Anti-Rop

Discussion in 'other security issues & news' started by CloneRanger, Jan 11, 2012.

Thread Status:
Not open for further replies.
  1. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    I know at least one person that might be interested in this ;)

     
  2. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
    Microsoft implementing it into EMET in 3..2..1.. :D Would be nice to have, EMET for the win. :)
     
  3. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    errrr is there any more information anywhere? lol

    I'm using Windows 8, which already has anti-ROP built in but I don't know if they work the same way.
     
  4. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Not exactly a confidence builder.
     
  5. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Yeah... I don't see a download link either. I've also never heard of these people.
     
  6. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    I'm not even sure they're referring to software and not a hardware component.
     
  7. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    It says it patches files so I think software.

    I'm curious as to how they do detection (if this is legitimate) in any way different from win8.
     
  8. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    They obviously don't mind, using humour on their website. On the 'Synjector: Synapse's Code Integration Engine' webpage, they state about the engine;
    "Does the Framework works on Linux ? - Porting in Progress
    Is it based on another engine ? - NO, We coded it from scratch
    Defeats Aliens ? - YES
    Chuck Norris Approved ? - YES
    How does it work ? - We Don't Know !
    ". link

    I'm not really sure though what exactly can be taken lightheartedly and what seriously...
     
    Last edited: Jan 11, 2012
  9. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Me either. By the way, that link is broken.

    Anyways, if you want to defeat ROP just use ASLR. It makes it much more difficult (EMET/ 64bit OS.)

    EDIT: Or does it? I'm not sure since it uses a different tactic than typical rlibc
    EDIT2: As I suspected ASLR would not effect ROP directly but if the entire address space is randomized it will make it more difficult.

    http://www.garage4hackers.com/blogs/61/aslr-dep-bypassing-techniques-242/
     
    Last edited: Jan 11, 2012
Loading...
Thread Status:
Not open for further replies.