Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 12-30-2019, 20:52
Abaddon Abaddon is offline
Friend
 
Join Date: May 2016
Posts: 29
Rept. Given: 0
Rept. Rcvd 2 Times in 2 Posts
Thanks Given: 69
Thanks Rcvd at 27 Times in 16 Posts
Abaddon Reputation: 2
Last decade recollection- Next decade predictions

Hello everyone.
With a new decade ante portas, i think an assessment of the previous decade and some predictions for the next decade might be an interesting and fun topic.

So...

1. What do you think was the most interesting/challenging type of software protection of the past decade? Where do you think the future of software protections lies?

2. What would you characterize as "tool of the decade"? If you were to name 5 tools that influenced the scene more, which would those be? Where do you think the future lies as far as tools go?

3. Which release do you consider to be the biggest breakthrough for the last decade, and for what reason? In other words what release came to shake still waters, and was a (pleasant) surprise (to all except the developers)?

Wishing you all the best in 2020!
Reply With Quote
  #2  
Old 12-30-2019, 21:50
chants chants is online now
Family
 
Join Date: Jul 2016
Posts: 496
Rept. Given: 4
Rept. Rcvd 33 Times in 19 Posts
Thanks Given: 420
Thanks Rcvd at 766 Times in 355 Posts
chants Reputation: 33
I suspect we will see DRM built into the processor chips at some point and this ultimately regulated into mainstream standards. If you want a fast modern processor, you will no longer have total full control over it and companies like AMD and Intel will ultimately comply. It will come in the guise of national security and anti-piracy. Obviously only a few companies in the world can produce small nanometer fabricated chips. Not to mention software compatibility. It is certainly not a positive development if it ever happens.

We are also steadily transitioning more and more to cloud computing and software as a service, so again you will own less and less software and have to go with a subscription and service fee model where you simply rent the ability to use it. With 5G and faster internet technologies, eventually smart phones and PCs will merely be monitors, keyboards and touch screens with no processing power or memory inside.

The big winners in the food chain will eventually move behind the scenes to shut down the relatively free wheeling capabilities that are currently had. From a maintaining status quo at the top and financial or business perspective it makes sense for us to worry about it.

Both computing power and internet freedom are under a high degree of threat with the former less currently than the latter. However, if economic growth would stall too much with too many restrictions, then perhaps this fear is not entirely realistic. Both of these are driving much of the economic growth these days. The question is if there is a point where economic growth is not needed for a system to get locked into place. Internet freedoms and restrictions are already rising and a fever pitch basically everywhere. Fake news laws, national security claims, centralizing country-wide connections, extensive surveillance, etc. And once the freedom is lost, it never comes back except where it was done secretly and illegally with a rare whistleblower pulling the plug.

Enjoy your processing power and internet freedom while it lasts needless to say.

The last decade has seen evolution and stability and maturation of both protection and reversing tools but foundationally new ideas have been scarce. Likely virtualization by tools like VMProtect are of the more fresh ideas. Ghidra looks like the most positive development as well despite how recent it is, to finally have an open source decompiler framework though no decompiler has even begun to tackle issues like self-modifying code which require a more theoretically advanced framework.
Reply With Quote
The Following User Says Thank You to chants For This Useful Post:
Abaddon (12-31-2019)
  #3  
Old 12-30-2019, 23:43
bolo2002 bolo2002 is offline
VIP
 
Join Date: Apr 2002
Posts: 448
Rept. Given: 100
Rept. Rcvd 11 Times in 10 Posts
Thanks Given: 125
Thanks Rcvd at 150 Times in 99 Posts
bolo2002 Reputation: 11
@chants:it's a sad resume of the future of technologies,younger generations are born into this kind of locked users,not even complaining for their rights but "hacking the system" is an history repeats itself but i'm afraid you're right.
__________________
I like this forum!
Reply With Quote
The Following User Says Thank You to bolo2002 For This Useful Post:
chants (01-07-2020)
  #4  
Old 12-31-2019, 02:14
wilson bibe wilson bibe is offline
VIP
 
