SI485H: Stack Based Binary Exploits (SP17)


Home Policy Calendar Units Assignments Resources

Lab 04 : Tracing is fun, but gdb is funner!

Submission Instructions

Submission instructions for labs can be found on the resource pages.

Part 1: GDB's Secrets (1 point)

Description

  • Given the compiled program main, use gdb to trace and analyze it to find the secret message

Preliminaries

  • The assignment can be completed on your VM machine
  • gitlab repository
http://saddleback.academy.usna.edu/aviv/lab-4.1

Instructions

  • fork and clone the repo
  • You will find a single file: main
  • Use gdb to analyze the file and determine the embeded secret message
  • Once found, fill in the json file:

    {
      "msg" : "Secret message",
      "description": "Description of where and how the secret message was found"
    }
    

Submission Requirements

  • solution.json

Hint

  • You don't need to run the program to find the secret. The computation is not relevant.
  • Use the gdb print function to look at extraneous bytes interpreted in different ways

Part 2: Crack the Secret II (3 point)

Description

  • Crack the decrypted text

Preliminaries

  • The assignment can be completed on any machine but you must have access to the saddleback VM
  • gitlab repository
http://saddleback.academy.usna.edu/aviv/lab-4.2

Instructions

  • fork and clone the repo
  • You will find one file to complete
    • crack_secret.c : complete the decryption function
  • ssh to the saddleback vm:

    ssh -p 2222 saddleback.academy.usna.edu
    
  • Execute the following program to get your secret message

    ~aviv/lab/4.2/get_secret
    

    You will get a key and IV, but you need to figure out the encryption routine. Use objdump and gdb to figure that out.

  • Once you've cracked the secret, complete the solution.json file:

     {
       "msg": "the secret message"
       "description" : "short description of how you cracked the message",
    }
    

Submission Requirements

  • crack_secret.c
  • solution.json solution information

Hints

  • Because gdb doesn't like setuid, you might have a hard time tracing due to permission issues. But, you can copy the file and try and trace the encryption routine yourself.

Part 3: The input is … (2 point)

Description

  • Using gdb and objdump, determine the input that will produce the secret message.

Preliminaries

  • The assignment can be completed on your VM machine
  • gitlab repository:

    http://saddleback.academy.usna.edu/aviv/lab-4.3
    

Instructions

  • fork and clone the repo
  • You will find one pre-compiled binary file
    • a.out : complete the decryption function
  • Using gdb (or objudmp or whatever) determine how to get the binary to print the secret message.
  • Once you've cracked the secret, complete the solution.json file:

     {
       "inpput": "input key",
       "msg": "the secret message",
       "description" : "short description of how you cracked the message"
    }
    

Submission Requirements

  • solution.json solution information

Hints

  • Use gdb to do some tracing of the logic
  • To what and from what are the comparisons occurring?