From owner-freebsd-hackers@FreeBSD.ORG Wed Feb 20 15:48:09 2008 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E60E116A404 for ; Wed, 20 Feb 2008 15:48:09 +0000 (UTC) (envelope-from mwm@mired.org) Received: from mired.org (bhuda.mired.org [66.92.153.74]) by mx1.freebsd.org (Postfix) with SMTP id 82BAB13C44B for ; Wed, 20 Feb 2008 15:48:09 +0000 (UTC) (envelope-from mwm@mired.org) Received: (qmail 44848 invoked from network); 20 Feb 2008 15:46:47 -0000 Received: from unknown (HELO mbook-fbsd) (192.168.195.2) by 0 with SMTP; 20 Feb 2008 15:46:47 -0000 Date: Wed, 20 Feb 2008 10:47:16 -0500 From: Mike Meyer To: "Thiago Damas" Message-ID: <20080220104716.339552f3@mbook-fbsd> In-Reply-To: References: <86068e730802181718s1ad50d3axeae0dde119ddcf92@mail.gmail.com> <47BA3334.4040707@andric.com> <86068e730802181954t52e4e05ay65e04c5f6de9b78a@mail.gmail.com> <20080219040912.GA14809@kobe.laptop> Organization: Meyer Consulting X-Mailer: Claws Mail 3.0.2 (GTK+ 2.12.5; amd64-portbld-freebsd7.0) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Mailman-Approved-At: Wed, 20 Feb 2008 15:55:17 +0000 Cc: freebsd-hackers@freebsd.org Subject: Re: encrypted executables X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Feb 2008 15:48:10 -0000 On Wed, 20 Feb 2008 09:51:23 -0300 "Thiago Damas" wrote: > And if you make a wrapper, and execute like a shell script: > > #!/usr/local/bin/mysecyritywrapper > <...encryted code goes where...> > > > In this way. it'll be hard to use truss, ktrace, strace etc... Depends on how you're using "hard". If you mean "lots of work", then yes, it'll make it harder by adding work. If you mean "difficult", then no, it won't make it harder, because the extra work you added is all well understood, so it's just more work, not more difficult work. Me, I'd use gcore to get an ELF core image. Turning that into a real executable is a well-understood process. Any modern LISP system will have tools to do it, and emacs has been doing it for decades to get a binary with all the emacs elisp packages pre-loaded. If that's to much work, you start by dissecting mysecuritywrapper, which is pretty much exactly as hard as dissecting the executable sans encryption. After that's done, you can replace it with your own code to take advantage of those tools. Either way, this just adds more work, not more difficulty. []s > > > > On Feb 19, 2008 1:09 AM, Giorgos Keramidas wrote: > > On 2008-02-18 19:54, Jerry Toung wrote: > > >On Feb 18, 2008 5:39 PM, Dimitry Andric wrote: > > >>On 2008-02-19 02:18, Jerry Toung wrote: > > >>> anybody knows of a tool to encrypt executables under FreeBSD? may be > > >>> from the ports? I am not talking about simple file encryption. > > >> > > >> Can you elaborate on what you *are* talking about then? Some > > >> security-by-obscurity scheme, perhaps? :) > > > > > > I need to encrypt elf binaries. I'd like to make it harder for the bad > > > guy to reverse engineer my app. > > > > You know about truss/ktrace/strace already, right? > > > > It may be moot to encrypt the ELF binary, if the `bad guy' can access > > the running image of the process *after* it has been decrypted to > > execute. > > > > > > _______________________________________________ > > freebsd-hackers@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" > > > _______________________________________________ > freebsd-hackers@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-hackers > To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@freebsd.org" -- Mike Meyer http://www.mired.org/consulting.html Independent Network/Unix/Perforce consultant, email for more information.