Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Binary Exploitation - Basic 補充篇
Search
LJP-TW
May 26, 2021
Technology
1
43
Binary Exploitation - Basic 補充篇
2021/05/26 台科資安社 社課
直播記錄檔:
https://www.youtube.com/watch?v=I3X69ADZOnw
- TLS
LJP-TW
May 26, 2021
Tweet
Share
More Decks by LJP-TW
See All by LJP-TW
Reverse Engineering - 1
ljptw
0
1.5k
Reverse Engineering - 2
ljptw
0
660
Reverse Engineering - 3
ljptw
0
540
Re:0 從零開始的逆向工程
ljptw
1
1k
Linux 極入門篇
ljptw
1
280
Fuzzing 101
ljptw
1
170
Binary Exploitation - File Structure
ljptw
1
270
Binary Exploitation - Heap
ljptw
1
140
Binary Exploitation - Basic
ljptw
1
110
Other Decks in Technology
See All in Technology
Tenstorrent HW/SW 概要説明
tenstorrent_japan
0
230
Observability 入門班:可觀測性的核心技術架構與 OpenTelemetry 實作指南
unclejoe
0
240
Test Smarter, Not Harder: Achieving Confidence in Complex Distributed Systems
eliasnogueira
1
130
Java 30周年記念! Javaの30年をふりかえる
skrb
4
2.7k
やさしい認証認可
minorun365
PRO
26
10k
ソフトウェア開発現代史: "LeanとDevOpsの科学"の「科学」とは何か? - DORA Report 10年の変遷を追って - #開発生産性_findy
takabow
0
240
libsyncrpcってなに?
uhyo
0
250
名刺メーカーDevグループ 紹介資料
sansan33
PRO
0
760
SwiftUI Transaction を徹底活用!ZOZOTOWN UI開発での活用事例
tsuzuki817
1
140
20250514_未経験から Fintech実務参画まで。学生エンジニアの挑戦録
hideto1008
0
870
從開發到架構設計的可觀測性實踐
philipz
0
190
医療業界に特化した音声認識モデル構築のためのアノテーションの実態
thickstem
0
500
Featured
See All Featured
Large-scale JavaScript Application Architecture
addyosmani
512
110k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
106
19k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
194
16k
Making Projects Easy
brettharned
116
6.2k
Art, The Web, and Tiny UX
lynnandtonic
299
21k
Building Flexible Design Systems
yeseniaperezcruz
328
39k
Stop Working from a Prison Cell
hatefulcrawdad
269
20k
Exploring the Power of Turbo Streams & Action Cable | RailsConf2023
kevinliebholz
32
5.8k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
29
1.7k
Agile that works and the tools we love
rasmusluckow
329
21k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
35
2.3k
Designing Experiences People Love
moore
142
24k
Transcript
2021/5/26 NTUSTISC Binary Exploitation aka Pwn Basic 補充篇
# whoami - LJP / LJP-TW - Pwn / Rev
- NTUST / NCTU / NYCU - 10sec CTF Team 1
Outline - TLS 2
TLS 3
TLS - TLS 全名 Thread-Local Storage - Linux x64 使用
fs 暫存器記著 TLS 的位置 - Stack Canary 就是存在 TLS 中 4
TLS - fs 為 Segment Register - 計算方式 reg:offset =
ref + offset - 這時候你用 gdb 想看一下 fs 等於多少卻發現 - 難道 Canary 從 [0+0x28] 拿來的?? 5
TLS - GDB 也是 Process, fs = 0 是指 GDB
自己的 fs - 所以要怎麼拿到觀測中的 Process 的 fs? - 呼叫 arch_prctl 6 Ref: https://fasterthanli.me/series/making-our-own-executable-packer/part-13
TLS - Pwngdb 有實作取得 TLS 的功能 - 閱讀一下怎麼實作的, 發現其實一樣 -
https://github.com/scwuaptx/Pwngdb/blob/master/pwndbg/pwngdb.py#L77 7
TLS Demo 8
ljptw
tenstorrent_japan
unclejoe
eliasnogueira
skrb
minorun365
takabow
uhyo
sansan33
tsuzuki817
hideto1008
philipz
thickstem
addyosmani
panda_program
afnizarnur
brettharned
lynnandtonic
yeseniaperezcruz
hatefulcrawdad
kevinliebholz
bluesmoon
rasmusluckow
eileencodes
moore
