Check The Os.computerid Size - ComputerCraft Forums (archive)

JustPingo #1

116 posts

Location France

Posted 09 September 2013 - 12:47 PM

Hi everyone.
I'm working on a program which need to check if os.computerID() has been overwritted.

I've thought that if I check the size of os.computerID, I can compare it to the original size and check if there's differences.
But, I saw that it was the CC's Java part. So I can't get the original size.

Is there a way to know the size of this thing ? Or is there an easier way to check if os.computerID() has been overwritted ?

Thanks you in advance !

EDIT : Solved !

Spoiler

Lyqyd, on 09 September 2013 - 05:50 PM said:
You might see if the bytecode it dumps to is consistent. Other than checking that, you won't really have any way of verifying that it is intact. This is ignoring the fact that if you're basing anything important on the computer ID, you've gone wrong several steps ago, of course.

immibis, on 10 September 2013 - 03:22 AM said:
Then the hypothetical attacker can override string.dump.
 local oldGetID, oldDump = os.computerID, string.dump function os.computerID() return 42 end function string.dump(f) if f == os.computerID then error("dan200.computer.core.LuaJLuaMachine$2 cannot be cast to org.luaj.vm2.LuaClosure", 0) end -- the exact error message CC gives return oldDump(f) end 
(does this count as malicious code? it could be part of a legitimate sandbox) Edit: This can be countered by:
 local old = os.computerID function os.computerID() end local isBeingAttacked = not pcall(string.dump, os.computerID) os.computerID = old 
which can be countered by:
 local oldGetID, oldDump = os.computerID, string.dump function os.computerID() return 42 end local ourComputerID = os.computerID function string.dump(f) if f == ourComputerID then error("dan200.computer.core.LuaJLuaMachine$2 cannot be cast to org.luaj.vm2.LuaClosure", 0) end return oldDump(f) end 
which can be countered by:
 local isBeingAttacked = pcall(string.dump, string.dump) 
which can be countered by: …etc This could go on for a while. Eventually, the attacker will win. If a sufficiently determined attacker has full access to the computer running your program, they will always win, and there is nothing you can do about it. Of course, maybe this has nothing to do with security. If you're not trying to defend against sufficiently determined attackers, this should do:
 local isComputerIDOverridden = pcall(string.dump, os.computerID) 

LBPHacker #2

LBPHacker's profile picture

758 posts

Location Budapest, Hungary

Posted 09 September 2013 - 01:16 PM

If somebody overwrites os.computerID, they'll put the original function into a local (unrachable because of Lua) or into same random index in _G (unreachable because of the randomness). So I think there is no real way of doing that. There's of course the startup script, which can back up os.computerID, though I assume there is already a startup script; the one that overwrites os.computerID, so that's not a way.

theoriginalbit #3

7508 posts

Location Australia

Posted 09 September 2013 - 01:51 PM

Why would someone ever override os.getComputerID? o.O

JustPingo #4

116 posts

Location France

Posted 09 September 2013 - 02:00 PM

Long story.

Cranium #5

Cranium's profile picture

3790 posts

Location Lincoln, Nebraska

Posted 09 September 2013 - 03:09 PM

theoriginalbit, on 09 September 2013 - 01:51 PM said:
Why would someone ever override os.getComputerID? o.O

ID based security system bypass.

immibis #6

immibis's profile picture

997 posts

Location Wellington, New Zealand

Posted 09 September 2013 - 05:22 PM

If there was, then the person who overrode os.computerID would just override it too.

Lyqyd #7

Lyqyd's profile picture

8543 posts

Posted 09 September 2013 - 05:50 PM

You might see if the bytecode it dumps to is consistent. Other than checking that, you won't really have any way of verifying that it is intact. This is ignoring the fact that if you're basing anything important on the computer ID, you've gone wrong several steps ago, of course.

immibis #8

immibis's profile picture

997 posts

Location Wellington, New Zealand

Posted 10 September 2013 - 03:22 AM

Then the hypothetical attacker can override string.dump.


local oldGetID, oldDump = os.computerID, string.dump
function os.computerID() return 42 end
function string.dump(f)
  if f == os.computerID then error("dan200.computer.core.LuaJLuaMachine$2 cannot be cast to org.luaj.vm2.LuaClosure", 0) end -- the exact error message CC gives
  return oldDump(f)
end

(does this count as malicious code? it could be part of a legitimate sandbox)

Edit: This can be countered by:


local old = os.computerID
function os.computerID() end
local isBeingAttacked = not pcall(string.dump, os.computerID)
os.computerID = old

which can be countered by:


local oldGetID, oldDump = os.computerID, string.dump
function os.computerID() return 42 end
local ourComputerID = os.computerID
function string.dump(f)
  if f == ourComputerID then error("dan200.computer.core.LuaJLuaMachine$2 cannot be cast to org.luaj.vm2.LuaClosure", 0) end
  return oldDump(f)
end

which can be countered by:


local isBeingAttacked = pcall(string.dump, string.dump)

which can be countered by:
…etc
This could go on for a while. Eventually, the attacker will win. If a sufficiently determined attacker has full access to the computer running your program, they will always win, and there is nothing you can do about it.

Of course, maybe this has nothing to do with security. If you're not trying to defend against sufficiently determined attackers, this should do:


local isComputerIDOverridden = pcall(string.dump, os.computerID)

JustPingo #9

116 posts

Location France

Posted 10 September 2013 - 12:31 PM

Thanks you all !
I think this defense is completly enough.
I know I can't do something completly safe with CC, but the maximum that I can do is the best.
An other time, thanks you.

immibis #10

immibis's profile picture

997 posts

Location Wellington, New Zealand

Posted 10 September 2013 - 05:17 PM

Also, if someone is trying to attack your program, they can just edit it and remove the security checks.