RE

Setting the Stage Today, we’re not just smashing buffers — we’re hijacking control flow with user input. Before we start our little “experiment,” let’s make sure the playground is… accommodating. (Optional) ASLR? 1 - That pesky troublemaker has to go. echo 0 | sudo tee /proc/sys/kernel/randomize_va_space Now the memory layout won’t jump around like a caffeinated squirrel. Let’s roll. 😏 The Vulnerable Program Here’s a simple CTF-style challenge: vuln.c #include <stdio....

Intro In earlier articles, we talked about various parts of an ELF file and the many steps needed to create an executable ELF file that can run on your computer. (Note: The steps are shown visually below; For the source code, check out the symbol table article in this series.) ┌────────────────────┐ ┌─────────────────┐ ┌─────────────────┐ │ │ │ │ │ │ │ libarithmatic.c │ │ libarithmatic.h ├───────► │ main.c │ │ │ │ │ │ │ └─────────┬──────────┘ └─────────────────┘ └────────┬────────┘ │ │ │ │ │ /* Compile + assemble */ │ /* Compile + assemble */ │ │ │ │ ▼ ▼ ┌─────────────────────┐ ┌────────────────────┐ │ │ │ │ │ libarithmatic....

In previous article about Symbol Tables, we talked about the below diagram …. ┌────────────────────┐ ┌─────────────────┐ ┌─────────────────┐ │ │ │ │ │ │ │ libarithmatic.c │ │ libarithmatic.h ├───────► │ main.c │ │ │ │ │ │ │ └─────────┬──────────┘ └─────────────────┘ └────────┬────────┘ │ │ │ │ │ /* Compile + assemble */ │ /* Compile + assemble */ │ │ │ │ ▼ ▼ ┌─────────────────────┐ ┌────────────────────┐ │ │ │ │ │ libarithmatic.o │ │ main....

… prologue At this point I hope you have a general idea of how a C program goes through multiple stages/passes and finally an ELF file is generated. Below is a diagram to jog your memory on this ┌──────────────────┐ │ │ │ hello.c │ // C source │ │ └────────┬─────────┘ │ │ │ /* Compile */ │ │ │ ▼ ┌──────────────────┐ │ │ │ hello.s │ // assembler source │ │ └────────┬─────────┘ │ │ │ /* assemble */ │ │ ▼ ┌──────────────────┐ │ │ │ hello....

In the article about section headers, you got an introduction to string tables. In this article, we will delve deeper into the topic. …prologue We’ll start with the same program we used in the previous article about section headers. /* file: hello_world.c */ #include <stdio.h> // A macro #define HELLO_MSG1 "Hello World1" // A global variable char HELLO_MSG2[] = "Hello World2"; // main function int main() { // local variable for main char HELLO_MSG3[] = "Hello World3"; // Print messages printf("%s\n", HELLO_MSG1); printf("%s\n", HELLO_MSG2); printf("%s\n", HELLO_MSG3); return 0; } Compile this and then analyze the ELF executable file using readelf (Not everytime we’ll go with xxd)....

In preceding articles, we’ve delved into the details of ELF file headers and section headers. Section headers provide insight into how data and instructions are organized based on their characteristics and grouped into distinct sections. These sections remain distinct due to variations in their types and permissions (… and few other things). Up to this point, our focus has been on the aspects of the ELF file as it resides on-disk....

Intro Assuming you’ve got ELF headers like Elf64_Ehdr or Elf32_Ehdr at your fingertips, and you’re armed with the know-how and tools to decipher their contents effortlessly. For this article I’ll be using the below C code to generate the ELF file. /* file: hello_world.c */ #include <stdio.h> // A macro #define HELLO_MSG1 "Hello World1" // A global variable char HELLO_MSG2[] = "Hello World2"; // main function int main() { // local variable for main char HELLO_MSG3[] = "Hello World3"; // Print messages printf("%s\n", HELLO_MSG1); printf("%s\n", HELLO_MSG2); printf("%s\n", HELLO_MSG3); return 0; } You can get the ELF binary by compiling this code....

Hexdumps In the fascinating world of computers, we’re stuck conversing in binary, a rather dull language of just ones and zeros. But because we mere humans love things to be a tad more exciting and concise, we’ve come up with our own nifty number system - “hexadecimal” or “hex” for short. This system ditches the binary bore and adds a touch of flair with 16 snazzy symbols. It’s got your usual digits from 0 to 9, plus those fancy A to F letters to make data a bit more, well, hexadecimal-chic!...

When an operating system (OS) runs a program, the program is first loaded into main memory. Memory is utilized for both program’s machine instructions and program’s data…this includes parameters, dynamic variables, (un)initialized variables, and so on. Most computers today use paged memory allocations, which allow the amount of memory assigned to a program to increase/decrease as the needs of the application change. Memory is allocated to the program and reclaimed by the operating system in fixed-size chunks known as pages....

We covered a wide range of topics in earlier articles that were helpful in comprehending how many lower-level processes operate. This blog will concentrate on applying those ideas to recreate C program after reverse engineering a simple calculator binary. It is always a good idea to observe how the target software responds to various inputs. This gives you a sense of the internal logic that might be operating. If we run this program without any arguments, we will get an error message stating that we need to pass more arguments as well as the usage guide is printed....