Monday, March 31, 2008

Hydan steganography software on Ubuntu 7.04

First off, I finished the SANS 504 class, and it was one of the best security classes I have taken. And, it didn't hurt that Ed Skoudis taught the class. If you ever have a chance to take this class, I wholeheartedly recommend it. I haven't started studying for the exam, I plan on it; however the class alone was worth the money. I took it in the @Home format, which meant I got to learn from the confines of my home. Don't worry about that format. The software that facilitates the class is excellent. You hear the professor fine, see the slides that are presented, and, can interact via an online chat feature. Plus, the class is recorded, so on the off chance that you should miss one (I didn't) you could grab the audio at a later date.

7.04 laptop, and the The class recommends an XP laptop with VMWare on it so that you could run Red Hat linux for the linux portions of the class. I did 90% of the class on my UbuntuXP exercises I completed on a separate XP computer. (That went for the capture the flag game at the end, as well.) Almost all of the linux tools discussed in class were able to be fetched from the Ubuntu repositories, either from the package manager or using "sudo apt-get install...."

I was unsuccessful with one tool in particular: the Hydan steganography tool. This tool I have only found in a .tar.gz format. I downloaded the latest version, extracted it, and followed the directions in the readme. Basically, it was just cd to the hydan directory, and "sudo make." (Actually, it was just "make," but with Ubuntu I needed the sudo command.) However, I received the following errors:


cd libdisasm/src/arch/i386/libdisasm && make libdisasm
make[1]: Entering directory `/test/hydan/libdisasm/src/arch/i386/libdisasm'
gcc -I. -O3 -ggdb -c -o libdis.o libdis.c
gcc -I. -O3 -ggdb -c -o i386_invariant.o i386_invariant.c
i386_invariant.c: In function ‘disasm_invariant_modrm’:
i386_invariant.c:45: warning: incompatible implicit declaration of built-in function ‘memset’
i386_invariant.c:52: warning: incompatible implicit declaration of built-in function ‘memset’
i386_invariant.c:55: warning: incompatible implicit declaration of built-in function ‘memset’
i386_invariant.c: In function ‘disasm_invariant_decode’:
i386_invariant.c:155: warning: incompatible implicit declaration of built-in function ‘memset’
i386_invariant.c:165: warning: incompatible implicit declaration of built-in function ‘memcpy’
i386_invariant.c: In function ‘disasm_invariant’:
i386_invariant.c:233: warning: incompatible implicit declaration of built-in function ‘memcpy’
gcc -I. -O3 -ggdb -c -o vm.o vm.c
vm.c: In function ‘vm_add_regtbl_entry’:
vm.c:17: warning: incompatible implicit declaration of built-in function ‘strncpy’
gcc -I. -O3 -ggdb -c -o bastard.o bastard.c
bastard.c: In function ‘addrexp_get’:
bastard.c:22: warning: incompatible implicit declaration of built-in function ‘memcpy’
bastard.c: In function ‘addrexp_new’:
bastard.c:40: warning: incompatible implicit declaration of built-in function ‘calloc’
gcc -I. -O3 -ggdb -c -o i386.o i386.c
# make .a
ar rc libdisasm.a libdis.o i386_invariant.o vm.o bastard.o i386.o
ranlib libdisasm.a
make[1]: Leaving directory `/test/hydan/libdisasm/src/arch/i386/libdisasm'
gcc -Wall -Ilibdisasm/src/arch/i386/libdisasm -g -DVARBITS -c -o hdn_common.o hdn_common.c
In file included from hdn_common.h:12,
from hdn_common.c:9:
hydan.h:24:25: error: openssl/evp.h: No such file or directory
hdn_common.c: In function ‘hdn_disassemble_all’:
hdn_common.c:32: warning: pointer targets in assignment differ in signedness
hdn_common.c:37: warning: pointer targets in passing argument 1 of ‘x86_disasm’ differ in signedness
make: *** [hdn_common.o] Error 1
I'm not the best at interpreting the make errors. Anyone out there have any ideas? What I'm not sure is if the error is because of Ubuntu, or if there is something else wrong.

No comments:

Post a Comment