Course they have expensive
lawyers too, so watch yourself.
Removing copy protection. - Stealing the software.
This used to be that a lot of kids can't afford to
buy a lot of the really cool games, but they have a lot of time. So they barrow
a copy from a friend and "Crack" the game by removing all the copy
protection. Now they can make as many copies as they like. Once hacked, it then
gets "traded" on a pirate BBS or site for other software the hacker
can't afford to buy. So if one gets a copy so do lots of others. Quite illegal,
but tough to catch and tough to prove. This is not the problem it once was. Most
of the games now are really HUGE and come on CD only. To run an illeagle copy
you have to load the whole CD on to your hard disk! This can be 500 meg of
space! Even with todays hard disk prices that can be hard to justify for a $50
game.
But these days it is mostly businesses wanting to by
one copy of a $1000 program and put it on 20 PC's so every one can use it. These
are the people the "Software Police" are looking for.
Cracking Password controlled access and Passwords.
- Big problem these days.. A lot of companies encrypt their data using
passwords. Hackers think... Why break the cypher when you can hack the code and
not need a password? Or have the hacked password routine record them instead?
Nice trick for the hacker, but real bad for whoever was counting on that
password! If there was bad intent things could be a real mess.
Adding features and plugin's to software.
Another big gray area here.. Adding stuff to someone else's code. If you want to
add functionality to an existing program you gotta hack it. Hey big software
companies do this all the time too, so why can't I? I mean things like the
Norton Desktop for windows. They surely had to hack the windows OS real heavy to
pull that off!Funny some of these companys have done this to others, and then
turned around and sued someone else for doing it to them!
Stealing code. Mostly Corporate espionage, and curious teenagers. How did they do
that? I want to do that too....
Most hackers are
young, and broke, and they have lots of time to devote to their hobby.
The Basics
How do I get
started?
I repeat.. Hacking
is basically debugging someone else's code, and making a few changes along the
way. If you have done much debugging at the assembler level, then you have most
of the skills you need already. First you must learn to program in assembler. To
hack software you must be able to read assembler. It unlikely that the software
will come with source code, so you must be able to read it much as the computer
does. There are tools to make this
easier, but it will be up to you to understand what the code is doing. Hacking
forces you to look at software differently. The skills you acquire make you a
much better programmer. It allows you to work "Magic" sometimes.
Always,
Always, Always back up the file, BEFORE you try to hack anything!
Warning!
Some virus checkers may detect these
changes and set off false alarms!
Your
first hack...
Change the text messages in you own or someone else's software. Use a hex editor
to do this. I like to change the error messages from like "invalid
filename" to "Does not
compute" or "unknown
command" to "Ow that
hurts!!". You get the idea. This is a good place to start your career
as a hacker. It is not hard to do, and will give you practice in finding
something in a hex dump of a file, changing it, and saving the new file. Any
good hex editor will let you do this. The stings usually MUST be the same size
or at least the new one must be smaller (you can always pad with spaces). C
strings will end with a zero, and pascal strings will start with a length. I
know this is not much of a hack, but it is lots of fun to do. If you hack
someone else's code well... as long as you don't distribute your changes to it,
I very much doubt they will prosecute.
Your
second hack...
Hack yourself! Write and compile a simple program in you favorite High level
language. Now go and hack you own code. Disassemble it and walk thru it using
your debugger. Do this a first with both a symbol table. This will help you
figure out what is going on. Observe how the various routines look and work as
assembler code. Look for holes in anything you need to remain secure. Never
forget that your high level language (C++, Pascal, Visual basic, etc) just
create your machine code for you. From the hackers viewpoint it is that raw code
that counts. Now Disassemble and walk though you code again but without any
symbol table. This is what your code looks like to the outside world. Now hack
your code. Make a dialog work backwards. Change the program flow. Keep it from
crashing, just make it do something different.
Your
third hack.....Now
do all this to someone else's program. Pick something small. Again as long as
you don't distribute it, I very much doubt anyone would prosecute you for this.
Psst don't tell them....
Common Fatal
Flaws and Back Doors.
Fatal
Flaws
Boolean
Flags...
The use of boolean
flags and functions is the most common fatal flaw in both copy protection and
password routines.
