From owner-freebsd-hackers@FreeBSD.ORG  Tue Feb 19 04:46:04 2008
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 6978916A418
	for <freebsd-hackers@FreeBSD.org>; Tue, 19 Feb 2008 04:46:04 +0000 (UTC)
	(envelope-from imp@bsdimp.com)
Received: from harmony.bsdimp.com (bsdimp.com [199.45.160.85])
	by mx1.freebsd.org (Postfix) with ESMTP id 2748813C43E
	for <freebsd-hackers@FreeBSD.org>; Tue, 19 Feb 2008 04:46:04 +0000 (UTC)
	(envelope-from imp@bsdimp.com)
Received: from localhost (localhost [127.0.0.1])
	by harmony.bsdimp.com (8.14.2/8.14.1) with ESMTP id m1J4dToN032687;
	Mon, 18 Feb 2008 21:39:29 -0700 (MST) (envelope-from imp@bsdimp.com)
Date: Mon, 18 Feb 2008 21:44:59 -0700 (MST)
Message-Id: <20080218.214459.-861064602.imp@bsdimp.com>
To: keramida@ceid.upatras.gr
From: "M. Warner Losh" <imp@bsdimp.com>
In-Reply-To: <20080219040912.GA14809@kobe.laptop>
References: <47BA3334.4040707@andric.com>
	<86068e730802181954t52e4e05ay65e04c5f6de9b78a@mail.gmail.com>
	<20080219040912.GA14809@kobe.laptop>
X-Mailer: Mew version 5.2 on Emacs 21.3 / Mule 5.0 (SAKAKI)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Cc: freebsd-hackers@FreeBSD.org, dimitry@andric.com, jrytoung@gmail.com
Subject: Re: encrypted executables
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>, 
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Feb 2008 04:46:04 -0000

In message: <20080219040912.GA14809@kobe.laptop>
            Giorgos Keramidas <keramida@ceid.upatras.gr> writes:
: On 2008-02-18 19:54, Jerry Toung <jrytoung@gmail.com> wrote:
: >On Feb 18, 2008 5:39 PM, Dimitry Andric <dimitry@andric.com> wrote:
: >>On 2008-02-19 02:18, Jerry Toung wrote:
: >>> anybody knows of a tool to encrypt executables under FreeBSD? may be
: >>> from the ports?  I am not talking about simple file encryption.
: >>
: >> Can you elaborate on what you *are* talking about then?  Some
: >> security-by-obscurity scheme, perhaps? :)
: >
: > I need to encrypt elf binaries. I'd like to make it harder for the bad
: > guy to reverse engineer my app.
: 
: You know about truss/ktrace/strace already, right?
: 
: It may be moot to encrypt the ELF binary, if the `bad guy' can access
: the running image of the process *after* it has been decrypted to
: execute.

kill -ABRT

will generate a core file.

Often times, the core file can be quite useful in recovering the
original executable.

emacs has used this technique for years to 'preload' stuff, take a
core dump, then re-run the core file after some post-processing.

Warner