News:

MASM32 SDK Description, downloads and other helpful links
MASM32.com New Forum Link
masmforum WebSite

Security

Started by Danesh, May 20, 2007, 08:34:18 PM

Previous topic - Next topic

Danesh

Hi all,

I am looking for some resources which can help to show how "low-level programming" can be useful to write more secure codes. For example, programs written in assembly can (almost) never crash because of "buffer overrun attack" because buffer size is almost checked when a buffer is read but other high level languages like C has many of these kinds of vulnerabilities. Can anybody show me some online resources or other examples? I really would like to use these techniques in my code.

Regards,

D.

evlncrn8

Quote from: Danesh on May 20, 2007, 08:34:18 PM
For example, programs written in assembly can (almost) never crash because of "buffer overrun attack" because buffer size is almost checked when a buffer is read

it is?... could have fooled me.. what makes you think asm automatically checks buffers when writing?

Danesh

Not automatically! But when a buffer is copied into another, programmer should know the size of source to copy them one by one or the whole block. This is not done in C (strcpy) however other secure functions have been introduced to fix this vulnerability.

D.

evlncrn8

its just a matter of programming
bad code = bugs = exploits / overruns

the language doesn't matter, the onus is on the coder to make good, safe reliable code


tenkey

Quote from: Danesh on May 20, 2007, 09:48:17 PM
Not automatically! But when a buffer is copied into another, programmer should know the size of source to copy them one by one or the whole block. This is not done in C (strcpy) however other secure functions have been introduced to fix this vulnerability.
The same precautions in ASM ought to be taught to C programmers! C is low level enough that programmers need to use the same level of rigor as they would in an ASM program.

ASM does not protect the system from the programmer any better than C. You can create uninitialized pointers, buffer overflows, dangling pointers, or memory leaks just as easily in ASM as in C by using the same pointer techniques. You store your critical application data in the same types of files. Your access to file permissions is the same in both languages. You can create SQL requests in the same insecure ways in both languages.

In short, every runtime mistake in C can be duplicated in ASM, and just as easily.
A programming language is low level when its programs require attention to the irrelevant.
Alan Perlis, Epigram #8

Tedd

Yes and no.. I think Danesh's point is that anything you do in asm is explicit, thus you know exactly what is going on and must then be aware of pointers, allocations, etc, and therefore the need to check lengths, clean up, etc. As a result, though it is just as easy to (be able to) make the same mistakes in asm, nothing is hidden from you as in higher languages (such as type conversions, temporary allocations, etc) where one might forget more easily. (Yes, you could forget in asm too, but since you're the one who must explicitly do the allocation/whatever in the first place, then that is generally a trigger to remember to cleanup/check/etc.)
Or, to put it another way (going along with the old "shotting yourself in the foot" analogy), in asm you're the one who must get the bullets and load the gun and aim at your foot and pull the trigger; it's generally much easier in higher languages.
No snowflake in an avalanche feels responsible.

jdoe

Hi,

If someone have an example of "good, safe reliable code" and one example of "bad, unsafe code" it would be appreciated for me to understand correctly the difference and the security behind coding habits.

Thanks



Timbo

Hi there,

example of bad code:
bad_alloc:
invoke HeapAlloc, hHeap, HEAP_ZERO_MEMORY, 1024
mov hMem, eax
;do some other stuff
jmp bad_alloc

Multiple allocations using only one dword to store handles, thus making freeing the previous allocations impossible.  This can occur with any allocated handle.

Regards,

Tim

jdoe

Thanks Tim but this example seems obvious.

I know this forum not allowed hacking techniques to be shown but there must be a way to expose coding errors that can end up with security leaks. I don't want to learn the hacking techniques but what to do to prevent them to be too easy. I know these are very close because prevent in some way is understanding how to exploit but I hope a basic example can be shown here.

Danesh

Tedd:
Yes you are right. I meant since low level programmers should take care of all details, their code are usually secure. However, because everything is manual, a mistake can make the code inefficient or insecure. Nowadays, most popular security holes are Buffer overflows, Format string vulnerabilities and input validation which are all in hands of assembly programmer while high-level programmers don't see what is behind routines they use. Somebody think it is only programmers job to make sure that his code is not vulnerable at all. However it is true, but various languages are very important too. For example, what makes Java more secure than C/C++ is that Java uses exception handling techniques and also it doesn't use pointers. There is another alternative called JIF (Java Information Flow) which makes the code even more secure by adding labels to each variable.

