The Naked Scientists

The Naked Scientists Forum

Author Topic: What's special about a program source code?  (Read 6070 times)

Offline syhprum

  • Neilep Level Member
  • ******
  • Posts: 3822
  • Thanked: 19 times
    • View Profile
What's special about a program source code?
« on: 09/02/2012 10:16:08 »
There is much excitment amongst hacking circles that a disgrunteled  (ex ?) employee has put the source code of PCanywhere on the "Pirate Bay" file sharing site.
Why are source code versions a valued secret, what do the contain that a normal runable version of the program does not?.
« Last Edit: 09/02/2012 10:51:23 by chris »


 

Offline chris

  • Neilep Level Member
  • ******
  • Posts: 5339
  • Thanked: 65 times
  • The Naked Scientist
    • View Profile
    • The Naked Scientists
Re: What's special about a program source code?
« Reply #1 on: 09/02/2012 10:57:05 »
What is running on your computer is often a "compiled" form of the software, which is very hard to interpret or modify but is in a much more compact and efficient format that runs more quickly. The source code is the bloated, inefficient precursor from which this compiled form is derived. But it has the benefit of being easier to understand and manipulate. This means that the original source code is the key to being able to hack, modify or update an application.

Chris
 

Offline CliffordK

  • Neilep Level Member
  • ******
  • Posts: 6321
  • Thanked: 3 times
  • Site Moderator
    • View Profile
Re: What's special about a program source code?
« Reply #2 on: 09/02/2012 11:17:09 »
PCAnywhere is a remote control program.  So, hacking it would be key to hacking remote access to PC's running the software.

But, does anybody ever use it anymore? 

For the last decade, All versions of Windows NT, and its derivatives including XP, Vista, and 7, have essentially had terminal server functionality built in. 

All one needs is either an outside IP address for their computer, or a VPN connection, and the control software is already there, and reasonably effective.

Perhaps, rather than creating a custom remote control app, one should just write configuration scripts for Widows software.
 

Offline syhprum

  • Neilep Level Member
  • ******
  • Posts: 3822
  • Thanked: 19 times
    • View Profile
Re: What's special about a program source code?
« Reply #3 on: 09/02/2012 13:12:50 »
I run windows 7 and have no problem accessing my spare computer and getting a screen shot, I have no experience accessing computers that are on a different I.P but I did wonder if PC anywhere was really needed but it is priced at £199.00 and presumably someone buys it.
Out of curiosity I downloaded this source code and found it to be about five times as long as the the regular program.
 

Offline Geezer

  • Neilep Level Member
  • ******
  • Posts: 8328
  • "Vive la résistance!"
    • View Profile
Re: What's special about a program source code?
« Reply #4 on: 09/02/2012 17:53:02 »
As Chris says, it's a lot easier to figure out how a program works if you have the source code. You can reverse engineer the logic of a program from the machine executable code, but it is a very tedious process. It's bad enough if the program was actually written in assembly language (the native language of the processor) but programs written in high-level languages are a lot worse because the compilers (the programs that generate the machine code) tend to produce code very differently from humans.

Even when you have the source code it's sometimes incredibly difficult to figure out what's going on, particularly when you run into a bug that produces a subtle interaction between hardware and software. It's often difficult to understand whether it's even a hardware or a software problem. I spent thirty years refereeing fights between hardware and software engineers!

I suppose the source of PC Anywhere would provide extra clues to some would-be hackers about ways they might capture keystrokes and screen data, or means to spoof the operating system and applications, but I don't think it would be news to a lot of the existing hard-core hackers.
 

Offline CliffordK

  • Neilep Level Member
  • ******
  • Posts: 6321
  • Thanked: 3 times
  • Site Moderator
    • View Profile
Re: What's special about a program source code?
« Reply #5 on: 09/02/2012 18:22:14 »
One other point is that there are a number of disassemblers and decompilers available.  Java can decompile reasonably well, although there are good obfuscaters to hinder the process, and one often looses representative variable names.

The Linux model is to provide the source code to everyone for scrutiny, and to communicate with users about potential flaws.

