Here is How to Disassemble .deb Package for Linux Distro Like Ubuntu or Debian if Source Code is Not Supplied. Need May Be To Remove Spyware. For the Free Softwares (in accordance to FSF / GNU ‘s definition and listing of Free Softwares), we do not need to disassemble .deb package, simply because we have the binary and we can modify, remove or add function and use make or apt to create the installer. But, it can be a demanding need to disassemble .deb package for kind of softwares like various agents used for servers. It is quite normal, the softwares developers who packages spyware with these non-free softwares might label the process even as illegal. However, it does not fall among reverse engineering, as you are checking for any existing spyware function. Apache2 web server software, for example does not need checking per se but you can use the .deb package for learning purpose.
Before You Disassemble .deb Package Know To Control Router and Ingrees-Egress Policies
A physical router should be the best, but you can use a virtual device; like that provided by HP Cloud or Amazon. You can read HP Cloud Getting Started, Ingress Egress Policy for basic knowledge.
Other than these, you should check your Linux instances sources.list and run level to check what are added apart from the main application.
---
For example, if Apache2 was a paid software and you installed it after payment, you should check for any malware or spyware function. If you do not control the function from one level up the instance, it can open another backdoor. Ideally for Apache2 as hypothetical paid non-Free software with Spyware, you should use another kind of spyware named OpenStack to take the snapshot, build an instance with a different security group settings – you’ll allow only Port 22 Ingress. We are keeping the subnet free to access. sources.list is very important part to ensure that the non-Free software developer is not watching you. You are working with a Physical Firewall – otherwise, they might switch the mechanism of running spyware activity or push a different version as update only for you.
In short, Apache2 as paid software is not accessible over the Internet. You have to use a Text Based Browser on SSH to check the localhost webpages, in case you need to see. There are other options like cURL.
Disassemble .deb Package (Ubuntu and Debian Linux)
The way a Linux software get installed is not exactly the way create the package. The arrangement differs, the files are not present and rebuild will fail if you try to assemble .deb Package again unless it is installed. In other words, the software needs to be installed and you need to have the deb package. This .deb can be found in apt-cache.
Basically, if we tell all the steps, it becomes frank illegal hacking. You need to apply your practical idea. non-Free software developers are very dangerous, they can file dangerous criminal Law suit against you unless you properly block the ports. If you use 100% Free-Softwares from FSF, it will not allow to install a spyware.
When we extract with dpkg-deb, we extract the data.tar.gz and control.tar.gz directories. They contain important informational files. An example :
1 2 | dpkg-deb -x apache_i386.deb free-apache dpkg-deb -e apache_i386.deb free-apache/DEBIAN |
free-apache is funnily used, but that ./DEBIAN is a constant for all deb Linux. In this method using dpkg-deb, the steps should be :
1 2 3 4 | dpkg-deb “extract package.deb new-one dpkg-deb -e package.deb new-one/DEBIAN # after you modify files inside new-one dir dpkg-deb -b new-one |
Second method is great and not basically dependent on the running disto. You can perform these on BSD or OS X too. .deb files are ar archives, containing debian-binary, control.tar.gz and data.tar.gz stuffs. With dpkg-deb there are some limitations but there advantages too. It depends upon the thing and you, which method you’ll use.
If you run :
1 | ar vx package.deb |
It basically becomes .tar.gz file. Simply you can run :
1 | ls -al |
and then run tar -xzvf command. It get split into simple tar files. For RPM, you will need to follow this guide :
1 | http://www.g-loaded.eu/2008/01/28/how-to-extract-rpm-or-deb-packages/ |
Frankly, on OS X, you can use AnyToISO to extract .deb from GUI. But, for serious softwares containing malware, it is risky not to control the networking in real time. You should be careful, what you are doing.
Rewriting the software is the cleaner idea. That is done to fix many non-Free software. Otherwise the work becomes of a warez supplier. warez are developed in hit or miss, trial and error methods. They might have more security loop holes.
