Remote Access: If you cannot run the lab on your local machine, you may want to use the Linux Lab Machine remotely. To do so follow the online instructions. If you experience difficulty contact IT service.
As you will be using Vagrant for you VM management though out your unit, lets learn how to setup a VM with Vagrant. [We assume that Vagrant and VirtualBox VVM is already installed on your host machine. If not, contact IT.] You may also want to watch videos from David’s COMS10012.
cd CS_vagrantand then make another directory
vagrant init hashicorp/bionic64.
vagrant up. First time, this is will download Ubunut 18.04-64. It will take a while. Once done, we are ready to launch this VM.
seclab. This folder is mapped to
/vagrantin you VM. if you do
cd /vagrant, you can see the content of your host folder. We will use this folder for all our work (i.e. you can copy your files in seclab folder and access tem from /vagrant folder from VM).
sudo apt update
sudo apt install build-essentialThis will install gcc.
sudo apt install gdbThis will install GDB.
sudo dpkg --add-architecture i386
sudo apt-get install libc6:i386 libncurses5:i386 libstdc++6:i386
sudo apt-get install multiarch-support
sudo apt-get install gcc-multilib
logoutand then in your host machine, you can close the VM–
In this part of the lab, we will learn about using GDB to understand the few artifacts of x86 ISA.
vagrant upto start you VM.]
gcc memory_layout.c -o memory_layout
ps -e |grep memory_layout. Note the PID, say P.
gdb -p P. GDB will be attached to the running process on TermA. You will be in GDB shell. Now on enter commands within gdb shell. NOTE: if GDB does not attach, run:
echo 0 | sudo tee /proc/sys/kernel/yama/ptrace_scope
(gdb) disassem main (gdb) b *main+N \\(instruction where it is going to call func1, use N as per your runtime, which should be 412) (gdb) disassem func1 (gdb) b *func1+N \\(instruction after the last call to printf, use N as per your runtime, which should be 118) (gdb) disassem func2 (gdb) b *func2+166 \\(instruction where it is going to call func3, use N as per your runtime, which should be 166) (gdb) disassem func3 (gdb) b *func3+N \\(instruction after the last call to printf, use N as per your runtime, which should be 279) (gdb) c
ADDRESS1: 0x5646d1cf5989 ADDRESS2: 0x5646d1cf5b39
Can you identify where are these intructions? [Hints: look for disassemblies of functions called before.].
This is a typical reverse engineering task.
Run the given binary crackme in your VM. At one point, it will ask for the key that you (hypothetically) got when you purchased this application. You task is to analyze the binary and find the key. Help: Use breakpoints at main and then after few calls away. use GDB stepi (si) and nexti (ni) command to run the application step-by-step. si- executes 1 instruction at a time. ni- executes 1 instruction at a time, but it pass over any call instruction (which means it does not follow the called function). x/8xw(or b, g) $rbp-x watch out calls! Use these two step over functions wisely!!