Programming
Boston University Data Communications and Computer Networks Assembly

Data Communications and Computer Networks

Boston University

Question Description

Hi,

I need help with assemble ...……...

"the role of a software security consultant. A company has approached you with a component that they purchased from a third-party source. The purchasing company, your client, was given a binary file, not the source code. This binary file can be found in the Reverse Engineering Playground in the Final Project Assignment Files folder"

Thanks,

Unformatted Attachment Preview

CS 410 Final Project Guidelines and Rubric Overview Fixing bugs, identifying vulnerabilities, modernizing legacy code, retrieving lost source code, ensuring compatibility across systems or platforms—these are common reverse-engineering activities for computer scientists and software professionals. In CS 410, you will study reverse engineering as the process of discovering how an application works by unearthing its architecture and internal structure as manifested in code. Throughout this course, you will engage in the key steps involved in reverse engineering while studying the qualities of and relationships among different programming languages, including the high-level languages where most programming occurs and the low-level languages through which devices operate. Your work culminates in this final project, in which you will analyze a binary file for a software application, identify its functions, assess its security issues, and convert it to a usable high-level language. In your work as a professional, solving a mystery of this type will require the skills in reverse engineering that you will practice in CS 410. In this final project, you will create a code file and executable containing converted code, as well as a security brief and an appendix to the report. For your code file, you will begin with a binary file and work through a process of conversion and commenting that includes assembly and C code. You will then report on the internal functions of the code, its security vulnerabilities, and your recommendations for addressing these flaws. You will also prepare maps showing how your conversions align and identify security flaws in table or map form. Throughout the course, you will practice the skills you need to complete this final project in six stepping stone assignments. The stepping stones are submitted in Modules One, Two, Three, Four, and Five, and the final product is submitted in Module Seven. All stepping stone and final project code files are located in your Reverse Engineering Playground in the Codio platform. The CS 410 Course Manual includes a wealth of resources supporting your work, including walkthroughs on converting code, accessing binary code with a hex editor, compiling assembly code, and downloading code from Codio. In this assignment, you will demonstrate your mastery of the following course outcomes:     CS-410-01: Disassemble compiled code for converting to assembly language utilizing reverse software-engineering tools and processes CS-410-02: Interpret the functionality of disassembled code utilizing reverse software-engineering tools CS-410-03: Translate disassembled code into a higher-order programming language utilizing reverse software-engineering tools CS-410-04: Analyze software applications for security flaws for determining exploitable weaknesses and vulnerabilities 1 Assignment Details and Deliverables Let’s map the entirety of your work on the stepping stones and the final project, first with a visual. The treasure map below shows the skills you will build in each stepping stone assignment on your way to the final project, where these skills will come together. The table below the image presents the same information in a different format. 2 Submission Skills Code File(s) in Codio Submission Module Due Grading Stepping Stone One Converting C to Assembly 1-1     C code function description Assembly conversion Conversion mapping Assembly explanation One Graded separately; Stepping Stone One Rubric Stepping Stone Two Converting C to Assembly: Loops 2-1     C code function description Assembly conversion Conversion mapping Assembly explanation Two Graded separately; Stepping Stone Two Rubric Stepping Converting Assembly to C Stone Three 2-2   C code conversion Line-by-line explanation Two Graded separately; Stepping Stone Three Rubric Stepping Stone Four 3-1 3-2 3-3 3-4  Binary file names and function descriptions Assembly conversions Comments on assembly code Three Graded separately; Stepping Stone Four Rubric 4-1 4-2 4-3 4-4    Assembly conversions Comments on assembly code Executable versions of assembly code C conversions Four Graded separately; Stepping Stone Five Rubric List of steps in converting binary to C Commented assembly code Commented C code including flaws Assembly code for each function Corrected C code with Comments Five Graded separately; Stepping Stone Six Rubric Stepping Stone Five Converting Binary to Assembly Analyzing Legacy Code    Stepping Stone Six Binary-to-C Conversion and Security Flaws 5-1      3 Submission Skills Final Project    