mirror of
https://github.com/mytechnotalent/Embedded-Hacking.git
synced 2026-07-05 12:07:51 +02:00
Initial commit with strict idiomatic rust enforcement
This commit is contained in:
Binary file not shown.
+1597
File diff suppressed because it is too large
Load Diff
@@ -0,0 +1,79 @@
|
||||
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1200 800">
|
||||
<style>
|
||||
.bg{fill:#0a0a0f}.pnl{fill:#12121a;stroke:#1a1a2e}.hdr{fill:#12121a}
|
||||
.title{font:bold 42px 'Courier New',monospace;fill:#00ff41}
|
||||
.sub{font:bold 28px 'Courier New',monospace;fill:#00d4ff}
|
||||
.txt{font:24px 'Courier New',monospace;fill:#c0c0c0}
|
||||
.dim{font:20px 'Courier New',monospace;fill:#888}
|
||||
.grn{font:bold 24px 'Courier New',monospace;fill:#00ff41}
|
||||
.red{font:bold 24px 'Courier New',monospace;fill:#ff0040}
|
||||
.cyn{font:bold 24px 'Courier New',monospace;fill:#00d4ff}
|
||||
.amb{font:bold 24px 'Courier New',monospace;fill:#ffaa00}
|
||||
.badge{stroke:#00ff41;rx:14}
|
||||
</style>
|
||||
<rect class="bg" width="1200" height="800"/>
|
||||
|
||||
<!-- Background grid decoration -->
|
||||
<g opacity="0.06">
|
||||
<line x1="0" y1="100" x2="1200" y2="100" stroke="#00ff41" stroke-width="1"/>
|
||||
<line x1="0" y1="200" x2="1200" y2="200" stroke="#00ff41" stroke-width="1"/>
|
||||
<line x1="0" y1="300" x2="1200" y2="300" stroke="#00ff41" stroke-width="1"/>
|
||||
<line x1="0" y1="400" x2="1200" y2="400" stroke="#00ff41" stroke-width="1"/>
|
||||
<line x1="0" y1="500" x2="1200" y2="500" stroke="#00ff41" stroke-width="1"/>
|
||||
<line x1="0" y1="600" x2="1200" y2="600" stroke="#00ff41" stroke-width="1"/>
|
||||
<line x1="0" y1="700" x2="1200" y2="700" stroke="#00ff41" stroke-width="1"/>
|
||||
<line x1="200" y1="0" x2="200" y2="800" stroke="#00ff41" stroke-width="1"/>
|
||||
<line x1="400" y1="0" x2="400" y2="800" stroke="#00ff41" stroke-width="1"/>
|
||||
<line x1="600" y1="0" x2="600" y2="800" stroke="#00ff41" stroke-width="1"/>
|
||||
<line x1="800" y1="0" x2="800" y2="800" stroke="#00ff41" stroke-width="1"/>
|
||||
<line x1="1000" y1="0" x2="1000" y2="800" stroke="#00ff41" stroke-width="1"/>
|
||||
</g>
|
||||
|
||||
<!-- Hex rain decoration -->
|
||||
<g opacity="0.04" font-family="'Courier New',monospace" font-size="14" fill="#00ff41">
|
||||
<text x="50" y="80">4F 70 65 6E 4F 43 44</text>
|
||||
<text x="900" y="120">10 00 02 34 08 B5 01</text>
|
||||
<text x="150" y="180">47 44 42 20 52 45 56</text>
|
||||
<text x="800" y="240">20 08 20 00 FF AA 00</text>
|
||||
<text x="80" y="350">52 50 32 33 35 30 00</text>
|
||||
<text x="950" y="380">0A 0A 0F 12 12 1A 1A</text>
|
||||
<text x="100" y="520">41 52 4D 76 38 2D 4D</text>
|
||||
<text x="870" y="560">00 FF 41 00 D4 FF 88</text>
|
||||
<text x="60" y="680">47 48 49 44 52 41 00</text>
|
||||
<text x="920" y="720">FF 00 40 C0 C0 C0 00</text>
|
||||
</g>
|
||||
|
||||
<!-- Corner accents -->
|
||||
<polyline points="30,30 30,80 80,80" fill="none" stroke="#00ff41" stroke-width="2" opacity="0.3"/>
|
||||
<polyline points="1170,30 1170,80 1120,80" fill="none" stroke="#00ff41" stroke-width="2" opacity="0.3"/>
|
||||
<polyline points="30,770 30,720 80,720" fill="none" stroke="#00ff41" stroke-width="2" opacity="0.3"/>
|
||||
<polyline points="1170,770 1170,720 1120,720" fill="none" stroke="#00ff41" stroke-width="2" opacity="0.3"/>
|
||||
|
||||
<!-- Top accent line -->
|
||||
<rect x="100" y="140" width="1000" height="2" fill="#00ff41" opacity="0.4"/>
|
||||
|
||||
<!-- Course Title -->
|
||||
<text x="600" y="210" text-anchor="middle" font-family="'Courier New',monospace" font-size="56" font-weight="bold" fill="#00ff41">Embedded Systems</text>
