This is a post of intellectual masturbation. Also it is a post I’ve written some time ago. Before you start reading I think that reverse engineering is an artform 🙂
I met a guy, he said that he is developing anti-reversing techniques, obfuscating code, injecting assembly junk code just to hide the main entry point of the program, he is even deploying code to detect when a debugger or a dissasembler is running and obfuscate some more his code.
The other day I met another guy. We had a conversation about antireversing techniques. He was a Microsoft fan boy. Actually he was THE Microsoft fan boy. He got a Macbook Pro and he installed Windows. Note here that I am not an Apple fan boy but if I had to choose between Mac and Windows, I’d stick with Mac.
Both of these guys had spent a great deal of their time to find ways to make their software secure. I understand that they have spent a great deal of their time developing things and a patch, keygen, crack, whatever will make them lose money but… You forgot something. Digital world is binary.
Through the years, many antireversing techniques were developed from code to bytes of data to USB hasp keys. Fine, but if we keep on analyzing those facts we’ll come to a point that the software is checking if he has registered, or if the hasp key is present etc. Even loops can be analyzed to if blocks either with recursive functions in pure code or for example JNE or JE or whatever in assembly (x86 arch in this example). This makes it clear, we care only about true or false. It is pretty clear that even if you insert a key and the software queries a database to see if the key is valid, the software is waiting for either true or false.
What is the main reason about this? First of all, processors. Processors at this time work binary, two states only, 0 and 1. This is the main thing about security, if I can convince the software or the man that I am authorized (either physically me or just some exploit) then I get what I am authorized to get. Same thing applies to reversing in another way though. The main idea is that we are looking for that certain true or false block of code and either we bypass it or we convince it about our authorization or delete it or change it a bit (for example hex patching JE to JNE or filling it with some NOPs) or whatever a man comes up with.
The other reason about this is the way of thinking we have developed over the years. I am talking about Modus Ponens. In simple words we take clues and decide if a statement is true or false. This then becomes natively a programming habit and developers start to blame hackers or whatever.
Summing up all the intellectual shit. If almost everything can be analyzed into true or false eventually someone will convince it that he is authorized to use it while he is not. Same thing applies for processors. And something more here. I think that if someone develops a processor which makes its calculations using float numbers, this processor will be amazingly fast. I think that having something that is able to do its job not just in 1 and 0 but in 0,00-1,00 (meaning that 0,99 or 0,78 are allowed) then this processor will increase dramatically the speed of processing and will take computers into the next level. No, I am not whining about the speed of processors, I am just saying.
Feel free to comment on this 🙂