SlideShare a Scribd company logo

Jonathan - Reverse Engineering for exploit writers - ClubHack2008

Download as PPS, PDF
ClubHack
ClubHack
Technology
1 of 30
Reverse Engineering for exploit writers Jonathan Brossard, iViZ Research Team Clubhack 2008 Pune, India
Who Am I ? (and why am I writing this ??) We are recruting ! Send me your CVs at : [email_address]
Roadmap ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],©iViZ Techno Solutions Pvt Ltd.
A (short) reminder of the ELF format A (short) reminder of the ELF format ©iViZ Techno Solutions Pvt Ltd.
A (short) reminder of the ELF format ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],©iViZ Techno Solutions Pvt Ltd.
A (short) reminder of the ELF format ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],©iViZ Techno Solutions Pvt Ltd.
A (short) reminder of the ELF format ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],©iViZ Techno Solutions Pvt Ltd.
A (short) reminder of the ELF format ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],©iViZ Techno Solutions Pvt Ltd.
Introducing the problem ,[object Object],©iViZ Techno Solutions Pvt Ltd.
- We know where the Segments are - We know where the Sections are located - The application has a symbol table ©iViZ Techno Solutions Pvt Ltd. Introducing the problem Before :
After : ©iViZ Techno Solutions Pvt Ltd. Introducing the problem - We know where the Segments are : the loader/dynamic linker can still do their jobs - We don’t know where the Sections start/end - The application has no symbol table
Introducing the problem ,[object Object],[object Object],[object Object],©iViZ Techno Solutions Pvt Ltd.
Introducing the problem ,[object Object],©iViZ Techno Solutions Pvt Ltd.
How (not) to work with proprietary binaries anyway ? ,[object Object],©iViZ Techno Solutions Pvt Ltd.
[object Object],[object Object],[object Object],How (not) to work with proprietary binaries anyway ? ©iViZ Techno Solutions Pvt Ltd.
What to rebuild ? ,[object Object],[object Object],[object Object],©iViZ Techno Solutions Pvt Ltd.
Increase the size of the binary to contain a new Section Header Table Modify the ELF Header to point to our new Section Header Table (via e_shoff) ©iViZ Techno Solutions Pvt Ltd. Refactoring the binary :
Refactoring the binary ,[object Object],[object Object],[object Object],[object Object],©iViZ Techno Solutions Pvt Ltd.
Refactoring the binary ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],©iViZ Techno Solutions Pvt Ltd.
Allocate (append) and update Section Headers accordingly (don’t forget to e_shnum++ in ELF Header). ©iViZ Techno Solutions Pvt Ltd. Refactoring the binary
We can now use the binary with our usual disassemblers using libbfd. Disassemble the .text, and give names to the destination offsets of (un)conditional jumps and calls Update this list with labels corresponding to predictable offsets (eg: main()) and the content of the .dynamic section Add all those label/offset tuples to a symbol table (new section SHT_SYMTAB) at the end of the binary ©iViZ Techno Solutions Pvt Ltd. Refactoring the binary
Refactoring the binary ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],©iViZ Techno Solutions Pvt Ltd.
Refactoring the binary ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],©iViZ Techno Solutions Pvt Ltd.
Refactoring the binary ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],©iViZ Techno Solutions Pvt Ltd.
Refactoring the binary ,[object Object],[object Object],[object Object],©iViZ Techno Solutions Pvt Ltd.
Refactoring in practice ,[object Object],©iViZ Techno Solutions Pvt Ltd.
Conclusion ,[object Object],[object Object],[object Object],©iViZ Techno Solutions Pvt Ltd.
Greetings ,[object Object],[object Object],[object Object],[object Object],[object Object],©iViZ Techno Solutions Pvt Ltd.
[object Object],©iViZ Techno Solutions Pvt Ltd.
[object Object],©iViZ Techno Solutions Pvt Ltd.

