How To Guide Assembler Language Backdoor DD Name Check

Transcription

How To Guide Assembler Language Backdoor DD Name Check
EGS Innovations, Inc.
How To Guide
Assembler Language
Backdoor DD Name Check
EGS Innovations, Inc.
207 Meadow Wood Drive
Joliet, Illinois 60431-4809
Phone:
Fax:
(815) 744-2401
(815) 744-2401
[email protected]
http://www.EGSInnovations.com
Assembler Language How To Guide: Backdoor DD Name Check
Overview
Did you ever need to turn off an application validation function for testing or debugging
purposes? The answer is probably “yes”.
Many mainframe software vendors have for decades used backdoor switches to turn on/off key
software features for testing and debugging. One of the most common methods used is to have
the software check for a specific DD name that has been allocated. In this document I will
outline a simple method to check if a specific DD name has been allocated.
Obfuscate (hide) the DD name
To hide our special DD name from prying eyes in the executable load module we will need to
scramble (obfuscate) the name and dynamically unscramble it when it is time to do the name
check. A simple way to do that is code the DD name with some of its bits missing. When its time
to unscramble the name we add the missing bits. For example we start with a EBCDIC literal of
‘ABCD’ which is hex ‘C1C2C3C4’. We then remove the X’40’ bit from each character giving
x’81828384’. We then remove the X'80' bits. To unscramble all we need to do is execute an
Or Immediate (OI) instruction on each name byte using a mask of X’40’. After we turn on the
X’40’ bits we can then turn on the X’80’ bits.
This is a very simple encryption scheme and decoding process but it is just convoluted enough
to hide it from prying eyes.
Unscrambling routine
The following routine will unscramble our sample character string:
DECODE
DLOOP
WRKDDN
XC
MVC
LA
LHI
LA
OI
BXLE
OC
.
.
.
DS
WRKDDN,WRKDDN
WRKDDN(4),=CL4'01020304’
R2,WRKDDN
R3,1
R4,7(,R2)
0(R2),X'40'
R2,R4,DLOOP
WRKDDN(4),X'80808080'
CL8
EGS Innovations, Inc.
www.EGSInnovations.com
Page 1
Assembler Language How To Guide: Backdoor DD Name Check
Determining if DD name allocated
Once the search DD name has been unscrambled we need to check to see if it has been coded
in the JCL or dynamically allocated. There a numerous ways to do this. I will illustrate to ways of
scanning for a DD name:
¾ Use DEVTYPE macro (example 1)
¾ Scan TIOT control blocks (example 2)
Example 1 – Find DD name using DEVTYPE macro
DEVTYPE WRKDDN,DWORD
LTR
R15,R15
JZ
TAGA
*
*
*
TAGA
Do DD Name scan
Found?
Jump if yes, bypass feature
DD name not found, activate feature
DS
0H
Skip feature
Example 2 – Find DD name by scanning TIOT blocks
TLOOP
L
USING
L
L
L
LA
CLI
JE
CLC
JE
SLR
IC
AR
J
DS
R11,CVTPTR
CVTMAP,R11
R1Ø,CVTTCBP
R1Ø,4(R1Ø)
R9,TCBTIO-TCB(R1Ø)
R9,24(R9)
0(R9),X’00’
TAGA
4(8,R9),DDNAME
TAGB
R1,R1
R1,0(R9)
R9,R1
TLOOP
0H
TAGA
*
* DD name found process feature
*
.
TAGB
DS
0H
.
.
EGS Innovations, Inc.
R11 -> CVT
Map CVT fields
R10 -> CVTTCP
R10 -> active TCB
R9 -> TIOT Header
R9 -> First TIOT
Last TIOT?
Yes, skip feature
Found DD name?
Yes, skip feature
Clear R1
Get TIOT length
R9 -> next TIOT
Check next TIOT
Process feature
Skip feature
www.EGSInnovations.com
Page 2
Assembler Language How To Guide: Backdoor DD Name Check
DDNAME
.
DS
CL8
.
CVT DSECT=YES
IKJTCB LIST=NO
Summary
By using simple coding techniques software features can be activated and deactivated by the
presence of a specific DD name. The DD name text can be scrambled in the source code to
make it difficult to locate when viewing the load module.
EGS Innovations, Inc.
www.EGSInnovations.com
Page 3
Assembler Language How To Guide: Backdoor DD Name Check
About the author
Jeffrey Celander has had over 30 years experience as a software developer and almost an
equal time working in Business. He is the principal of EGS Innovations, Inc. EGS Innovations is a
software development consulting and training organization based in Joliet Illinois USA.
About EGS Innovations, Inc.
Founded in 2009, EGS Innovations is a privately owned company. We specialize in the creation
and deployment of Mainframe business applications software and commercial product
software using new or existing technologies. We provide training in a variety of Mainframe
disciplines. All EGS Innovations services are available at very affordable rates. Visit our website
and see what we have to offer http://www.EGSInnovations.com.
Software Agreement and Disclaimer
Permission to use, copy, modify and distribute this software, documentation or training
material is granted for personal use. Any other use requires written permission from the
publisher EGS Innovations, Inc. The EGS Innovations name or Logo may not be used in any
advertising or publicity pertaining to the use of the software without the written permission of
EGS Innovations, Inc.
EGS Innovations, Inc. makes no warranty or representations about the suitability of the
software, documentation or learning material for any purpose. It is provided "AS IS" without
any express or implied warranty, including the implied warranties of merchantability, fitness for
a particular purpose and non-infringement. EGS Innovations, Inc. shall not be liable for any
direct, indirect, special or consequential damages resulting from the loss of use, data or
projects, whether in an action of contract or tort, arising out of or in connection with the use or
performance of this software, documentation or training material.
If you have any questions, suggestions or comments please call or send an e-mail to:
[email protected]
EGS Innovations, Inc.
www.EGSInnovations.com
Page 4
Assembler Language How To Guide: Backdoor DD Name Check
Assembler Language How To Guide: Backdoor DD Name Check
First Edition (June 2010)
Reader comments on this document are welcomed and encouraged. Comments may be sent to:
EGS Innovations, Inc.
Technical Publications Group
207 Meadow Wood Drive
Joliet, Illinois 60431-4809
© Copyright EGS Innovations, Inc. 2010. All rights reserved.
Printed in the United States of America. This publication may be reproduced for personal use or for use as an educational aid. Any
other use requires the prior written permission of the publisher, EGS Innovations, Inc.
Trademarks
IBM, MVS, OS/390 and z/OS are trademarks of IBM Corporation.
EGS Innovations, Inc.
www.EGSInnovations.com
Page 5