Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Binary Exploitation - Basic 補充篇
Search
LJP-TW
May 26, 2021
Technology
1
44
Binary Exploitation - Basic 補充篇
2021/05/26 台科資安社 社課
直播記錄檔:
https://www.youtube.com/watch?v=I3X69ADZOnw
- TLS
LJP-TW
May 26, 2021
Tweet
Share
More Decks by LJP-TW
See All by LJP-TW
Reverse Engineering - 1
ljptw
0
1.6k
Reverse Engineering - 2
ljptw
0
700
Reverse Engineering - 3
ljptw
0
560
Re:0 從零開始的逆向工程
ljptw
1
1.1k
Linux 極入門篇
ljptw
1
280
Fuzzing 101
ljptw
1
170
Binary Exploitation - File Structure
ljptw
1
270
Binary Exploitation - Heap
ljptw
1
140
Binary Exploitation - Basic
ljptw
1
110
Other Decks in Technology
See All in Technology
Terraformで構築する セルフサービス型データプラットフォーム / terraform-self-service-data-platform
pei0804
1
120
なぜSaaSがMCPサーバーをサービス提供するのか?
sansantech
PRO
8
2.7k
大「個人開発サービス」時代に僕たちはどう生きるか
sotarok
20
9.7k
Skrub: machine-learning with dataframes
gaelvaroquaux
0
120
Django's GeneratedField by example - DjangoCon US 2025
pauloxnet
0
110
サンドボックス技術でAI利活用を促進する
koh_naga
0
200
なぜテストマネージャの視点が 必要なのか? 〜 一歩先へ進むために 〜
moritamasami
0
210
[ JAWS-UG 東京 CommunityBuilders Night #2 ]SlackとAmazon Q Developerで 運用効率化を模索する
sh_fk2
3
370
La gouvernance territoriale des données grâce à la plateforme Terreze
bluehats
0
150
DevIO2025_継続的なサービス開発のための技術的意思決定のポイント / how-to-tech-decision-makaing-devio2025
nologyance
1
370
2025年になってもまだMySQLが好き
yoku0825
8
4.5k
今!ソフトウェアエンジニアがハードウェアに手を出すには
mackee
11
4.5k
Featured
See All Featured
The Power of CSS Pseudo Elements
geoffreycrofte
77
6k
Code Reviewing Like a Champion
maltzj
525
40k
Scaling GitHub
holman
463
140k
The World Runs on Bad Software
bkeepers
PRO
70
11k
The Pragmatic Product Professional
lauravandoore
36
6.9k
The Cult of Friendly URLs
andyhume
79
6.6k
What's in a price? How to price your products and services
michaelherold
246
12k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
29
1.9k
Typedesign – Prime Four
hannesfritz
42
2.8k
Fireside Chat
paigeccino
39
3.6k
Become a Pro
speakerdeck
PRO
29
5.5k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
9
810
Transcript
2021/5/26 NTUSTISC Binary Exploitation aka Pwn Basic 補充篇
# whoami - LJP / LJP-TW - Pwn / Rev
- NTUST / NCTU / NYCU - 10sec CTF Team 1
Outline - TLS 2
TLS 3
TLS - TLS 全名 Thread-Local Storage - Linux x64 使用
fs 暫存器記著 TLS 的位置 - Stack Canary 就是存在 TLS 中 4
TLS - fs 為 Segment Register - 計算方式 reg:offset =
ref + offset - 這時候你用 gdb 想看一下 fs 等於多少卻發現 - 難道 Canary 從 [0+0x28] 拿來的?? 5
TLS - GDB 也是 Process, fs = 0 是指 GDB
自己的 fs - 所以要怎麼拿到觀測中的 Process 的 fs? - 呼叫 arch_prctl 6 Ref: https://fasterthanli.me/series/making-our-own-executable-packer/part-13
TLS - Pwngdb 有實作取得 TLS 的功能 - 閱讀一下怎麼實作的, 發現其實一樣 -
https://github.com/scwuaptx/Pwngdb/blob/master/pwndbg/pwngdb.py#L77 7
TLS Demo 8