Recommended

Introduction to C programming
Introduction to C programmingIntroduction to C programming
Introduction to C programmingKathmandu University
 
C programming language
C programming languageC programming language
C programming languageMaha lakshmi
 
Programming in C Basics
Programming in C BasicsProgramming in C Basics
Programming in C BasicsBharat Kalia
 
Advanced C Language for Engineering
Advanced C Language for EngineeringAdvanced C Language for Engineering
Advanced C Language for EngineeringVincenzo De Florio
 
Introduction to c
Introduction to cIntroduction to c
Introduction to camol_chavan
 
C programming
C programmingC programming
C programmingRounak Samdadia
 
Basic C Programming language
Basic C Programming languageBasic C Programming language
Basic C Programming languageAbhishek Soni
 
COM1407: Introduction to C Programming
COM1407: Introduction to C Programming COM1407: Introduction to C Programming
COM1407: Introduction to C Programming Hemantha Kulathilake
 

Recommended

Introduction to C programming
Introduction to C programmingIntroduction to C programming
Introduction to C programmingKathmandu University
 
C programming language
C programming languageC programming language
C programming languageMaha lakshmi
 
Programming in C Basics
Programming in C BasicsProgramming in C Basics
Programming in C BasicsBharat Kalia
 
Advanced C Language for Engineering
Advanced C Language for EngineeringAdvanced C Language for Engineering
Advanced C Language for EngineeringVincenzo De Florio
 
Introduction to c
Introduction to cIntroduction to c
Introduction to camol_chavan
 
C programming
C programmingC programming
C programmingRounak Samdadia
 
Basic C Programming language
Basic C Programming languageBasic C Programming language
Basic C Programming languageAbhishek Soni
 
COM1407: Introduction to C Programming
COM1407: Introduction to C Programming COM1407: Introduction to C Programming
COM1407: Introduction to C Programming Hemantha Kulathilake
 
C PROGRAMMING
C PROGRAMMINGC PROGRAMMING
C PROGRAMMINGStalongiles Philip
 
Unit 4 Foc
Unit 4 FocUnit 4 Foc
Unit 4 FocJAYA
 
Brief introduction to the c programming language
Brief introduction to the c programming languageBrief introduction to the c programming language
Brief introduction to the c programming languageKumar Gaurav
 
Introduction to C Programming
Introduction to C ProgrammingIntroduction to C Programming
Introduction to C ProgrammingMOHAMAD NOH AHMAD
 
C language introduction
C language introduction C language introduction
C language introduction musrath mohammad
 
Introduction to C Programming
Introduction to C ProgrammingIntroduction to C Programming
Introduction to C ProgrammingAmr Ali (ISTQB CTAL Full, CSM, ITIL Foundation)
 
C language programming
C language programmingC language programming
C language programmingpullarao29
 
Embedded C programming based on 8051 microcontroller
Embedded C programming based on 8051 microcontrollerEmbedded C programming based on 8051 microcontroller
Embedded C programming based on 8051 microcontrollerGaurav Verma
 
Embedded c programming22 for fdp
Embedded c programming22 for fdpEmbedded c programming22 for fdp
Embedded c programming22 for fdpPradeep Kumar TS
 
C programming part1
C programming part1C programming part1
C programming part1Gaddam Kowshik
 
C programming tutorial for beginners
C programming tutorial for beginnersC programming tutorial for beginners
C programming tutorial for beginnersThiyagarajan Soundhiran
 
Introduction to C Unit 1
Introduction to C Unit 1Introduction to C Unit 1
Introduction to C Unit 1SURBHI SAROHA
 
Discussing Fundamentals of C
Discussing Fundamentals of CDiscussing Fundamentals of C
Discussing Fundamentals of Ceducationfront
 
Features of c language 1
Features of c language 1Features of c language 1
Features of c language 1srmohan06
 
A brief introduction to C Language
A brief introduction to C LanguageA brief introduction to C Language
A brief introduction to C LanguageMohamed Elsayed
 
C languaGE UNIT-1
C languaGE UNIT-1C languaGE UNIT-1
C languaGE UNIT-1Malikireddy Bramhananda Reddy
 
C programming interview questions
C programming interview questionsC programming interview questions
C programming interview questionsadarshynl
 
