3. EAX-56 KGM Under Attack: A Thorough Examination of SCA
bY Mohammed Fadel Mokbel
+ Size: 168.0 KB CRC-32 : 527EF61F
Abstract: This paper is a continuous work of my previous published article (RCE Profiling: Counterbalancing the Algo.this.Key) in CodeBreakers Journal Vol. 4, No. 1, 2007. What I’ll try to establish in this paper is to continue the analysis of another KGM; Keygen it to a higher level of simulation, blowing up the SCA, inline assembly code. The new thing is how to find the bugs inside the compiled executable file and how to deal with them so that not to expose your software for malicious attacks based on a hidden bug prior to a low beta testing process. This accomplished with a detailed scrutiny of the overall construction of the code. The main objective is to concentrate on the debugging analysis and how to conduct a meticulous verification for any misbehave upon beta testing process. Software engineering the bugs with a degree of optimization using code injection so that to circumvent the unpredictable crash or fault answers. The methods used to perform this task, that is, analytical, numerical, and experimental.
Keywords- Code Injection, Keygenning, Reverse Code Engineering, Serial Checking Algorithm, Software Engineering.
.: This paper is published at CodeBreakers Journal (<http://www.CodeBreakers-Journal.com>) website Security & Anti-Security - Attack & Defense [ Vol. 4, No. 8, 2007 February ] under Mohammed Fadel Mokbel name :.
Abstract: In this paper I will try to demystify the commingled relations between the inner working of the behavioral serial checking algorithm in its core with some genetic modifications for better protection against simple reversing attacks. The study will be based on reversing the serial generator algorithm structurally for modified commercial application in conjunction with another KeygenMe victim to a higher level of modeling. Adding some layers of protections: Obfuscation/Encryption, AntiDebugging,and Specific Alarm Implementation (SAI). Everything will be injected smoothly with a level of distributional complexity to make the immune system aware about some of the infectious diseases which could lead to a class attack.
The main objective is to understand how things work, by controlling the magnetized procedures, and to combine things in order to make them more effective and less vulnerable. The methods used to perform this task, that is, analytical, numerical, and experimental.
Keywords: AntiDebugging, Encryption, Keygenning, Obfuscation, Reverse Code Engineering, Serial Checking Algorithm.
.: This paper is published at CodeBreakers Journal (http://www.CodeBreakers-Journal.com) website Security & Anti-Security - Attack & Defense [ Vol. 4, No. 1, 2007 January ] under Mohammed Fadel Mokbel name :.
+ Size: 2.48 MB CRC-32 : EAF350B7
4. RCE Profiling: Counterbalancing the Algo.this.Key
bY Mohammed Fadel Mokbel
5. WTM Register Maker v2.0 case study
bY Mohammed Fadel Mokbel
+ Size: 274.0 KB CRC-32 : 26B9C60B
Abstract: In this journey we are going to analyze WTM Register Maker v2.0: http://www.webtoolmaster.com, which manages your serials for your shareware, protects your exe files against cracking with crypto technology. And had a lot of nice features like: serial is needed for extract protected exe file, small loader, fast, there is no way to sniffing right serial / only brutal force, protect your software against cracking/hacking.
So, the objective of this work is trying to demystify and annihilate how WTM Register Maker works. To do this, we will step through many levels of protection elimination starting with unpacking, cracking, inline patching, aesthetical modifications, where another tools like HzorInline and aPE failed to accomplish their task (in their automated configurations).
In this work I managed to think of the most optimized solution (nothing new) especially when it comes to inline patching (you’ll see later why) to defeat the nag screen from the loaders. Having said that, another approach will be explained also just for completeness by trying to explain its advantages and disadvantages. Why this and why not that.
The methods used to perform this task, that is, analytical, numerical, and experimental.
.: This paper is published at ARTeam website [ ARTeam eZine Volume 1 Issue 2, October 2006 ] Chapter 12, Page 66 under tHE mUTABLE pseudo name of Mohammed Fadel Mokbel :.
