SlideShare ist ein Scribd-Unternehmen logo

Jonathan - Reverse Engineering for exploit writers - ClubHack2008

Als PPS, PDF herunterladen
ClubHack
ClubHack
Technologie
1 von 30
Reverse Engineering for exploit writers Jonathan Brossard, iViZ Research Team Clubhack 2008 Pune, India
Who Am I ? (and why am I writing this ??) We are recruting ! Send me your CVs at : [email_address]
Roadmap ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],©iViZ Techno Solutions Pvt Ltd.
A (short) reminder of the ELF format A (short) reminder of the ELF format ©iViZ Techno Solutions Pvt Ltd.
A (short) reminder of the ELF format ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],©iViZ Techno Solutions Pvt Ltd.
A (short) reminder of the ELF format ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],©iViZ Techno Solutions Pvt Ltd.
A (short) reminder of the ELF format ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],©iViZ Techno Solutions Pvt Ltd.
A (short) reminder of the ELF format ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],©iViZ Techno Solutions Pvt Ltd.
Introducing the problem ,[object Object],©iViZ Techno Solutions Pvt Ltd.
- We know where the Segments are - We know where the Sections are located - The application has a symbol table ©iViZ Techno Solutions Pvt Ltd. Introducing the problem Before :
After : ©iViZ Techno Solutions Pvt Ltd. Introducing the problem - We know where the Segments are : the loader/dynamic linker can still do their jobs - We don’t know where the Sections start/end - The application has no symbol table
Introducing the problem ,[object Object],[object Object],[object Object],©iViZ Techno Solutions Pvt Ltd.
Introducing the problem ,[object Object],©iViZ Techno Solutions Pvt Ltd.
How (not) to work with proprietary binaries anyway ? ,[object Object],©iViZ Techno Solutions Pvt Ltd.
[object Object],[object Object],[object Object],How (not) to work with proprietary binaries anyway ? ©iViZ Techno Solutions Pvt Ltd.
What to rebuild ? ,[object Object],[object Object],[object Object],©iViZ Techno Solutions Pvt Ltd.
Increase the size of the binary to contain a new Section Header Table Modify the ELF Header to point to our new Section Header Table (via e_shoff) ©iViZ Techno Solutions Pvt Ltd. Refactoring the binary :
Refactoring the binary ,[object Object],[object Object],[object Object],[object Object],©iViZ Techno Solutions Pvt Ltd.
Refactoring the binary ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],©iViZ Techno Solutions Pvt Ltd.
Allocate (append) and update Section Headers accordingly (don’t forget to e_shnum++ in ELF Header). ©iViZ Techno Solutions Pvt Ltd. Refactoring the binary
We can now use the binary with our usual disassemblers using libbfd. Disassemble the .text, and give names to the destination offsets of (un)conditional jumps and calls Update this list with labels corresponding to predictable offsets (eg: main()) and the content of the .dynamic section Add all those label/offset tuples to a symbol table (new section SHT_SYMTAB) at the end of the binary ©iViZ Techno Solutions Pvt Ltd. Refactoring the binary
Refactoring the binary ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],©iViZ Techno Solutions Pvt Ltd.
Refactoring the binary ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],©iViZ Techno Solutions Pvt Ltd.
Refactoring the binary ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],©iViZ Techno Solutions Pvt Ltd.
Refactoring the binary ,[object Object],[object Object],[object Object],©iViZ Techno Solutions Pvt Ltd.
Refactoring in practice ,[object Object],©iViZ Techno Solutions Pvt Ltd.
Conclusion ,[object Object],[object Object],[object Object],©iViZ Techno Solutions Pvt Ltd.
Greetings ,[object Object],[object Object],[object Object],[object Object],[object Object],©iViZ Techno Solutions Pvt Ltd.
[object Object],©iViZ Techno Solutions Pvt Ltd.
[object Object],©iViZ Techno Solutions Pvt Ltd.