Binary-to-Assembly Conversion Analyzing Legacy Code Binary-to-C Conversion and Security Flaws Code File(s) in Codio Project Code    Submission Code File Security Brief Security Brief Appendix Module Due Seven Grading Graded separately; Final Project Rubric Prompt Now, let’s examine in detail the task you must complete for the final project. For this Final Project, you will assume the role of a software security consultant. A company has approached you with a component that they purchased from a third-party source. The purchasing company, your client, was given a binary file, not the source code. This binary file can be found in the Reverse Engineering Playground in the Final Project Assignment Files folder. Your client also has a description of what the component does: Dear valued customer, Our component, written by our most accomplished programmers, can help you manage your students’ grades. The component uses hard-coded names and GPAs as a starting point. To ensure that only faculty can use components, users must enter a password before they are able to view the students’ grades or modify them. Once a user enters the correct password, permission is granted to view the grades. The user is then given a chance to modify the grades one student a time. Note that we have taken all security precautions to ensure that no one can access this component other than faculty members with passwords. To run our component, please do the following: 1. 2. 3. 4. 5. 6. 7. Run the program. Enter the faculty name and the password (“123”). You will receive a confirmation on-screen, and the component will display the students’ names and grades. You will be asked if you want to change the grades. Enter Y. Start entering students’ names and grades Once done, you will be prompted with the new names and grades. We are thankful for your business and hope to do more business with you in the future! Company A++ 4 To complete this final project, you will deliver a code file and executable, as well as a security brief and an appendix of supporting tables and maps. Specifically, you must address the critical elements listed below. Most of the critical elements align with a particular course outcome (shown in brackets). I. Code File and Executable: The original binary file that you are provided with should be converted to a fully running program in C that functions as described in your commented code. For grading purposes, you must submit your code as both an executable and a Microsoft Word document. A. Convert the binary file into assembly code. [CS-410-01] B. Assembly code is properly commented and explained. [CS-410-02] C. Disassembled code is completely converted into higher-order programming language (C code). [CS-410-03] D. Translated code’s primary functions are properly commented out. [CS-410-02] E. Translated code is logically organized and primary functions execute properly. [CS-410-03] II. Security Brief A. Overview and Body of Report i. Briefly explain the internal code functionality. For example, this is where you would describe what main would do. [CS-410-02] ii. Describe your process for disassembling the compiled code specific to your use of the tools and practices of the discipline. [CS-410-01] iii. Describe the exploitable weaknesses and vulnerabilities that were found in the code. For example, this is where you discuss the ways a hacker could hack into the component and change student grades without having gained previous knowledge of the password. [CS-41004] iv. Describe basic recommendations and suggestions for how exploitable weaknesses and vulnerabilities can be fixed. [CS-410-04] B. Security Brief Appendix (Tables/Mapping) i. Identify what each block of binary code does in assembly language using a table or map. [CS-410-01] ii. Identify security flaws in code using a table or map. [CS-410-04] iii. Map each block of assembly instructions to the corresponding C instructions in a table or visual format. [CS-410-03] Final Project Rubric Guidelines for Submission: There are two separate submissions: 1. The code, including the Microsoft Word file and the executable 2. The security brief and appendix Your security brief should be a 2- to 3-page Microsoft Word document with double spacing, 12-point Times New Roman font, and one-inch margins. The required length does not include the tables and mapping in the appendix. 5 Critical Elements Exemplary Code File and Executable: Binary File [CS-410-01] Code File and Executable: Assembly Code [CS-410-02] Code File and Executable: Completely Converted [CS-410-03] Proficient Needs Improvement Not Evident Value Converts binary file into assembly code (100%) Converts binary file into assembly code but with errors (55%) Does not convert binary file into assembly code (0%) 8.33 Assembly code is properly commented and explained (100%) Assembly code is commented and explained, but commenting or explanation is inadequate (55%) Does not comment or explain assembly code (0%) 8.33 Does not completely convert disassembled code into higherorder programming language (0%) 8.34 Disassembled code is completely Disassembled code is completely converted into higher-order