You are required to reverse engineer a piece of real-world software.
Your reverse engineering work must not violate
the End User License Agreement (EULA) for your selected program, or,
if your work would violate the EULA, you must obtain permission from
the developer in advance.
Your objective is to:
Fully understand the security aspects of your selected program.
Bypass some aspect of the security by "patching" the code.
Describe in detail how the software could be made more resistant to a
reverse-engineering attack.
It is your responsibility to find a suitable program
for this project---I will not provide a list of potential project topics.
At a minimum, you will need a disassembler, a debugger, and a hex editor.
Additional tools may be needed, depending on the topic you select. The following specific
tools could prove useful for your work:
OllyDbg --- disassembler and debugger. According
to the OllyDbg website, "OllyDbg is a shareware, but you can download and use it for free".
IDAPro --- disassembler and debugger.
There is a free evaluation version.
To see examples of some types of security techniques you are likely
to encounter in software, see the book Crackproof Your Software, by P. Cerven.
You will probably need a source of information on assembly code. Many
good resources are available online.
See this website for
additional information on tools, many useful SRE-related links, etc.
All projects will be graded on the same basis, and all projects will be
ranked against all other projects. Outstanding projects may get a 10 point bonus.
Instructor approval of your selected topic, via email, is required.
The topics are first come, first served. For your email, use subject line
"CS265-01 SRE Topic" or "CS265-02 SRE Topic", as appropriate.
You must email your project topic to me
at stamp@cs.sjsu.edu
by the date given on the greensheet.
If I have any issues or concerns regarding your selected topic,
I will inform you promptly. If you select a topic and find
that it is too difficult, it is
possible to change to a different project. However, this will
cost you a significant
amount of time, so it is to your advantage to spend
some effort to initially select a feasible topic.
No written report is required, but you must be prepared to give
an oral presentation at any time on or after the due date. During the oral
presentation you must demonstrate at least one of your attacks, by reverse engineering the executable in real time.
The due date for the project is given on the greensheet.
It is essential that you start on this project
as soon as possible
after completing project 1.