flat assembler
Message board for the users of flat assembler.

Index > Windows > Help combining two codes

Goto page Previous  1, 2, 3, 4, 5, 6  Next
Author
Thread Post new topic Reply to topic
peet



Joined: 13 Dec 2011
Posts: 63
peet 20 Dec 2011, 02:53
revolution wrote:
fasm.exe is not signed and you can still run it. So, no, there is no equivalent technique in Windows.


but fasm.exe never wanted to check itself against a hash?! if the app does check itself against the hash saved in the signature it could tell me if it was manipulated?!
Post 20 Dec 2011, 02:53
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20309
Location: In your JS exploiting you and your system
revolution 20 Dec 2011, 02:56
peet wrote:
would it be possible to let the one app test itself against the signature in a workin/save way? guess not. does trusted platform modules do help in this?
In all of these situations anyone can simply alter the code to stop it checking itself. Lots of other techniques have been tried also, the most notable is obfuscation. But ultimately they are all doomed to fail because the OS is not enforcing any type of check on application start-up.

Driver signing enforcement in Vista (XP-64 also?) and above the is the closest there is to having the OS check code before running it. And this is where the TPM can help if the OS is also verified by the TPM. Then all driver and OS code can be known to be "pure".
Post 20 Dec 2011, 02:56
View user's profile Send private message Visit poster's website Reply with quote
peet



Joined: 13 Dec 2011
Posts: 63
peet 20 Dec 2011, 02:58
so the problem would be to get the testing routine abstracted outside the code which is easily manipulated, so i'd like to try going in TPM direction further maybe
Post 20 Dec 2011, 02:58
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20309
Location: In your JS exploiting you and your system
revolution 20 Dec 2011, 03:03
peet wrote:
so the problem would be to get the testing routine abstracted outside the code which is easily manipulated,
Yes. And you need the help of the OS here. And the OS must also be verified else someone could simply patch the OS to stop it checking. Read about the DRM fight that MS had several years ago. Hackers would simply patch things and disable the checking. It is no big deal for a hacker, they only need the motivation. Eventually MS gave up because it is an unsolveable problem and the fight can never be won.
Post 20 Dec 2011, 03:03
View user's profile Send private message Visit poster's website Reply with quote
peet



Joined: 13 Dec 2011
Posts: 63
peet 20 Dec 2011, 03:06
i am too tired now to get that all right, but what you said and i red just at wikipedia, it seems to be possible to register a cert in TPM and to bind an application to the check...will have to read that once more later

guess we'll end up with a tpm which would need to controll cpu useage but who controlls the TPM? hmmmm...makin headake....so open source is the one and only effective protection left i guess
Post 20 Dec 2011, 03:06
View user's profile Send private message Reply with quote
peet



Joined: 13 Dec 2011
Posts: 63
peet 20 Dec 2011, 03:14
revolution wrote:
Yes. And you need the help of the OS here.


only if the app can't call the tpm itself, or user can't ask tpm for verification

anybody ever checked tpm for security itself?


Last edited by peet on 20 Dec 2011, 03:16; edited 1 time in total
Post 20 Dec 2011, 03:14
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20309
Location: In your JS exploiting you and your system
revolution 20 Dec 2011, 03:16
peet wrote:
revolution wrote:
Yes. And you need the help of the OS here.
only if the app can't call the tpm itself, or user can't ask tpm for verification
The app can easily be altered so as to never check in with the TPM.
Post 20 Dec 2011, 03:16
View user's profile Send private message Visit poster's website Reply with quote
peet



Joined: 13 Dec 2011
Posts: 63
peet 20 Dec 2011, 03:19
if the tpm is build right it might get difficult to manipulate it without physical hands on it. in that case the tpm could get called with a need of verification, the answer to that would have to only be sent by tpm to user, not from app of course. this way you could trust the checked application?

edit the tpm would need a own posibility to display data (popup) without the need of os or anything else. but this would be possible.
Post 20 Dec 2011, 03:19
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20309
Location: In your JS exploiting you and your system
revolution 20 Dec 2011, 03:28
The TPM doesn't work that way. It can't reach in and control the actions of the CPU. Read about "Trusted Computing" (some call it "treacherous computing") to see how the TPM is integrated into the system. Everything from initial OS start-up right through to driver loading must be verified before you can trust the system to always check in with the TPM. If there is any break in the verification chain the the whole paradigm of TPM fails.
Post 20 Dec 2011, 03:28
View user's profile Send private message Visit poster's website Reply with quote
peet



Joined: 13 Dec 2011
Posts: 63
peet 21 Dec 2011, 06:24
@revolution:

wow, quite a discussion, there are possibilities to see, but problems as well. maybe we have to built our own cpu first to archieve goal really. hm maybe i sell pc and better buy a pizza instead? but can i trust the pizzaman? ;)

i did not find some clear information or links about linux engeneering in that direction. tpm technologie is implemented in kernel already, but i did not find a system project which does use it for itself. Is ubuntu not going that direction?

For the moment i will hash on lol.

