Someone brought back this #qrcode sticker from #39c3.
Uncategorized
7
Posts
1
Posters
0
Views
-
1. The 20 bytes of text ("What could go wrong?") that directly follow the last "regular" instruction are XOR'ed with some magic numbers 4 bytes at a time, turning them into something completely different.
2. Two syscalls are executed in series, the type of the second syscall is hereby determined by subtracting a hardcoded value from the return value of the first syscall.
3. Execution seemingly progresses into the XOR-modified text buffer.
🧵 2/5
-
1. The 20 bytes of text ("What could go wrong?") that directly follow the last "regular" instruction are XOR'ed with some magic numbers 4 bytes at a time, turning them into something completely different.
2. Two syscalls are executed in series, the type of the second syscall is hereby determined by subtracting a hardcoded value from the return value of the first syscall.
3. Execution seemingly progresses into the XOR-modified text buffer.
🧵 2/5
However, upon closer inspection, what actually happens is:
1. The XORs turn the string "What could go wrong?" into "You are beautiful!\ny" (ignore the "y", it's not used).
2. The first syscall is a write(2) that writes the modified string to stdout (FD 1), and returns the number of bytes written (19). From that, 18 is subtracted to construct the next syscall, exit(2).
3. Here execution terminates, and never progresses into the text buffer.
🧵 3/5
-
However, upon closer inspection, what actually happens is:
1. The XORs turn the string "What could go wrong?" into "You are beautiful!\ny" (ignore the "y", it's not used).
2. The first syscall is a write(2) that writes the modified string to stdout (FD 1), and returns the number of bytes written (19). From that, 18 is subtracted to construct the next syscall, exit(2).
3. Here execution terminates, and never progresses into the text buffer.
🧵 3/5
So, all in all, what this code actually does is a barebones equivalent of (as C code):
puts("You are beautiful!\n");
exit(0);A fun little challenge to reverse engineer, even without notable x86 assembly experience.
🧵 4/5
-
So, all in all, what this code actually does is a barebones equivalent of (as C code):
puts("You are beautiful!\n");
exit(0);A fun little challenge to reverse engineer, even without notable x86 assembly experience.
🧵 4/5
However, I'd like to report a "bug" to whoever wrote this code: 😜
If stdout is not writable (e.g. by piping the output into /dev/full, which returns ENOSPC on write), the second syscall is not an exit(2), but another, nonexistent syscall, and execution actually progresses into the string, where it segfaults.
🧵 5/5
-
However, I'd like to report a "bug" to whoever wrote this code: 😜
If stdout is not writable (e.g. by piping the output into /dev/full, which returns ENOSPC on write), the second syscall is not an exit(2), but another, nonexistent syscall, and execution actually progresses into the string, where it segfaults.
🧵 5/5
Also a shoutout to Linux documentation: Once you learn that "INT 0x80" is the instruction to perform a syscall, most information regarding what syscalls are being made can be found in Linux manpages and C headers:
syscall(2) contains calling conventions for syscalls for a lot of CPU architectures, including i386, where we learn that EAX is used for the syscall number and the return value, and (in that order) EBX, ECX and EDX are used for the first 3 arguments of a syscall.
-
Also a shoutout to Linux documentation: Once you learn that "INT 0x80" is the instruction to perform a syscall, most information regarding what syscalls are being made can be found in Linux manpages and C headers:
syscall(2) contains calling conventions for syscalls for a lot of CPU architectures, including i386, where we learn that EAX is used for the syscall number and the return value, and (in that order) EBX, ECX and EDX are used for the first 3 arguments of a syscall.
/usr/include/asm/unistd_32.h contains the numeric syscall identifiers (i.e. 1 = exit, 4 = write), used in EAX.
The manpages of the syscalls exit(2) and write(2) document which arguments they take and in what order.
This is how I figured out that what these syscalls actually do is a write(1, "You are beautiful!\n", 19) and an exit(0).
-
undefined oblomov@sociale.network shared this topic
Gli ultimi otto messaggi ricevuti dalla Federazione
-
@Otttoz La soluzione sarebbe dire: sciò! ( vai via) ma il problema è che dopo aver sobillato la rivolta si nascondono bene e non sapresti nemmeno a chi dirlo... Così il nuovo dittatore in questo caso è più un sistema di 'nuove amicizie'
-
*ID* –> “Haunting”
---
Boo !
...
this is for illustrationday.comHave a nice week Mastodon !
- #mastoart #art #illustration #illustrationday -
:: Better res on website ::
https://www.gynux.com/v2/lesnews/?p=4355&rub=news&tag=fr&preview=true
-
@Otttoz Ora è ufficiale, per smettere di fumare non serve la prigione. Casomai meglio andare a sciare che riossigena i polmoni.
-
Assolutamente da vedere. Cory Doctorow é ipnotizzante
-
@mos_8502 I think, or maybe merely hope, that having deep expertise and actually understanding all the code being spewed forth at alarming rates (even if I haven't actually read most of it), has long-term value.
But, I don't think I have any choice about using it and staying employed. If I want to keep working in the field I'm in, I'm going to be doing it with AI assistance. That was up in the air until recently...but, the current generation models+agents lay the question to rest.
-
@swelljoe My reply to the vibe coder in this scenario is "well, then, what do we need you for? Pack up your desk."
Now, this is not to say I'm 100% dead set against it per se. I would restrict its use to expert-level programmers who understand the problem domain, on the grounds that you need to know the language at a high level and understand the problem if you're going to debug and maintain the code.
-
@mos_8502 the vibe-coder answer to that is, "I don't need to understand it, I just ask Claude to maintain it, too." And...I scoffed at that idea in the past. But, it's gotten really good.
I think it's still very dangerous in the hands of non-technical folks. And, I think most of the models are still flailing a lot (the frontier models are all pretty good, but Opus 4.5 is the one that Just Works, but all the lower end models are stupid a lot).
I dunno. The ground shifted beneath my feet.
-
@mos_8502 I was dragged into using it at work, and I've had to accept that I was wrong about how well it works. I still have plenty of reservations about its use. But...it can write good software very, very, fast. And, in an agentic configuration (like Claude Code or whatever other agentic harnesses you wanna use), it can test its own work, verify outputs, etc. It's genuinely astonishing how well it works.
Whether I like it kinda doesn't matter. It works well enough to where it will be used.