Join Date: Nov 2012
Posts: 437
Rept. Given: 474
Rept. Rcvd 439 Times in 180 Posts
Thanks Given: 340
Thanks Rcvd at 154 Times in 95 Posts
wilson bibe Reputation: 400-499 wilson bibe Reputation: 400-499 wilson bibe Reputation: 400-499 wilson bibe Reputation: 400-499 wilson bibe Reputation: 400-499
Reversing is a game, and certainly whatever code and whatever language, once created by humans always and will always be reversed by another human, no matter what code has been used no human being is perfect, NONE, it's all a matter of time.
Greetings to all reversers and happy 2020.
Reply With Quote
The Following 2 Users Say Thank You to wilson bibe For This Useful Post:
alekine322 (01-11-2020), chants (01-07-2020)
  #5  
Old 12-31-2019, 02:45
Abaddon Abaddon is offline
Friend
 
Join Date: May 2016
Posts: 29
Rept. Given: 0
Rept. Rcvd 2 Times in 2 Posts
Thanks Given: 69
Thanks Rcvd at 27 Times in 16 Posts
Abaddon Reputation: 2
Quote:
1. What do you think was the most interesting/challenging type of software protection of the past decade?
For me, the 2010's were about:

1. The rise and fall of the custom processor /virtualization protection scheme.

Faster processors and knowledge dissemination helped towards this end.
At the start of the decade, we saw ready-to-use virtualization schemes such as VMP, Themida etc, take the crown from junk-generator/antidebug/import redirectors-eliminators such as Armadillo, ASProtect etc.However, faster internet access, has proven the killer of the scheme, as software tend to rely more and more on the server side, and user is expected to pay a subscription. The turning point towards this end, for me was the switch of Adobe software to the subscription-based server-based scheme.


2. The necessity for approaching mainstream protection schemes based on team effort, rather than just as individuals.

The complexity, time, and the learning curve involved in tackling cutting-edge protection schemes, means the end of the "lonesome wolf" era, where a single reverser was able to single-handedly take down a serious protection scheme.

Quote:
Where do you think the future of software protections lies?
Definitely on the subscription-type server-based protection scheme.
Reply With Quote
The Following User Says Thank You to Abaddon For This Useful Post:
chants (01-07-2020)
  #6  
Old 12-31-2019, 18:34
jonwil jonwil is offline
VIP
 
Join Date: Feb 2004
Posts: 288
Rept. Given: 2
Rept. Rcvd 18 Times in 6 Posts
Thanks Given: 1
Thanks Rcvd at 31 Times in 21 Posts
jonwil Reputation: 18
Its already nearly impossible to buy a CPU powerful enough for a modern desktop setup (full desktop GUI, up-to-date web browser) for any OS (even Linux) that doesn't have all sorts of stuff in it that the user has no control over. Intel has Intel ME. AMD has AMD PSP. And all the ARM chips have TrustZone or similar systems that lock the users out.

Even something like the Librem laptops still have who knows what code running that the user can't see. (the supposedly-neutered Intel ME in particular)

The best hope is for someone to start producing a RiscV CPU or SoC powerful enough for a full desktop Linux stack (running a privacy focused fork of Firefox or Chromium or something) that is 100% open and documented and free of any user-unfriendly crap.
Reply With Quote
The Following User Says Thank You to jonwil For This Useful Post:
chants (01-07-2020)
  #7  
Old 01-07-2020, 23:37
chants chants is online now
Family
 
Join Date: Jul 2016
Posts: 496
Rept. Given: 4
Rept. Rcvd 33 Times in 19 Posts
Thanks Given: 420
Thanks Rcvd at 766 Times in 355 Posts
chants Reputation: 33
I agree with everything said here. There will always be stuff to reverse. If hardware gets more and more restricted, well there are laboratories where they can use microscopic photography (though we need nanoscopic nowadays) to get chip schematics if able to shave off the 3-dimensional layers one at a time. And probably some people out there will leak schematics and there is software which can take the circuit graphs and decode units from it (such as an 8-bit adder circuit, etc). At least there should be software to aid in reversed circuit diagrams . I expect reversing in this area to explode at some point of course with assistance of those with the expensive equipment to give the raw schematic data. With state-of-the-art chips it might be impractical but it wont be impractical forever. The same photography techniques that cast the silicon dyes are probably even easier to be applied to taking pictures of chips. How to slice off the layers might be a more complex problem though. And software identification of common circuit patterns will only go so far. Certain aspects like details of caches, pipelines, core threading, etc will be quite tough to identify in an automatic manner. But this area to me is very interesting if we ever get such a dump.

