IAT hooking

Posted on December 07, 2013 in C • Tagged with C, Hooking, Programming, Security, Windows, Nt, Assembler, Iat • 10 min read

What

I just rummaged through my old hard disk and suddenly stumbled across some old C sources from around a year ago when I played with IAT hooking on windows 7. I will not explain much, but I made the bottom code around a year ago (Thus, in 2012) and it should be able to hook any code (depicted as the handler here) into running processes via the IAT. I suppose the code is not working properly, but it gives a good picture of how an IAT hooking approach might look like.

What'll you do?

Hopefully I'll find some time and motivation (or more appropriate: discipline) to update the little library and finally complete it. Maybe I will also make it compatible with windows 8, but I assume it's not really different from windows 7 (Hell I don't know anything about the windows API)...

#include "main.h"

/* 
 * Implements a little library to Hook the WinApi on running programs.
 * Furthermore, the API provides functions too find code caves and little hook templates for the most common scenarios
 * when we use hooking: Intercept function parameters and monitor output...
 * Supports both, 32 and 64 bit Windows XP to Windows 7. The code is …

Continue reading

The dangers of a poorly planned project

Posted on November 21, 2013 in Philosophical • Tagged with Architecture, Captcha, Philosophical, Programming, Php, Uncategorized, Wordpress • 9 min read

Preface

Do you like to fiddle around with programming projects in your spare time? And do you sometimes start endeavors ambitiously, but you never actually finish them? Are you fucking tired of stacking unsuccessful projects, doing mediocre work while never being thoroughly satisfied in what you do?

If yes, you may be inclined to listen to some words I have to say over my most recent failed project:

The idea was to create my own little captcha plugin for wordpress. You can learn more about the idea by delving into some of my accompanying investigations in the following blog posts:

Honestly I started this project because back in the time I was using this plugin and I was unsatisfied because for these reason. So this context information hopefully points out some of my motivations to start the project in the first place.

The destiny of every badly planned project

As with many spontaneously started projects in came up with in the past, I first was convinced that it was an awesome idea and subsequently started programming head-first without having a clear path or …


Continue reading

Cryptographically secure rand() replacement

Posted on November 14, 2013 in Cryptography • Tagged with Cryptography, Php, Security, Programming • 5 min read

If you are a programmer, you sometimes find yourself in the need for random numbers. There are many possible use cases:

  • Generate data for unit-tests.
  • Build secure passwords or keys as input for ciphers like AES, Twofish and its colleagues.
  • Simulating the real world for modelling applications.
  • A prominent use case: Lot's of gambling sites depend on good random number generators.

Now if you code in PHP, there are quite some different ways to obtain random numbers. There is the rand ( int $min , int $max ) function for instance: It yields a random number within the range specified by the $min and $max parameters.

The documentation states that this approach isn't particularly secure and shouldn't be used for applications that need to feed algorithms with cryptographically secure random data. Then there's mt_rand ( int $min , int $max ) that apparently creates better random values. Certainly not suitable for crypto purposes as well.
There were/are quite some applications concerned with security bugs because of using rand() or mt_rand() for passwords, encryption keys, session cookies, CSRF tokens and the like. See also this link to a related discussion on security.stackexchange.com.

But because of convenience of the $min, $max interfaces of …


Continue reading

Wordpress comment form with bootstrap v3.0.2

Posted on November 08, 2013 in Programming • Tagged with Bootstrap, Comment, Programming, Form, Wordpress • 2 min read

Hey everybody!

In this short article I will explain how I designed my wordpress theme's comment section with bootstrap 3.0.2. For the most recent changes, you find my theme on github. If you want to see a live demo, just inspect the comment form on this site. It uses exactly this bootstrap styled form I am discussing here.

In order to follow the content's of this blog post, you should have basic experience with PHP and HTML/CSS.

The Problem

The tricky question here is, whether we can use a action or filter hook to manipulate the comment form to our liking, or if we have to use and modify the original comment_form() function directly. Our goal is to decorate the form with some bootstrap widget classes and use the bootstrap grid layout. We want to obtain a horizontal form, such as demonstrated here. After a quick search, I found the function comment_form( $args, $post_id); in the wordpress codex. While it looks promising on the first glimpse, some hindrances become clear after further thinking through. The function's description says:

Most strings and form fields may be controlled through the $args array passed into the function …


Continue reading

A tale of a twofold broken wordpress captcha plugin

Posted on November 04, 2013 in Programming • Tagged with Captcha, Security, Programming, Exploit • 17 min read

Last Edit (Effective: 7th November 2013)

It seems like the plugin authors updated the security of the plugin. All the bottom blog entry deals with version 3.8.7. In this new paragraph, I will look whether these recent updates to version 3.8.8 added the necessary security to prevent conducting an...

  • Attack vector one: Parsing the captcha logic.
  • Attack vector two: Reversing the decode() function and just reading the solution from the hidden fields.

Let's get started:

At line 942 of the plugin code (The start of the function that generates the captcha) we see that the password isn't longer a static clear text password, it is built dynamically every 24 hours with the function cptch_generate_key(), that I will show here for your convenience:

// Functionality of the captcha logic work for custom form
if ( ! function_exists( 'cptch_display_captcha_custom' ) ) {
    function cptch_display_captcha_custom() {
        global $cptch_options, $cptch_time;

        if ( ! isset( $cptch_options['cptch_str_key'] ) )
            $cptch_options = get_option( 'cptch_options' );
        if ( $cptch_options['cptch_str_key']['key'] == '' || $cptch_options['cptch_str_key']['time'] < time() - ( 24 * 60 * 60 ) )
            cptch_generate_key();
        $str_key = $cptch_options['cptch_str_key']['key'];

Let's see if the new …


Continue reading

Create your own font the hard way!

Posted on October 16, 2013 in Learning • Tagged with Captcha, Programming, Design, Glyphs, Learning, Font • 9 min read

Last major update on 23.10.2013

Preface

As promised previously in my last article, I will guide you through the creation process of a rudimentary font. I will use the glyphs of my font to draw captchas and incorportate the implementation in my brand new captcha plugin for wordpress. There are already quite a few captcha plugins out there, some of them are better than mine (RECAPTCHAfor instance translates books and thus solves two problems at the same time), others are worse, because the math equations can simply be parsed (As far as I can judge without inspecting the code further).

In this article however, I will center the focus entirely on the font and abstract from it's future usage in the captcha.

Technical background of fonts

A logical start of font creation is to answer the question what type of font we are going to create. But lets first introduce some concepts that are of importance when it comes to font design.

In short: A font is a collection of glyphs. Each glyph has a shape and there are various ways of describing that shape. You can imagine a glyph as a instanteation of a character. Whereas …


Continue reading