Binary Hacking
June 10, 2018
Intro:
I'm still learning new things every day, and this page is a reference for me. It will just be some commands of programs or small code snippits to help me understand this topic more. I recently started watching Liveoverflow. Most of the code snippits come from his video's. He also suggests to do lots of CTF's to learn and understand the topic more.
Assemble command codes:
Assembly code we read from the top to the bottom and follow the inscructions we encounter.
| cmp | compair |
| jne | jump not equal |
| mov | move data to memory |
| call | call a function/ action |
| jmp | jumps to address |
| test | tests something |
| eip | Instruction Pointer |
| esp | Stack Pointer |
| ebp | Base Pointer |
| ret | return to ... |
| Register | Accumulator | Counter | Data | Base | Stack Pointer | Stack Base Pointer | Source | Destination |
| 64 Bit | RAX | RCX | RDX | RBX | RSP | RBP | RSI | RDI |
| 32 Bit | EAX | ECX | EDX | EBX | ESP | EBP | ESI | EDI |
| 16 Bit | AX | CX | DX | BX | SP | BP | SI | DI |
GDB commands:
gdb is a linux debugger, here some commands as a reference.
| gdb "program" | start gdb to analize a program |
| set disassembly-flavor intel | Set the architectrure on intel |
| disasseble main | get debug code for main() function |
| break *main | set break point at main() break *0x00400607 to break at an address |
| run | runs programm again |
| si | To use with breakpoints: Step 1 instruction furter ( follows functions ) |
| ni | To use with breakpoints: Next instruction ( don't follow functions ) |
| continue | continue program to run to next breakpoint. |
| set $eax=0 | change the register value of rax to 0 |
| x/s "register address" | to print the value on this address. |
| define hook-stop | defines a series of commands on break to auto execute (hook-stop) |
| info registers | displays the register info |
| x/24wx $esp | get the stack ( $esp) 24 addresses |
| x/2i $eip | get the last 2 index pointer commands |
| end | ends the commands of a define hook. |
| r < caracters | read from file "caracters" |
| x 'function name' | Examines the function. |
Special Codes:
| \xCC | opcode CC is for setting breakpoints (int3) |
| \x90 | NOP is no operations |
Python snippits:
Some handy code snippits that makes life easy.
| int('1111', 2) | 15 | Binair to Decimal |
| bin(15) | 0b1111 | Decimal to Binair |
| hex(15) | 0xf | Decimal to Hex |
| hex(int(0b1111)) | 0xf | Binair to Hex |
| chr(0x41) | A | Hex to Char |
import struct
struct.unpack("I", "ABCD")[0] # 1145258561 Integer of ABCD
struct.pack("I", 1145258561) # ABCD String of 1145258561
hex(struct.unpack("I", "ABCD")[0]) # 0x44434241 Hex value of ABCD
hex(struct.unpack(">I", "ABCD")[0]) # 0x41424344 Revers Hex of ABCD
struct.pack("I", 0x44434241) # ABCD String of 0x44434241
struct.pack("I", 0x41500000) # \x00\x00PA String of 0x41500000