Introduction to c programming
Introduction to c programmingIntroduction to c programming
Introduction to c programminggajendra singh
 
Introduction to programming with c,
Introduction to programming with c,Introduction to programming with c,
Introduction to programming with c,Hossain Md Shakhawat
 
M. golański program operacyjny polska cyfrowa 2014 2020
M. golański program operacyjny polska cyfrowa 2014 2020M. golański program operacyjny polska cyfrowa 2014 2020
M. golański program operacyjny polska cyfrowa 2014 2020Wydział ds. eZdrowia, Departament Polityki Zdrowotnej, Urząd Marszałkowski w Łodzi
 
Bantuan perniagaan KHB
Bantuan perniagaan KHBBantuan perniagaan KHB
Bantuan perniagaan KHBCikgu Syam
 
CALCULO DEL POTENCIAL A PARTIR DEL CAMPO
CALCULO DEL POTENCIAL A PARTIR DEL CAMPO CALCULO DEL POTENCIAL A PARTIR DEL CAMPO
CALCULO DEL POTENCIAL A PARTIR DEL CAMPO leticiazabalveytia
 

More Related Content

What's hot

Unit 4 Foc
Unit 4 FocUnit 4 Foc
Unit 4 FocJAYA
 
Brief introduction to the c programming language
Brief introduction to the c programming languageBrief introduction to the c programming language
Brief introduction to the c programming languageKumar Gaurav
 
Introduction to C Programming
Introduction to C ProgrammingIntroduction to C Programming
Introduction to C ProgrammingMOHAMAD NOH AHMAD
 
C language programming
C language programmingC language programming
C language programmingpullarao29
 
Embedded C programming based on 8051 microcontroller
Embedded C programming based on 8051 microcontrollerEmbedded C programming based on 8051 microcontroller
Embedded C programming based on 8051 microcontrollerGaurav Verma
 
Embedded c programming22 for fdp
Embedded c programming22 for fdpEmbedded c programming22 for fdp
Embedded c programming22 for fdpPradeep Kumar TS
 
Introduction to C Unit 1
Introduction to C Unit 1Introduction to C Unit 1
Introduction to C Unit 1SURBHI SAROHA
 
Discussing Fundamentals of C
Discussing Fundamentals of CDiscussing Fundamentals of C
Discussing Fundamentals of Ceducationfront
 
Features of c language 1
Features of c language 1Features of c language 1
Features of c language 1srmohan06
 
A brief introduction to C Language
A brief introduction to C LanguageA brief introduction to C Language
A brief introduction to C LanguageMohamed Elsayed
 
C programming interview questions
C programming interview questionsC programming interview questions
C programming interview questionsadarshynl
 
Introduction to c programming
Introduction to c programmingIntroduction to c programming
Introduction to c programminggajendra singh
 
Introduction to programming with c,
Introduction to programming with c,Introduction to programming with c,
Introduction to programming with c,Hossain Md Shakhawat
 

What's hot (19)

C PROGRAMMING
C PROGRAMMINGC PROGRAMMING
C PROGRAMMING
 
Unit 4 Foc
Unit 4 FocUnit 4 Foc
Unit 4 Foc
 
Brief introduction to the c programming language
Brief introduction to the c programming languageBrief introduction to the c programming language
Brief introduction to the c programming language
 
Introduction to C Programming
Introduction to C ProgrammingIntroduction to C Programming
Introduction to C Programming
 
C language introduction
C language introduction C language introduction
C language introduction
 
Introduction to C Programming
Introduction to C ProgrammingIntroduction to C Programming
Introduction to C Programming
 
C language programming
C language programmingC language programming
C language programming
 
Embedded C programming based on 8051 microcontroller
Embedded C programming based on 8051 microcontrollerEmbedded C programming based on 8051 microcontroller
Embedded C programming based on 8051 microcontroller
 
Embedded c programming22 for fdp
Embedded c programming22 for fdpEmbedded c programming22 for fdp
Embedded c programming22 for fdp
 
C programming part1
C programming part1C programming part1
C programming part1
 
C programming tutorial for beginners
C programming tutorial for beginnersC programming tutorial for beginners
C programming tutorial for beginners
 
