Bypassing ios anti-debugging protections & jailbreak detection mechanisms
|
|
- Virgil Reynolds
- 5 years ago
- Views:
Transcription
1 Bypassing ios anti-debugging protections & jailbreak detection mechanisms Alexandre Bécholey
2 2
3 Plan Context Anti-debugging protections Bypass techniques LLDB scripting Jailbreak detection Conclusion 3
4 Context 4
5 Scope 1. One ios application to pentest 2. Need to use a jailbroken ios device 3. Jailbreak detection and anti-debugging protections present 4. Client notified 5
6 Connectivity 1. Iphone_tunnel to create the initial tunnel ( ) 2. SSH to create a tunnel that will be used for debugging ( ) 3. On the ios device, use debugserver to launch the targeted app (localhost:1234) 4. On the computer, use LLDB to connect to the debugserver to start debugging (localhost:1234) 6
7 Workflow 1. Debug the app 2. Break early in the app 3. Grab the decrypted part 4. Patch a copy of the binary with the decrypted part 5. Start reverse engineering activities 7
8 Anti-debugging protections 8
9 Anti-debugging protections SYSCTL PTRACE SYSCALL Get process ID Query sysctl to get a status of the process Look for the process traced flag Resolve the ptrace symbol to get the function address Call ptrace to deny attachment Once run, valid for the entire process lifetime Sneaky way to call ptrace Same consequences 9
10 References nce/manpages/ 10
11 SYSCTL int sysctl(const int *name, u_int namelen, void *oldp, size_t *oldlenp, const void *newp, size_t newlen); int being_debugged() { int name[] = { CTL_KERN, KERN_PROC, KERN_PROC_PID, getpid()}; u_int namelen = sizeof(name) / sizeof(*name); struct kinfo_proc oldp; size_t oldlenp = sizeof(oldp); int result = sysctl(name, namelen, &oldp, &oldlenp, NULL, 0); if (result == -1) { // handle error and fail... } return (oldp.kp_proc.p_flag & P_TRACED)!= 0; // could be optimized as (oldp + 0x21) & 8 } 11
12 ptrace int ptrace(int request, pid_t pid, void *addr, int data); int call_ptrace() { void *handle; void *ptrace; handle = dlopen(0ll, 10); ptrace = dlsym(handle, "ptrace"); ptrace(pt_deny_attach, 0, 0, 0); // PT_DENY_ATTACH = 31 return dlclose(handle); } 12
13 ptrace as a syscall MOV X0, #0x1F ; first arg 31 => PT_DENY_ATTACH MOV X1, #0 MOV X2, #0 MOV X3, #0 MOV X16, #0x1A ; syscall number 26 => ptrace SVC 0x80 ; invoke the syscall 13
14 How to find them sysctl Search for the sysctl and getpid function Get all the cross-references to it ptrace Search for ptrace in the list of strings Get all the cross-references to it syscall Search for the instruction SVC 0x80 Verify that there is a MOV X16, #0x1A before it 14
15 Bypass techniques 15
16 Three cases The function has a symbol Hooking frameworks The function has been stripped Patch the first two instructions of the function The protections are inline in the function Case by case patching 16
17 Hooking frameworks Frida: stable Cycript: inspect Theos: auto-load JavaScript JavaScript & ObjC Compile dylib Works when the other frameworks crash the app Backtrace functions Easy inspection Manual object creation function calls Auto-load when the application starts Huge gain of time Nice when it has to run before anything else 17
18 Dynamic patching Patch the beginning of the function Overwrite the first two instructions MOV X0, #0 ; First write a desired return value RET ; Then return to the caller In LLDB: (lldb) memory write -s 4 0x100420d88 0xD (lldb) memory write -s 4 0x100420d8c 0xD65F03C0 Patch inside a function If there is a branch leading to the tests replace the branch Else overwrite all the instructions with NOP instructions 18
19 Image location PIE applies ASLR to the binary location in memory Different base address at each execution: (lldb) image list myapp [ 0] SOME-UUID 0x /PATH/myapp.app/myapp (0x ) (lldb) image list myapp [ 0] SOME-UUID 0x f0000 /PATH/myapp.app/myapp (0x f0000) Offsets inside the binary remain the same 19