The
high level source code will contain something like this:
if Good_Password(input_Password,Correct_Password)
then Allow_Access {Everything is alright so go ahead}
else Bad_password_routine;
This will result in
Assembler code something like this
;
push the user input password pointer onto the stack...
0001.0055
1E push ds
;Save Data Seg of user imput
0001.0056
680400 push
0004
;Save offset(direct}(from stack}
;
push the correct password pointer onto the stack...
0001.0059
1E
push ds
0001.005A
FF360800 push
word ptr [0008] ;Save
offset (indirect}
;
Now call the string compare...
0001.005E
9AFFFF0000 call
USER.LSTRCMP ;Compare
the strings
0001.0063
751D
je 0084
;If equal then go to Passed code
0001.0065
????
????
;Failed code goes here
......
......
0001.0084
????
????
;Passed code
;You
can hack this code by changing just one byte!
;just
change it like this.. ;a bytecode of 75 hex equals a Jump on AX equal 0 command
(je).
;a
bytecode of 74 hex equals a Jump on AX not equal 0 command (jne).
;The
code now works backwards.
;Now
when the passwords are NOT equal the code thinks that it is! (cool huh).
;Just
type in an invalid password and you are in!
0001.005E
9AFFFF0000 call
USER.LSTRCMP ;Compare
the strings
0001.0063
741D
jne 0084
;If NOT
equal then go to Passed Code
0001.0065
????
????
;Failed code goes here
......
......
0001.0084
????
????
;Passed code
You change this
byte with a hex editor usually. You take the number patterns from your
disassembled code and use them to find the byte or bytes you need to change.
Change them in hex and save the file. Some of the better debuggers allow you to
type in new assembler code as well. This can be a little tricky though. Note
that this is a surgical hack. These are the best kind. Only one byte was
changed, and only by a single value, as 74 hex becomes as 75 hex. Therefore the
file size did not change! If this file were also checksum protected the checksum
code would also be easy to fix, because the change was so small. This hack could
be done in just a few minutes if the hacker already knew just what to do. A
hacker could hack the code, get the data they want and change it back! All in
minutes! You might not think your software can be cracked like this. Well try
it! You might get a very unpleasant surprise!
How
do you keep this from happening to you?
1. Don't check your password with
boolean functions! Using the "Built-IN" functions is very tempting,
but the hackers all know how to get around those. Write your own string compare
function and return a mathematical value or dynamic pointer instead.
2. Get complex! Use the user
supplied password again always. In
the code that is run when the password is valid, be sure to use that password
again. This trick would not work if the user supplied password had been used
again in some fashion. Use it to decrypt a value for something like an index,
pointer or offset to the data. Save the encrypted value when the password is
created. Make the password the key to the encryption routine. Be sure to use the
decrypted value. Make it HARD!
3. Crash it! Write your code so that
these simple hack attempts to your password routines will crash the program! If
you do this correctly then your normal users will not notice anything. But the
hacker sure will! You can quickly defeat a lot of hack attempts by just wearing
the hacker down. Having to reboot with every hack attempt is very discouraging.
You can't stop a really determined hacker. No matter how clever you are, someone
else can always figure it out. But, you can try to make the hacker grow old
before they break in.
4 Run checks for changed Exe or DLL
files. Verify the size, cheaksum and date will help catch this as well. You can
do this with an outside program if you are checking an program you are using or
perform the checks from your program at load time. A really good hacker will
find these routines as well and attempt to modify them.
Back
Doors...
A good example of a
Back Door is a game cheat. These
hidden commands were put in to help test the game. They often get left in when
the product ships. Well software other than games often contain these hidden
commands. This leaves a back door into the code. As a minimum you can often
trigger a debugging mode that will greatly help you hack the program.
How do you find a Back
Door?.
Well I normally start by looking for strings in the code. Look for weird words
or something that might be a programmers name or handle. Then look at the code
where that string is used.
Another way is to look for code that examines the command line parameters, or
evaluates user input.
How
do you keep this from happening to you?
Well that's pretty obvious... Be sure to remove ALL debugging code BEFORE you
ship. Lots of code ships with the debugging stuff still in place. I use compiler
directives to control my debug code. That way I set a global flag and compile
with or without debugging code.
The Tools
Having the proper
tools is vital! Most of these tools are available for download from my site, or
come bundled with other software.
