mike
January 12th, 2005, 17:23
SHIVA, ELF encryption tool
http://www.securiteam.com/tools/5XP041FA0U.html
zipped ppt attached explaining the tool
http://www.securiteam.com/tools/5XP041FA0U.html
zipped ppt attached explaining the tool
View Full Version : shiva
0xf001
January 12th, 2005, 18:09
definately a cool tool!
did anyone get it to run? I tried (just quick, no "analysis"
with kernel 2.6.x, 2.4.x, on mdk, knoppix, suse and "out of the box" it segfaults 
but they say currently they expect many problems with it as it is under development.
I can't wait to get a running copy and play around with it. I potentionally
see weaknesses when one patches (wrapps) ptrace(), is using other kernel modules to load the executable, or implements tracer / debugger which do
not use ptrace(); Also luckily one can patch the /proc modules so ....
we will see...
Next came to my mind that code analysis using intermediate representation is missing a good tool, isn't it? (meaning I do not know one ) At least the obfuscation could be cleaned up by that.
Those are all "approaches" of course, or - some initial thoughts
haha
thanks for this link!!
0xf001
did anyone get it to run? I tried (just quick, no "analysis"
with kernel 2.6.x, 2.4.x, on mdk, knoppix, suse and "out of the box" it segfaults but they say currently they expect many problems with it as it is under development.
I can't wait to get a running copy and play around with it. I potentionally
see weaknesses when one patches (wrapps) ptrace(), is using other kernel modules to load the executable, or implements tracer / debugger which do
not use ptrace(); Also luckily one can patch the /proc modules so ....
we will see...
Next came to my mind that code analysis using intermediate representation is missing a good tool, isn't it? (meaning I do not know one
) At least the obfuscation could be cleaned up by that. Those are all "approaches" of course, or - some initial thoughts
hahathanks for this link!!
0xf001
NOP
January 13th, 2005, 08:16
some packers crypters 
http://www.exetools.com/forum/showthread.php?t=5042
http://www.exetools.com/forum/showthread.php?t=5042
0xf001
January 16th, 2005, 08:31
cool NOP!
I am not allowed to download those tools in the forum, but googled them. Actually none of them worked on my system
maybe I have to use older kernel / libc / ... need time !
for shiva0.95 I have found some very interesting links, it was defeated at least in 3 different ways, as described here:
http://www.blackhat.com/presentations/bh-asia-03/bh-asia-03-clowes.pdf
more details here
http://www.blackhat.com/presentations/bh-federal-03/bh-federal-03-eagle/bh-fed-03-eagle.pdf
There should be 0.96 out, did not find it yet
Shiva was besides others attached by using the IDA code emulation plugin
http://ida-x86emu.sourceforge.net/
I am not allowed to download those tools in the forum, but googled them. Actually none of them worked on my system
maybe I have to use older kernel / libc / ... need time !for shiva0.95 I have found some very interesting links, it was defeated at least in 3 different ways, as described here:
http://www.blackhat.com/presentations/bh-asia-03/bh-asia-03-clowes.pdf
more details here
http://www.blackhat.com/presentations/bh-federal-03/bh-federal-03-eagle/bh-fed-03-eagle.pdf
There should be 0.96 out, did not find it yet
Shiva was besides others attached by using the IDA code emulation plugin
http://ida-x86emu.sourceforge.net/
Powered by vBulletin® Version 4.2.2 Copyright © 2018 vBulletin Solutions, Inc. All rights reserved.