The amount of creativity that goes into a hack is pretty outstanding. A lot of people think that the art of hacking just consists of breaking things. Well it does. Its just that you are not breaking an item randomly, you are breaking an item in a very artistic way. You are breaking it in such a way that someone who understands what you are doing will be amazed. There is a lot of technique that goes into being a hacker and that is why people who consider themselves true hackers are very protective of the name.
Unfortunately the hacker name has grown to have negative connotations these days. Most people when they hear the word hacker automatically think of a computer criminal. That is far from the case. Most of the time these people have only the faintest idea of what goes into a hack and they only use the ideas that others have created. There are also some people who think that all people who program on a computer are hackers as well. Once again that is far from the case. As I said earlier, a hacker is someone who truly cares for his work and really thinks about what he is doing. And what he is doing is usually trying to find a new way to extend the parameters of a piece of code or hardware.
When it comes to hacking there are always new techniques being tried by both the good guys and the bad guys in being able to exploit a situation. One of the new techniques that have been used recently is called ROP. I will discuss what it is and how it is used in this article.
So what is ROP?
The letters ROP stand for Return Orientated Programming. It is a technique that has been known for a few years and was created due to a need by the hacker community. This need was because hackers had figured out how to make certain code execute in portions of the memory space where it was not supposed to. For the people who are not familiar with the term, memory is the RAM that you put into your computer. Well since hackers had figured out how to do that, several of the most popular operating system creators such as Microsoft, Linux, and Apple made it so that you were not able to execute code in memory in this manner. They did it by using several different techniques. One of the techniques was called ASLR which means Address Space Layout Randomization. This means that when you load a new program up into memory there is no set place where that code is going to execute at. It is all random. There are more techniques that were used to protect the memory space but ASLR is one of the most popular.
So to combat this blockage, hackers found another way to be able to execute code that is not supposed to be executed. They used a technique called ROP as I spoke of before. The whole point of ROP is to allow a normal program to run and then the attacker takes over the space right before the return point in that same program. This usually happens in the stack portion of the memory. A program is usually broken down into sections called functions when it is loaded in memory and these sections are stacked on top of each other. The program follows the list of instructions until it either hits a portion that tells it to go to another part of memory or it hits the return portion. When the program executes, right before you get to the return point in the function, the attacker places a little bit of machine instruction into the prior memory space and there you have your exploit.
ROP has been a useful technique for several years now but it has really come into the light within the hacker community because of the IPhone exploits. The IPhone has several hackers who have found a way around the protection layer by using ROP techniques. Because of the success of the IPhone and Apple’s history of security, the ROP technique is now in the spotlight.
Pretty soon there is a good chance that the operating system vendors will find a way to cut out this loop hole as well. And then it will be up to the hackers to find a way around this new protection as well. That is the game that is played and it all leads to a more secure computing eco system. If the good guys were not helping to exploit and report these holes then all of the information would be in the hands of the bad guys.