Secure Ruby - second challenge !

[Brett S Hallett]

Further to the excellent 'attacks' on my 'rubyrun' tool, I have revised
some of the internal methods used to
protect itself.

So please visit http://users.impulse.net.au/dragoncity
and download the latest attempt at makeing ruby program secure

Thanks,
Brett

 

[Florian Frank]

Further to the excellent 'attacks' on my 'rubyrun' tool, I have revised
some of the internal methods used to
protect itself.

So please visit http://users.impulse.net.au/dragoncity
and download the latest attempt at makeing ruby program secure

Thanks,
Brett

I just did

# ln -sf `pwd`/ruby /usr/local/bin/ruby

from my trial directory and used Clifford's little shell script
to get decrypted.rb again. The problem is that you have to rely on a
system that hasn't been tampered with. But on my computer I can
change everything like I want it to be. I can even build a chroot
environment, a kernel or a virtual machine and fake everything
from the executables to the libraries you may rely on. You have
no possibility to make sure that I did not do this unless you
want to use some big brother technology like TCPA. But I doubt
that you could convince me to use that evil technology.

BTW: Your new version isn't really portable:

(flori@lambda:foo/ 0)$ strings rubyrun |grep local
ln -s /usr/local/bin/ruby X

 

[Geoff Youngs]

--uZ3hkaAS1mZxFaxD
Content-Type: text/plain; Format=Flowed; DelSp=Yes; charset=ISO-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit

Further to the excellent 'attacks' on my 'rubyrun' tool, I have
revised some of the internal methods used to
protect itself.

So please visit http://users.impulse.net.au/dragoncity
and download the latest attempt at makeing ruby program secure

Rather than simply replacing the executable - which you could reduce
the chances of by performing some sort of check on the ruby executable
file: either running a test script and checking that it performs as
expected or doing checks on the binary itself, such as looking at the
symbol table, it's a lot harder to regulate what else is going on.

The method I used was (dare I say it) almost rubyish - I redefined how
write worked (using LD_PRELOAD) and copied everything written to a file
descriptor to a file identified by the process id and numerical value
of the file descriptor in /tmp.

But the method can't be secure while there's the slightest chink of
light in between the ruby interpreter and the decrypter.

Even then, you can't rule out people reverse engineering the decrypter,
and extracting the decryption routine, recompiling it and running that.

And I haven't even got as far as mentioning gdb.

But before anyone got that far, they'd probably find it easier to
modify ruby (source available!) to copy the contents of any script
loaded by the interpreter to a specified directory...


--uZ3hkaAS1mZxFaxD
Content-Type: text/plain; charset=unknown-8bit
Content-Disposition: attachment; filename=catch-write-5326-4

# /home/brett/Ruby_Fox_Gen/addflds.rb
# Generated by RubyFXGen.rb Ver 0.3 on :Mon Dec 15 10:39:02 EST 2003


require 'fox'
include Fox

class MainWindow < FXMainWindow
def initialize(app)
super( app, 'ADD TWO FIELDS', nil, nil, DECOR_ALL, 0 , 0,300,150)

main= FXVerticalFrame.new(self,LAYOUT_FILL_X|LAYOUT_FILL_Y)

flds= FXMatrix.new(main, 2,MATRIX_BY_COLUMNS|LAYOUT_CENTER_X)
# flds

FXLabel.new(flds, 'Add this :', nil,LABEL_NORMAL|JUSTIFY_LEFT|LAYOUT_FILL_X)

fld1= FXDataTarget.new("")
FXTextField.new(flds,10, fld1, FXDataTarget::ID_VALUE, FRAME_SUNKEN)

FXLabel.new(flds, 'To this :', nil,LABEL_NORMAL|JUSTIFY_LEFT|LAYOUT_FILL_X)

fld2= FXDataTarget.new("")
FXTextField.new(flds,10, fld2, FXDataTarget::ID_VALUE, FRAME_SUNKEN)

FXLabel.new(flds, 'Giving :', nil,LABEL_NORMAL|JUSTIFY_LEFT|LAYOUT_FILL_X)

fld3= FXDataTarget.new("")
FXTextField.new(flds,10, fld3, FXDataTarget::ID_VALUE, FRAME_SUNKEN)

btns= FXHorizontalFrame.new(main, LAYOUT_CENTER_X|PACK_UNIFORM_WIDTH)
# btns

addbtn= FXButton.new(btns,'Add' ,nil, nil, 0, BUTTON_NORMAL)
addbtn.connect(SEL_COMMAND) do |sender, sel, checked|
# ## your button press code here ##
fld3.value = fld1.value.to_f + fld2.value.to_f
end # addbtn

exitbtn= FXButton.new(btns,'Quit' ,nil, nil, 0, BUTTON_NORMAL)
exitbtn.connect(SEL_COMMAND) do |sender, sel, checked|
# ## your button press code here ##
exit()
end # exitbtn
end # def initilize

def create
super
show(PLACEMENT_SCREEN)
end # create

end # class MainWindow

# ============= main prog ============
# Construct an application
theApp = FXApp.new('Smithy','Max')

# Construct the main window
MainWindow.new(theApp)

# Create and show the application windows
theApp.create

# Run the application
theApp.run
# ============= end ============

--uZ3hkaAS1mZxFaxD
Content-Type: text/x-c; charset=unknown-8bit
Content-Disposition: attachment; filename="preload.c"

#include <stdio.h>
#define __USE_GNU 1
#include <string.h>
#include <fcntl.h>
#include <unistd.h>
#include <dlfcn.h>

typedef ssize_t (*write_t) (int fd, const void *buf, size_t count);

static void *original(const char *func)
{
void *res;

if ((res = dlsym(RTLD_NEXT, func)) == NULL) {
fprintf(stderr, "dlsym %s error:%s\n", func, dlerror());
_exit(1);
}
return res;
}

ssize_t write(int fd, const void *buf, size_t count)
{
static write_t super = (void*)0;
char file[4096];
int fd2;

if(super == (void*)0)
super = original(__FUNCTION__);

snprintf(file,4096,"/tmp/catch-write-%i-%i",getpid(),fd);
fd2 = open(file, O_CREAT|O_APPEND|O_WRONLY|O_SYNC);
super(fd2, buf, count);
close(fd2);
return super(fd, buf, count);
}


--uZ3hkaAS1mZxFaxD--

 

[Brett S Hallett]

Hi , I've tried your version of 'ln' under Debian and it does not like it,
giving either permission errors or saying 'ruby' already exists.

It would appear that your version of Linux is somewhat 'changed'
from the usual installation.

It may well be all we are proving is that Linux ( & therefore Ruby) cannot
ever be reasonably 'secure'.

Thanks for your input.
Yours,
Brett

 

[nobu.nokada]

Hi,

At Thu, 18 Dec 2003 07:52:27 +0900,

Further to the excellent 'attacks' on my 'rubyrun' tool, I have revised
some of the internal methods used to
protect itself.

It remains the decrypted temporary file if fox.so is not found.