As you all know it’s easy to create a binary for open source software’s as the code is readily available. But there are also ways to alter a binary file without the code. A binary file could be altered to perform various other tasks. In windows a good win32 programmer can easily hijack the code. In theory the data and other sensitive information can be easily stolen. Even your antivirus can not detect this kind of attack.

Take example of a sample attack for win32 program:

Open any win32 application with a debugger. These debuggers have sophisticated ways to identify the system calls. It’s a no brainer for a windows programmer to identify the system calls and add break point to trace the exact location. Using this tool, we can exactly decide where we need to hijack to accomplish a certain task.

Once decided the place to hack, we need to decide where to place the hack code inside the binary. As per windows PE format the binary is organized as sections whose size is the multiple of file alignment value. So there is a high chance that we can always find some free space inside the segments to place our hack code. Use the Portable Executable (PE) identification tools to see the segments.

Open the EXE in hex editor, a powerful one like Hiew and change the API call that we identified to jump to a free location where we would write our new functionality. At the end, the function jumps back to the original location to continue the execution of the program. You can also call an external file to accomplish more work.

Either open source or binaries are susceptible to the same attacks. It’s always advised to download software from a trusted site and also make it a practice to download and verify the checksums of the software from an official website.

Build security in your organization: From process to application…