Boston University Data Communications and Computer Networks Assembly Hi,I need help with assemble …………”the role of a software security consultant. A co

Boston University Data Communications and Computer Networks Assembly Hi,I need help with assemble …………”the role of a software security consultant. A company has approached you with a component that they purchased from a third-party source. The purchasing company, your client, was given a binary file, not the source code. This binary file can be found in the Reverse Engineering Playground in the Final Project Assignment Files folder”Thanks, CS 410 Final Project Guidelines and Rubric
Overview
Fixing bugs, identifying vulnerabilities, modernizing legacy code, retrieving lost source code, ensuring compatibility across systems or platforms—these are
common reverse-engineering activities for computer scientists and software professionals. In CS 410, you will study reverse engineering as the process of
discovering how an application works by unearthing its architecture and internal structure as manifested in code. Throughout this course, you will engage in the
key steps involved in reverse engineering while studying the qualities of and relationships among different programming languages, including the high-level
languages where most programming occurs and the low-level languages through which devices operate. Your work culminates in this final project, in which you
will analyze a binary file for a software application, identify its functions, assess its security issues, and convert it to a usable high-level language. In your work as
a professional, solving a mystery of this type will require the skills in reverse engineering that you will practice in CS 410.
In this final project, you will create a code file and executable containing converted code, as well as a security brief and an appendix to the report. For your
code file, you will begin with a binary file and work through a process of conversion and commenting that includes assembly and C code. You will then report on
the internal functions of the code, its security vulnerabilities, and your recommendations for addressing these flaws. You will also prepare maps showing how
your conversions align and identify security flaws in table or map form.
Throughout the course, you will practice the skills you need to complete this final project in six stepping stone assignments. The stepping stones are submitted in
Modules One, Two, Three, Four, and Five, and the final product is submitted in Module Seven. All stepping stone and final project code files are located in your
Reverse Engineering Playground in the Codio platform. The CS 410 Course Manual includes a wealth of resources supporting your work, including walkthroughs
on converting code, accessing binary code with a hex editor, compiling assembly code, and downloading code from Codio.
In this assignment, you will demonstrate your mastery of the following course outcomes:
?
?
?
?
CS-410-01: Disassemble compiled code for converting to assembly language utilizing reverse software-engineering tools and processes
CS-410-02: Interpret the functionality of disassembled code utilizing reverse software-engineering tools
CS-410-03: Translate disassembled code into a higher-order programming language utilizing reverse software-engineering tools
CS-410-04: Analyze software applications for security flaws for determining exploitable weaknesses and vulnerabilities
1
Assignment Details and Deliverables
Let’s map the entirety of your work on the stepping stones and the final project, first with a visual. The treasure map below shows the skills you will build in each
stepping stone assignment on your way to the final project, where these skills will come together. The table below the image presents the same information in a
different format.
2
Submission
Skills
Code File(s)
in Codio
Submission
Module
Due
Grading
Stepping
Stone One
Converting C to Assembly
1-1
?
?
?
?
C code function description
Assembly conversion
Conversion mapping
Assembly explanation
One
Graded separately; Stepping Stone One Rubric
Stepping
Stone Two
Converting C to Assembly:
Loops
2-1
?
?
?
?
C code function description
Assembly conversion
Conversion mapping
Assembly explanation
Two
Graded separately; Stepping Stone Two Rubric
Stepping
Converting Assembly to C
Stone Three
2-2
?
?
C code conversion
Line-by-line explanation
Two
Graded separately; Stepping Stone Three Rubric
Stepping
Stone Four
3-1
3-2
3-3
3-4
?
Binary file names and function
descriptions
Assembly conversions
Comments on assembly code
Three
Graded separately; Stepping Stone Four Rubric
4-1
4-2
4-3
4-4
?
?
?
Assembly conversions
Comments on assembly code
Executable versions of
assembly code
C conversions
Four
Graded separately; Stepping Stone Five Rubric
List of steps in converting
binary to C
Commented assembly code
Commented C code including
flaws
Assembly code for each
function
Corrected C code with
Comments
Five
Graded separately; Stepping Stone Six Rubric
Stepping
Stone Five
Converting Binary to
Assembly
Analyzing Legacy Code
?