Empfohlen

Introduction to C programming
Introduction to C programmingIntroduction to C programming
Introduction to C programming
Kathmandu University
 
C programming language
C programming languageC programming language
C programming language
Maha lakshmi
 
Programming in C Basics
Programming in C BasicsProgramming in C Basics
Programming in C Basics
Bharat Kalia
 
Advanced C Language for Engineering
Advanced C Language for EngineeringAdvanced C Language for Engineering
Advanced C Language for Engineering
Vincenzo De Florio
 
Introduction to c
Introduction to cIntroduction to c
Introduction to c
amol_chavan
 
C programming
C programmingC programming
C programming
Rounak Samdadia
 
Basic C Programming language
Basic C Programming languageBasic C Programming language
Basic C Programming language
Abhishek Soni
 
COM1407: Introduction to C Programming
COM1407: Introduction to C Programming COM1407: Introduction to C Programming
COM1407: Introduction to C Programming
Hemantha Kulathilake
 

Empfohlen

Introduction to C programming
Introduction to C programmingIntroduction to C programming
Introduction to C programming
Kathmandu University
 
C programming language
C programming languageC programming language
C programming language
Maha lakshmi
 
Programming in C Basics
Programming in C BasicsProgramming in C Basics
Programming in C Basics
Bharat Kalia
 
Advanced C Language for Engineering
Advanced C Language for EngineeringAdvanced C Language for Engineering
Advanced C Language for Engineering
Vincenzo De Florio
 
Introduction to c
Introduction to cIntroduction to c
Introduction to c
amol_chavan
 
C programming
C programmingC programming
C programming
Rounak Samdadia
 
Basic C Programming language
Basic C Programming languageBasic C Programming language
Basic C Programming language
Abhishek Soni
 
COM1407: Introduction to C Programming
COM1407: Introduction to C Programming COM1407: Introduction to C Programming
COM1407: Introduction to C Programming
Hemantha Kulathilake
 
C PROGRAMMING
C PROGRAMMINGC PROGRAMMING
C PROGRAMMING
Stalongiles Philip
 
Unit 4 Foc
Unit 4 FocUnit 4 Foc
Unit 4 Foc
JAYA
 
Brief introduction to the c programming language
Brief introduction to the c programming languageBrief introduction to the c programming language
Brief introduction to the c programming language
Kumar Gaurav
 
Introduction to C Programming
Introduction to C ProgrammingIntroduction to C Programming
Introduction to C Programming
MOHAMAD NOH AHMAD
 
C language introduction
C language introduction C language introduction
C language introduction
musrath mohammad
 
Introduction to C Programming
Introduction to C ProgrammingIntroduction to C Programming
Introduction to C Programming
Amr Ali (ISTQB CTAL Full, CSM, ITIL Foundation)
 
C language programming
C language programmingC language programming
C language programming
pullarao29
 
Embedded C programming based on 8051 microcontroller
Embedded C programming based on 8051 microcontrollerEmbedded C programming based on 8051 microcontroller
Embedded C programming based on 8051 microcontroller
Gaurav Verma
 
Embedded c programming22 for fdp
Embedded c programming22 for fdpEmbedded c programming22 for fdp
Embedded c programming22 for fdp
Pradeep Kumar TS
 
C programming part1
C programming part1C programming part1
C programming part1
Gaddam Kowshik
 
C programming tutorial for beginners
C programming tutorial for beginnersC programming tutorial for beginners
C programming tutorial for beginners
Thiyagarajan Soundhiran
 
Introduction to C Unit 1
Introduction to C Unit 1Introduction to C Unit 1
Introduction to C Unit 1
SURBHI SAROHA
 
Discussing Fundamentals of C
Discussing Fundamentals of CDiscussing Fundamentals of C
Discussing Fundamentals of C
educationfront
 
Features of c language 1
Features of c language 1Features of c language 1
Features of c language 1
srmohan06
 