20 LLDB scripting 20
21 Commands files Succession of commands to be executed at startup platform select remote-ios settings set target.process.stop-on-sharedlibrary-events true process connect connect://localhost:1234 continue Import a Python script command script import myscript.py break UIApplicationMain breakpoint command add -s python 1 myscript.myfunction() DONE 21
22 Python script base address of the binary import lldb def myfunction(): # get image list main_image = lldb.target.modules[0] base = int(main_image. str ().split('(')[-1].strip(')'), 16) print "Base addr: 0x%x" % base 22
23 Python script breakpoints offsets = [ 0x3a76e8, 0x3a7ab0, ] for offset in offsets: addr = base + offset print "Adding breakpoint at: 0x%x" % addr bp = lldb.target.breakpointcreatebyaddress(addr) bp.setscriptcallbackfunction("myscript.someotherfunction") 23
24 Python script dynamic patching offsets = { 0x420D88: 0xD65F03C0, # RET 0x3D2ABC: 0xAA0003E0, # MOV X0, X0 } for offset, instruction in offsets.items(): addr = base + offset buff = pack('<l', instruction) err = lldb.sberror() print "Writing 0x%x at 0x%x" % (instruction, addr) lldb.process.writememory(addr, buff, err) print "Write finished with error:", err 24
25 Python script changing branches branches = { # branch_inst_offset: new_dest_offset 0x3C4BA0: 0x3C4A2C, 0x3D169C: 0x3D1614, } for dest, source in branches.items(): jump_offset = (dest - source) // 4 instruction = 0x jump_offset addr = base + offset # continue with writing... 25
26 Jailbreak detection 26
27 Evidence of a Jailbreak Filesystem: stat64 or open: /Applications/Cydia.app /Applications/blackra1n.app At runtime: use dyld to get the image list MobileSubstrate SubstrateLoader /Applications/Icy.app /Library/Frameworks/CydiaSubstrate.framework/ CydiaSubstrate /Library/MobileSubstrate/MobileSubstrate.dylib /usr/sbin/sshd /bin/bash 27
28 Obfuscation - Cryptography Example Use the native CCCrypt function to decrypt strings on the fly Before each call to CCCrypt, verify that there is no trampoline there How to find it Search for the CCCrypt function break after each calls get the address of the call and leak the decrypted string Weaknesses Patch the branch after the trampoline check Hook the function that apply the compliance check 28
29 Obfuscation - Integers Use integers to construct strings Allocate some intergers that need to be next to each other in memory Initialize them with values that correspond to ASCII characters: int a = 0x ; // DCBA Use ObjC methods to convert the string CFStringCreateFromExternalRepresentation How to find it Search for CFStringCreateFromExternalRepresentation Weaknesses Dynamic patching 29
30 Conclusion 30
31 Future Swift instead of Objective-C Less symbols need more time Obfuscation getting more mature Need more time ios versions and jailbreak ios 8 still OK ios 9 jailbreakable ios 10 starts to be a challenge 31
32 Conclusion Always search for common names in the strings and function names jail, compliance, debug, ptrace, sysctl, etc. Get the references to and reverse the functions Get used to LLDB and its python API Game of cat and mouse No silver bullet solution to hide the detection and protect them Be creative How would you hide it? How would you protect it? 32
33 Thank You Alexandre Bécholey Security Expert Phone: +41 (0) Mobile: +41 (0)
This time. Defenses and other memory safety vulnerabilities. Everything you ve always wanted to know about gdb but were too afraid to ask
This time We will continue Buffer overflows By looking at Overflow Defenses and other memory safety vulnerabilities Everything you ve always wanted to know about gdb but were too afraid to ask Overflow
More informationKprobes Presentation Overview
Kprobes Presentation Overview This talk is about how using the Linux kprobe kernel debugging API, may be used to subvert the kernels integrity by manipulating jprobes and kretprobes to patch the kernel.