?
?
Stepping
Stone Six
Binary-to-C Conversion and
Security Flaws
5-1
?
?
?
?
?
3
Submission
Skills
Final Project ?
?
?
Binary-to-Assembly
Conversion
Analyzing Legacy Code
Binary-to-C Conversion
and Security Flaws
Code File(s)
in Codio
Project Code ?
?
?
Submission
Code File
Security Brief
Security Brief Appendix
Module
Due
Seven
Grading
Graded separately; Final Project Rubric
Prompt
Now, let’s examine in detail the task you must complete for the final project.
For this Final Project, you will assume the role of a software security consultant. A company has approached you with a component that they purchased from a
third-party source. The purchasing company, your client, was given a binary file, not the source code. This binary file can be found in the Reverse Engineering
Playground in the Final Project Assignment Files folder. Your client also has a description of what the component does:
Dear valued customer,
Our component, written by our most accomplished programmers, can help you manage your students’ grades. The component uses hard-coded names and
GPAs as a starting point. To ensure that only faculty can use components, users must enter a password before they are able to view the students’ grades or
modify them. Once a user enters the correct password, permission is granted to view the grades. The user is then given a chance to modify the grades one
student a time. Note that we have taken all security precautions to ensure that no one can access this component other than faculty members with passwords.
To run our component, please do the following:
1.
2.
3.
4.
5.
6.
7.
Run the program.
Enter the faculty name and the password (“123”).
You will receive a confirmation on-screen, and the component will display the students’ names and grades.
You will be asked if you want to change the grades.
Enter Y.
Start entering students’ names and grades
Once done, you will be prompted with the new names and grades.
We are thankful for your business and hope to do more business with you in the future!
Company A++
4
To complete this final project, you will deliver a code file and executable, as well as a security brief and an appendix of supporting tables and maps.
Specifically, you must address the critical elements listed below. Most of the critical elements align with a particular course outcome (shown in brackets).
I.
Code File and Executable: The original binary file that you are provided with should be converted to a fully running program in C that functions as
described in your commented code. For grading purposes, you must submit your code as both an executable and a Microsoft Word document.
A. Convert the binary file into assembly code. [CS-410-01]
B. Assembly code is properly commented and explained. [CS-410-02]
C. Disassembled code is completely converted into higher-order programming language (C code). [CS-410-03]
D. Translated code’s primary functions are properly commented out. [CS-410-02]
E. Translated code is logically organized and primary functions execute properly. [CS-410-03]
II.
Security Brief
A. Overview and Body of Report
i. Briefly explain the internal code functionality. For example, this is where you would describe what main would do. [CS-410-02]
ii. Describe your process for disassembling the compiled code specific to your use of the tools and practices of the discipline. [CS-410-01]
iii. Describe the exploitable weaknesses and vulnerabilities that were found in the code. For example, this is where you discuss the ways a
hacker could hack into the component and change student grades without having gained previous knowledge of the password. [CS-41004]
iv. Describe basic recommendations and suggestions for how exploitable weaknesses and vulnerabilities can be fixed. [CS-410-04]
B. Security Brief Appendix (Tables/Mapping)
i. Identify what each block of binary code does in assembly language using a table or map. [CS-410-01]
ii. Identify security flaws in code using a table or map. [CS-410-04]
iii. Map each block of assembly instructions to the corresponding C instructions in a table or visual format. [CS-410-03]
Final Project Rubric
Guidelines for Submission: There are two separate submissions:
1. The code, including the Microsoft Word file and the executable
2. The security brief and appendix
Your security brief should be a 2- to 3-page Microsoft Word document with double spacing, 12-point Times New Roman font, and one-inch margins. The
required length does not include the tables and mapping in the appendix.