 

Offline Geezer

  • Neilep Level Member
  • ******
  • Posts: 8328
  • "Vive la résistance!"
    • View Profile
Re: What's special about a program source code?
« Reply #6 on: 09/02/2012 18:34:40 »

Java can decompile reasonably well,


Yes, but I don't think Java compiles to machine code. Doesn't it compile to run on the Java virtual machine?
 

Offline syhprum

  • Neilep Level Member
  • ******
  • Posts: 3822
  • Thanked: 19 times
    • View Profile
Re: What's special about a program source code?
« Reply #7 on: 09/02/2012 19:14:14 »
Just for curiosity could I with my very limited programing skills produce a working version of the program from this source code ?.
I don't wish to steal any copyrighted property this is just a technical exercise
 

Offline CliffordK

  • Neilep Level Member
  • ******
  • Posts: 6321
  • Thanked: 3 times
  • Site Moderator
    • View Profile
Re: What's special about a program source code?
« Reply #8 on: 09/02/2012 19:23:33 »
It is quite likely you could compile it, although sometimes it is a hassle tracking down libraries. 
What language is it written in?  C++?  Does it include a "Makefile"?

You used to be able to download fully functional demo versions of Microsoft's compilers. 

I suppose one other thing the source code might give is very good insight into Symantec's current generation of license key technology.
 

Offline Geezer

  • Neilep Level Member
  • ******
  • Posts: 8328
  • "Vive la résistance!"
    • View Profile
Re: What's special about a program source code?
« Reply #9 on: 09/02/2012 19:28:44 »
Just for curiosity could I with my very limited programing skills produce a working version of the program from this source code ?.
I don't wish to steal any copyrighted property this is just a technical exercise

You could, but if you are not already familiar with the language (C or C++ ?) you would face a pretty steep learning curve. If you can already write in that language, and successfully compile code that runs on your target machine, it should not be a big problem.
 

Offline CliffordK

  • Neilep Level Member
  • ******
  • Posts: 6321
  • Thanked: 3 times
  • Site Moderator
    • View Profile
Re: What's special about a program source code?
« Reply #10 on: 09/02/2012 20:13:01 »
It is an interesting story.  Obviously nobody trusted each other enough to believe that the ransom would get paid, or that the copies of the code would be destroyed. 

$50,000 would have been a drop in the bucket considering the potential ramifications to Symantec, especially if the NAV code gets released.  But, it would also set a very bad precedent.

Keep in mind if you are downloading a high profile torrent like this one, someone may be collecting IP addresses of downloaders.

It is not inconceivable that the hackers would have also added their own Trojan Horse to the Symantec code.
 

Offline syhprum

  • Neilep Level Member
  • ******
  • Posts: 3822
  • Thanked: 19 times
    • View Profile
Re: What's special about a program source code?
« Reply #11 on: 09/02/2012 20:57:11 »
with my geek rating of F- I don't think I can go any further with this so all 2.5Gb of code will go in the skip but I would be interested to know if anyone else has a go as the code downloads very quickly from "The pirate bay".
 

Offline redreed

  • First timers
  • *
  • Posts: 4
    • View Profile
Re: What's special about a program source code?
« Reply #12 on: 23/02/2012 14:59:38 »
Hmm, had no idea that Pcanywhere is still around. Anyhow I gave up using any of their products long time ago so I've got nothing to complain about. It's a shocker though that the Pcanywhere code got stolen way back in 2006 and it took them this long to admit it.

Btw, since this pcanywhere thing came up I was wondering if it's got anything to do with audials anywhere or something like that? I stumbled upon that audials thing on some discussion and reminded me of Pcanywhere, though got no idea if it's another of them remote desktop programs or it's got nothing to do with them...
 

Offline wolfekeeper

  • Neilep Level Member
  • ******
  • Posts: 1092
  • Thanked: 11 times
    • View Profile
Re: What's special about a program source code?
« Reply #13 on: 23/02/2012 15:25:36 »
At the very least Symantec may just be going through their product with a fine tooth comb just to make sure that there's no security howlers.

But the point of this is that the software is highly likely to contain bugs, and possibly backdoors, and be generally of bad design.

The thing is, if you have the source code you can find these types of problems much more easily, and then use that to break in to systems.

The fact that Symantec immediately told their users to stop using it supports the idea that they know that it's not designed to be highly secure, and hence relies on something termed 'security by obscurity'.