More informationReverse Engineering Swift Apps. Michael Gianarakis Rootcon X 2016
Reverse Engineering Swift Apps Michael Gianarakis Rootcon X 2016 # whoami @mgianarakis Director of SpiderLabs APAC at Trustwave SecTalks Organiser (@SecTalks_BNE) Flat Duck Justice Warrior #ducksec Motivation
More informationIndex. D, E Damn Vulnerable ios application (DVIA), Data Execution Prevention (DEP), 3 Data storage security,
Index A Address Space Layout Randomization (ASLR), 3 Anti-debugging protections, 125 126 Application delegate protocol, 63 ApplicationDidFinishLaunching function, 113 App transport security, 6 Authentication,
More informationPangu 9 Internals. Tielei Wang and Hao Xu
Pangu 9 Internals Tielei Wang and Hao Xu Team Pangu Agenda ios Security Overview Pangu 9 Overview Userland Exploits Kernel Patching in Kernel Patch Protections Persistent Code Signing Bypass Conclusion
More informationLLDB for your hardware: Remote Debugging the Hexagon DSP
LLDB for your hardware: Remote Debugging the Hexagon DSP Colin Riley Games Technology Director 1 Outline Introductions Adapting LLDB for your hardware The Why and How? The 3 steps Summary Q&A 2 Introductions
More informationHacking from ios 8 to ios 9 TEAM PANGU
Hacking from ios 8 to ios 9 TEAM PANGU POC 2015 Agenda ios Security Overview Security Changes from ios 8 to ios 9 Kernel Vulnerability Exploited in Pangu 9 Kernel Exploit Chain Conclusion Who We Are Team
More informationsyscall_intercept A user space library for intercepting system calls Author Name, Company Krzysztof Czuryło, Intel
Talk syscall_intercept Title Here A user space library for intercepting system calls Author Name, Company Krzysztof Czuryło, Intel What it is? Provides a low-level interface for hooking Linux system calls
More informationMobileFindr: Function Similarity Identification for Reversing Mobile Binaries. Yibin Liao, Ruoyan Cai, Guodong Zhu, Yue Yin, Kang Li
MobileFindr: Function Similarity Identification for Reversing Mobile Binaries Yibin Liao, Ruoyan Cai, Guodong Zhu, Yue Yin, Kang Li Reverse Engineering The process of taking a software program s binary
More informationShort Notes of CS201
#includes: Short Notes of CS201 The #include directive instructs the preprocessor to read and include a file into a source code file. The file name is typically enclosed with < and > if the file is a system
More informationBiography. Background
From Over ow to Shell An Introduction to low-level exploitation Carl Svensson @ KTH, January 2019 1 / 28 Biography MSc in Computer Science, KTH Head of Security, KRY/LIVI CTF: HackingForSoju E-mail: calle.svensson@zeta-two.com
More informationCS201 - Introduction to Programming Glossary By
CS201 - Introduction to Programming Glossary By #include : The #include directive instructs the preprocessor to read and include a file into a source code file. The file name is typically enclosed with
More informationSoftware Protection: How to Crack Programs, and Defend Against Cracking Lecture 3: Program Analysis Moscow State University, Spring 2014
Software Protection: How to Crack Programs, and Defend Against Cracking Lecture 3: Program Analysis Moscow State University, Spring 2014 Christian Collberg University of Arizona www.cs.arizona.edu/ collberg
More informationIntrospy Security Profiling for Blackbox ios and Android. Marc Blanchou Alban Diquet
Introspy Security Profiling for Blackbox ios and Android Marc Blanchou Alban Diquet Introduction What is it about? Tool release: Introspy Security profiler for ios and Android applications Useful to developers,
More information1. A student is testing an implementation of a C function; when compiled with gcc, the following x86-32 assembly code is produced:
This assignment refers to concepts discussed in the course notes on gdb and the book The Art of Debugging by Matloff & Salzman. The questions are definitely "hands-on" and will require some reading beyond
More informationIntroducing LLDB for Linux on Arm and AArch64. Omair Javaid
Introducing LLDB for Linux on Arm and AArch64 Omair Javaid Agenda ENGINEERS AND DEVICES WORKING TOGETHER Brief introduction and history behind LLDB Status of LLDB on Linux and Android Linaro s contributions
More informationHACKING AND SECURING IOS APPLICATIONS
HACKING AND SECURING IOS APPLICATIONS -Satish B Agenda ios Security Concepts Loopholes in ios Hacking & Securing ios Applications How does loophole in ios affects the apps How easy it s to steal data from
More informationCSC 2400: Computer Systems. Using the Stack for Function Calls
CSC 24: Computer Systems Using the Stack for Function Calls Lecture Goals Challenges of supporting functions! Providing information for the called function Function arguments and local variables! Allowing
More informationFrom Over ow to Shell
From Over ow to Shell An Introduction to low-level exploitation Carl Svensson @ Google, December 2018 1 / 25 Biography MSc in Computer Science, KTH Head of Security, KRY/LIVI CTF: HackingForSoju E-mail:
More informationAnalysing ios apps: road from AppStore to security analysis report
Analysing ios apps: road from AppStore to security analysis report Egor Fominykh, Lenar Safin, Yaroslav Alexandrov SmartDec REcon, Brussels, 2017 What we do at SmartDec Decompilation, deobfuscation x86/x64
More informationReverse Engineering Malware Dynamic Analysis of Binary Malware II
Reverse Engineering Malware Dynamic Analysis of Binary Malware II Jarkko Turkulainen F-Secure Corporation Protecting the irreplaceable f-secure.com Advanced dynamic analysis Debugger scripting Hooking
More informationCSC 8400: Computer Systems. Using the Stack for Function Calls
CSC 84: Computer Systems Using the Stack for Function Calls Lecture Goals Challenges of supporting functions! Providing information for the called function Function arguments and local variables! Allowing
More informationJailbreaking. Apple Watch. Max Bazaliy. December 4-7, 2017
1 2 Jailbreaking 3 4 5 Apple Watch 6 7 8 9 Max Bazaliy 10 11 12 whoami 1 2 3 o Security researcher at Lookout o ios/tvos/watchos jailbreak author o Lead researcher on Pegasus exploit chain o Focused on
More informationMacros and Preprocessor. CGS 3460, Lecture 39 Apr 17, 2006 Hen-I Yang
Macros and Preprocessor CGS 3460, Lecture 39 Apr 17, 2006 Hen-I Yang Previously Operations on Linked list (Create and Insert) Agenda Linked List (More insert, lookup and delete) Preprocessor Linked List
More informationBasic program The following is a basic program in C++; Basic C++ Source Code Compiler Object Code Linker (with libraries) Executable
Basic C++ Overview C++ is a version of the older C programming language. This is a language that is used for a wide variety of applications and which has a mature base of compilers and libraries. C++ is
More informationCh 7: Mobile Device Management. CNIT 128: Hacking Mobile Devices. Updated
Ch 7: Mobile Device Management CNIT 128: Hacking Mobile Devices Updated 4-4-17 What is MDM? Frameworks that control, monitor, and manage mobile devices Deployed across enterprises or service providers
More informationReversing with Radare2.
Reversing with Radare2 pancake@overdrivecon2016 Who am I? pancake aka Sergi Alvarez i Capilla Twitter: @trufae @radareorg Web: http://rada.re Currently working as a Mobile Security Analyst at NowSecure,
More informationCPSC 213. Introduction to Computer Systems. Procedures and the Stack. Unit 1e
CPSC 213 Introduction to Computer Systems Unit 1e Procedures and the Stack 1 Readings for Next 3 Lectures Textbook Procedures - 3.7 Out-of-Bounds Memory References and Buffer Overflow - 3.12 2 Local Variables
More informationCMPSC 311 Exam 2. March 27, 2015
Name: Section: 11:15 1:25 CMPSC 311 Exam 2 March 27, 2015 Closed book, closed neighbor, no electronic tools or additional papers. You may not share or discuss exam questions with anyone. 1 Short Questions
More informationnptr = new int; // assigns valid address_of_int value to nptr std::cin >> n; // assigns valid int value to n
Static and Dynamic Memory Allocation In this chapter we review the concepts of array and pointer and the use of the bracket operator for both arrays and pointers. We also review (or introduce) pointer
More informationLeveraging CVE for ASLR Bypass & RCE. Gal De Leon & Nadav Markus
Leveraging CVE-2015-7547 for ASLR Bypass & RCE Gal De Leon & Nadav Markus 1 Who We Are Nadav Markus, Gal De-Leon Security researchers @ PaloAltoNetworks Vulnerability research and exploitation Reverse
More informationProject #1: Tracing, System Calls, and Processes
Project #1: Tracing, System Calls, and Processes Objectives In this project, you will learn about system calls, process control and several different techniques for tracing and instrumenting process behaviors.
More informationInstrumenting, Introspection, and Debugging with QEMU
Instrumenting, Introspection, and Debugging with QEMU Pavel Dovgalyuk Institute for System Programming of the Russian Academy of Sciences Our projects Working on QEMU projects since 2010 (version 0.13)
More informationLibgdb. Version 0.3 Oct Thomas Lord
Libgdb Version 0.3 Oct 1993 Thomas Lord Permission is granted to make and distribute verbatim copies of this manual provided the copyright notice and this permission notice are preserved on all copies.
More informationDefeat Exploit Mitigation Heap Attacks. compass-security.com 1
Defeat Exploit Mitigation Heap Attacks compass-security.com 1 ASCII Armor Arbitrary Write Overflow Local Vars Exploit Mitigations Stack Canary ASLR PIE Heap Overflows Brute Force Partial RIP Overwrite
More informationCuckoo Monitor Documentation
Cuckoo Monitor Documentation Release 1.3 Jurriaan Bremer Oct 03, 2017 Contents 1 Requirements 3 2 Required packages 5 3 Compilation 7 4 Components 9 4.1 C Framework...............................................