Introduction to C Unit 1
Introduction to C Unit 1Introduction to C Unit 1
Introduction to C Unit 1
 
Discussing Fundamentals of C
Discussing Fundamentals of CDiscussing Fundamentals of C
Discussing Fundamentals of C
 
Features of c language 1
Features of c language 1Features of c language 1
Features of c language 1
 
A brief introduction to C Language
A brief introduction to C LanguageA brief introduction to C Language
A brief introduction to C Language
 
C languaGE UNIT-1
C languaGE UNIT-1C languaGE UNIT-1
C languaGE UNIT-1
 
C programming interview questions
C programming interview questionsC programming interview questions
C programming interview questions
 
Introduction to c programming
Introduction to c programmingIntroduction to c programming
Introduction to c programming
 
Introduction to programming with c,
Introduction to programming with c,Introduction to programming with c,
Introduction to programming with c,
 

Viewers also liked

Bantuan perniagaan KHB
Bantuan perniagaan KHBBantuan perniagaan KHB
Bantuan perniagaan KHBCikgu Syam
 
CALCULO DEL POTENCIAL A PARTIR DEL CAMPO
CALCULO DEL POTENCIAL A PARTIR DEL CAMPO CALCULO DEL POTENCIAL A PARTIR DEL CAMPO
CALCULO DEL POTENCIAL A PARTIR DEL CAMPO leticiazabalveytia
 
Hoyos Advocacia em Santarém/PA - BRA
Hoyos Advocacia em Santarém/PA - BRAHoyos Advocacia em Santarém/PA - BRA
Hoyos Advocacia em Santarém/PA - BRAHOYOS ADVOCACIA
 
Mi experiencia en la gastronomia
Mi experiencia en la gastronomiaMi experiencia en la gastronomia
Mi experiencia en la gastronomiaJUANDAVIDJUNIOR10
 
Key social o-net'54
Key social o-net'54Key social o-net'54
Key social o-net'54taioddntw
 
Ariana torres mapa
Ariana torres mapaAriana torres mapa
Ariana torres mapatorres_1
 
SOBRE PERMISO CON GOCE POR EL DIA DEL MAESTRO - SUTE LIMA
SOBRE PERMISO CON GOCE POR EL DIA DEL MAESTRO - SUTE LIMASOBRE PERMISO CON GOCE POR EL DIA DEL MAESTRO - SUTE LIMA
SOBRE PERMISO CON GOCE POR EL DIA DEL MAESTRO - SUTE LIMASute VI Sector
 
Devens Annual Report 2003
Devens Annual Report 2003Devens Annual Report 2003
Devens Annual Report 2003MassDevelopment
 
Vad är Internet och hur fungerar det? Barn om Internet
Vad är Internet och hur fungerar det? Barn om InternetVad är Internet och hur fungerar det? Barn om Internet
Vad är Internet och hur fungerar det? Barn om InternetWebbstjarnan |.SE
 
UFMG Provas Antigas 1994 aberta - Conteúdo vinculado ao blog http://fisi...
UFMG Provas Antigas 1994 aberta - Conteúdo vinculado ao blog http://fisi...UFMG Provas Antigas 1994 aberta - Conteúdo vinculado ao blog http://fisi...
UFMG Provas Antigas 1994 aberta - Conteúdo vinculado ao blog http://fisi...Rodrigo Penna
 
Резервируйте
РезервируйтеРезервируйте
Резервируйтеstartuppoint
 
UFMG Provas Antigas 1995 fechada 2 - Conteúdo vinculado ao blog http://f...
UFMG Provas Antigas 1995 fechada 2 - Conteúdo vinculado ao blog http://f...UFMG Provas Antigas 1995 fechada 2 - Conteúdo vinculado ao blog http://f...
UFMG Provas Antigas 1995 fechada 2 - Conteúdo vinculado ao blog http://f...Rodrigo Penna
 
Сандерс: Історія енергоефективності в Каліфорнії
Сандерс: Історія енергоефективності в КаліфорніїСандерс: Історія енергоефективності в Каліфорнії
Сандерс: Історія енергоефективності в Каліфорніїecoclubrivne
 