@AG62: is your control making progress?
Post 21 Dec 2011, 06:24
View user's profile Send private message Reply with quote
AsmGuru62



Joined: 28 Jan 2004
Posts: 1619
Location: Toronto, Canada
AsmGuru62 21 Dec 2011, 14:55
@peet: no -- too much stuff on my plate.
Post 21 Dec 2011, 14:55
View user's profile Send private message Send e-mail Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2909
Location: 0x77760000
typedef 21 Dec 2011, 21:15
even hardware is not safe these days. Example, iPod touch, PSP, Android Smart Phones, GPS Devices. All of these were / can be rooted/hacked/jailbroken.

And mind you that some have their code encrypted.
Post 21 Dec 2011, 21:15
View user's profile Send private message Reply with quote
peet



Joined: 13 Dec 2011
Posts: 63
peet 22 Dec 2011, 03:53
as long as there is the possibility to run either or other code, that long you will be able to manipulate, at least if you programm at their low level.

the only possibility to get rid of this, at least as long as no phsysical hands on are possible, is to use 'primitive' technics. Imagine a small root 'hardcoded' algorithym built alike with hardwire cabeled LED's (nand and nor alike, but no dynamic, more C then C++) or other one-way-carrier hardware electronic. Now you may use this to load a second already certified abstraction layer and so on.... It's that simple that no one thinks about ;)
Post 22 Dec 2011, 03:53
View user's profile Send private message Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2909
Location: 0x77760000
typedef 22 Dec 2011, 07:31
peet wrote:
as long as there is the possibility to run either or other code, that long you will be able to manipulate, at least if you programm at their low level.

the only possibility to get rid of this, at least as long as no phsysical hands on are possible, is to use 'primitive' technics. Imagine a small root 'hardcoded' algorithym built alike with hardwire cabeled LED's (nand and nor alike, but no dynamic, more C then C++) or other one-way-carrier hardware electronic. Now you may use this to load a second already certified abstraction layer and so on.... It's that simple that no one thinks about Wink


Not when your own employees start revealing your company hardware/software development secrets.

Shit, this world isn't fair.
Post 22 Dec 2011, 07:31
View user's profile Send private message Reply with quote
peet



Joined: 13 Dec 2011
Posts: 63
peet 22 Dec 2011, 12:10
if your logic is produced by wirecabels instaed of calculation, you may publish its source (plan) that wont help somebody if your logic is good and errorfree?
Post 22 Dec 2011, 12:10
View user's profile Send private message Reply with quote
peet



Joined: 13 Dec 2011
Posts: 63
peet 22 Dec 2011, 14:33
@AG62 + ALL

so i will try to use standard edit control meanwhile, but do you think it would be possible to use the search and replace method to highlight all same strings in pad maybe?

and for my clipboard function this should be possible primitiv way by misusing string variables maybe?

and to make screenshot should be possibly not to hard, but set it as background and fade it?

the send to cmd should again work with OScalls maybe not to hard itself, in my childish fantasy at least :)

if you or someone could gimme pieces of code where i can see example (or links to the right places, as they are not that easy to find better seperate from the false ones if you not already know what you are searching for) and me do the tedious work of duplicating and to work it out to the end - i'd love to try
Post 22 Dec 2011, 14:33
View user's profile Send private message Reply with quote
AsmGuru62



Joined: 28 Jan 2004
Posts: 1619
Location: Toronto, Canada
AsmGuru62 22 Dec 2011, 14:49
@peet: what is "send to cmd"?

I am asking because "cmd" as I know it - it is a relative thing.
Example: "copy *cfg .\MyConfig\" may mean different things when running in different contexts - or different current directories.

You get what I mean to ask, right?
In other words, say, you have a command to execute inside "cmd".
In which current directory you mean to do it?
Post 22 Dec 2011, 14:49
View user's profile Send private message Send e-mail Reply with quote
peet



Joined: 13 Dec 2011
Posts: 63
peet 22 Dec 2011, 14:56
you are totally right - because of that problems it would not be senceful to go to deep inside the cmd communication, i'd use it without any depthing, just piping the string to a cmd after opening one. i'd leave all other depthing behind, as this is as you mentioned too complicated to be able to depth in deeper and behaving save. as well as we know cmd got enough bugs and tricky workarounds of workarounds of ...

and i'd never execute it automatically - the one before the screen must have to press enter himself, but i'd like to save the copy and paste part - and to make this functionality round i'd optionally offer grab the outstream and paste it back to pad (maybe at choosable point of padcontent).
Post 22 Dec 2011, 14:56
View user's profile Send private message Reply with quote
peet



Joined: 13 Dec 2011
Posts: 63
peet 22 Dec 2011, 15:05
if someone wants to be able to choose or change the cmd location in that context i'd suggest to do this by providing possibility to change or set environment variables to OS before calling the cmd. this way the functionality would not interference with the cmd implemetation itself.
Post 22 Dec 2011, 15:05
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20309
Location: In your JS exploiting you and your system
revolution 22 Dec 2011, 15:08
The CreateProcess API has the lpCurrentDirectory parameter to set the current directory at start-up of cmd.
Post 22 Dec 2011, 15:08
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2, 3, 4, 5, 6  Next

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.