BE A Hacker

1
BE A Hacker

• Fudan University
• Parallel Processing Institute
• Rong Chen

2
(No Transcript)
3
HACKER
4
Chance !
ICS Lab2
5
Defuse Bomb

• What is Bomb ?
• Only a binary file
• What should you do ?
• Find the key and defuse the bomb !
• What can you use ?
• Anything except cheat !

Right key
Survive
Wrong key
Bomb !
gdb
calculator
strings
objdump
pencil
paper
6
Demo

• Please See Carefully !
• A binary bomb
• Need a password to defuse it
• Print bomb !, lose
• Print Survive !, win

7
Step by Step

• Machine Code to Assembly Code
• objdump -D bomb gt asm
• Get Function Info
• objdump -t bomb gt func
• Find key functions
• scanf, where does the password store ?
• printf, which the instruction will print bomb ?

8
Step by Step

• Find key strings
• bomb, survive and password
• Find key operators
• jmp, change control flow
• cmp, how to judgment condition
• Defuse bomb no risk at all
• gdb set breakpoint before bomb and survive

9
Step by Step

• Defuse Bomb Now!
• gdb bomb
• (gdb) break 0x80483c5
• (gdb) break 0x80483d7
• (gdb) run
• 7b
• (wrong!! Why??)
• (gdb) print /x (int ) (0xffffffffcebp)
• (gdb) print /x (int ) esp

10
Step by Step

• Defuse Bomb Now!
• (gdb) kill
• run
• 123
• (gdb) print /x (int ) (0xffffffffcebp)
• (gdb) print /x (int ) esp
• (gdb) c
• Survive !