Jdoe:
Try to copy a buffer into a smaller buffer without any boundary checking. If you get your buffer from command line, then you can easily try many inputs which exceed size of buffer you use in your code to store input data. When you try, you may get Segmentation Fault error message, but by changing buffer size, the error message will change to "Illegal Instruction". Then you are near the point to crack that program. Now write another program (in C is easy) and find a ready to use Shellcode from internet. Then change your buffer with "addr.......ShellCode......NOP" where "addr" points somewhere between NOPs. Then try to experiment this buffer by various sizes and also at the same time change "addr" too. I am sure, few tries (maybe 10 times) will make the attack successful. When the attack is successful your shellcode will be run and you will get access to the shell, usually with high privileges. This kind of vulnerability is very common in programs written in C/C++. Even now with secure libraries lazy programmers still do same mistake, but in assembly, since you have to check the size of string before copy it, this vulnerability can almost never happen. It took some year so major vendors found out about it and provided secure libraries for C/C++, but assembly was secure before all of them.


PS: I believe the best way to stop attackers, is to learn how attacks can be done! I hope there will be no misunderstanding about above comments. :)

ic2

QuotePS: I believe the best way to stop attackers, is to learn how attacks can be done! I hope there will be no misunderstanding about above comments. :)

If it is he is full of sh*t...

Accuseeeee Me sir,  Do this mean: since i know the size of my own strings, all i have to do is simply call a strlen function and check the size and not let it thru if size is incorrect.  If so, that's great, if not can it be explained a little more in a way that is impossible to hurt this forum. We hear that a thousand times but if the word protection came up the guy was doom to hell with no ice water to send him off.

It sounds like there are many things that makes no sense not to know about and should be allowed instead of hiding the facts that we need to hear in order to get the full understanding.  Who said that only the hacker is suppose to know.

All i got to say is... Anything, that sound like what you just described above in so little words should be known, especially by masm32 programmer ... and that is ... i mean ANYTHING that GOES  with the word (IMPOSSIBLE to DO) should never be disputed by any member of any forum.

Fasm, Nasm members, including some of our own moderators know every trick in the book, sharing only among themseft, possibly moving in for a KILL at this very moment on some poor sole  program. hee hee.  Do anyone douth that ... Well, long, long ago before the stars existed, well before us suspicious noobs, came thousands of hackers who founded a baby name Assembler.  You do the math.

But still, member at this forum are dedicated and know better than to even deal or be bothered with that kind of thing, but we are not children, nor are we total da*e fools even though  we do need an certain amount of protection with tender loving care.  For now we laugh it off.

Quotebut in assembly, since you have to check the size of string before copy it, this vulnerability can almost never happen.

ALMOST NEVER HAPPEN, NEARLY if not IMPOSSIBLE SH*T.  That's seem to be what any da*e fool should want to know about.  Seem like something that is even taught in computer science classes around the WORLD ... and you want to silence me.

Do the world a favor and don't send me and my little programs out to the world as a total dumb ass bragging I'm an masm expert.

Thank you

Didn't mean to be so brutal.  it time for all of us to go back to school.. but don't blow-it for everybody.  If so, we will find you and we will call the child support authority on your ASS.  They get paid for the rest of YOUR life[/size]

Like it or limp it, that's the way i feel about it right now

jdoe

Quote
If it is he is full of sh*t...

If so, that's great, if not can it be explained a little more in a way that is impossible to hurt this forum. We hear that a thousand times but if the word protection came up the guy was doom to hell with no ice water to send him off.

ic2, my question was about good coding habits and I was expecting something like "look at this code, this is bad... do this instead".
I think the question was clear enough but I'm not responsible of replies.

Quote
Anything, that sound like what you just described above in so little words should be known, especially by masm32 programmer

I don't agree. I totally don't care about exploit stuff, hacking or whatever and I don't even want to know anything about it (except for basic stuff about RE that I have used for customizing Windows XP installation - that was based btw on others work anyway). I like coding with masm because of the challenge, the speed result and because this is the language I like most. Again, I just wanted to improve my coding habits. I'm absolutely a noob about malicious code.