More informationCSE 509: Computer Security
CSE 509: Computer Security Date: 2.16.2009 BUFFER OVERFLOWS: input data Server running a daemon Attacker Code The attacker sends data to the daemon process running at the server side and could thus trigger
More informationUndermining the Linux Kernel: Malicious Code Injec:on via /dev/mem
Undermining the Linux Kernel: Malicious Code Injec:on via /dev/mem Anthony Lineberry anthony.lineberry@gmail.com Black Hat Europe 2009 Overview What is a rootkit? Why is protec:on difficult? Current protec:on
More informationThe Rise and Fall of
The Rise and Fall of AMSI @Tal_Liberman About me @Tal_Liberman Research & Reverse Engineering Founder @ Polarium Previously Head of Research Team @ ensilo #ProcessDoppelgänging #AtomBombing Overview Introduction
More informationCNIT 127: Exploit Development. Ch 2: Stack Overflows in Linux
CNIT 127: Exploit Development Ch 2: Stack Overflows in Linux Stack-based Buffer Overflows Most popular and best understood exploitation method Aleph One's "Smashing the Stack for Fun and Profit" (1996)
More informationDynamic Dispatch and Duck Typing. L25: Modern Compiler Design
Dynamic Dispatch and Duck Typing L25: Modern Compiler Design Late Binding Static dispatch (e.g. C function calls) are jumps to specific addresses Object-oriented languages decouple method name from method
More informationOverview REWARDS TIE HOWARD Summary CS 6V Data Structure Reverse Engineering. Zhiqiang Lin
CS 6V81-05 Data Structure Reverse Engineering Zhiqiang Lin Department of Computer Science The University of Texas at Dallas September 2 nd, 2011 Outline 1 Overview 2 REWARDS 3 TIE 4 HOWARD 5 Summary Outline
More informationCross-platform daemonization tools.
Cross-platform daemonization tools. Release 0.1.0 Muterra, Inc Sep 14, 2017 Contents 1 What is Daemoniker? 1 1.1 Installing................................................. 1 1.2 Example usage..............................................
More informationProject 3 Due October 21, 2015, 11:59:59pm
Project 3 Due October 21, 2015, 11:59:59pm 1 Introduction In this project, you will implement RubeVM, a virtual machine for a simple bytecode language. Later in the semester, you will compile Rube (a simplified
More informationReturn oriented programming
Return oriented programming TOOR - Computer Security Hallgrímur H. Gunnarsson Reykjavík University 2012-05-04 Introduction Many countermeasures have been introduced to foil EIP hijacking: W X: Prevent
More informationCSC 405 Computer Security Stack Canaries & ASLR
CSC 405 Computer Security Stack Canaries & ASLR Alexandros Kapravelos akaprav@ncsu.edu How can we prevent a buffer overflow? Check bounds Programmer Language Stack canaries [...more ] Buffer overflow defenses
More informationOne Step Before Game Hackers -- Instrumenting Android Emulators
One Step Before Game Hackers -- Instrumenting Android Emulators nevermoe Self Introduction nevermoe (@n3v3rm03, i [at] nevermoe.com) Love playing / hacking games Agenda Background Emulator Internal Hooking
More informationAmsterdam April 12 th, 2018
Amsterdam April 12 th, 2018 Piergiovanni Cipolloni Security Advisor @Mediaservice.net S.r.l. (piergiovanni.cipolloni@mediaservice.net) ~ 20 years in Penetration Testing Security researcher Federico Dotta
More informationAntid0te ASLR in ios
http://www.sektioneins.de Antid0te 2.0 - ASLR in ios Stefan Esser Who am I? Stefan Esser from Cologne / Germany in information security since 1998 PHP core developer since
More informationFlare- On 4: Challenge 6 Solution payload.dll
Flare- On 4: Challenge 6 Solution payload.dll Challenge Author: Jon Erickson (@2130706433) In this challenge, users were given a 64bit Windows DLL. The point of this challenge was to illustrate a trick
More informationDRuntime and You David Nadlinger ETH Zurich
DRuntime and You David Nadlinger (@klickverbot) ETH Zurich Agenda Warmup: TypeInfo and ModuleInfo Exception handling Garbage collection Thread-local storage Fibers Interlude: C program startup Shared
More informationSYSTEM CALL IMPLEMENTATION. CS124 Operating Systems Fall , Lecture 14
SYSTEM CALL IMPLEMENTATION CS124 Operating Systems Fall 2017-2018, Lecture 14 2 User Processes and System Calls Previously stated that user applications interact with the kernel via system calls Typically
More informationEL2310 Scientific Programming
Lecture 11: Structures and Memory (yaseminb@kth.se) Overview Overview Lecture 11: Structures and Memory Structures Continued Memory Allocation Lecture 11: Structures and Memory Structures Continued Memory
More informationPost exploitation techniques on OSX and Iphone. Vincenzo Iozzo
Post exploitation techniques on OSX and Iphone Vincenzo Iozzo vincenzo.iozzo@zynamics.com Who I am Student at Politecnico di Milano Security Consultant at Secure Network srl Reverse Engineer at zynamics
More informationbuffer overflow exploitation
buffer overflow exploitation Samuele Andreoli, Nicolò Fornari, Giuseppe Vitto May 11, 2016 University of Trento Introduction 1 introduction A Buffer Overflow is an anomaly where a program, while writing
More informationModule: Program Vulnerabilities. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security
CSE543 - Introduction to Computer and Network Security Module: Program Vulnerabilities Professor Trent Jaeger 1 1 Programming Why do we write programs? Function What functions do we enable via our programs?
