Archive for October, 2004
kung fu masta kr4ft has served d1n4 boys
Saturday, October 30th, 2004haaaiiii-ya teenage mutant turtles lack ninja skills
werd
kr4ft_d1n3r@hotmail.com will help fix
How to make HFS+ extremely unhappy …
Wednesday, October 27th, 2004% dd if=/dev/zero bs=1k of=foo seek=25637204 count=0 conv=sparse
a lesson in secure programming
Monday, October 25th, 2004How much do DSL router vendors think about security?
By default, nearly all devices have a configuration interface
that is accessible via the internet.
Up to now, all but D-Link devices disclose the password
by using it as the default value for the password input field:
Do they really think that it’s now hidden?
That’s the D-Link way:
It seems that customers rely on the asterisks in the password field :-)
FreeBSD and kern_shutdown
Saturday, October 23rd, 2004By default, the device to dump to is not set.
If you want to have a core dump after crash, add a dumpdev
to your rc.conf:
dumpdev="/dev/ad4s1b"
You can use your swap partition as a dump device.
Mach-O games
Monday, October 18th, 2004You can read in the documentation provided by Apple:
The static linker creates a __PAGEZERO segment as the first segment of an executable file. This segment is located at virtual memory location zero and has no protection rights assigned, the combination of which causes accesses to NULL, a common C programming error, to immediately crash. The __PAGEZERO segment is the size of one full VM page for the current CPU architecture (for x86 and PowerPC, this is 4096 bytes or 0x1000 in hexadecimal). Because there is no data in the __PAGEZERO segment, it occupies no space in the file (the file size in the segment command is zero).
Hm, that’s the reason why access to NULL leads to a crash?
This is my test program:
int main()
{
int *ptr = NULL;
*ptr = 0xaffe;
printf("at %p: %d\n", ptr, *ptr);
return 0;
}
mach-dump tells us:
Segment name: __PAGEZERO The segment is 0 bytes on disk and 4096 bytes in memory at address 0x0 Protection: None 0 sections in segment
So I started bvi and changed the byte at position 0×4B from 0×00 to 0×03.
mach-dump again:
Segment name: __PAGEZERO The segment is 0 bytes on disk and 4096 bytes in memory at address 0x0 Protection: RW 0 sections in segment
Looks like a nice example for obfuscated code, so let’s start it…
$ ./0 Bus error
Well, it does not work at all…
So, what is it, misleading documentation, legacy code in the development tools?
ELF games
Friday, October 15th, 2004Last week, I gave a lecture on ELF infection, I hope
some of you / the audience enjoyed it.
Anyways, I came across a page describing how to create
a minimal executable: http://www.muppetlabs.com/~breadbox/software/tiny/teensy.html
Note: minimal as in “it’s even smaller than you would expect after reading the specs”.