5
Critical Elements
Exemplary
Code File and
Executable: Binary
File
[CS-410-01]
Code File and
Executable: Assembly
Code
[CS-410-02]
Code File and
Executable:
Completely
Converted
[CS-410-03]
Proficient
Needs Improvement
Not Evident
Value
Converts binary file into
assembly code (100%)
Converts binary file into
assembly code but with errors
(55%)
Does not convert binary file into
assembly code (0%)
8.33
Assembly code is properly
commented and explained
(100%)
Assembly code is commented
and explained, but commenting
or explanation is inadequate
(55%)
Does not comment or explain
assembly code (0%)
8.33
Does not completely convert
disassembled code into higherorder programming language
(0%)
8.34
Disassembled code is completely Disassembled code is completely
converted into higher-order
converted into higher-order
programming language (100%) programming language but with
errors (55%)
Code File and
Executable:
Commented
[CS-410-02]
Meets “Proficient” criteria and
Translated code’s primary
demonstrates exceptional clarity functions are properly
in commenting code (100%)
commented out (85%)
Translated code’s primary
functions are commented out
with some omissions (55%)
Does not comment out primary
functions of translated code
(0%)
8.33
Code File and
Executable:
Organized and
Execute
[CS-410-03]
Meets “Proficient” criteria and
demonstrates exceptional
organization in executing code
(100%)
Translated code is logically
organized, and primary
functions execute properly
(85%)
Translated code is organized,
and primary functions execute,
but code contains errors (55%)
Translated code is not organized
and primary functions do not
execute (0%)
8.33
Security Brief:
Overview and Body:
Explain the Internal
Code Functionality
[CS-410-02]
Meets “Proficient” criteria and
demonstrates detailed
recognition of internal code
functionality (100%)
Briefly explains the internal code Briefly explains the internal code Does not briefly explain the
functionality (85%)
functionality, but explanation is internal code functionality (0%)
inadequate or contains errors
(55%)
8.33
Security Brief:
Overview and Body:
Process for
Disassembling
[CS-410-01]
Meets “Proficient” criteria and
demonstrates very high level of
detail (100%)
Describes process for
disassembling compiled code
(85%)
8.33
6
Describes process for
disassembling compiled code,
but description is inadequate or
contains errors (55%)
Does not describe process for
disassembling compiled code
(0%)
Critical Elements
Exemplary
Proficient
Needs Improvement
Not Evident
Value
Security Brief:
Overview and Body:
Exploitable
Weaknesses and
Vulnerabilities
[CS-410-04]
Meets “Proficient” criteria and
demonstrates acuity in security
considerations (100%)
Describes exploitable
weaknesses and vulnerabilities
found in code (85%)
Describes exploitable
Does not describe exploitable
weaknesses and vulnerabilities weaknesses or vulnerabilities
found in code, but description is found in code (0%)
inadequate or contains errors
(55%)
8.33
Security Brief:
Overview and Body:
Basic
Recommendations
[CS-410-04]
Meets “Proficient” criteria and
demonstrates acuity in
recommending security
solutions and suggestions, with
marriage between concepts
(100%)
Describes basic
recommendations and
suggestions for how exploitable
weaknesses and vulnerabilities
can be fixed (85%)
Describes basic
recommendations and
suggestions for how exploitable
weaknesses and vulnerabilities
can be fixed, but description is
inadequate or contains errors
(55%)
Does not describe basic
recommendations or
suggestions for how exploitable
weaknesses and vulnerabilities
can be fixed (0%)
8.33
Security Brief:
Security Brief
Appendix: Binary
Code
[CS-410-01]
Identifies what each block of
binary code does in assembly
language using a table or map
(100%)
Identifies what each block of
binary code does in assembly
language using a table or map,
but table or map is incomplete
or contains errors (55%)
Does not identify what each
block of binary code does in
assembly language using a table
or map (0%)
8.34
Security Brief:
Security Brief
Appendix: Security
Flaws
[CS-410-04]
Identifies at least four security
flaws in code using a table or
map (100%)
Identifies two or three security
flaws in code using a table or
map, but table or map contains
errors (55%)
Identifies one security flaw in
code using a table or map, or
does not identify any security
flaws using a table or map (0%)
8.34
Maps each block of assembly
instructions to the
corresponding C instructions in a
table or visual format (100%)
Maps each block of assembly
instructions to the
corresponding C instructions in a
table or visual format, but table
or visual is incomplete or
contains errors (55%)
Does not map each block of
assembly instructions to the
corresponding C instructions in a
table or visual format (0%)
8.34
Total
100%
Security Brief:
Security Brief
Appendix: C
Instructions
[CS-410-03]
7

Purchase answer to see full
attachment