More informationDebugging Your CUDA Applications With CUDA-GDB
Debugging Your CUDA Applications With CUDA-GDB Outline Introduction Installation & Usage Program Execution Control Thread Focus Program State Inspection Run-Time Error Detection Tips & Miscellaneous Notes
More informationBinghamton University. CS-211 Fall Syntax. What the Compiler needs to understand your program
Syntax What the Compiler needs to understand your program 1 Pre-Processing Any line that starts with # is a pre-processor directive Pre-processor consumes that entire line Possibly replacing it with other
More informationAssignment 1c: Compiler organization and backend programming
Assignment 1c: Compiler organization and backend programming Roel Jordans 2016 Organization Welcome to the third and final part of assignment 1. This time we will try to further improve the code generation
More informationFundamentals of Computer Security
Fundamentals of Computer Security Spring 2015 Radu Sion Software Errors Buffer Overflow TOCTTOU 2005-15 Portions copyright by Bogdan Carbunar and Wikipedia. Used with permission Why Security Vulnerabilities?
More informationPlease refer to the turn-in procedure document on the website for instructions on the turn-in procedure.
1 CSE 131 Winter 2013 Compiler Project #2 -- Code Generation Due Date: Friday, March 15 th 2013 @ 11:59pm Disclaimer This handout is not perfect; corrections may be made. Updates and major clarifications
More informationCall Paths for Pin Tools
, Xu Liu, and John Mellor-Crummey Department of Computer Science Rice University CGO'14, Orlando, FL February 17, 2014 What is a Call Path? main() A() B() Foo() { x = *ptr;} Chain of function calls that
More informationCOSC 6374 Parallel Computation. Debugging MPI applications. Edgar Gabriel. Spring 2008
COSC 6374 Parallel Computation Debugging MPI applications Spring 2008 How to use a cluster A cluster usually consists of a front-end node and compute nodes Name of the front-end node: shark.cs.uh.edu You
More informationData and File Structures Laboratory
Tools: GDB, Valgrind Assistant Professor Machine Intelligence Unit Indian Statistical Institute, Kolkata August, 2018 1 GDB 2 Valgrind A programmer s experience Case I int x = 10, y = 25; x = x++ + y++;
More informationLecture 9 Assertions and Error Handling CS240
Lecture 9 Assertions and Error Handling CS240 The C preprocessor The C compiler performs Macro expansion and directive handling Preprocessing directive lines, including file inclusion and conditional compilation,
More informationPlaying with process tracing to instrument static function at runtime in EZTrace. Damien Martin-Guillerez SED
Playing with process tracing to instrument static function at runtime in EZTrace Damien Martin-Guillerez SED CENTRE Inria BORDEAUX SUD-OUEST INTRODUCTION EZTrace is a performance trace generator for parallel
More informationAutomating ios blackbox security scanning Mikhail Sosonkin SYNACK Inc.
Automating ios blackbox security scanning Mikhail Sosonkin mikhail@synack.com SYNACK Inc. leverages the best combination of humans and technology to discover security vulnerabilities in our customers web
More informationLinux Memory Layout. Lecture 6B Machine-Level Programming V: Miscellaneous Topics. Linux Memory Allocation. Text & Stack Example. Topics.