|
||||
<text x="600" y="278" text-anchor="middle" font-family="'Courier New',monospace" font-size="56" font-weight="bold" fill="#00ff41">Reverse Engineering</text>
|
||||
|
||||
<!-- Divider -->
|
||||
<rect x="300" y="310" width="600" height="2" fill="#00d4ff" opacity="0.6"/>
|
||||
|
||||
<!-- Week Number -->
|
||||
<text x="600" y="380" text-anchor="middle" font-family="'Courier New',monospace" font-size="42" font-weight="bold" fill="#00d4ff">// WEEK 02</text>
|
||||
|
||||
<!-- Week Topic -->
|
||||
<text x="600" y="440" text-anchor="middle" font-family="'Courier New',monospace" font-size="28" fill="#c0c0c0">Hello, World - Debugging and</text>
|
||||
<text x="600" y="478" text-anchor="middle" font-family="'Courier New',monospace" font-size="28" fill="#c0c0c0">Hacking Basics: Debugging and Hacking</text>
|
||||
<text x="600" y="516" text-anchor="middle" font-family="'Courier New',monospace" font-size="28" fill="#c0c0c0">a Basic Program for the Pico 2</text>
|
||||
|
||||
<!-- Bottom accent line -->
|
||||
<rect x="100" y="570" width="1000" height="2" fill="#00ff41" opacity="0.4"/>
|
||||
|
||||
<!-- University -->
|
||||
<text x="600" y="635" text-anchor="middle" font-family="'Courier New',monospace" font-size="36" font-weight="bold" fill="#ffaa00">George Mason University</text>
|
||||
|
||||
<!-- Bottom badge -->
|
||||
<rect x="400" y="670" width="400" height="40" rx="20" fill="none" stroke="#00ff41" stroke-width="1.5" opacity="0.5"/>
|
||||
<text x="600" y="697" text-anchor="middle" font-family="'Courier New',monospace" font-size="20" fill="#00ff41" opacity="0.7">RP2350 // ARM Cortex-M33</text>
|
||||
</svg>
|
||||
|
After Width: | Height: | Size: 4.4 KiB |
@@ -0,0 +1,73 @@
|
||||
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1200 800">
|
||||
<style>
|
||||
.bg{fill:#0a0a0f}.pnl{fill:#12121a;stroke:#1a1a2e}.hdr{fill:#12121a}
|
||||
.title{font:bold 42px 'Courier New',monospace;fill:#00ff41}
|
||||
.sub{font:bold 28px 'Courier New',monospace;fill:#00d4ff}
|
||||
.txt{font:24px 'Courier New',monospace;fill:#c0c0c0}
|
||||
.dim{font:20px 'Courier New',monospace;fill:#888}
|
||||
.grn{font:bold 24px 'Courier New',monospace;fill:#00ff41}
|
||||
.red{font:bold 24px 'Courier New',monospace;fill:#ff0040}
|
||||
.cyn{font:bold 24px 'Courier New',monospace;fill:#00d4ff}
|
||||
.amb{font:bold 24px 'Courier New',monospace;fill:#ffaa00}
|
||||
.badge{stroke:#00ff41;rx:14}
|
||||
</style>
|
||||
<rect class="bg" width="1200" height="800"/>
|
||||
|
||||
<!-- Title -->
|
||||
<text x="600" y="52" text-anchor="middle" class="title">Live Hacking Overview</text>
|
||||
<text x="600" y="88" text-anchor="middle" class="dim">Introduction to Live Hacking</text>
|
||||
|
||||
<!-- Left Panel: What is live hacking -->
|
||||
<rect x="30" y="105" width="540" height="675" class="pnl" rx="8"/>
|
||||
<text x="300" y="148" text-anchor="middle" class="sub">What Is Live Hacking?</text>
|
||||
<line x1="50" y1="163" x2="550" y2="163" stroke="#1a1a2e"/>
|
||||
|
||||
<text x="55" y="205" class="txt">Modify a program</text>
|
||||
<text x="55" y="237" class="txt">WHILE it is running</text>
|
||||
<text x="55" y="269" class="txt">on real hardware</text>
|
||||
|
||||
<line x1="50" y1="297" x2="550" y2="297" stroke="#1a1a2e"/>
|
||||
|
||||
<text x="55" y="337" class="amb">The Train Analogy</text>
|
||||
<text x="55" y="372" class="txt">Train heading to NYC</text>
|
||||
<text x="55" y="404" class="txt">Switch the tracks</text>
|
||||
<text x="55" y="436" class="txt">while it moves</text>
|
||||
<text x="55" y="468" class="red">Now it goes to LA!</text>
|
||||
|
||||
<line x1="50" y1="496" x2="550" y2="496" stroke="#1a1a2e"/>