For the most part
you will need different tools for hacking DOS and windows software. You will
also need different tools for 16 bit and 32 bit hacks. Some of the 32 bit tools
will work on both 16 and 32 bit code.
·
Hex Editors - A hex editor allows you to view, search and
edit a program as a hex dump. This is one of most powerful tools of the hacker.
·
HexWorks
- This is a hex editor for Win95. Fast and powerful.
·
hexworks.zip (259KB) <hackertools/hexworks.zip>
This link is fixed now! sorry about that
·
Debuggers - A debugger allows you to step thru a program while it is running.
These are all commercial programs. Many of these come with assembler and high
language programming tools.
·
Borland
Turbo Debugger - Pretty good MSDOS tool.
·
Turbo
Debugger for windows - For Windows software. Not very friendly.
·
WinIce
-
·
Debug
- The basic tool for Dos work. Bundled with MSDOS.
·
Disassemblers This allows you to view a program as assembly language.
·
Windows
based tools.
·
Win32
Disassembler - This is a great windows based tool. Lots of great features
including: identifying the code and data segments, listing windows API calls.
Requires Win95,NT, or Win 3.1 with win32s. This link is fixed now! sorry about
that
·
w32dasm5.zip
<hackertools/w32dasm5.zip> (471KB)(Local
copy of Demo)
·
Win32
Disassembler Home page
·
Quick
View - Windows 95, Yup that quick view.. You can get a quick peek at any windows
program or DLL just by opening it with quick view. A wealth of vital information
at your fingertips.! Free too.
·
DOS
based tools.
·
Crackers - A cracker automatically removes copy protection from software. Using
these do NOT make you a hacker, writing them does!
·
Game/Program
Specific Hack tools
These tools allow you to make specific changes to a program. Disassemble these
for some examples of how to do this. Hack a Hacker :-)
·
Dhacked.zip
- Probably the most famous and widely used. Allows you to make changes to the
Doom I and Doom II exe file. You can easily change how the game works with this.
·The
Techniques
·I will get to this soon.
·
·Breaking
cyphers/passwords
·This has become a science all in and of itself.
·Your options here based on how much information you have. If all you
have is some encrypted text then you have a real task ahead of you. On the other
hand if you have a copy of the program that does the encryption, you can study
the encryption code and determine the method used and write a decryption method
based on that. The best schemes not only are encrypted but contain a password
that is the key used to decrypt the data.
Most
efforts these days involve super computers using a brute force approach. You
just keep trying various keys until a key results in a readable message.
Getting paid to Hack
Yup
that's right you can get paid to hack code! First you better be elite! Second
you better be careful what jobs you take. If you break the law you could go to
prison! If you skipped the ethics part,
go back and read it now. But there are legal hacks. Most of the time this will
be recovering a lost password. You would be amazed at how often individuals and
business lose passwords. Sometimes they just forget them, but most of the time
someone quits, gets fired or dies. Then the company discovers that the person
encrypted their very important data! This is where you come in. Recovering the
files can be worth several grand to a company. This kind of job can be real easy
to very very hard. Most will only pay you if you succeed. Even so you can get
paid to hack! I have made some real good money this way. All of it legal of
course. One thing you have in your favor is that while there are a lot of wanna
be's there are not that many real hackers. So unless you live in a big city like
New York or L.A. you may have all the job's to yourself.
Be
careful in the jobs you take. I have been asked to do some very illegal things.
I refuse these offers, not only for ethical
reasons, but I also would really hate prison. I recently had someone ask me to
break a password... Not because he lost it, but because he was too cheap to pay
the authors of the software to register it!. I told him to shove it! I write
shareware too!
Anyway
just be careful in the jobs you take, and you make some nice bucks off your
skills.
Computer Police
The
law enforcement comunity has finally started to set up special branches to catch
the criminal hacker. So far their record is not so hot. They have nabbed a lot
hackers, but so far most are just the curious type. The criminal hackers just
seem to keep getting away while the curious are getting 10 years. Comeon guys go
after the "Bad Guys" 'k!
I
will get these links up real soon I promise!
·
FBI
- CCD (Computer Crimes Division)
·
Sercet
Service
·
Federal
Marshals
Here
are some stories about the Feds and Hackers. (From the hacker's viewpoint)
·
The
Hacker Crackdown