Viewers also liked (20)

M. golański program operacyjny polska cyfrowa 2014 2020
M. golański program operacyjny polska cyfrowa 2014 2020M. golański program operacyjny polska cyfrowa 2014 2020
M. golański program operacyjny polska cyfrowa 2014 2020
 
Bantuan perniagaan KHB
Bantuan perniagaan KHBBantuan perniagaan KHB
Bantuan perniagaan KHB
 
CALCULO DEL POTENCIAL A PARTIR DEL CAMPO
CALCULO DEL POTENCIAL A PARTIR DEL CAMPO CALCULO DEL POTENCIAL A PARTIR DEL CAMPO
CALCULO DEL POTENCIAL A PARTIR DEL CAMPO
 
Hoyos Advocacia em Santarém/PA - BRA
Hoyos Advocacia em Santarém/PA - BRAHoyos Advocacia em Santarém/PA - BRA
Hoyos Advocacia em Santarém/PA - BRA
 
Hongos oportunistas.
Hongos oportunistas.Hongos oportunistas.
Hongos oportunistas.
 
Mi experiencia en la gastronomia
Mi experiencia en la gastronomiaMi experiencia en la gastronomia
Mi experiencia en la gastronomia
 
Mokocrm
MokocrmMokocrm
Mokocrm
 
Inversion publika
Inversion publikaInversion publika
Inversion publika
 
Key social o-net'54
Key social o-net'54Key social o-net'54
Key social o-net'54
 
Ariana torres mapa
Ariana torres mapaAriana torres mapa
Ariana torres mapa
 
SOBRE PERMISO CON GOCE POR EL DIA DEL MAESTRO - SUTE LIMA
SOBRE PERMISO CON GOCE POR EL DIA DEL MAESTRO - SUTE LIMASOBRE PERMISO CON GOCE POR EL DIA DEL MAESTRO - SUTE LIMA
SOBRE PERMISO CON GOCE POR EL DIA DEL MAESTRO - SUTE LIMA
 
Devens Annual Report 2003
Devens Annual Report 2003Devens Annual Report 2003
Devens Annual Report 2003
 
Vad är Internet och hur fungerar det? Barn om Internet
Vad är Internet och hur fungerar det? Barn om InternetVad är Internet och hur fungerar det? Barn om Internet
Vad är Internet och hur fungerar det? Barn om Internet
 
33
3333
33
 
march award
march awardmarch award
march award
 
UFMG Provas Antigas 1994 aberta - Conteúdo vinculado ao blog http://fisi...
UFMG Provas Antigas 1994 aberta - Conteúdo vinculado ao blog http://fisi...UFMG Provas Antigas 1994 aberta - Conteúdo vinculado ao blog http://fisi...
UFMG Provas Antigas 1994 aberta - Conteúdo vinculado ao blog http://fisi...
 
Резервируйте
РезервируйтеРезервируйте
Резервируйте
 
UFMG Provas Antigas 1995 fechada 2 - Conteúdo vinculado ao blog http://f...
UFMG Provas Antigas 1995 fechada 2 - Conteúdo vinculado ao blog http://f...UFMG Provas Antigas 1995 fechada 2 - Conteúdo vinculado ao blog http://f...
UFMG Provas Antigas 1995 fechada 2 - Conteúdo vinculado ao blog http://f...
 
Aviso de pago
Aviso de pagoAviso de pago
Aviso de pago
 
Сандерс: Історія енергоефективності в Каліфорнії
Сандерс: Історія енергоефективності в КаліфорніїСандерс: Історія енергоефективності в Каліфорнії
Сандерс: Історія енергоефективності в Каліфорнії
 

Similar to Jonathan - Reverse Engineering for exploit writers - ClubHack2008

Aspect-oriented programming in Perl
Aspect-oriented programming in PerlAspect-oriented programming in Perl
Aspect-oriented programming in Perlmegakott
 