|
||||
|
||||
<text x="55" y="536" class="cyn">Why It Matters</text>
|
||||
<text x="55" y="571" class="txt">Security research</text>
|
||||
<text x="55" y="603" class="txt">Penetration testing</text>
|
||||
<text x="55" y="635" class="txt">Malware analysis</text>
|
||||
<text x="55" y="667" class="txt">Hardware debugging</text>
|
||||
|
||||
<text x="300" y="740" text-anchor="middle" class="dim">No recompile needed!</text>
|
||||
|
||||
<!-- Right Panel: This Week's Goal -->
|
||||
<rect x="600" y="105" width="570" height="675" class="pnl" rx="8"/>
|
||||
<text x="885" y="148" text-anchor="middle" class="sub">This Week's Goal</text>
|
||||
<line x1="620" y1="163" x2="1150" y2="163" stroke="#1a1a2e"/>
|
||||
|
||||
<text x="625" y="205" class="grn">Target Program</text>
|
||||
<text x="625" y="240" class="txt">hello-world.c</text>
|
||||
<text x="625" y="272" class="txt">Prints "hello, world"</text>
|
||||
<text x="625" y="304" class="txt">in infinite loop</text>
|
||||
|
||||
<line x1="620" y1="332" x2="1150" y2="332" stroke="#1a1a2e"/>
|
||||
|
||||
<text x="625" y="372" class="red">Our Mission</text>
|
||||
<text x="625" y="407" class="txt">Make it print</text>
|
||||
<text x="625" y="439" class="txt">something ELSE</text>
|
||||
<text x="625" y="471" class="txt">without changing</text>
|
||||
<text x="625" y="503" class="txt">the source code</text>
|
||||
|
||||
<line x1="620" y1="531" x2="1150" y2="531" stroke="#1a1a2e"/>
|
||||
|
||||
<text x="625" y="571" class="amb">Tools Used</text>
|
||||
<text x="625" y="606" class="txt">GDB = live debug</text>
|
||||
<text x="625" y="638" class="txt">OpenOCD = HW bridge</text>
|
||||
<text x="625" y="670" class="txt">Ghidra = analysis</text>
|
||||
|
||||
<text x="885" y="745" text-anchor="middle" class="dim">Hack the running binary</text>
|
||||
</svg>
|
||||
@@ -0,0 +1,85 @@
|
||||
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1200 800">
|
||||
<style>
|
||||
.bg{fill:#0a0a0f}.pnl{fill:#12121a;stroke:#1a1a2e}.hdr{fill:#12121a}
|
||||
.title{font:bold 42px 'Courier New',monospace;fill:#00ff41}
|
||||
.sub{font:bold 28px 'Courier New',monospace;fill:#00d4ff}
|
||||
.txt{font:24px 'Courier New',monospace;fill:#c0c0c0}
|
||||
.dim{font:20px 'Courier New',monospace;fill:#888}
|
||||
.cmd{font:bold 18px 'Courier New',monospace}
|
||||
.grn{font:bold 24px 'Courier New',monospace;fill:#00ff41}
|
||||
.red{font:bold 24px 'Courier New',monospace;fill:#ff0040}
|
||||
.cyn{font:bold 24px 'Courier New',monospace;fill:#00d4ff}
|
||||
.amb{font:bold 24px 'Courier New',monospace;fill:#ffaa00}
|
||||
.badge{stroke:#00ff41;rx:14}
|
||||
</style>
|
||||
<rect class="bg" width="1200" height="800"/>
|
||||
|
||||
<!-- Title -->
|
||||
<text x="600" y="52" text-anchor="middle" class="title">GDB Debug Session</text>
|
||||
<text x="600" y="88" text-anchor="middle" class="dim">GDB Fundamentals</text>
|
||||
|
||||
<!-- Left Panel: Connection Steps -->
|
||||
<rect x="30" y="105" width="540" height="675" class="pnl" rx="8"/>
|
||||
<text x="300" y="148" text-anchor="middle" class="sub">Setup Steps</text>
|
||||
<line x1="50" y1="163" x2="550" y2="163" stroke="#1a1a2e"/>
|
||||
|
||||
<!-- Step 1 -->
|
||||
<text x="55" y="198" class="dim">Step 1: Start OpenOCD</text>
|
||||
<rect x="55" y="213" width="490" height="88" rx="5" fill="#0f0f1a" stroke="#00d4ff" stroke-width="2"/>
|
||||
<text x="300" y="233" text-anchor="middle" class="cyn cmd">openocd -s <scripts></text>
|
||||
<text x="300" y="253" text-anchor="middle" class="cyn cmd">-f interface/cmsis-dap.cfg</text>
|
||||
<text x="300" y="273" text-anchor="middle" class="cyn cmd">-f target/rp2350.cfg</text>