A brief introduction to C Language
A brief introduction to C LanguageA brief introduction to C Language
A brief introduction to C Language
Mohamed Elsayed
 
C languaGE UNIT-1
C languaGE UNIT-1C languaGE UNIT-1
C languaGE UNIT-1
Malikireddy Bramhananda Reddy
 
C programming interview questions
C programming interview questionsC programming interview questions
C programming interview questions
adarshynl
 
Introduction to c programming
Introduction to c programmingIntroduction to c programming
Introduction to c programming
gajendra singh
 
Introduction to programming with c,
Introduction to programming with c,Introduction to programming with c,
Introduction to programming with c,
Hossain Md Shakhawat
 
M. golański program operacyjny polska cyfrowa 2014 2020
M. golański program operacyjny polska cyfrowa 2014 2020M. golański program operacyjny polska cyfrowa 2014 2020
M. golański program operacyjny polska cyfrowa 2014 2020
Wydział ds. eZdrowia, Departament Polityki Zdrowotnej, Urząd Marszałkowski w Łodzi
 
Bantuan perniagaan KHB
Bantuan perniagaan KHBBantuan perniagaan KHB
Bantuan perniagaan KHB
Cikgu Syam
 
CALCULO DEL POTENCIAL A PARTIR DEL CAMPO
CALCULO DEL POTENCIAL A PARTIR DEL CAMPO CALCULO DEL POTENCIAL A PARTIR DEL CAMPO
CALCULO DEL POTENCIAL A PARTIR DEL CAMPO
leticiazabalveytia
 

Weitere ähnliche Inhalte

Was ist angesagt?

Brief introduction to the c programming language
Brief introduction to the c programming languageBrief introduction to the c programming language
Brief introduction to the c programming language
Kumar Gaurav
 
Embedded c programming22 for fdp
Embedded c programming22 for fdpEmbedded c programming22 for fdp
Embedded c programming22 for fdp
Pradeep Kumar TS
 

Was ist angesagt? (19)

C PROGRAMMING
C PROGRAMMINGC PROGRAMMING
C PROGRAMMING
 
Unit 4 Foc
Unit 4 FocUnit 4 Foc
Unit 4 Foc
 
Brief introduction to the c programming language
Brief introduction to the c programming languageBrief introduction to the c programming language
Brief introduction to the c programming language
 
Introduction to C Programming
Introduction to C ProgrammingIntroduction to C Programming
Introduction to C Programming
 
C language introduction
C language introduction C language introduction
C language introduction
 
Introduction to C Programming
Introduction to C ProgrammingIntroduction to C Programming
Introduction to C Programming
 
C language programming
C language programmingC language programming
C language programming
 
Embedded C programming based on 8051 microcontroller
Embedded C programming based on 8051 microcontrollerEmbedded C programming based on 8051 microcontroller
Embedded C programming based on 8051 microcontroller
 
Embedded c programming22 for fdp
Embedded c programming22 for fdpEmbedded c programming22 for fdp
Embedded c programming22 for fdp
 
C programming part1
C programming part1C programming part1
C programming part1
 
C programming tutorial for beginners
C programming tutorial for beginnersC programming tutorial for beginners
C programming tutorial for beginners
 
Introduction to C Unit 1
Introduction to C Unit 1Introduction to C Unit 1
Introduction to C Unit 1
 
Discussing Fundamentals of C
Discussing Fundamentals of CDiscussing Fundamentals of C
Discussing Fundamentals of C
 
Features of c language 1
Features of c language 1Features of c language 1
Features of c language 1
 
A brief introduction to C Language
A brief introduction to C LanguageA brief introduction to C Language
A brief introduction to C Language
 
C languaGE UNIT-1
C languaGE UNIT-1C languaGE UNIT-1
C languaGE UNIT-1
 
C programming interview questions
C programming interview questionsC programming interview questions
C programming interview questions
 
Introduction to c programming
Introduction to c programmingIntroduction to c programming
Introduction to c programming
 