Safetty systems intro_embedded_c
Safetty systems intro_embedded_cSafetty systems intro_embedded_c
Safetty systems intro_embedded_cMaria Cida Rosa
 
Compilation and Execution
Compilation and ExecutionCompilation and Execution
Compilation and ExecutionChong-Kuan Chen
 
(1) c sharp introduction_basics_dot_net
(1) c sharp introduction_basics_dot_net(1) c sharp introduction_basics_dot_net
(1) c sharp introduction_basics_dot_netNico Ludwig
 
Defcon 22 - Stitching numbers - generating rop payloads from in memory numbers
Defcon 22 - Stitching numbers - generating rop payloads from in memory numbersDefcon 22 - Stitching numbers - generating rop payloads from in memory numbers
Defcon 22 - Stitching numbers - generating rop payloads from in memory numbersAlexandre Moneger
 
Os Worthington
Os WorthingtonOs Worthington
Os Worthingtonoscon2007
 
Introduction to Assembly Language
Introduction to Assembly Language Introduction to Assembly Language
Introduction to Assembly Language ApekshaShinde6
 
Assembly language programming(unit 4)
Assembly language programming(unit 4)Assembly language programming(unit 4)
Assembly language programming(unit 4)Ashim Saha
 
Build your own discovery index of scholary e-resources
Build your own discovery index of scholary e-resourcesBuild your own discovery index of scholary e-resources
Build your own discovery index of scholary e-resourcesMartin Czygan
 
Php7 extensions workshop
Php7 extensions workshopPhp7 extensions workshop
Php7 extensions workshopjulien pauli
 

Similar to Jonathan - Reverse Engineering for exploit writers - ClubHack2008 (20)

7986-lect 7.pdf
7986-lect 7.pdf7986-lect 7.pdf
7986-lect 7.pdf
 
Aspect-oriented programming in Perl
Aspect-oriented programming in PerlAspect-oriented programming in Perl
Aspect-oriented programming in Perl
 
Safetty systems intro_embedded_c
Safetty systems intro_embedded_cSafetty systems intro_embedded_c
Safetty systems intro_embedded_c
 
Compilation and Execution
Compilation and ExecutionCompilation and Execution
Compilation and Execution
 
Readme
ReadmeReadme
Readme
 
Embedded C.pptx
Embedded C.pptxEmbedded C.pptx
Embedded C.pptx
 
Lecture 01 2017
Lecture 01 2017Lecture 01 2017
Lecture 01 2017
 
(1) c sharp introduction_basics_dot_net
(1) c sharp introduction_basics_dot_net(1) c sharp introduction_basics_dot_net
(1) c sharp introduction_basics_dot_net
 
A Life of breakpoint
A Life of breakpointA Life of breakpoint
A Life of breakpoint
 
C notes.pdf
C notes.pdfC notes.pdf
C notes.pdf
 
Defcon 22 - Stitching numbers - generating rop payloads from in memory numbers
Defcon 22 - Stitching numbers - generating rop payloads from in memory numbersDefcon 22 - Stitching numbers - generating rop payloads from in memory numbers
Defcon 22 - Stitching numbers - generating rop payloads from in memory numbers
 
Dotnet basics
Dotnet basicsDotnet basics
Dotnet basics
 
Os Worthington
Os WorthingtonOs Worthington
Os Worthington
 
Technical Interview
Technical InterviewTechnical Interview
Technical Interview
 
Unit 2 ppt
Unit 2 pptUnit 2 ppt
Unit 2 ppt
 
Introduction to Assembly Language
Introduction to Assembly Language Introduction to Assembly Language
Introduction to Assembly Language
 
C# tutorial
C# tutorialC# tutorial
C# tutorial
 
Assembly language programming(unit 4)
Assembly language programming(unit 4)Assembly language programming(unit 4)
Assembly language programming(unit 4)
 
Build your own discovery index of scholary e-resources
Build your own discovery index of scholary e-resourcesBuild your own discovery index of scholary e-resources
Build your own discovery index of scholary e-resources
 
Php7 extensions workshop
Php7 extensions workshopPhp7 extensions workshop
Php7 extensions workshop
 