Lecture 6B Machine-Level Programming V: Miscellaneous Topics Topics Linux Memory Layout Understanding Pointers Buffer Overflow Upper 2 hex digits of address Red Hat v. 6.2 ~1920MB memory limit FF C0 Used
More informationFlare-On 5: Challenge 7 Solution WorldOfWarcraft.exe
Flare-On 5: Challenge 7 Solution WorldOfWarcraft.exe Challenge Author: Ryan Warns Summary This challenge implements a 32-bit Windows binary meant to run in a Windows on Windows (WOW) environment. Analysis
More informationPROTOTYPING AND REVERSE ENGINEERING WITH FRIDA BSIDES LONDON 2017 JAHMEL HARRIS
PROTOTYPING AND REVERSE ENGINEERING WITH FRIDA BSIDES LONDON 2017 JAHMEL HARRIS THIS WORKSHOP INTRODUCTION TO RAPID REVERSE ENGINEERING WITH FRIDA PRACTICAL EXERCISES (LIMIT THE THEORY) VIEW THE CODE!
More informationLecture 08 Control-flow Hijacking Defenses
Lecture 08 Control-flow Hijacking Defenses Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides adapted from Miller, Bailey, and Brumley Control Flow Hijack: Always control + computation
More informationOS Structure, Processes & Process Management. Don Porter Portions courtesy Emmett Witchel
OS Structure, Processes & Process Management Don Porter Portions courtesy Emmett Witchel 1 What is a Process?! A process is a program during execution. Ø Program = static file (image) Ø Process = executing
More informationRun-time Thread Injection The Jugaad way. By Aseem Jakhar
Run-time Thread Injection The Jugaad way By Aseem Jakhar $whoami Security and open source enthusiast. Founder null The open security community. Organizer nullcon security conference. Chief researcher Payatu
More informationSystem Software Assignment 1 Runtime Support for Procedures
System Software Assignment 1 Runtime Support for Procedures Exercise 1: Nested procedures Some programming languages like Oberon and Pascal support nested procedures. 1. Find a run-time structure for such
More informationDiscovering the ios Instruments Server
Discovering the ios Instruments Server Troy Bowman Hex-Rays troy@hex-rays.com Recon Montreal 2018 Purpose of This Talk Share our discoveries Document all of our steps Fun! What is Instruments? Instruments
More informationA short session with gdb verifies a few facts; the student has made notes of some observations:
This assignment refers to concepts discussed in the course notes on gdb and the book The Art of Debugging by Matloff & Salzman. The questions are definitely "hands-on" and will require some reading beyond
More informationID: Sample Name: 21PO jpg...js Cookbook: default.jbs Time: 14:32:06 Date: 21/11/2017 Version:
ID: 371 Sample Name: 21PO201745.jpg...js Cookbook: default.jbs Time: 14:32:0 Date: 21/11/2017 Version: 20.0.0 Table of Contents Table of Contents Analysis Report Overview Information Detection Confidence
More informationCSCI 237 Sample Final Exam
Problem 1. (12 points): Multiple choice. Write the correct answer for each question in the following table: 1. What kind of process can be reaped? (a) Exited (b) Running (c) Stopped (d) Both (a) and (c)
More informationFall 2015 COMP Operating Systems. Lab #3
Fall 2015 COMP 3511 Operating Systems Lab #3 Outline n Operating System Debugging, Generation and System Boot n Review Questions n Process Control n UNIX fork() and Examples on fork() n exec family: execute
More informationSubverting the Linux Kernel Linux Kernel Rootkits 101
Subverting the Linux Kernel Linux Kernel Rootkits 101 Kernel Rootkits? A collection of program(s) that hide an attacker's presence and activities on a compromised system Typically allows an attacker to
More informationUnpacking the Packed Unpacker
Unpacking the Packed Unpacker Reversing an Android Anti-Analysis Native Library Maddie Stone @maddiestone BlackHat USA 2018 Who am I? - Maddie Stone Reverse Engineer on Google s Android Security Team 5+
More informationDEEP HOOKS MONITORING NATIVE EXECUTION IN WOW64 APPLICATIONS. Yarden Assaf
DEEP HOOKS MONITORING NATIVE EXECUTION IN WOW64 APPLICATIONS Assaf Carlsbad @assaf_carlsbad Yarden Shafir @yarden_shafir Yarden I started dancing at the age of 7 and later competed with a rhythmic gymnastics
More informationReverse Engineering Malware Binary Obfuscation and Protection
Reverse Engineering Malware Binary Obfuscation and Protection Jarkko Turkulainen F-Secure Corporation Protecting the irreplaceable f-secure.com Binary Obfuscation and Protection What is covered in this
More informationCPSC 213. Introduction to Computer Systems. Procedures and the Stack. Unit 1e