converted into higher-order programming language (100%) programming language but with errors (55%) Code File and Executable: Commented [CS-410-02] Meets “Proficient” criteria and Translated code’s primary demonstrates exceptional clarity functions are properly in commenting code (100%) commented out (85%) Translated code’s primary functions are commented out with some omissions (55%) Does not comment out primary functions of translated code (0%) 8.33 Code File and Executable: Organized and Execute [CS-410-03] Meets “Proficient” criteria and demonstrates exceptional organization in executing code (100%) Translated code is logically organized, and primary functions execute properly (85%) Translated code is organized, and primary functions execute, but code contains errors (55%) Translated code is not organized and primary functions do not execute (0%) 8.33 Security Brief: Overview and Body: Explain the Internal Code Functionality [CS-410-02] Meets “Proficient” criteria and demonstrates detailed recognition of internal code functionality (100%) Briefly explains the internal code Briefly explains the internal code Does not briefly explain the functionality (85%) functionality, but explanation is internal code functionality (0%) inadequate or contains errors (55%) 8.33 Security Brief: Overview and Body: Process for Disassembling [CS-410-01] Meets “Proficient” criteria and demonstrates very high level of detail (100%) Describes process for disassembling compiled code (85%) 8.33 6 Describes process for disassembling compiled code, but description is inadequate or contains errors (55%) Does not describe process for disassembling compiled code (0%) Critical Elements Exemplary Proficient Needs Improvement Not Evident Value Security Brief: Overview and Body: Exploitable Weaknesses and Vulnerabilities [CS-410-04] Meets “Proficient” criteria and demonstrates acuity in security considerations (100%) Describes exploitable weaknesses and vulnerabilities found in code (85%) Describes exploitable Does not describe exploitable weaknesses and vulnerabilities weaknesses or vulnerabilities found in code, but description is found in code (0%) inadequate or contains errors (55%) 8.33 Security Brief: Overview and Body: Basic Recommendations [CS-410-04] Meets “Proficient” criteria and demonstrates acuity in recommending security solutions and suggestions, with marriage between concepts (100%) Describes basic recommendations and suggestions for how exploitable weaknesses and vulnerabilities can be fixed (85%) Describes basic recommendations and suggestions for how exploitable weaknesses and vulnerabilities can be fixed, but description is inadequate or contains errors (55%) Does not describe basic recommendations or suggestions for how exploitable weaknesses and vulnerabilities can be fixed (0%) 8.33 Security Brief: Security Brief Appendix: Binary Code [CS-410-01] Identifies what each block of binary code does in assembly language using a table or map (100%) Identifies what each block of binary code does in assembly language using a table or map, but table or map is incomplete or contains errors (55%) Does not identify what each block of binary code does in assembly language using a table or map (0%) 8.34 Security Brief: Security Brief Appendix: Security Flaws [CS-410-04] Identifies at least four security flaws in code using a table or map (100%) Identifies two or three security flaws in code using a table or map, but table or map contains errors (55%) Identifies one security flaw in code using a table or map, or does not identify any security flaws using a table or map (0%) 8.34 Maps each block of assembly instructions to the corresponding C instructions in a table or visual format (100%) Maps each block of assembly instructions to the corresponding C instructions in a table or visual format, but table or visual is incomplete or contains errors (55%) Does not map each block of assembly instructions to the corresponding C instructions in a table or visual format (0%) 8.34 Total 100% Security Brief: Security Brief Appendix: C Instructions [CS-410-03] 7 ...
Purchase answer to see full attachment

Final Answer

Take the...

Tellos (1403)
Carnegie Mellon University

Anonymous
Top quality work from this tutor! I’ll be back!

Anonymous
Just what I needed… fantastic!

Anonymous
Use Studypool every time I am stuck with an assignment I need guidance.

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4
Similar Questions
Related Tags

Brown University





1271 Tutors

California Institute of Technology




2131 Tutors

Carnegie Mellon University




982 Tutors

Columbia University





1256 Tutors

Dartmouth University





2113 Tutors

Emory University





2279 Tutors

Harvard University





599 Tutors

Massachusetts Institute of Technology



2319 Tutors

New York University





1645 Tutors

Notre Dam University





1911 Tutors

Oklahoma University





2122 Tutors

Pennsylvania State University





932 Tutors

Princeton University





1211 Tutors

Stanford University





983 Tutors

University of California





1282 Tutors

Oxford University





123 Tutors

Yale University





2325 Tutors