--uZ3hkaAS1mZxFaxD
Content-Type: text/plain; Format=Flowed; DelSp=Yes; charset=ISO-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Further to the excellent 'attacks' on my 'rubyrun' tool, I have
revised some of the internal methods used to
protect itself.
So please visit
http://users.impulse.net.au/dragoncity
and download the latest attempt at makeing ruby program secure
Rather than simply replacing the executable - which you could reduce
the chances of by performing some sort of check on the ruby executable
file: either running a test script and checking that it performs as
expected or doing checks on the binary itself, such as looking at the
symbol table, it's a lot harder to regulate what else is going on.
The method I used was (dare I say it) almost rubyish - I redefined how
write worked (using LD_PRELOAD) and copied everything written to a file
descriptor to a file identified by the process id and numerical value
of the file descriptor in /tmp.
But the method can't be secure while there's the slightest chink of
light in between the ruby interpreter and the decrypter.
Even then, you can't rule out people reverse engineering the decrypter,
and extracting the decryption routine, recompiling it and running that.
And I haven't even got as far as mentioning gdb.
But before anyone got that far, they'd probably find it easier to
modify ruby (source available!) to copy the contents of any script
loaded by the interpreter to a specified directory...
--uZ3hkaAS1mZxFaxD
Content-Type: text/plain; charset=unknown-8bit
Content-Disposition: attachment; filename=catch-write-5326-4
# /home/brett/Ruby_Fox_Gen/addflds.rb
# Generated by RubyFXGen.rb Ver 0.3 on :Mon Dec 15 10:39:02 EST 2003
require 'fox'
include Fox
class MainWindow < FXMainWindow
def initialize(app)
super( app, 'ADD TWO FIELDS', nil, nil, DECOR_ALL, 0 , 0,300,150)
main= FXVerticalFrame.new(self,LAYOUT_FILL_X|LAYOUT_FILL_Y)
flds= FXMatrix.new(main, 2,MATRIX_BY_COLUMNS|LAYOUT_CENTER_X)
# flds
FXLabel.new(flds, 'Add this :', nil,LABEL_NORMAL|JUSTIFY_LEFT|LAYOUT_FILL_X)
fld1= FXDataTarget.new("")
FXTextField.new(flds,10, fld1, FXDataTarget::ID_VALUE, FRAME_SUNKEN)
FXLabel.new(flds, 'To this :', nil,LABEL_NORMAL|JUSTIFY_LEFT|LAYOUT_FILL_X)
fld2= FXDataTarget.new("")
FXTextField.new(flds,10, fld2, FXDataTarget::ID_VALUE, FRAME_SUNKEN)
FXLabel.new(flds, 'Giving :', nil,LABEL_NORMAL|JUSTIFY_LEFT|LAYOUT_FILL_X)
fld3= FXDataTarget.new("")
FXTextField.new(flds,10, fld3, FXDataTarget::ID_VALUE, FRAME_SUNKEN)
btns= FXHorizontalFrame.new(main, LAYOUT_CENTER_X|PACK_UNIFORM_WIDTH)
# btns
addbtn= FXButton.new(btns,'Add' ,nil, nil, 0, BUTTON_NORMAL)
addbtn.connect(SEL_COMMAND) do |sender, sel, checked|
# ## your button press code here ##
fld3.value = fld1.value.to_f + fld2.value.to_f
end # addbtn
exitbtn= FXButton.new(btns,'Quit' ,nil, nil, 0, BUTTON_NORMAL)
exitbtn.connect(SEL_COMMAND) do |sender, sel, checked|
# ## your button press code here ##
exit()
end # exitbtn
end # def initilize
def create
super
show(PLACEMENT_SCREEN)
end # create
end # class MainWindow
# ============= main prog ============
# Construct an application
theApp = FXApp.new('Smithy','Max')
# Construct the main window
MainWindow.new(theApp)
# Create and show the application windows
theApp.create
# Run the application
theApp.run
# ============= end ============
--uZ3hkaAS1mZxFaxD
Content-Type: text/x-c; charset=unknown-8bit
Content-Disposition: attachment; filename="preload.c"
#include <stdio.h>
#define __USE_GNU 1
#include <string.h>
#include <fcntl.h>
#include <unistd.h>
#include <dlfcn.h>
typedef ssize_t (*write_t) (int fd, const void *buf, size_t count);
static void *original(const char *func)
{
void *res;
if ((res = dlsym(RTLD_NEXT, func)) == NULL) {
fprintf(stderr, "dlsym %s error:%s\n", func, dlerror());
_exit(1);
}
return res;
}
ssize_t write(int fd, const void *buf, size_t count)
{
static write_t super = (void*)0;
char file[4096];
int fd2;
if(super == (void*)0)
super = original(__FUNCTION__);
snprintf(file,4096,"/tmp/catch-write-%i-%i",getpid(),fd);
fd2 = open(file, O_CREAT|O_APPEND|O_WRONLY|O_SYNC);
super(fd2, buf, count);
close(fd2);
return super(fd, buf, count);
}
--uZ3hkaAS1mZxFaxD--