Patching Binaries with Pwntools | BE QUICK OR BE DEAD 2 [29] picoCTF 2018

Рет қаралды 14,992

John Hammond

Күн бұрын

Пікірлер: 35

@X3eRo0 6 жыл бұрын

very cool. be-quick-or-be-dead was solved by just loading in the gdb and running

@pepemunic3661 6 жыл бұрын

that was fantastic

@hyronharrison8127 6 жыл бұрын

agreed!

@tommyeldiablo 6 жыл бұрын

Nicely explained , loved it .

@vhgfhjykuhghfcjkgchj 5 жыл бұрын

Why do we need to do (number & 0xFFFFFFFF)? Because if I understand correctly the register can only hold so large of a value, to be specific 0xFFFFFFFF is only like a 11-digit number while our fibbonaci number is close to 50. So how exactly does our huge number fit into a 32-bit register if its way larger than what the register can hold?

@cnxis 6 жыл бұрын

Awesome! Nice

@WIKIKALI 6 жыл бұрын

Thanks a lot

@ShalvinKumar7 5 жыл бұрын

Hey! If you can do a bit of GDB tutorial it will helpful for us CTF solvers :)

@ahmedlimam2241 4 жыл бұрын

Fantastic! Do you know any good resources for pwntools ?

@lakshayarora3916 6 жыл бұрын

Awesome technique bro

@Salsuero 5 жыл бұрын

Did you need to patch the alarm function if you force-fed the correct number? Wouldn't everything be able to run within the alarm's window if no calculation needed to be done?

@_JohnHammond 5 жыл бұрын

If we force-fed the correct number that function would return immediately and patching the alarm wouldn't entirely be necessary, you are right. But, patching that alarm function and generating a new binary might be a great move if you needed to do more dynamic analysis. Thanks for watching!

@Salsuero 5 жыл бұрын

@@_JohnHammond Thanks for the (super quick) response and for the entertaining/educational videos.

@AshishKumar-qi5gk 6 жыл бұрын

Cool

@calciumdd7696 5 жыл бұрын

That's pretty cool

@0xZ0F 6 жыл бұрын

You should do Python tutorials :)

@_JohnHammond 6 жыл бұрын

I have a couple old ones-- there should be a playlist on my channel, but I certainly plan to revisit and remake a series. "Back to Basics" or something -- the old series is not the best quality. Thanks for watching!

@jigerjain 6 жыл бұрын

Agree!

@mina_ashraf 4 жыл бұрын

@@_JohnHammond still waiting for it 😂

@_JohnHammond 4 жыл бұрын

@@mina_ashraf Eventually :)

@magnoliacomputerscience7334 6 жыл бұрын

Which is better for messing with binaries? Hopper or Binary Ninja? very curious

@_JohnHammond 6 жыл бұрын

Really I think that is a matter of choice, I have gotten to using Hopper but I know Binary Ninja is quality as well. May as well try both and see which one feels more "comfortable!" :D

@pwnweb5734 6 жыл бұрын

this is good, how i did it was created a new program on c with hashmaps :p

@sontapaa11jokulainen94 4 жыл бұрын

Why not just use gdb?

@edwardg7829 6 жыл бұрын

Hey, Hopper can't see the file and binary ninja won't analyse it: no support for elf x86_64 architecture How did you configure hopper to get this working? any ideas on how to open it in binary ninja would also be much appreciated

@meenasinghal733 6 жыл бұрын

Hi can you post a tutorial on how to use pwntools in Python

@ThePraeceps 6 жыл бұрын

What was the mv command you did it had a weird format

@_JohnHammond 6 жыл бұрын

The mv command was a quick technique to just change a file name, and add on the segment there following the comma. So it says _COMPLETE at the end of the folder :)

@ThePraeceps 6 жыл бұрын

Neat thanks!

@HabibRahman-uo4to 6 жыл бұрын

boss we are still waiting for your webhacking methology

@samyaktjain698 4 жыл бұрын

Why we need to do (number & OxFFFFFFFF) ?

@daedreaming6267 4 жыл бұрын

Because number exceeds a 32 bit value. EAX is a 32 bit register.

@HabibRahman-uo4to 6 жыл бұрын

you promise us on live stream

@MrHatoi 5 жыл бұрын

There's a _much_ easier way to do this. All you have to do is write a short C program that blocks SIGALRM with sigprocmask and then use an exec function to run the original binary.