On Sun, 2006-07-02 at 23:08 +0200, Jan Engelhardt wrote:
> >> Well you could patch the affected plugin's .dynstr table so that it should at
> >> best try to call a function that has not yet been defined somewhere else (like
> >> open); IOW, you change the .dynstr entry from 'open' to say 'my_open', and
> >> regularly include libmy.so through e.g. LD_PRELOAD.
> >>
> >> Of course the MD5 won't match afterwards, but I think the plugin should execute
> >> as usual afterwards, since .dynstr is something no app should rely on.
> >
> >Is this likely to work with an app like Skype that takes extensive steps
> >to thwart reverse engineers?
>
> We do not reverse engineer the .text section, but change the .dynstr
> section that is specific to the ELF format. I doubt any app out there md5s
> itself.
>
It's possible. They certainly try very hard to thwart reverse
engineers.
http://www.secdev.org/conf/skype_BHEU06.handout.pdf
Lee
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
