WhiteHat and the Exploit Factory

Every single program uses string to store file paths, labels, prompt text. But not everyone knows that plain text strings can be easily obtained with a debugger. Some programs even store passwords or any other important information in plain text strings. In this blog post I will go over the most popular ways of hiding/encrypting strings in programs. Passwords should newer be stored as plain text (but we will do it anyways for demonstration purposes)! Better thing to do is to store a hash of the password and compare hashes. First, let's demonstrate with an example what I mean by storing plain text strings: Now, let's look at this program with the debugger. By searching for all referenced strings in the program we can easily discover what the password is, no need for advanced techniques: Now, let's look at something more interesting. In this case we have an alphabet (char array), where we have defined our char set. When it comes to checking the string - we co...

To begin understanding why process memory patching is a serious issue we need to understand what it is and how it works. So, without further ado let's answer these questions. Memory patching is modification of process memory in runtime (in this post I am not going to talk about patching binary files). To help you better understand, let's imagine the following scenario: you created a game that has a high score system, user's score is stored in a variable in memory and at game over it is sent to the server. Now, imagine if someone changes the variable in memory right before it is sent. Sounds unfair to other honest players, doesn't it? To better demonstrate how it works I wrote a simple demo in c++ (which you can compile and test on your system). It this post I will be only talking about how it's done in user mode . Target program: Attacker program: First we compile and run a target program, it will display it's process identifier (PID) and a memory loca...