|
||||
<text x="300" y="293" text-anchor="middle" class="cyn cmd">-c "adapter speed 5000"</text>
|
||||
|
||||
<!-- Step 2 -->
|
||||
<text x="55" y="331" class="dim">Step 2: Launch GDB</text>
|
||||
<rect x="55" y="346" width="490" height="58" rx="5" fill="#0f1a0f" stroke="#00ff41" stroke-width="2"/>
|
||||
<text x="300" y="369" text-anchor="middle" class="grn cmd">arm-none-eabi-gdb</text>
|
||||
<text x="300" y="391" text-anchor="middle" class="grn cmd">build\0x0001_hello-world.elf</text>
|
||||
|
||||
<!-- Step 3 -->
|
||||
<text x="55" y="434" class="dim">Step 3: Connect to target</text>
|
||||
<rect x="55" y="449" width="490" height="50" rx="5" fill="#1a1a0f" stroke="#ffaa00" stroke-width="2"/>
|
||||
<text x="300" y="481" text-anchor="middle" class="amb">target extended-remote :3333</text>
|
||||
|
||||
<!-- Step 4 -->
|
||||
<text x="55" y="529" class="dim">Step 4: Reset + halt</text>
|
||||
<rect x="55" y="544" width="490" height="50" rx="5" fill="#1a0f0f" stroke="#ff0040" stroke-width="2"/>
|
||||
<text x="300" y="576" text-anchor="middle" class="red">monitor reset halt</text>
|
||||
|
||||
<!-- Step 5 -->
|
||||
<text x="55" y="624" class="dim">Step 5: Set breakpoint</text>
|
||||
<rect x="55" y="639" width="490" height="50" rx="5" fill="#0f1a0f" stroke="#00ff41" stroke-width="2"/>
|
||||
<text x="300" y="671" text-anchor="middle" class="grn">break main</text>
|
||||
|
||||
<text x="300" y="725" text-anchor="middle" class="dim">Then: continue (c)</text>
|
||||
|
||||
<!-- Right Panel: What Each Does -->
|
||||
<rect x="600" y="105" width="570" height="675" class="pnl" rx="8"/>
|
||||
<text x="885" y="148" text-anchor="middle" class="sub">What Each Does</text>
|
||||
<line x1="620" y1="163" x2="1150" y2="163" stroke="#1a1a2e"/>
|
||||
|
||||
<text x="625" y="205" class="cyn">openocd</text>
|
||||
<text x="625" y="240" class="txt">Loads probe + chip</text>
|
||||
<text x="625" y="272" class="txt">config files</text>
|
||||
<text x="625" y="304" class="dim">Then listens on :3333</text>
|
||||
|
||||
<line x1="620" y1="337" x2="1150" y2="337" stroke="#1a1a2e"/>
|
||||
|
||||
<text x="625" y="377" class="grn">arm-none-eabi-gdb</text>
|
||||
<text x="625" y="412" class="txt">ARM debugger from</text>
|
||||
<text x="625" y="444" class="txt">the embedded toolchain</text>
|
||||
|
||||
<line x1="620" y1="472" x2="1150" y2="472" stroke="#1a1a2e"/>
|
||||
|
||||
<text x="625" y="512" class="amb">target extended-remote</text>
|
||||
<text x="625" y="547" class="txt">GDB connects to</text>
|
||||
<text x="625" y="579" class="txt">OpenOCD server</text>
|
||||
|
||||
<line x1="620" y1="607" x2="1150" y2="607" stroke="#1a1a2e"/>
|
||||
|
||||
<text x="625" y="647" class="red">monitor reset halt</text>
|
||||
<text x="625" y="682" class="txt">Reset chip + stop</text>
|
||||
<text x="625" y="714" class="txt">at very first instr</text>
|
||||
<text x="625" y="746" class="dim">Clean starting state</text>
|
||||
</svg>
|
||||
@@ -0,0 +1,88 @@
|
||||
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1200 800">
|
||||
<style>
|
||||
.bg{fill:#0a0a0f}.pnl{fill:#12121a;stroke:#1a1a2e}.hdr{fill:#12121a}
|
||||
.title{font:bold 42px 'Courier New',monospace;fill:#00ff41}
|
||||
.sub{font:bold 28px 'Courier New',monospace;fill:#00d4ff}
|
||||
.txt{font:24px 'Courier New',monospace;fill:#c0c0c0}
|
||||
.dim{font:20px 'Courier New',monospace;fill:#888}
|
||||
.grn{font:bold 24px 'Courier New',monospace;fill:#00ff41}
|
||||
.red{font:bold 24px 'Courier New',monospace;fill:#ff0040}
|
||||
.cyn{font:bold 24px 'Courier New',monospace;fill:#00d4ff}
|
||||
.amb{font:bold 24px 'Courier New',monospace;fill:#ffaa00}
|
||||