I also think microcode reversing will be more common since chipmakers cannot afford to have bugs in hardware due to the expense of fixing a security vulnerability that manifests there. And the microcode can be dumped or even downloaded from updates released via the web. There can be ways to dump and reverse this microcode. Perhaps Intel ME and AMD PSP and the like can be defeated, disabled or modified for certain benefits.

Additionally the more OS kernel restrictions continue, the more there will be motivation to try to reverse them even if they are increasing tied to the hardware. I expect kernel level reversing to advance at some point.

Then with the endless server-siding of software logic and software as a service model which is becoming a matter of fact standard for money making from Windows 10 and Office 365 to games on mobile telephones, we will see more and more protocol reversing. Obviously there are lots of protocol issues and exploits where code is still run local-side due to code being excessively slow if too much communication is present or too expensive to all run on server. There is still a balance here. However, there are far more legality issues to mess with protocols. Though generally speaking abuse of protocol will just result in a permanent ban. 5G may still not be enough to totally server side everything. It gets closer, but it also makes each service more expensive. Trade-offs abound.

Finally, there is just raw mathematical advances. This is largely a driver behind protection methods. Security by obscurity is not really security or so the saying goes. So ultimately if more advanced or better cryptography methods are developed, we should expect to see them implemented in software. It can always happen, we never know when.

So summary: chip schematic reversing, microcode reversing, kernel reversing, protocol reversing are the future yet still traditional methods of reversing are going to be around for a while. There is also mathematical advances in cryptography which can throw a number of changes into the way we reverse.

A little more detailed this time around .
Reply With Quote
The Following User Says Thank You to chants For This Useful Post:
Abaddon (01-08-2020)
  #8  
Old 01-08-2020, 00:35
Abaddon Abaddon is offline
Friend
 
Join Date: May 2016
Posts: 29
Rept. Given: 0
Rept. Rcvd 2 Times in 2 Posts
Thanks Given: 69
Thanks Rcvd at 27 Times in 16 Posts
Abaddon Reputation: 2
Quote:
2. What would you characterize as "tool of the decade"?
I may (or may not) be biased, but, I would characterize x64dbg as "tool of the decade"; it is the go-to choice for debugging 64 bit applications, which is the mainstream now. One would argue that IDA is just (if not more) effective towards this regards, but for me, due to the fact that x64dbg was developed during this decade, it deserves the honor.

Quote:
If you were to name 5 tools that influenced the scene more, which would those be?
Of the ones that are public (not in any particular order)

1. IDA & Hexrays
2. x64dbg
3. Ghidra
4. Scylla
5. de4dot


Quote:
Where do you think the future lies as far as tools go?
I expect to see tools featuring advancements in decompilation technology, code optimization, and code translation between different forms.

I expect to see tools featuring advancements in cryptographic attacks, that, in combination with advancements in processor speed/networking will render some of the protocols used nowadays obsolete.

I do agree with chants that hardware reverse engineering is one of the next big things, however i'm skeptical if this will be done at a hobbyist level, due to the mere investment costs this requires.

