Reverse Engineering or called (RE) the process of discovering the technological principles of a mechanical application through analysis of its structure, function and operation.
With reverse engineering, a researcher, programmer can do a lot of things, like: examine the strutcture of a program and examine the entire system to identify weaknesses in system. With Reverse Engineering you can also search sensitive data in code, modyfing the functionality of an existing program, find vulnerabilities in some program, malware analysis.
To have some knowledges about reverse engineering, you need to know assembly programming. Assembly is a low level programming language for computing. Assembly language is converted into executable machine code by a utility program referred to NASM, MASM. Each system has a microprocessor that manages the computer ‘s activities. Each familiy of processors has its own set of instructions for multiple operations, like: getting input from keyboard, control devices, and other. These set of instructions are called machine language instructions.
A processor are able to learn and apply only 1 and 0 strings. It is too difficult for human to interpretate this strings. We use assembly. To learn more about assembly, you can read this book:
Assembly Language Step-by-Step Programming with Linux – by Jeff Duntemann
Today i’ll talk about stack buffer overflow. Stack is a block of memory which is used by functions. In Intel x86 architecture the maximum data size would be 4 bytes or 32 bits. The ESP stack pointer points to the top of stack. The stack is heavily used by functions. To hold function arguments and dynamically allocate space for local variables.
Stack buffer overflow affects functions that copies input to memory without doing checking. A buffer overflow will happen when a function copies data into a buffer without doing checking or bounds verification.
Down, i’ll show you with a C program, how vulnerable is a program to buffer overflow:
#include <string.h>
#define findThePassword “p4ssw0rd”
int main()
{
char OK = 0;
char overflow[30];
printf(“Please enter the password:\n”);
gets(overflow);
if(strcmp(overflow, findThePassword) == 0)
OK = 1;
if(OK == 1)
printf(“Congratulation. You find the password!\n\t”);
}
//End of script
After we finished to compile the file, gcc exploit.c -o exploit , we run our exploit :
perl -e 'print "CCCC" . "\x64\x41\x42\x31" x 100' | ./exploit
Demo:
![Exploit]()
Let’s write another example:
exploit2.c
//
#include <string.h>
int main()
{
int buffer;
char test[60];
printf(“test: %06x buffer: %06x\n”, &buffer, &test);
if (buffer == 0x000a0d00)
printf(“We Finished the job\n”);
}
//
We remember that the functions are pushed in stack.
The base pointer or EBP is in the stack, so, it;s saved frame pointer SPF. We move the stack pointer ESP in EBP and we substitue previous adress. We using buffer overflow to overwrite a return adress. When a functions is called, it pushes the EIP into the Stack or SFP. After a complete ret , the stack moves SFP back to EIP.
After, we need to overwrite the EIP.
G0t m1lk ?:)
Thank you.
Or find more: Corelan.be