Please Note That You Need This Password To Open This File: 010themutable010
Abstract: Reverse Code Engineering with emphasizing on breaking software protection. For many specialists in this field especially in the field of malware reversing, it’s a must to understand what all is about by “analyzing the subject system to identify the system’s components and their interrelationships and to create representations of the system in another form or at a higher level of abstraction “(IEEE 1990) in order to take the control over the malware invaders and protect millions of computers around the world from being infected as quick as possible. For breaking protections protocols the rationale is to get the knowledge for the unknown because it’s enjoyable and truly truth to reconstruct 0’s & 1’s for another purpose without knowing the original state (source code) of construction.
The objective is to unhide the castle of secrets behind the beauty of how things works and to present a newly customized approach for better protection against illegal reversing concerning commercial software applications. The methods used to perform this task, that is, analytical, numerical, and experimental. The study shows the weakness of the Operating System in handling the binaries connections system call, protections in a commercial applications and how it’s fully reversed to its newborn phase, which impose a great threat on the customers and companies affecting companies’ liability. It reveals the integrity in reversing software executable files and how to break software’s protections. Most of the materials presented are newly designed and implemented for this purpose.
Keywords: Reverse Engineering, Breaking Protections, Algorithm, Packer, UnPacker, Patching, Serial
.: This book is published at ARTeam website [ July 07, 2006 ] as an Exclusive Edition with my Permission under tHE mUTABLE pseudo name of Mohammed Fadel Mokbel; before that it was one of my project at LIU university. It's due to changes in the future as long as I have enough time to update it. Currently I'm planning to rebirth it with a new template, adding a few pages regarding Keygenning and to correct some errors... stay tuned... :.
Please Note That You Need This Password To Open This File: themutable2006
+ Size: 1.81 MB CRC-32 : 4FE0529D
6. RCE: Emphasizing on Breaking Software Protection [ Exclusive Edition 2006 ]
bY tHE mUTABLE a.k.a Mohammed Fadel Mokbel 526576657273696E6720746865204D696E64206F6620476F64
Abstract: Description: This tutorial will be dealing with Decrypting the algorithm step by step for the Password Wizard With Java & Flash. Site Password Protection Implementation In Either Java Or Flash Mode. Algorithm Decryption With ASCII Plain Text Search Approach.
Please Note That You Need This Password To Open This File: 010themutable010
+ Size: 972.0 KB CRC-32 : 19A6A153
7. Deciphering the Algorithm
bY tHE mUTABLE a.k.a Mohammed Fadel Mokbel
8. Time Dilation and Length Contraction Formula
bY Mohammed Fadel Mokbel
+ Size: 1.40 MB CRC-32 : 89D18C70
Abstract: This worksheet demonstrate the simplicity of deriving the Time Dilation and Length Contraction Formulas using a basic mathematical theory (Pythagorean theorem) Step by Step which follow from the Principle of Relativity. It's simple in all directions. Events play a major role in Relativity because they involve space and time. So for every event to occur there is a place(Space) and time, the two events are not the same because they involve different time and place(Space). So in order to visualize the behavior of this phenomena rather than using the traditional "Two Observers" example, I will use a "Bouncing Light Beam situation" which I adopted from professor RICHARD WOLFSON book "Simply Einstein, Relativity Demystified". Rather than describing only light and how it bounce with respect to different reference frame but it's about the nature of Time.