.badge{stroke:#00ff41;rx:14}
|
||||
</style>
|
||||
<rect class="bg" width="1200" height="800"/>
|
||||
|
||||
<!-- Title -->
|
||||
<text x="600" y="52" text-anchor="middle" class="title">Breakpoints</text>
|
||||
<text x="600" y="88" text-anchor="middle" class="dim">GDB Breakpoint Types</text>
|
||||
|
||||
<!-- Left Panel: How Breakpoints Work -->
|
||||
<rect x="30" y="105" width="540" height="675" class="pnl" rx="8"/>
|
||||
<text x="300" y="148" text-anchor="middle" class="sub">How They Work</text>
|
||||
<line x1="50" y1="163" x2="550" y2="163" stroke="#1a1a2e"/>
|
||||
|
||||
<!-- Normal execution -->
|
||||
<text x="55" y="203" class="grn">Normal Execution</text>
|
||||
|
||||
<rect x="55" y="220" width="490" height="42" rx="4" fill="#0a0a0f" stroke="#1a1a2e"/>
|
||||
<text x="70" y="248" class="txt">MOV r0, #5</text>
|
||||
|
||||
<rect x="55" y="272" width="490" height="42" rx="4" fill="#0a0a0f" stroke="#1a1a2e"/>
|
||||
<text x="70" y="300" class="txt">MOV r1, #3</text>
|
||||
|
||||
<rect x="55" y="324" width="490" height="42" rx="4" fill="#0a0a0f" stroke="#1a1a2e"/>
|
||||
<text x="70" y="352" class="txt">BL printf</text>
|
||||
|
||||
<!-- Breakpoint set -->
|
||||
<text x="55" y="410" class="red">With Breakpoint</text>
|
||||
|
||||
<rect x="55" y="427" width="490" height="42" rx="4" fill="#0a0a0f" stroke="#1a1a2e"/>
|
||||
<text x="70" y="455" class="txt">MOV r0, #5</text>
|
||||
|
||||
<rect x="55" y="479" width="490" height="42" rx="4" fill="#1a0f0f" stroke="#ff0040" stroke-width="2"/>
|
||||
<text x="70" y="507" class="red">MOV r1, #3</text>
|
||||
<text x="520" y="507" text-anchor="end" class="red">STOP</text>
|
||||
|
||||
<rect x="55" y="531" width="490" height="42" rx="4" fill="#0a0a0f" stroke="#1a1a2e" stroke-dasharray="6"/>
|
||||
<text x="70" y="559" class="txt">BL printf</text>
|
||||
<text x="520" y="559" text-anchor="end" class="dim">paused</text>
|
||||
|
||||
<text x="300" y="620" text-anchor="middle" class="txt">CPU halts BEFORE</text>
|
||||
<text x="300" y="652" text-anchor="middle" class="txt">executing breakpoint</text>
|
||||
<text x="300" y="684" text-anchor="middle" class="txt">instruction</text>
|
||||
|
||||
<text x="300" y="740" text-anchor="middle" class="dim">Now you can inspect</text>
|
||||
|
||||
<!-- Right Panel: GDB Commands -->
|
||||
<rect x="600" y="105" width="570" height="675" class="pnl" rx="8"/>
|
||||
<text x="885" y="148" text-anchor="middle" class="sub">GDB Breakpoints</text>
|
||||
<line x1="620" y1="163" x2="1150" y2="163" stroke="#1a1a2e"/>
|
||||
|
||||
<text x="625" y="205" class="grn">break main</text>
|
||||
<text x="625" y="240" class="txt">Stop at function</text>
|
||||
<text x="625" y="272" class="dim">By symbol name</text>
|
||||
|
||||
<line x1="620" y1="300" x2="1150" y2="300" stroke="#1a1a2e"/>
|
||||
|
||||
<text x="625" y="340" class="grn">break *0x10000340</text>
|
||||
<text x="625" y="375" class="txt">Stop at exact addr</text>
|
||||
<text x="625" y="407" class="dim">By hex address</text>
|
||||
|
||||
<line x1="620" y1="435" x2="1150" y2="435" stroke="#1a1a2e"/>
|
||||
|
||||
<text x="625" y="475" class="cyn">info break</text>
|
||||
<text x="625" y="510" class="txt">List all active</text>
|
||||
<text x="625" y="542" class="txt">breakpoints</text>
|
||||
|
||||
<line x1="620" y1="570" x2="1150" y2="570" stroke="#1a1a2e"/>
|
||||
|
||||
<text x="625" y="610" class="amb">continue (c)</text>
|
||||
<text x="625" y="645" class="txt">Resume running</text>
|
||||
<text x="625" y="677" class="txt">until next break</text>
|
||||
|
||||
<line x1="620" y1="705" x2="1150" y2="705" stroke="#1a1a2e"/>
|
||||
|
||||
