encrypted executables

Mike Meyer mwm at mired.org
Wed Feb 20 15:48:10 UTC 2008 

On Wed, 20 Feb 2008 09:51:23 -0300 "Thiago Damas" <tdamas at gmail.com> wrote:

>   And if you make a wrapper, and execute like a shell script:
> 
> #!/usr/local/bin/mysecyritywrapper
> <...encryted code goes where...>
> 
> 
>   In this way. it'll be hard to use truss, ktrace, strace etc...

Depends on how you're using "hard". If you mean "lots of work", then
yes, it'll make it harder by adding work. If you mean "difficult",
then no, it won't make it harder, because the extra work you added is
all well understood, so it's just more work, not more difficult work.

Me, I'd use gcore to get an ELF core image. Turning that into a real
executable is a well-understood process. Any modern LISP system will
have tools to do it, and emacs has been doing it for decades to get a
binary with all the emacs elisp packages pre-loaded. 

If that's to much work, you start by dissecting mysecuritywrapper,
which is pretty much exactly as hard as dissecting the executable sans
encryption. After that's done, you can replace it with your own code
to take advantage of those tools.

Either way, this just adds more work, not more difficulty.

    <mike


> []s
> 
> 
> 
> On Feb 19, 2008 1:09 AM, Giorgos Keramidas <keramida at ceid.upatras.gr> wrote:
> > On 2008-02-18 19:54, Jerry Toung <jrytoung at gmail.com> wrote:
> > >On Feb 18, 2008 5:39 PM, Dimitry Andric <dimitry at andric.com> wrote:
> > >>On 2008-02-19 02:18, Jerry Toung wrote:
> > >>> anybody knows of a tool to encrypt executables under FreeBSD? may be
> > >>> from the ports?  I am not talking about simple file encryption.
> > >>
> > >> Can you elaborate on what you *are* talking about then?  Some
> > >> security-by-obscurity scheme, perhaps? :)
> > >
> > > I need to encrypt elf binaries. I'd like to make it harder for the bad
> > > guy to reverse engineer my app.
> >
> > You know about truss/ktrace/strace already, right?
> >
> > It may be moot to encrypt the ELF binary, if the `bad guy' can access
> > the running image of the process *after* it has been decrypted to
> > execute.
> >
> >
> > _______________________________________________
> > freebsd-hackers at freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe at freebsd.org"
> >
> _______________________________________________
> freebsd-hackers at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
> To unsubscribe, send any mail to "freebsd-hackers-unsubscribe at freebsd.org"


-- 
Mike Meyer <mwm at mired.org>		http://www.mired.org/consulting.html
Independent Network/Unix/Perforce consultant, email for more information.

More information about the freebsd-hackers mailing list