![]() |
Informative Information for the Uninformed | ![]() |
||||||||||||
![]() |
![]() |
|||||||||||||
![]() ![]() |
![]() |
|
||||||||||||
![]() |
Next: Spoofed Return Address for
Up: Attacks (and Counter-Attacks) on
Previous: Main Process Image Module
Minor Functional Differences Between Lockdown Module FlavorsPresently, an attacker needs to implement all flavors of the Lockdown module in order to be assured of a successful connection to Battle.net. However, even with the 20 possibilities now available, this is still not difficult due to the minor functional differences between the different Lockdown flavors. Moreso, it is trivially possible to find the "magic" constants that constitute the only functional differences between each flavor of Lockdown. In the author's tests, two pattern matches and a small 200-line C program were all that were necessary to programmatically identify all of the magical constants that represent the functional differences between each flavor of Lockdown module, in a completely automated fashion. In fact, the author would wager that it took more time to implement all 20 different flavors of Lockdown modules than it took to devise and implement a rudimentary pattern matching system to automagically discover all 20 magical constants from the set of 20 Lockdown module flavors. Clearly, this is not desirable from the standpoint of effort put in to the protection scheme vs difficulty in attacking it. In order to address these weaknesses, the following steps could be implemented:
|