ssSSsh yet again a boring “Design of Electrical Apparatus” class so i decided to cook this nice little article for you all,
AU power lab is the software developed by AnnaUniversity’s Power Research Group for Power Systems Simulation Lab [EE1404] which is used by most of the colleges for their Final Year EEE lab curriculum.
About the Application:
The Application has a client server architecture, the server verifies the license key/authentication key of the client machines. The Client Software which has a Sluggish Graphical User Interface is written in VC++/VB6.0. The application will be usually installed in “C:AuPower” , you can find a lot of directories inside”C:AuPower” some of them are
- Acrod32 (adobe reader verison 5.0 to view the pdf help files)
- ED and many
Each of the Directory corresponds to a Menu which are seperate exercise for the lab curriculum
LFS corresponds to the Load Flow Solution exercise and TSA corresponds to the Transient Stability Analysis exercise
Inside each of the directories i.e Inside LFS,TSA,ED etc there will be further 3 subdirectories
sample directory contains some text files which bears the sample data given to the problem.
user directory contains some text files which bears the data which you entered and saved in the Grapical User Interface
work directory contains the executable files which are required for running the program and computing the output.
Well, if you are lost somewhere, let me sum it up again,When you open the AUpower lab application on your desktop you’ll be presented with several menus each corresponding to a exercise viz Load Flow Analysis, Economic Dispatch etc, when you click a particular option what happens is the respective program for data collection gets started this program will be inside C:AuPowerClickedMenu’s AbbrevatedFormwork.
In some exerices a CommandPrompt [DOS prompt] will appear and you need to enter your options after entering those options the program runs and produces the output.
Due to lack of application security in the AUPowerlab software, it fails to verify the authenticity of the called program by the main application. It means you can create a custom executable file and you can replace it with the original so that when when the application is run, your executable comes up instead of the original executable.
We are going to exploit this security flaw to make fun out of AUPower Lab, Lets use Economic Dispatch exercise as our target 😛
Goto C:AuPowerED*(im not sure with this name, it will start some thing like ED)work
you will see 2 files without any ICON
- ED*L.exe [again pardon me for not remembering the exact file names]
ED*L.exe is for problem with Losses and ED*NL.exe is for problem without losses, we have problem without loss alone in our syllabus, so we are going to create another executable in the name of ED*NL.exe and replace it with the original.
Most of the PC’s in PS lab has TurboC++ installed, so cook a funny C++/C program and make it as a executable
here is my program
int main (void)
cout << “You are not a human, are you : <Yes:y No:n>: n”; Thanks to chokkalingam for teaching question tags 😛
cin >> a;
cout << “You are a ************ : <Yes:y No:n>: n”;
cin >> b;
cout << “Do u really wanna output for this programme: <Yes:y No:n>: n”;
cin >> c;
if (( c == ‘Y’) || (c==’y’))
cout << ” Dumb ‘O , Im not your slave, Compute the ****** Output yourself with ur ****** Calculator n”;
Now compile this programme and make it as a executable [hope u ‘d be familiarized with TurboC], the executable will be in a directory “OUT” inside tc, i.e C:TCout or C:TCbinout, so grab your executable from here and paste it inside C:AuPowerED*work, Dont forget to change the rename your execulable as exactly as ED*NL.exe.
Now call your victim to test it,ask him/her to teach this exercise after entering the data and saving it and clicking run, instead of the original executable your executable will run and see how many of your friends press three Y’s without seeing what is being displayed in the screen..
Inorder to prevent these kind of executable corruption attacks, you can design the called programme to send a authentication key to the main programme so that it could ensure the authenticity of the called programme, however this technique could be breaked, if the attacker examines the executable fille in debugger, he could get hold of the key being passed to the main programme and he could specify the same key in his custom programme and again corrupt it, so the best bet is to use some preshared key exchange kind of techniques.
Have Fun Hacking !! 🙂