In regards to protocols reversing, I can see the increasing importance of it, but due to the volatility of protocol faults, i can't really wrap my head on how this will affect tool making; perhaps by an increase of tools to automate protocol fault detection (isn't this what the fuzzer technology is all about?)
Reply With Quote
The Following User Says Thank You to Abaddon For This Useful Post:
chants (01-08-2020)
  #9  
Old 01-08-2020, 04:04
DavidXanatos DavidXanatos is offline
Friend
 
Join Date: Jun 2018
Posts: 84
Rept. Given: 0
Rept. Rcvd 17 Times in 12 Posts
Thanks Given: 22
Thanks Rcvd at 173 Times in 57 Posts
DavidXanatos Reputation: 17
Long time ago I shared the same fears as chants, back then it all flew under the name "Trusted Computing Platform Alliance"/"Trusted Computing Group" already than people feared systems getting locked down.
Even governments being able to globally blacklist documents created by 3rd parties they did not like, etc...
And of cause total loss of privacy...

Today almost 2 decades later while the technology progressed it was not implemented in this terrible way. Now yes we have TPM's and secure boot, but the former almost no one uses and the later is easily bypassed or even disabled at all.

While there will always be people trying to limit freedom and take control, I think for the foreseeable future the people opposing them will keep the upper hand.


And about software moving in to the cloud, have you ever tried german internet outside of the big cities? Its abysmal, slow, almost unusable and 5G will not change that. I find it difficult to believe that in the rest of the world (except parts of Asia) the situation would be substantially better.
Hence imho there are large technical hurdles for software to fully move into he could.
Sure some does, and other exists only in the cloud, but I don't think that will become a pattern to be replicated by everyone.

Also on the other side we see more and more good open source software so that we relay less and less on commercial products. And unlike closed source software that comes and goes, open source is open for ever as long as there is some one that needs it enough to maintain it.
Reply With Quote
The Following 2 Users Say Thank You to DavidXanatos For This Useful Post:
Abaddon (01-09-2020), chants (01-08-2020)
  #10  
Old 01-08-2020, 15:46
DavidXanatos DavidXanatos is offline
Friend
 
Join Date: Jun 2018
Posts: 84
Rept. Given: 0
Rept. Rcvd 17 Times in 12 Posts
Thanks Given: 22
Thanks Rcvd at 173 Times in 57 Posts
DavidXanatos Reputation: 17
> Where do you think the future lies as far as tools go?

I would hope we will develop tools that allow to do for native binaries what dotPeek does for managed code, that is foremost the ability to de-compile a binary into a high level source code form that than can than be without much to any fixing be re compiled into a working binary.

I don't know how feasible it would be to try to recover structure/class information such that the tool would produce code with structs an classes.
This year on the 36c3 there were some researchers presenting their work on chip level reverse engineering using machine learning to identify known gate structures, etc...

And such a tool should of cause have a large library of known libraries/frameworks such that at least these parts could be recognized and have the proper function names restored.

Given the challenges native code poses such a tool should it do anything more than plain c without structs would need novel approaches based on machine learning.
Reply With Quote
The Following 2 Users Say Thank You to DavidXanatos For This Useful Post:
Abaddon (01-09-2020), chants (01-08-2020)
  #11  
Old 01-10-2020, 00:25
Abaddon Abaddon is offline
Friend
 
Join Date: May 2016
Posts: 29
Rept. Given: 0
Rept. Rcvd 2 Times in 2 Posts
Thanks Given: 69
Thanks Rcvd at 27 Times in 16 Posts
Abaddon Reputation: 2
Quote:
Originally Posted by Abaddon View Post
3. Which release do you consider to be the biggest breakthrough for the last decade, and for what reason? In other words what release came to shake still waters, and was a (pleasant) surprise (to all except the developers)?
There was a number of releases that were really impressive.
Of course, this is very subjective; some releases that really impressed me, may not be considered something special by someone else. Anyway, having asked the question, i may as well give an answer.

In no particular order, here are some releases i consider to be impressive. This list surely can expand, as i haven't kept an eye on releases, but it's a start. It's also not meant to either inflate, or deflate egos.

1. The emulator for Steinberg products, from team AIR, early 2010.
2. The first Winrar keygen, by FFF. In fact, there were a number of releases from FFF during the era, that were impressive.
3. The first crack for Denuvo, (by 3DM? )
Reply With Quote
The Following User Says Thank You to Abaddon For This Useful Post:
niculaita (01-11-2020)
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 00:34.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX
( 1998 - 2020 )