Project Requirements
- This project is intended to be a team project, where
students ideally work in pairs. If you are anti-social, I
might agree to let you work individually and in some rare cases,
I might agree to a group of 3. However, teams consisting of
one individual will be graded on the same basis as teams
of 2 people, while I would expect significantly more
out of any team of 3 people. So, it is to your advantage
to work with one partner.
- Your team must develop an application using a compiled
language such as C or C++. Your application
can be just about anything, but there must be some security
issue. For example, you could develop security software
for encryption, DRM, a "password vault", etc. On the other
hand, you could, say, develop a shareware application,
where there are limits on how long it can be used without
paying (in which case, the "security issue" would
involve these restrictions).
- Your team's program should include some
unadvertised features. For example, there might be
code included for testing certain things that
you would not want ordinary users to execute, or you
might include an "Easter egg".
- You want to make your program challenging to reverse engineer.
You are free to use any anti-reversing techniques that you develop on your own.
However you cannot use any resources developed by others to make
reversing your code more difficult. For example, you cannot use an
existing tool that packs/encrypts the code.
- Your application is due Thursday, October 1,
at which time you must be prepared to give an oral presentation.
In your presentation, you must describe and demo your application,
and you must respond to any questions that people have about
your program and/or anti-reversing techniques. You are not required to give
away too many details, but you should provide some reasonable hints,
and you cannot intentionally mislead.
- Each team will then be given one other team's application.
Your team will then reverse engineer the other team's application and,
at a minimum, do the following:
- Patch the code to change its behavior so that the
security is broken (or at least seriously diminished)
- Discover the "easter egg" feature
- Recover the design at a high level
- Produce a trojaned version of the software. That is, you
must produce code that has all of the same features as the original
program but does something unexpected. This unexpected feature
must be innocent—it cannot do anything malicious.
- You must complete your reverse engineering work by
Tuesday, November 24 at which time
we will begin presentations. In this presentation,
you must describe your reverse engineering work in detail
and demo your patched and trojaned code.
- Your team's grade will be determined by your success in
reversing the application you're given, as well as the "quality" of your
team's application (where "quality" depends heavily on how
challenging it is to reverse).
- Note that 2 oral reports are required, but no written report is necessary.
If I have questions or concerns about your work, I may require additional
individual meetings and/or copies of the software you developed
and reversed.