CPSC 213 Introduction to Computer Systems Unit 1e Procedures and the Stack Readings for Next 3 Lectures Textbook Procedures - 3.7 Out-of-Bounds Memory References and Buffer Overflow - 3.12 Local Variables
More informationCourse Text. Course Description. Course Objectives. StraighterLine Introduction to Programming in C++
Introduction to Programming in C++ Course Text Programming in C++, Zyante, Fall 2013 edition. Course book provided along with the course. Course Description This course introduces programming in C++ and
More informationPROCESS PROGRAMMING INTERFACE
Reading Reference: Textbook 1 Chapter 3 Molay Reference Text: Chapter 8 PROCESS PROGRAMMING INTERFACE Tanzir Ahmed CSCE 313 FALL 2018 Theme of Today s Lecture Talk a bit about Unix Shell Introduce some
More informationCSE 127 Computer Security
CSE 127 Computer Security Stefan Savage, Fall 2018, Lecture 4 Low Level Software Security II: Format Strings, Shellcode, & Stack Protection Review Function arguments and local variables are stored on the
More informationIntroduction to Programming Using Java (98-388)
Introduction to Programming Using Java (98-388) Understand Java fundamentals Describe the use of main in a Java application Signature of main, why it is static; how to consume an instance of your own class;
More informationComplex Lab Operating Systems 2015/16 Winter Term. Sessions & Dynamic Memory
Faculty of Computer Science Institute for System Architecture, Operating Systems Group Complex Lab Operating Systems 2015/16 Winter Term Sessions & Dynamic Memory 1 st Assignment General Coding Style use
More informationBinghamton University. CS-220 Spring X86 Debug. Computer Systems Section 3.11
X86 Debug Computer Systems Section 3.11 GDB is a Source Level debugger We have learned how to debug at the C level But the machine is executing X86 object code! How does GDB play the shell game? Makes
More informationq3py Documentation Release c robo9k
q3py Documentation Release 0.0.1.18-374c robo9k April 12, 2015 Contents 1 Contents 3 1.1 Hello world!............................................... 3 1.2 Call graphs................................................
More informationDynamic Tracing and Instrumentation
Dynamic Tracing and Instrumentation Bryan Cantrill and Mike Shapiro (bmc, mws@eng.sun.com) Solaris Kernel Group Kernel Debugging Today if (no_advanced_debugging) printf(9f) ASSERT(i_am_a_debug_kernel!=
More informationEnterprise Architect. User Guide Series. Profiling
Enterprise Architect User Guide Series Profiling Investigating application performance? The Sparx Systems Enterprise Architect Profiler finds the actions and their functions that are consuming the application,
More informationEnterprise Architect. User Guide Series. Profiling. Author: Sparx Systems. Date: 10/05/2018. Version: 1.0 CREATED WITH
Enterprise Architect User Guide Series Profiling Author: Sparx Systems Date: 10/05/2018 Version: 1.0 CREATED WITH Table of Contents Profiling 3 System Requirements 8 Getting Started 9 Call Graph 11 Stack
More informationCSE 127 Computer Security
CSE 127 Computer Security Stefan Savage, Spring 2018, Lecture 4 Low Level Software Security II: Format Strings, Shellcode, & Stack Protection Review Function arguments and local variables are stored on
More informationProgramming Studio #9 ECE 190
Programming Studio #9 ECE 190 Programming Studio #9 Concepts: Functions review 2D Arrays GDB Announcements EXAM 3 CONFLICT REQUESTS, ON COMPASS, DUE THIS MONDAY 5PM. NO EXTENSIONS, NO EXCEPTIONS. Functions
More informationProgramming Tips for CS758/858
Programming Tips for CS758/858 January 28, 2016 1 Introduction The programming assignments for CS758/858 will all be done in C. If you are not very familiar with the C programming language we recommend
More informationmanifold Documentation
manifold Documentation Release 0.0.1 Open Source Robotics Foundation Mar 04, 2017 Contents 1 What is Manifold? 3 2 Installation 5 2.1 Ubuntu Linux............................................... 5 2.2
More informationAn Evil Copy: How the Loader Betrays You
An Evil Copy: How the Loader Betrays You Xinyang Ge 1,3, Mathias Payer 2 and Trent Jaeger 3 Microsoft Research 1 Purdue University 2 Penn State University 3 Page 1 Problem: A Motivating Example // main.c
More informationCS5460: Operating Systems
CS5460: Operating Systems Lecture 2: OS Hardware Interface (Chapter 2) Course web page: http://www.eng.utah.edu/~cs5460/ CADE lab: WEB L224 and L226 http://www.cade.utah.edu/ Projects will be on Linux
More information