More from ClubHack

India legal 31 october 2014
India legal 31 october 2014India legal 31 october 2014
India legal 31 october 2014ClubHack
 
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ BangaloreCyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ BangaloreClubHack
 
Cyber Insurance
Cyber InsuranceCyber Insurance
Cyber InsuranceClubHack
 
Summarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threatSummarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threatClubHack
 
Fatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep KambleFatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep KambleClubHack
 
The Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianThe Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianClubHack
 
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...ClubHack
 
Smart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodSmart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodClubHack
 
Legal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara AgrawalLegal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara AgrawalClubHack
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathClubHack
 
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar KuppanHybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar KuppanClubHack
 
Hacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyHacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyClubHack
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiClubHack
 
Content Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman GuptaContent Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman GuptaClubHack
 
XSS Shell by Vandan Joshi
XSS Shell by Vandan JoshiXSS Shell by Vandan Joshi
XSS Shell by Vandan JoshiClubHack
 
Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012ClubHack
 
ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack
 
ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012ClubHack
 
ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012ClubHack
 
ClubHack Magazine – December 2011
ClubHack Magazine – December 2011ClubHack Magazine – December 2011
ClubHack Magazine – December 2011ClubHack
 

More from ClubHack (20)

India legal 31 october 2014
India legal 31 october 2014India legal 31 october 2014
India legal 31 october 2014
 
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ BangaloreCyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
 
Cyber Insurance
Cyber InsuranceCyber Insurance
Cyber Insurance
 
Summarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threatSummarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threat
 
Fatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep KambleFatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep Kamble
 
The Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianThe Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas Kurian
 
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
 
Smart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodSmart Grid Security by Falgun Rathod
Smart Grid Security by Falgun Rathod
 
Legal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara AgrawalLegal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara Agrawal
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy Hiremath
 
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar KuppanHybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
 
Hacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyHacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish Bomisstty
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh Belgi
 
Content Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman GuptaContent Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman Gupta
 
XSS Shell by Vandan Joshi
XSS Shell by Vandan JoshiXSS Shell by Vandan Joshi
XSS Shell by Vandan Joshi
 
Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012
 
ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012
 
ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012
 
ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012
 
ClubHack Magazine – December 2011
ClubHack Magazine – December 2011ClubHack Magazine – December 2011
ClubHack Magazine – December 2011
 

Recently uploaded

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 

Recently uploaded (20)

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 

Jonathan - Reverse Engineering for exploit writers - ClubHack2008

  • 1. Reverse Engineering for exploit writers Jonathan Brossard, iViZ Research Team Clubhack 2008 Pune, India
  • 2. Who Am I ? (and why am I writing this ??) We are recruting ! Send me your CVs at : [email_address]
  • 3.
  • 4. A (short) reminder of the ELF format A (short) reminder of the ELF format ©iViZ Techno Solutions Pvt Ltd.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10. - We know where the Segments are - We know where the Sections are located - The application has a symbol table ©iViZ Techno Solutions Pvt Ltd. Introducing the problem Before :
  • 11. After : ©iViZ Techno Solutions Pvt Ltd. Introducing the problem - We know where the Segments are : the loader/dynamic linker can still do their jobs - We don’t know where the Sections start/end - The application has no symbol table
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17. Increase the size of the binary to contain a new Section Header Table Modify the ELF Header to point to our new Section Header Table (via e_shoff) ©iViZ Techno Solutions Pvt Ltd. Refactoring the binary :
  • 18.
  • 19.
  • 20. Allocate (append) and update Section Headers accordingly (don’t forget to e_shnum++ in ELF Header). ©iViZ Techno Solutions Pvt Ltd. Refactoring the binary
  • 21. We can now use the binary with our usual disassemblers using libbfd. Disassemble the .text, and give names to the destination offsets of (un)conditional jumps and calls Update this list with labels corresponding to predictable offsets (eg: main()) and the content of the .dynamic section Add all those label/offset tuples to a symbol table (new section SHT_SYMTAB) at the end of the binary ©iViZ Techno Solutions Pvt Ltd. Refactoring the binary
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.