mirror of
https://git.soft.fish/val/MicroCorruption.git
synced 2024-11-23 07:55:59 +00:00
notes.md: Add book notes for Tutorial through Whitehorse
This commit is contained in:
parent
95e7776c8a
commit
a0d9829a4c
6
1-Tutorial/notes.md
Normal file
6
1-Tutorial/notes.md
Normal file
@ -0,0 +1,6 @@
|
||||
`Taken verbatim from my notebook`
|
||||
# Page 1
|
||||
```
|
||||
```
|
||||
|
||||
Editor's note: no notes today
|
6
2-Norleans/notes.md
Normal file
6
2-Norleans/notes.md
Normal file
@ -0,0 +1,6 @@
|
||||
`Taken verbatim from my notebook`
|
||||
# Page 1
|
||||
```
|
||||
Norleans
|
||||
7d 2b 68 74 65 68 47 10
|
||||
```
|
12
3-Sydney/notes.md
Normal file
12
3-Sydney/notes.md
Normal file
@ -0,0 +1,12 @@
|
||||
`Taken verbatim from my notebook`
|
||||
# Page 1
|
||||
```
|
||||
Sydney ✓
|
||||
get_password: 0x64 ->
|
||||
|
||||
6e504a742a5c2222 22222a5c4a746e50?
|
||||
n P J t * \ " "
|
||||
ENDIANNESS!
|
||||
506e744a5c2a2222
|
||||
P n t J * \ " "
|
||||
```
|
10
4-Hanoi/notes.md
Normal file
10
4-Hanoi/notes.md
Normal file
@ -0,0 +1,10 @@
|
||||
`Taken verbatim from my notebook`
|
||||
# Page 1
|
||||
```
|
||||
Hanoi ✓
|
||||
Passwords 8-16 char
|
||||
-> 2400(r15)
|
||||
|
||||
A5 compared to 2410
|
||||
Buffer overrun
|
||||
```
|
12
5-Cusco/notes.md
Normal file
12
5-Cusco/notes.md
Normal file
@ -0,0 +1,12 @@
|
||||
`Taken verbatim from my notebook`
|
||||
# Page 1
|
||||
```
|
||||
Cusco ✓
|
||||
Gets 0x30 chars?
|
||||
Buffer on stack
|
||||
Return addr on stack
|
||||
"FD": unlock_door
|
||||
"Hello world!HARFD"
|
||||
^^
|
||||
Fun with return address on stack
|
||||
```
|
34
6-Reykjafik/notes.md
Normal file
34
6-Reykjafik/notes.md
Normal file
@ -0,0 +1,34 @@
|
||||
`Taken verbatim from my notebook`
|
||||
# Page 1
|
||||
```
|
||||
Reykjavik ✓
|
||||
4520(" E") looks interesting
|
||||
+ int @ main
|
||||
=> "What's the password?"
|
||||
Creates XOR keystream
|
||||
Decrypts block at
|
||||
|
||||
decrypted function:
|
||||
Sets up new stack at 43da
|
||||
Note: 4482: jmp #436c
|
||||
110 away (ouch)
|
||||
4536: jmp #43fc
|
||||
-34 away (ouch)
|
||||
2420: ~~puts(char*)~~?
|
||||
function that takes input
|
||||
password[24] -> 466d
|
||||
36 char password?
|
||||
466d
|
||||
F m
|
||||
call 2464
|
||||
The password is Fm
|
||||
lol
|
||||
|
||||
A program which might seem intimidating
|
||||
may become easier if you rake it
|
||||
one step at a time
|
||||
Security by obscurity is dogshit
|
||||
"Military grade" doesn't mean _shit_
|
||||
|
||||
|
||||
```
|
29
7-Whitehorse/notes.md
Normal file
29
7-Whitehorse/notes.md
Normal file
@ -0,0 +1,29 @@
|
||||
`Taken verbatim from my notebook`
|
||||
# Page 1
|
||||
```
|
||||
Whitehorse
|
||||
Password 8-16 chars
|
||||
it takes 0x30 chars
|
||||
Jumps to chars 18..20 as addr
|
||||
|
||||
ROP chains?
|
||||
|
||||
Goal: Set sp to 7f
|
||||
Call INT
|
||||
|
||||
['A';16]32457f
|
||||
|
||||
push r14
|
||||
push r15
|
||||
push #7f
|
||||
call INT
|
||||
mov sp+2, r14 <- prep for call
|
||||
|
||||
[INT]00007f
|
||||
sp sp
|
||||
|
||||
Lesson:
|
||||
Control of the stack means
|
||||
control of params passed on
|
||||
the stack
|
||||
```
|
Loading…
Reference in New Issue
Block a user