<text x="625" y="745" class="red">delete 1</text>
|
||||
<text x="625" y="777" class="txt">Remove breakpoint #1</text>
|
||||
</svg>
|
||||
@@ -0,0 +1,102 @@
|
||||
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1200 800">
|
||||
<style>
|
||||
.bg{fill:#0a0a0f}.pnl{fill:#12121a;stroke:#1a1a2e}.hdr{fill:#12121a}
|
||||
.title{font:bold 42px 'Courier New',monospace;fill:#00ff41}
|
||||
.sub{font:bold 28px 'Courier New',monospace;fill:#00d4ff}
|
||||
.txt{font:24px 'Courier New',monospace;fill:#c0c0c0}
|
||||
.dim{font:20px 'Courier New',monospace;fill:#888}
|
||||
.grn{font:bold 24px 'Courier New',monospace;fill:#00ff41}
|
||||
.red{font:bold 24px 'Courier New',monospace;fill:#ff0040}
|
||||
.cyn{font:bold 24px 'Courier New',monospace;fill:#00d4ff}
|
||||
.amb{font:bold 24px 'Courier New',monospace;fill:#ffaa00}
|
||||
.badge{stroke:#00ff41;rx:14}
|
||||
</style>
|
||||
<rect class="bg" width="1200" height="800"/>
|
||||
|
||||
<!-- Title -->
|
||||
<text x="600" y="52" text-anchor="middle" class="title">Stack in Action</text>
|
||||
<text x="600" y="88" text-anchor="middle" class="dim">Runtime Stack Analysis</text>
|
||||
|
||||
<!-- Left Panel: Before Call -->
|
||||
<rect x="30" y="105" width="350" height="675" class="pnl" rx="8"/>
|
||||
<text x="205" y="148" text-anchor="middle" class="sub">Before Call</text>
|
||||
<line x1="50" y1="163" x2="360" y2="163" stroke="#1a1a2e"/>
|
||||
|
||||
<text x="55" y="205" class="amb">0x20082000</text>
|
||||
<text x="55" y="237" class="red">SP here</text>
|
||||
|
||||
<rect x="60" y="260" width="255" height="55" rx="5" fill="#0a0a0f" stroke="#1a1a2e" stroke-width="1" stroke-dasharray="6"/>
|
||||
<text x="187" y="295" text-anchor="middle" class="dim">empty (0x20081FFC)</text>
|
||||
|
||||
<rect x="60" y="325" width="255" height="55" rx="5" fill="#0a0a0f" stroke="#1a1a2e" stroke-width="1" stroke-dasharray="6"/>
|
||||
<text x="187" y="360" text-anchor="middle" class="dim">empty (0x20081FF8)</text>
|
||||
|
||||
<rect x="60" y="390" width="255" height="55" rx="5" fill="#0a0a0f" stroke="#1a1a2e" stroke-width="1" stroke-dasharray="6"/>
|
||||
<text x="187" y="425" text-anchor="middle" class="dim">free stack space</text>
|
||||
|
||||
<rect x="60" y="455" width="255" height="55" rx="5" fill="#0a0a0f" stroke="#1a1a2e" stroke-width="1" stroke-dasharray="6"/>
|
||||
<text x="187" y="490" text-anchor="middle" class="dim">unused lower space</text>
|
||||
|
||||
<text x="55" y="555" class="amb">0x20080000</text>
|
||||
|
||||
<text x="205" y="650" text-anchor="middle" class="red">Grows DOWN</text>
|
||||
<line x1="205" y1="665" x2="205" y2="725" stroke="#ff0040" stroke-width="4"/>
|
||||
<polygon points="193,725 205,750 217,725" fill="#ff0040"/>
|
||||
|
||||
<!-- Middle Panel: After PUSH {r4, lr} -->
|
||||
<rect x="410" y="105" width="370" height="675" class="pnl" rx="8"/>
|
||||
<text x="595" y="148" text-anchor="middle" class="sub">After PUSH</text>
|
||||
<line x1="430" y1="163" x2="760" y2="163" stroke="#1a1a2e"/>
|
||||
|
||||
<text x="435" y="205" class="amb">0x20082000</text>
|
||||
<text x="435" y="237" class="red">PUSH {r4, lr}</text>
|
||||
|
||||
<rect x="440" y="260" width="255" height="55" rx="5" fill="#1a0f0f" stroke="#ff0040" stroke-width="2"/>
|
||||
<text x="567" y="295" text-anchor="middle" class="red">saved LR</text>
|
||||
|
||||
<rect x="440" y="325" width="255" height="55" rx="5" fill="#1a1a0f" stroke="#ffaa00" stroke-width="2"/>
|
||||
<text x="567" y="360" text-anchor="middle" class="amb">saved r4</text>
|
||||
|
||||
<rect x="440" y="390" width="255" height="55" rx="5" fill="#0a0a0f" stroke="#1a1a2e" stroke-width="1" stroke-dasharray="6"/>
|
||||