Introduction to programming with c,
Introduction to programming with c,Introduction to programming with c,
Introduction to programming with c,
 

Andere mochten auch

Bantuan perniagaan KHB
Bantuan perniagaan KHBBantuan perniagaan KHB
Bantuan perniagaan KHB
Cikgu Syam
 
CALCULO DEL POTENCIAL A PARTIR DEL CAMPO
CALCULO DEL POTENCIAL A PARTIR DEL CAMPO CALCULO DEL POTENCIAL A PARTIR DEL CAMPO
CALCULO DEL POTENCIAL A PARTIR DEL CAMPO
leticiazabalveytia
 
Key social o-net'54
Key social o-net'54Key social o-net'54
Key social o-net'54
taioddntw
 
Ariana torres mapa
Ariana torres mapaAriana torres mapa
Ariana torres mapa
torres_1
 
Devens Annual Report 2003
Devens Annual Report 2003Devens Annual Report 2003
Devens Annual Report 2003
MassDevelopment
 
Сандерс: Історія енергоефективності в Каліфорнії
Сандерс: Історія енергоефективності в КаліфорніїСандерс: Історія енергоефективності в Каліфорнії
Сандерс: Історія енергоефективності в Каліфорнії
ecoclubrivne
 

Andere mochten auch (20)

M. golański program operacyjny polska cyfrowa 2014 2020
M. golański program operacyjny polska cyfrowa 2014 2020M. golański program operacyjny polska cyfrowa 2014 2020
M. golański program operacyjny polska cyfrowa 2014 2020
 
Bantuan perniagaan KHB
Bantuan perniagaan KHBBantuan perniagaan KHB
Bantuan perniagaan KHB
 
CALCULO DEL POTENCIAL A PARTIR DEL CAMPO
CALCULO DEL POTENCIAL A PARTIR DEL CAMPO CALCULO DEL POTENCIAL A PARTIR DEL CAMPO
CALCULO DEL POTENCIAL A PARTIR DEL CAMPO
 
Hoyos Advocacia em Santarém/PA - BRA
Hoyos Advocacia em Santarém/PA - BRAHoyos Advocacia em Santarém/PA - BRA
Hoyos Advocacia em Santarém/PA - BRA
 
Hongos oportunistas.
Hongos oportunistas.Hongos oportunistas.
Hongos oportunistas.
 
Mi experiencia en la gastronomia
Mi experiencia en la gastronomiaMi experiencia en la gastronomia
Mi experiencia en la gastronomia
 
Mokocrm
MokocrmMokocrm
Mokocrm
 
Inversion publika
Inversion publikaInversion publika
Inversion publika
 
Key social o-net'54
Key social o-net'54Key social o-net'54
Key social o-net'54
 
Ariana torres mapa
Ariana torres mapaAriana torres mapa
Ariana torres mapa
 
SOBRE PERMISO CON GOCE POR EL DIA DEL MAESTRO - SUTE LIMA
SOBRE PERMISO CON GOCE POR EL DIA DEL MAESTRO - SUTE LIMASOBRE PERMISO CON GOCE POR EL DIA DEL MAESTRO - SUTE LIMA
SOBRE PERMISO CON GOCE POR EL DIA DEL MAESTRO - SUTE LIMA
 
Devens Annual Report 2003
Devens Annual Report 2003Devens Annual Report 2003
Devens Annual Report 2003
 
Vad är Internet och hur fungerar det? Barn om Internet
Vad är Internet och hur fungerar det? Barn om InternetVad är Internet och hur fungerar det? Barn om Internet
Vad är Internet och hur fungerar det? Barn om Internet
 
33
3333
33
 
march award
march awardmarch award
march award
 
UFMG Provas Antigas 1994 aberta - Conteúdo vinculado ao blog http://fisi...
UFMG Provas Antigas 1994 aberta - Conteúdo vinculado ao blog http://fisi...UFMG Provas Antigas 1994 aberta - Conteúdo vinculado ao blog http://fisi...
UFMG Provas Antigas 1994 aberta - Conteúdo vinculado ao blog http://fisi...
 
