A Simple way to Modify C and C++ Programs without Source Code using Notepad++

-

 

I found a simple way to modify C and C++ compiled executable programs without C or  C++ source code using notepad++. This method works well with Turbo C  and I have tested  this method with programs compiled with gcc5 ,gcc6 ,gcc7 and gcc8  and it works pretty good. The only limitation to this method is it does not work well with large binary programs.

The C source code for the above C program used above is given below:-


As shown in the above video after the C source code was compiled we get an executive file.
In above case we got  new.exe . When we open new.exe file in notepad++  , we get gibberish text or unreadable characters. However some words are readable . I replace tails.boum.org to kali.org
and M.Anish to kremlin in the program by editing it in notepad++  and I succeed  as shown in the video.  In this way anyone can modify a compiled program without source code.

Statements in C source code inside printf( ) and System( ) functions are mostly readable in the C binary program while opening it in  notepad++.

This can be dangerous . I replaced tails.boum.org with kali.org which is a harmless website but
we can easily replace it with a dangerous site full of viruses.

Also writing Author names in a C/C++ programs to show ownership doesn't work well. In the above video I could change it from M.Anish to kremlin.

CONCLUSION:

Developers should use digital certificates to prove ownership and  provide users with digitally signed programs or with  secure sha256 or sha512 checksums published in a trusted website.

People should avoid installing programs without proper digital signatures or atleast verify that the program has not be modified in a harmful way and always download programs from trustable sources.


Comments

Post a Comment

Popular posts from this blog

MY PGP KEY

-
Here i am posting my OPENPGP PUBLIC KEY which can be used to verify digital signature of  my software available in github and for reporting security bugs.  -----BEGIN PGP PUBLIC KEY BLOCK----- mQINBF3nwF4BEADbF61zKMFr/FNE/8mMniRPK66eIQvxzNWX0RhbjvLfjLooJiyx zCxGYURvXsxoDaehnGRnjP5Hf/Qok1SppAhIZydg5L1nkzjQHQQbUSIoilMGw1UH tWr8TCgZKPWUjPYtkoo0/lLxtgdVMVcl8pvdyYKCJVTpXuxWZa37z1FhCWTrLO1P Nv7B0xLuAjjem6lzLBO/5kUlL0mlsWHp1dMg8Zxm5lvuUNP/2xUe3Qyv49F1b1nt 5okzW1XmvNReEZKiMvHbxIzCRjbifaNXgZaar054FEWH3z3VN4BDsGHAqahVu4oz TAVcX5ABkCfwLOsAMAJrFyd3P6mVoY/fHnbyIIj2ZzZVUzSPSPPfkuukEd+OQKTK bm4Ite4yPXzGwN8XYNWELLn2vpb/ucqlcsvP5bXkt+YCixi0GkiELsI2B6VFgy/3 x4dr1eQKSM1S8ZBq/ah5/FCB5ikxfpCYqKA/tNqI3OafvJoYmzjaO1Wef6vMt+dF Hcs5/j/ZC/FyVgN58oPH6i7j/ihFDTvoCTLkr3NqbkWJkyW/Nuaek/Ed+N2FhPen YI8SVkjR/WXF4T0b4QCfgtyeOxQEqxInvJR3F9hRX48dMZWjl9Z54eWID9tOz4Y7 G7LusA1rNjmNWNIXCc6FHhANwhpW0uk6oKuW1uAdqNpyiWuj0devCIDKvwARAQAB tB9NLkFuaXNoIDxhbmVlc2gyNTg2MUBnbWFpbC5jb20+iQJOBBMBCAA4AhsjBQsJ CAcCBhUKCQgLAgQWAgMBA
Read more

Unblocking Websites using my AntiCensorship Tool in C

-
Image
In my earlier blog post on defeating antivirus detection using Googleweblight , i had shown that googleweblight can be used to bypass firewalls. I have created a C program to make this unblocking process even more faster and easier. The program just manipulates the url and unblocks it. The link to Download the program is given below: -  AntiCensorship Toolv3 Download Here is a short tutorial on how to use the program:- STEP1 : Extract the zip file. STEP2 :Connect to internet and click the Program. STEP3: Wait till program connects the internet, this should normally take 4-5 seconds. STEP4: Enter the website to be unblocked. STEP5: Wait for program Menu. STEP6: Enter your choice . Note that Googleweblight and Hypothes.is would be better for connecting sites with videos and interactive content. Other services would be better for reading text. For Abuse prevention reasons i have choosed services which don't allow downloading files. STEP5: Please wait
Read more

Defeating Antivirus detection of malicious links using Googleweblight.

-
Image
Googleweblight is a service from Google that helps to load webpages in mobile phones using slow internet connections. It seems this service can make content filters ineffective and even help malicious websites bypass antivirus detection if the malicious website is not in google safe browsing blacklist. I was actually looking for ways to access websites which blocked anonymous Tor users , I found that in most of the cheap 3G cell phones , browsers used Googleweblight service to improve Web browsing and it was highly effective in unblocking websites which blocked Tor . It made me wonder if it could be used by evil guys to bypass Antivirus firewalls too. I created a dedicated Windows 10 Virtual Machine with Bitdefender Total Security with  latest updates and took a random verified phishing URL from phishtank service and opened it firefox , Bitdefender immediately blocked access  to the dangerous phishing website ;)  However No warning was displayed by bitdefender when same website
Read more