pwnh4
Computer Science Stuff
REVERSE ENGINEERING
What is a C.T.F. ?
Competion with multiple security challenges. The goal is to retrieve the flag of a challenge to earn the corresponding points.
What is R.E. ?
consiste à étudier un objet pour en déterminer le fonctionnement interne ou la méthode de fabrication.
Wikipedia
What is R.E. ?
What is R.E. ?
- Cheats
- Malware analysis
- Vulnerability Research
Segmentation mémoire
Le binaire
Segmentation mémoire
Le binaire
Variables globales / statiques initialisées
Segmentation mémoire
Le binaire
Variables globales / statiques initialisées
Variables globales / statiques non initialisées
Segmentation mémoire
Le binaire
Variables globales / statiques initialisées
Variables globales / statiques non initialisées
Heap : mémoire gérée dynamiquement (malloc, realloc, free...)
Segmentation mémoire
Le binaire
Variables globales / statiques initialisées
Variables globales / statiques non initialisées
Heap : mémoire gérée dynamiquement (malloc, realloc, free...)
Stack : variables locales
Registres
Emplacement mémoire interne à un processeur
Registres
Registres
EBP : BASE POINTER
ESP : STACK POINTER
EIP : INSTRUCTION POINTER
La Stack
static int increment(int number)
{
return number + 1;
}
int main(void)
{
int index = 0;
char buffer[10] = {1};
index = increment(index);
...
...
return index;
}La Stack
static int increment(int number)
{
return number + 1;
}
int main(void)
{
int index = 0;
char buffer[10] = {1};
index = increment(index);
...
...
return index;
}0
...
ESP
EBP
La Stack
static int increment(int number)
{
return number + 1;
}
int main(void)
{
int index = 0;
char buffer[10] = {1};
index = increment(index);
...
...
return index;
}0
[1, 1, 1, ..., 1]
...
ESP
EBP
La Stack
static int increment(int number)
{
return number + 1;
}
int main(void)
{
int index = 0;
char buffer[10] = {1};
index = increment(index);
...
...
return index;
}0
[1, 1, 1, ..., 1]
...
ESP
EBP
EIP
0
La Stack
static int increment(int number)
{
return number + 1;
}
int main(void)
{
int index = 0;
char buffer[10] = {1};
index = increment(index);
...
...
return index;
}0
[1, 1, 1, ..., 1]
...
ESP
EBP
EIP
EBP
0
La Stack
static int increment(int number)
{
return number + 1;
}
int main(void)
{
int index = 0;
char buffer[10] = {1};
index = increment(index);
...
...
return index;
}...
0
[1, 1, 1, ..., 1]
ESP
EBP
EIP
EBP
0
La Stack
static int increment(int number)
{
return number + 1;
}
int main(void)
{
int index = 0;
char buffer[10] = {1};
index = increment(index);
...
...
return index;
}0
[1, 1, 1, ..., 1]
...
EIP
EBP
...
0
[1, 1, 1, ..., 1]
ESP
EBP
EIP
EBP
0
STACKFRAME
La Stack
static int increment(int number)
{
return number + 1;
}
int main(void)
{
int index = 0;
char buffer[10] = {1};
index = increment(index);
...
...
return index;
}0
[1, 1, 1, ..., 1]
...
EIP
EBP
...
0
[1, 1, 1, ..., 1]
ESP
EBP
EIP
EBP
0
0
La Stack
static int increment(int number)
{
return number + 1;
}
int main(void)
{
int index = 0;
char buffer[10] = {1};
index = increment(index);
...
...
return index;
}0
[1, 1, 1, ..., 1]
...
EIP
EBP
...
0
[1, 1, 1, ..., 1]
ESP
EBP
EIP
EBP
0
0
La Stack
static int increment(int number)
{
return number + 1;
}
int main(void)
{
int index = 0;
char buffer[10] = {1};
index = increment(index);
...
...
return index;
}...
0
[1, 1, 1, ..., 1]
EIP
EBP
0
[1, 1, 1, ..., 1]
ESP
EBP
EIP
EBP
0
La Stack
static int increment(int number)
{
return number + 1;
}
int main(void)
{
int index = 0;
char buffer[10] = {1};
index = increment(index);
...
...
return index;
}...
0
[1, 1, 1, ..., 1]
EIP
EBP
0
[1, 1, 1, ..., 1]
ESP
EBP
EIP
0
La Stack
static int increment(int number)
{
return number + 1;
}
int main(void)
{
int index = 0;
char buffer[10] = {1};
index = increment(index);
...
...
return index;
}...
0
[1, 1, 1, ..., 1]
EIP
EBP
0
[1, 1, 1, ..., 1]
ESP
EBP
EIP
0
Le boutisme
ASM : la base
Intel syntax
instruction destination, source
ASM : la base
mov eax, 0x1
sub esp, 0xc
ASM : la base
jmp 0x080494ab
cmp eax,0x5
jne 0x804948e
ASM : la base
mov eax, DWORD PTR [ebx+0x4]
mov eax, BYTE PTR [ebx]
GDB / PEDA
DEMO TIME
Ready ? Steady ? Reverse !
Challenges
https://challs.poc-innovation.com
Slides
http://slides.pwnh4.com/reverse
@PoCInnovation
Reverse Engineering
By pwnh4
Reverse Engineering
In this workshop, we are going to use GDB and PEDA to reverse engineer simple binaries. We are going to learn about memory segmentation, stack, registers and endianness !