Резервируйте
РезервируйтеРезервируйте
Резервируйте
 
UFMG Provas Antigas 1995 fechada 2 - Conteúdo vinculado ao blog http://f...
UFMG Provas Antigas 1995 fechada 2 - Conteúdo vinculado ao blog http://f...UFMG Provas Antigas 1995 fechada 2 - Conteúdo vinculado ao blog http://f...
UFMG Provas Antigas 1995 fechada 2 - Conteúdo vinculado ao blog http://f...
 
Aviso de pago
Aviso de pagoAviso de pago
Aviso de pago
 
Сандерс: Історія енергоефективності в Каліфорнії
Сандерс: Історія енергоефективності в КаліфорніїСандерс: Історія енергоефективності в Каліфорнії
Сандерс: Історія енергоефективності в Каліфорнії
 

Ähnlich wie Jonathan - Reverse Engineering for exploit writers - ClubHack2008

Defcon 22 - Stitching numbers - generating rop payloads from in memory numbers
Defcon 22 - Stitching numbers - generating rop payloads from in memory numbersDefcon 22 - Stitching numbers - generating rop payloads from in memory numbers
Defcon 22 - Stitching numbers - generating rop payloads from in memory numbers
Alexandre Moneger
 
Os Worthington
Os WorthingtonOs Worthington
Os Worthington
oscon2007
 
Assembly language programming(unit 4)
Assembly language programming(unit 4)Assembly language programming(unit 4)
Assembly language programming(unit 4)
Ashim Saha
 

Ähnlich wie Jonathan - Reverse Engineering for exploit writers - ClubHack2008 (20)

7986-lect 7.pdf
7986-lect 7.pdf7986-lect 7.pdf
7986-lect 7.pdf
 
Aspect-oriented programming in Perl
Aspect-oriented programming in PerlAspect-oriented programming in Perl
Aspect-oriented programming in Perl
 
Safetty systems intro_embedded_c
Safetty systems intro_embedded_cSafetty systems intro_embedded_c
Safetty systems intro_embedded_c
 
Compilation and Execution
Compilation and ExecutionCompilation and Execution
Compilation and Execution
 
Readme
ReadmeReadme
Readme
 
Embedded C.pptx
Embedded C.pptxEmbedded C.pptx
Embedded C.pptx
 
Lecture 01 2017
Lecture 01 2017Lecture 01 2017
Lecture 01 2017
 
(1) c sharp introduction_basics_dot_net
(1) c sharp introduction_basics_dot_net(1) c sharp introduction_basics_dot_net
(1) c sharp introduction_basics_dot_net
 
A Life of breakpoint
A Life of breakpointA Life of breakpoint
A Life of breakpoint
 
C notes.pdf
C notes.pdfC notes.pdf
C notes.pdf
 
Defcon 22 - Stitching numbers - generating rop payloads from in memory numbers
Defcon 22 - Stitching numbers - generating rop payloads from in memory numbersDefcon 22 - Stitching numbers - generating rop payloads from in memory numbers
Defcon 22 - Stitching numbers - generating rop payloads from in memory numbers
 
Dotnet basics
Dotnet basicsDotnet basics
Dotnet basics
 
Os Worthington
Os WorthingtonOs Worthington
Os Worthington
 
Technical Interview
Technical InterviewTechnical Interview
Technical Interview
 
Unit 2 ppt
Unit 2 pptUnit 2 ppt
Unit 2 ppt
 
Introduction to Assembly Language
Introduction to Assembly Language Introduction to Assembly Language
Introduction to Assembly Language
 
C# tutorial
C# tutorialC# tutorial
C# tutorial
 
Assembly language programming(unit 4)
Assembly language programming(unit 4)Assembly language programming(unit 4)
Assembly language programming(unit 4)
 