<text x="567" y="425" text-anchor="middle" class="dim">free stack space</text>
|
||||
|
||||
<rect x="440" y="455" width="255" height="55" rx="5" fill="#0a0a0f" stroke="#1a1a2e" stroke-width="1" stroke-dasharray="6"/>
|
||||
<text x="567" y="490" text-anchor="middle" class="dim">free stack space</text>
|
||||
|
||||
<text x="435" y="555" class="red">SP now = 0x20081FF8</text>
|
||||
|
||||
<text x="435" y="620" class="dim" style="fill:#ff0040">SP moved down</text>
|
||||
<text x="435" y="650" class="dim" style="fill:#ff0040">by 8 bytes</text>
|
||||
<text x="435" y="720" class="cyn">GDB: x/4xw $sp</text>
|
||||
<text x="435" y="752" class="dim">saved regs are now visible</text>
|
||||
|
||||
<!-- Right Panel: Key Points -->
|
||||
<rect x="810" y="105" width="360" height="675" class="pnl" rx="8"/>
|
||||
<text x="990" y="148" text-anchor="middle" class="sub">Key Points</text>
|
||||
<line x1="830" y1="163" x2="1150" y2="163" stroke="#1a1a2e"/>
|
||||
|
||||
<text x="835" y="205" class="grn">PUSH saves</text>
|
||||
<text x="835" y="240" class="txt">Preserves regs</text>
|
||||
<text x="835" y="272" class="txt">before function</text>
|
||||
<text x="835" y="304" class="txt">body runs</text>
|
||||
|
||||
<line x1="830" y1="332" x2="1150" y2="332" stroke="#1a1a2e"/>
|
||||
|
||||
<text x="835" y="372" class="red">POP restores</text>
|
||||
<text x="835" y="407" class="txt">Puts values</text>
|
||||
<text x="835" y="439" class="txt">back when func</text>
|
||||
<text x="835" y="471" class="txt">returns</text>
|
||||
|
||||
<line x1="830" y1="499" x2="1150" y2="499" stroke="#1a1a2e"/>
|
||||
|
||||
<text x="835" y="539" class="amb">Watch in GDB</text>
|
||||
<text x="835" y="574" class="txt">x/4xw $sp</text>
|
||||
<text x="835" y="606" class="dim">See stack data</text>
|
||||
|
||||
<line x1="830" y1="634" x2="1150" y2="634" stroke="#1a1a2e"/>
|
||||
|
||||
<text x="835" y="674" class="cyn">stepi</text>
|
||||
<text x="835" y="709" class="txt">Step 1 instr</text>
|
||||
<text x="835" y="741" class="txt">watch stack</text>
|
||||
<text x="835" y="773" class="dim">change live</text>
|
||||
</svg>
|
||||
@@ -0,0 +1,79 @@
|
||||
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1200 800">
|
||||
<style>
|
||||
.bg{fill:#0a0a0f}.pnl{fill:#12121a;stroke:#1a1a2e}.hdr{fill:#12121a}
|
||||
.title{font:bold 42px 'Courier New',monospace;fill:#00ff41}
|
||||
.sub{font:bold 28px 'Courier New',monospace;fill:#00d4ff}
|
||||
.txt{font:24px 'Courier New',monospace;fill:#c0c0c0}
|
||||
.dim{font:20px 'Courier New',monospace;fill:#888}
|
||||
.grn{font:bold 24px 'Courier New',monospace;fill:#00ff41}
|
||||
.red{font:bold 24px 'Courier New',monospace;fill:#ff0040}
|
||||
.cyn{font:bold 24px 'Courier New',monospace;fill:#00d4ff}
|
||||
.amb{font:bold 24px 'Courier New',monospace;fill:#ffaa00}
|
||||
.badge{stroke:#00ff41;rx:14}
|
||||
</style>
|
||||
<rect class="bg" width="1200" height="800"/>
|
||||
|
||||
<!-- Title -->
|
||||
<text x="600" y="52" text-anchor="middle" class="title">LDR Instruction</text>
|
||||
<text x="600" y="88" text-anchor="middle" class="dim">ARM Load Instructions</text>
|
||||
|
||||
<!-- Left Panel: LDR Flow -->
|
||||
<rect x="30" y="105" width="540" height="675" class="pnl" rx="8"/>
|
||||
<text x="300" y="148" text-anchor="middle" class="sub">How LDR Works</text>
|
||||
<line x1="50" y1="163" x2="550" y2="163" stroke="#1a1a2e"/>
|
||||
|
||||
<!-- The instruction -->
|
||||
<text x="55" y="205" class="dim">Instruction:</text>
|
||||
<rect x="55" y="220" width="490" height="50" rx="5" fill="#0f1a0f" stroke="#00ff41" stroke-width="2"/>
|
||||
<text x="300" y="252" text-anchor="middle" class="grn">LDR r0, [pc, #12]</text>