Quote
Didn't mean to be so brutal.

It sound like "your an ass*", Oh sorry I didn't mean to be so brutal.

Lack of respect and too fast accusation. And btw I don't see Moderator below your name and if you had doubts about what was going on in this topic, there is a Notify button at the end of each page. Clicking on it could have been a better way of being civilized.


Danesh

Quoteall i have to do is simply call a strlen function and check the size and not let it thru if size is incorrect

Oh yeah? Too simple when you have solution! When a programmer copies a buffer into another one, he would never check the size while he expects the copying function to take care of this! Otherwise, he could copy it char by char. Instead of that, a secure function which is "strncpy" should be used which will check the size of two buffs. There are also more secure libraries (even compilers of C) like FormatGuard and StackGuard to solve *these* kind of vulnerabilities.


ic2

jdoe, I was waiting to see who would jump all up in arms about my post and who will follow to keep the subject at bay.. Most of it was simply joking and talking big sh*t.  Can't you tell... Street talk when you have something on your mind that matches a thought.  I even included the WORD Moderator.  Not meaning He's the One.

A hacker that lives assembler is the best of the best that don't mean he a diry mug..  They were here first.   Don't you think Bill Gates drops in every now and than.  Do you think he don't care to keep up in his spare time at the great assembler forum on earth that praises his STUFF.

So hell, i include them all... The Good the Bad and the Ugly.  But can never accuse anyone.  They all are grown people who been there and can read between the lines.  I bet we all been helped out by a hacker or two.  Thank God

QuoteFasm, Nasm members, including some of our own moderators know every trick in the book, sharing only among themseft, possibly moving in for a KILL at this very moment on some poor sole  program. hee hee.
We know our people is not out to hurt us... that goes un-said...

All revering is not evil no matter what you believe.  But we don't do that around here.

Now see what we done... Another good chance of learning something other to how pretty and readable the code is.  All were doing is changing the subject just like what ALWAYS happen until the next decnt person apear.

Quotemy question was about good coding habits and I was expecting something like "look at this code, this is bad... do this instead".

This is about protections, not habits.  We talk that every day.
If i was the poster and say anything difference, honestly i would just be kissing up so that i will not be

Quotedoom to hell with no ice water

As you see now he can take offense just for me saying that.  I'm not scare.  I can take my ass woopen if i get to wrong.

But if pepole keep stopping a chance to be fair I will not only call the child support authority on his ASS, i will help his exwife with the anmony proceedings.  If that's not respect, WHAT IS...

Anyway, don't be a blocker let it ride as long as it is fair.  The
Moderators can be fair as long as we don't run with and allow the bullsh*t.

One last thing...

Forget it and let just see what happen... You're still cool to me jdoe.  but i stand by my opening line because no one is perfect when he is trying to make a point.  I don't totally agree with every word in that quote but his point was not all with-in that line... it was before but now he could have been killing it all because of other people understand ...

Quoteis to learn how attacks can be done!

Meaning to know what is visible on the outside, not to learn how to attack...  That is really hard anyway you say it and can be taken wrongly in a flash.  There are many pro's here who know for sure and will be the one to call it anyway.... 


Anyway you never hear me curse, only words you see on TV since President Carter was in office has not been blocked out ... He the one who started it all, not Richard Pryer...  Besides cursing is hutch department ... hee hee (just kidding)

Thanks Danesh,

I hope hutch allow a space to get-it-on.  He just don't like sneak people and we don't either...I bet all you're sincere.  Don't prove me wrong.  btw:  i know what you mean about standard calling, now that you broke it down to this noob, i have a chance to conter protect on my own from such litte information.  Remember we are asm people so we can catch on eventually.  That's all we need.  Not how to be one or even do it.  With that it's all dead in the water face down.    We figure stuff out for our selfs off of known basic facts.  That what i call being fair.  That's why i pitch the bit*h before it all get lost.  At lease i had my say

See you soon.

jdoe


ic2,

Quote
They all are grown people who been there and can read between the lines.

English is not my primary language so reading between the lines is not an easy task for me. And more, I'm a kind of irritable person as you see.

You must keep in mind that this board have members from all around the world and many like me must make a lot of efforts to read and understand.

Mistakes happen. More often in my case to be honest.   ::)