notes.md: Add book notes for Tutorial through Whitehorse

2024-11-23 10:55:58 +00:00 · 2023-03-15 20:44:18 -05:00 · 2023-03-15 20:44:18 -05:00 · a0d9829a4c
commit a0d9829a4c
parent 95e7776c8a
7 changed files with 109 additions and 0 deletions
--- a/1-Tutorial/notes.md
+++ b/1-Tutorial/notes.md
@ -0,0 +1,6 @@
+`Taken verbatim from my notebook`
+# Page 1
+```
+```
+
+Editor's note: no notes today
--- a/2-Norleans/notes.md
+++ b/2-Norleans/notes.md
@ -0,0 +1,6 @@
+`Taken verbatim from my notebook`
+# Page 1
+```
+Norleans
+    7d 2b 68 74 65 68 47 10
+```
--- a/3-Sydney/notes.md
+++ b/3-Sydney/notes.md
@ -0,0 +1,12 @@
+`Taken verbatim from my notebook`
+# Page 1
+```
+Sydney  ✓
+    get_password: 0x64 ->
+
+    6e504a742a5c2222  22222a5c4a746e50?
+    n P J t * \ " "
+    ENDIANNESS!
+    506e744a5c2a2222
+    P n t J * \ " "
+```
--- a/4-Hanoi/notes.md
+++ b/4-Hanoi/notes.md
@ -0,0 +1,10 @@
+`Taken verbatim from my notebook`
+# Page 1
+```
+Hanoi   ✓
+    Passwords 8-16 char
+     -> 2400(r15)
+
+    A5 compared to 2410
+    Buffer overrun
+```
--- a/5-Cusco/notes.md
+++ b/5-Cusco/notes.md
@ -0,0 +1,12 @@
+`Taken verbatim from my notebook`
+# Page 1
+```
+Cusco   ✓
+    Gets 0x30 chars?
+        Buffer on stack
+        Return addr on stack
+    "FD": unlock_door
+    "Hello world!HARFD"
+                    ^^
+    Fun with return address on stack
+```
--- a/6-Reykjafik/notes.md
+++ b/6-Reykjafik/notes.md
@ -0,0 +1,34 @@
+`Taken verbatim from my notebook`
+# Page 1
+```
+Reykjavik   ✓
+    4520(" E") looks interesting
+        + int @ main
+        => "What's the password?"
+    Creates XOR keystream
+    Decrypts block at
+
+    decrypted function:
+        Sets up new stack at 43da
+          Note: 4482: jmp #436c
+                110 away (ouch)
+                4536: jmp #43fc
+                -34 away (ouch)
+        2420: ~~puts(char*)~~?
+                function that takes input
+            password[24] -> 466d
+            36 char password?
+            466d
+            F m
+        call 2464
+        The password is Fm
+                lol
+
+    A program which might seem intimidating
+    may become easier if you rake it
+    one step at a time
+    Security by obscurity is dogshit
+    "Military grade" doesn't mean _shit_
+
+
+```
--- a/7-Whitehorse/notes.md
+++ b/7-Whitehorse/notes.md
@ -0,0 +1,29 @@
+`Taken verbatim from my notebook`
+# Page 1
+```
+Whitehorse
+    Password 8-16 chars
+        it takes 0x30 chars
+    Jumps to chars 18..20 as addr
+
+        ROP chains?
+
+    Goal: Set sp to 7f
+          Call INT
+
+    ['A';16]32457f
+
+        push    r14
+        push    r15
+        push    #7f
+        call    INT
+            mov sp+2, r14 <- prep for call
+
+    [INT]00007f
+    sp   sp
+
+    Lesson:
+    Control of the stack means
+    control of params passed on
+    the stack
+```