Build your own discovery index of scholary e-resources
Build your own discovery index of scholary e-resourcesBuild your own discovery index of scholary e-resources
Build your own discovery index of scholary e-resources
 
Php7 extensions workshop
Php7 extensions workshopPhp7 extensions workshop
Php7 extensions workshop
 

Mehr von ClubHack

The Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianThe Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas Kurian
ClubHack
 
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
ClubHack
 
Smart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodSmart Grid Security by Falgun Rathod
Smart Grid Security by Falgun Rathod
ClubHack
 
Legal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara AgrawalLegal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara Agrawal
ClubHack
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy Hiremath
ClubHack
 
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar KuppanHybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
ClubHack
 
Hacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyHacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish Bomisstty
ClubHack
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh Belgi
ClubHack
 
Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012
ClubHack
 
ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012
ClubHack
 
ClubHack Magazine – December 2011
ClubHack Magazine – December 2011ClubHack Magazine – December 2011
ClubHack Magazine – December 2011
ClubHack
 

Mehr von ClubHack (20)

India legal 31 october 2014
India legal 31 october 2014India legal 31 october 2014
India legal 31 october 2014
 
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ BangaloreCyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
 
Cyber Insurance
Cyber InsuranceCyber Insurance
Cyber Insurance
 
Summarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threatSummarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threat
 
Fatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep KambleFatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep Kamble
 
The Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianThe Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas Kurian
 
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
 
Smart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodSmart Grid Security by Falgun Rathod
Smart Grid Security by Falgun Rathod
 
Legal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara AgrawalLegal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara Agrawal
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy Hiremath
 
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar KuppanHybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
 
Hacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyHacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish Bomisstty
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh Belgi
 
Content Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman GuptaContent Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman Gupta
 
XSS Shell by Vandan Joshi
XSS Shell by Vandan JoshiXSS Shell by Vandan Joshi
XSS Shell by Vandan Joshi
 
Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012
 
ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012
 
ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012
 
ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012
 
ClubHack Magazine – December 2011
ClubHack Magazine – December 2011ClubHack Magazine – December 2011
ClubHack Magazine – December 2011
 

Kürzlich hochgeladen

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 

Kürzlich hochgeladen (20)

Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 

Jonathan - Reverse Engineering for exploit writers - ClubHack2008

  • 1. Reverse Engineering for exploit writers Jonathan Brossard, iViZ Research Team Clubhack 2008 Pune, India
  • 2. Who Am I ? (and why am I writing this ??) We are recruting ! Send me your CVs at : [email_address]
  • 3.
  • 4. A (short) reminder of the ELF format A (short) reminder of the ELF format ©iViZ Techno Solutions Pvt Ltd.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10. - We know where the Segments are - We know where the Sections are located - The application has a symbol table ©iViZ Techno Solutions Pvt Ltd. Introducing the problem Before :
  • 11. After : ©iViZ Techno Solutions Pvt Ltd. Introducing the problem - We know where the Segments are : the loader/dynamic linker can still do their jobs - We don’t know where the Sections start/end - The application has no symbol table
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17. Increase the size of the binary to contain a new Section Header Table Modify the ELF Header to point to our new Section Header Table (via e_shoff) ©iViZ Techno Solutions Pvt Ltd. Refactoring the binary :
  • 18.
  • 19.
  • 20. Allocate (append) and update Section Headers accordingly (don’t forget to e_shnum++ in ELF Header). ©iViZ Techno Solutions Pvt Ltd. Refactoring the binary
  • 21. We can now use the binary with our usual disassemblers using libbfd. Disassemble the .text, and give names to the destination offsets of (un)conditional jumps and calls Update this list with labels corresponding to predictable offsets (eg: main()) and the content of the .dynamic section Add all those label/offset tuples to a symbol table (new section SHT_SYMTAB) at the end of the binary ©iViZ Techno Solutions Pvt Ltd. Refactoring the binary
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.