Open
Conversation
Changed 32-bit regs to 64-bit versions. Added explanations for `part 3` of the exercise, changed from `mov byte [ebx + TODO], TODO` to `mov dword [rbx + TODO], TODO`. We are writing an integer, so dword seems appropriate. Signed-off-by: Berevoesu Remus-Napoleon <berevoescu.remus@gmail.com>
simple changes to register names + x64 calling conventions Signed-off-by: Berevoesu Remus-Napoleon <berevoescu.remus@gmail.com>
changed names of regs for 64 bits, changed function calling conventions. to solve todo3 it's the same like before, just use 64 bit registers in base+offset calculation. to solve todo2 we need to print 84 bytes instead of 76 bytes, because the return stack frame and return address are 8 bytes instead of 4. Signed-off-by: Berevoesu Remus-Napoleon <berevoescu.remus@gmail.com>
Now checks for 84 bytes length instead of 76 bytes length. This is because old stack frame and return address are now 8 bytes instead of 4 bytes. Signed-off-by: Berevoesu Remus-Napoleon <berevoescu.remus@gmail.com>
- Changed the flag, we are on 64 bits so lets use some long long vars - Added extra explanations in support/exploit.py to help the student with strings in python Signed-off-by: Berevoesu Remus-Napoleon <berevoescu.remus@gmail.com>
…E and the binary for the exercise to 64bits - Makefile: removed 32bit flags - overflow_in_binary.c: changed flag to 8 bytes long long, changed win/lose printfs, removed the random line of code (exercise is already pretty difficult) - overflow-for-binary: compiled the new binary (without -g flags) Signed-off-by: Berevoesu Remus-Napoleon <berevoescu.remus@gmail.com>
…t print string for "win" case - now the checker checks for "VICTORY!!!" instead of "Great success!" Signed-off-by: Berevoesu Remus-Napoleon <berevoescu.remus@gmail.com>
…t final - When porting this ex to x64, ghidra seems to analyze the binary in a weird way. e.g. variable named `local10` is at the position of `stack - 10 bytes` in x86, but in x64 `local10` is `stack - 8 bytes`. - analyzing the binary with `objdump -d -M intel` leads to more accurate results and is preferrable - Consider moving this to support/ folder? What is the point of the README if it doesn't help you solve the exercise? Signed-off-by: Berevoesu Remus-Napoleon <berevoescu.remus@gmail.com>
- source file: Changed .asm file to x64 calling conventions and register names, added some useful explanations - Makefile: removed 32bit flags - exploit.py: added helpful explanations for strings in python Signed-off-by: Berevoesu Remus-Napoleon <berevoescu.remus@gmail.com>
- changed payload creation command from python2.7 to python3 because nobody uses python2.7 - replaced 'gedit' with 'nano' Signed-off-by: Berevoesu Remus-Napoleon <berevoescu.remus@gmail.com>
- Change calling conventions and register names in .asm files - remove 32bit flags from Makefiles - change comments about 32bit calling conventions to 64bit calling conventions in the README Signed-off-by: Berevoesu Remus-Napoleon <berevoescu.remus@gmail.com>
… README - In task README it says a binary and an .asm file would be already present, so I removed the .gitignore rule that was blocking that Signed-off-by: Berevoesu Remus-Napoleon <berevoescu.remus@gmail.com>
… more appropriate comments regarding 64bit executables
…d .txt Signed-off-by: Berevoesu Remus-Napoleon <berevoescu.remus@gmail.com>
flag from makefile - do_overflow.c: add more padding to make the presence of this buffer more significant, if only 5 byte size of padding then it's completely pointless. The padding added by the compiler (even without the presence of `in_between[5]`) eclipses `in_between[5]`, so we make it `in_between[25]` - remove `-m32` flag from CC Signed-off-by: Berevoesu Remus-Napoleon <berevoescu.remus@gmail.com>
support/README to help the student complete task, updated python files - python files changed to fit the new sizes on the x64 stack - added helpful comments and tips in python files - added new support/README to help the student with this unfamiliar workflow of analyzing binaries - changed solution/README to fit x64 conventions maybe consider deleting the solution/README and putting everything in support/README? P.S.: on the page online lab page on cs-pub-ro.github.io you can see the `writeup` which is solution/README (even if during the lab you would not want to get the solution spoiled) Signed-off-by: Berevoesu Remus-Napoleon <berevoescu.remus@gmail.com>
Signed-off-by: Berevoesu Remus-Napoleon <berevoescu.remus@gmail.com>
binary
- The buffer overflow works correctly, the return addr is
changed and the program flow goes into `magic_function`, but
it does not execute the system("cowsay...") part.
- I placed a `puts("hi mom")` to show the function gets called
- I do have cowsay installed on the system
Signed-off-by: Berevoesu Remus-Napoleon <berevoescu.remus@gmail.com>
- instead of checking exit code of python script as suggested, changed the test_read_stdin_fgets.c test to pass if the hard-coded string `var is 0x...` is found. Before it checked to see if `CAFEBABE` (the initial value that the task asks us to change) was not part of output and in that case pass the test. - I don't find it necessary to check python exit code in test. If the target .asm file does not compile (as mentioned in the issue) the test will not pass now. Fixes cs-pub-ro#115 Signed-off-by: Berevoesu Remus-Napoleon <berevoescu.remus@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Prerequisite Checklist
Description of changes
Ported all tasks to 64 bits, updated READMEs with relevant info, fixed inconsistencies.
Bugs still present in
overflow-for-binaryandoverwrite-ret-addrwhich don't allow the checker to work properly.also fixed #115 as part of this PR.
Fix #142