But given that the source code is out there now, the product is no longer obscure or secure.

However, there's no particular reason why an open source product should be particularly vulnerable... except if you assumed that it wasn't open sourced and thus designed it badly, which, let's face it, is likely to be cheaper.
 

Offline SeanB

  • Neilep Level Member
  • ******
  • Posts: 1118
  • Thanked: 3 times
    • View Profile
Re: What's special about a program source code?
« Reply #14 on: 23/02/2012 19:42:04 »
Still have an old copy around, and it did do what it was supposed to do. Of course it ran on MSDOS, and the modem was only plugged in when needed. Very secure then, even with the default admin/admin passwords......
 

Offline CliffordK

  • Neilep Level Member
  • ******
  • Posts: 6321
  • Thanked: 3 times
  • Site Moderator
    • View Profile
Re: What's special about a program source code?
« Reply #15 on: 23/02/2012 19:54:56 »
I'm not sure "Open Source" is as bad as you think.  While there may be a false sense of security with Linux, the advantage of an open source model is that there is much more scrutiny on the programming.  Of course, Semantic doesn't consider it to be an open source system.  It is unclear which version was released, but it appears to be at least one major revision old. 

What else is out there?  The hackers claim to also have a copy of NAV, which would affect a greater number of people, and could lead to more troublesome viruses.
 

Offline nicephotog

  • Sr. Member
  • ****
  • Posts: 387
  • Thanked: 7 times
  • H h H h H h H h H h
    • View Profile
    • Freeware Downloads
Re: What's special about a program source code?
« Reply #16 on: 26/02/2012 12:28:29 »
The only true security is cryption of data e.g. crypted drives. Possible inclusive crypted drivers(.so .dll etc). One version of Linux was built by the UK government to commit object loading descrimination.
As for the open source , thats entirely dependent the effectiveness the programs own user space it runs in as assigned and compiled for access.
 

Offline wolfekeeper

  • Neilep Level Member
  • ******
  • Posts: 1092
  • Thanked: 11 times
    • View Profile
Re: What's special about a program source code?
« Reply #17 on: 26/02/2012 13:13:48 »
Encryption in and of itself doesn't solve security problems, if the installation gets successfully attacked they can usually get your encryption keys.

There is a move towards secure computing, where the operating system boots itself up using known secure code, and then restricts the operations that running code is permitted and so as to avoid loss of key security. But even then, physical security of the machine is required for it to work.
 

Offline syhprum

  • Neilep Level Member
  • ******
  • Posts: 3822
  • Thanked: 19 times
    • View Profile
Re: What's special about a program source code?
« Reply #18 on: 26/02/2012 20:19:52 »
The simplist way of overcoming encryption sercurity is the capture and torture of operators, this was done all the time during the last big war and is no doubt still going on.
 

Offline wolfekeeper

  • Neilep Level Member
  • ******
  • Posts: 1092
  • Thanked: 11 times
    • View Profile
 

Offline nicephotog

  • Sr. Member
  • ****
  • Posts: 387
  • Thanked: 7 times
  • H h H h H h H h H h
    • View Profile
    • Freeware Downloads
Re: What's special about a program source code?
« Reply #20 on: 27/02/2012 03:52:44 »
Who said the computers OS system or inclusive its physical circuits had to be the precursor for operation of the hard disc?
And why leave yopur keys in the car with the door aka "unlocked". As much to a car a computer has only its windows in the way to get to the keys so therefore it's an unlocked car. Any sensibe person keeps their keys with them not in the car. That's not an excuse, you do not keep your cryption algorithm coefficients in the computer when you use unbreakable crypt(meaning your serious about security).
 

Offline wolfekeeper

  • Neilep Level Member
  • ******
  • Posts: 1092
  • Thanked: 11 times
    • View Profile
Re: What's special about a program source code?
« Reply #21 on: 27/02/2012 12:30:36 »
Some computers operate as servers, and require the keys to be present in the computer.
 

The Naked Scientists Forum

Re: What's special about a program source code?
« Reply #21 on: 27/02/2012 12:30:36 »

 

SMF 2.0.10 | SMF © 2015, Simple Machines
SMFAds for Free Forums