This article is published at MapleSoft site as an official publication. Direct Link: Time Dilation and Length Contraction
2. Achilles Heel in the Philosophy of Prometheus Boundless Security
bY Mohammed Fadel Mokbel
+ Size: 387.0 KB CRC-32 : A6F0945A
Abstract: This paper presents a semi-inclusive analysis of the current Black Box security and privacy breaches, taking into account human factor as information security involves both technology and people. Most of the problems in the security and privacy domain are of amalgamation nature, where there is no definitive embodiment of measuring the applicability of the security while the privacy is intact, especially without taking into consideration the human layer. This dispersion in the security and privacy area refers to many factors in the sphere of information distribution. Therefore, a philosophical approach will be emphasized concerning people compliance to the technology in general and to the way typical and competent end user sees the technology evolution and interaction, when a mutual symbiotic relationship should epitomize this correlation. An inductive/deductive reasoning called Shadowed Time Advancement (STA) and Probabilistic Mathematical Behavioral System (PMBS) are outlined in this paper to prove this problem by inspecting the difficulty of analyzing the system under assessment where in fact still a complete logical dissection of the outer/inner layout shell is pertinent. The degree of transparency in cyberspace is no longer valid in today’s ever mutant digital world. This can be shown by applying a heuristic attack by showing how the visibility medium is shadowed with time advancement. The fact that not all the companies consider people technology education as a must can be referred to the inconsistency in knowledge distribution. Knowing that people are anxious about the unknown, knowledge is the best counterattack against lack of knowledge; otherwise a self-destructive future will be imminent. Balance is what makes human aware of the evil spirit of this subversive world. In this paper a proof of concept is presented to show how a complete modification of an executable file could be carried out without detection.
Keywords— C++, Computer Science Philosophy, Human Factor, Privacy, Reverse Code Engineering, Security.
.: This paper is published at CodeBreakers Journal (<http://www.CodeBreakers-Journal.com>) website Security & Anti-Security - Attack & Defense [ Vol. 5, No. 2, 2008 August ] under Mohammed Fadel Mokbel name :.
Abstract: Unraveling a clandestine code or decoding an essential part of an algorithm entails a careful analysis. The Disassembly of an executable file to find out how the algorithm works implies dealing with assembly instructions. This means going through a meticulous translation of these ambiguous assembly instructions into a high level statements. In order to transform these instructions into a self-documented code, you need to have a communication system that undertakes the responsibility of mapping these instructions into a different set of mutual instructions. Therefore, the proposal for a hypothetical set of complementary syntax with a meaningful relational semantics is presented in this paper. This could be achieved by using the preprocessor macro definition in the C/C++ computer programming language. Thus, assigning a context based functional keywords for the major statements as well as adding non-functional keywords, would be enough for this phase of translation. The main target is the snippet code writer for reverse assembly code transformation either from assembly or the C/C++ language. The level of data and control abstraction in this newly presented textual substitution language is smoothly tuned to reflect the ease of writing immediately well-designed algorithm. The line of attack here is that the language is structured in a way so that one does not need another phase to paraphrase it to real executable code. This is similar to the way the English language works in the sense that one writes the same way he thinks. Despite the fact that the proposed language inherits some restrictions from the formal language, it is still more natural and quite descriptive to encompass a wide range of additional terms and taxonomies. These added terms must be classified under special categories with a list of flexible characteristics which are more expressive in relation to the algorithm under consideration. Hence, the main purpose of this paper is to demonstrate that contextual code representation is superior to the abstract notational keywords used today in High Level Languages (HLL).
Keywords— Algorithm, Assembly, C++, Pseudo Code, Reverse Code Engineering, Snippet Code, Syntax, Taxonomy.
.: This paper is published in IEEE Potentials Vol. 29, Issue 2, (March/April 2010) P. 26-33. Available at http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=5438252&tag=1 :.
Notice: "This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright. In most cases, these works may not be reposted without the explicit permission of the copyright holder."
+ Size: 1.14 MB CRC-32 : DD04A3E5
1. An Embellished Macro Descriptive Language For Reverse Assembly Code
bY Mohammed Fadel Mokbel
[Main Paper]
+ Size: 69.9 KB CRC-32 : 5EFB1F12
[Proof of Concept]
+ Note: The abstract is not included in the original paper.