|
||||
|
||||
<!-- Step 1 -->
|
||||
<text x="55" y="315" class="amb">Step 1: Calculate addr</text>
|
||||
<rect x="55" y="335" width="490" height="50" rx="5" fill="#0a0a0f" stroke="#1a1a2e"/>
|
||||
<text x="300" y="367" text-anchor="middle" class="txt">addr = PC + 12</text>
|
||||
|
||||
<!-- Step 2 -->
|
||||
<text x="55" y="430" class="amb">Step 2: Read memory</text>
|
||||
<rect x="55" y="450" width="490" height="50" rx="5" fill="#0a0a0f" stroke="#1a1a2e"/>
|
||||
<text x="300" y="482" text-anchor="middle" class="txt">value = *(addr)</text>
|
||||
|
||||
<!-- Step 3 -->
|
||||
<text x="55" y="545" class="amb">Step 3: Load into reg</text>
|
||||
<rect x="55" y="565" width="490" height="50" rx="5" fill="#0f0f1a" stroke="#00d4ff" stroke-width="2"/>
|
||||
<text x="300" y="597" text-anchor="middle" class="cyn">r0 = value</text>
|
||||
|
||||
<!-- Result -->
|
||||
<text x="300" y="670" text-anchor="middle" class="txt">r0 now holds the</text>
|
||||
<text x="300" y="702" text-anchor="middle" class="txt">address of our</text>
|
||||
<text x="300" y="734" text-anchor="middle" class="grn">"hello, world" string</text>
|
||||
|
||||
<!-- Right Panel: Why It Matters -->
|
||||
<rect x="600" y="105" width="570" height="675" class="pnl" rx="8"/>
|
||||
<text x="885" y="148" text-anchor="middle" class="sub">Why It Matters</text>
|
||||
<line x1="620" y1="163" x2="1150" y2="163" stroke="#1a1a2e"/>
|
||||
|
||||
<text x="625" y="205" class="grn">String Loading</text>
|
||||
<text x="625" y="240" class="txt">printf needs addr</text>
|
||||
<text x="625" y="272" class="txt">of string in r0</text>
|
||||
<text x="625" y="304" class="dim">r0 = first argument</text>
|
||||
|
||||
<line x1="620" y1="332" x2="1150" y2="332" stroke="#1a1a2e"/>
|
||||
|
||||
<text x="625" y="372" class="cyn">PC-Relative</text>
|
||||
<text x="625" y="407" class="txt">Address computed</text>
|
||||
<text x="625" y="439" class="txt">relative to current</text>
|
||||
<text x="625" y="471" class="txt">PC position</text>
|
||||
<text x="625" y="503" class="dim">Works from any addr</text>
|
||||
|
||||
<line x1="620" y1="531" x2="1150" y2="531" stroke="#1a1a2e"/>
|
||||
|
||||
<text x="625" y="571" class="red">The Attack Point</text>
|
||||
<text x="625" y="606" class="txt">If we change r0</text>
|
||||
<text x="625" y="638" class="txt">AFTER the LDR</text>
|
||||
<text x="625" y="670" class="txt">printf prints OUR</text>
|
||||
<text x="625" y="702" class="txt">string instead!</text>
|
||||
|
||||
<line x1="620" y1="730" x2="1150" y2="730" stroke="#1a1a2e"/>
|
||||
|
||||
<text x="625" y="765" class="amb">This is the hack!</text>
|
||||
</svg>
|
||||
@@ -0,0 +1,93 @@
|
||||
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1200 800">
|
||||
<style>
|
||||
.bg{fill:#0a0a0f}.pnl{fill:#12121a;stroke:#1a1a2e}.hdr{fill:#12121a}
|
||||
.title{font:bold 42px 'Courier New',monospace;fill:#00ff41}
|
||||
.sub{font:bold 28px 'Courier New',monospace;fill:#00d4ff}
|
||||
.txt{font:24px 'Courier New',monospace;fill:#c0c0c0}
|
||||
.dim{font:20px 'Courier New',monospace;fill:#888}
|
||||
.grn{font:bold 24px 'Courier New',monospace;fill:#00ff41}
|
||||
.red{font:bold 24px 'Courier New',monospace;fill:#ff0040}
|
||||
.cyn{font:bold 24px 'Courier New',monospace;fill:#00d4ff}
|
||||
.amb{font:bold 24px 'Courier New',monospace;fill:#ffaa00}
|
||||
.badge{stroke:#00ff41;rx:14}
|
||||
</style>
|
||||
<rect class="bg" width="1200" height="800"/>
|
||||
|
||||
<!-- Title -->
|
||||
<text x="600" y="52" text-anchor="middle" class="title">The Attack Plan</text>
|
||||
<text x="600" y="88" text-anchor="middle" class="dim">Exploit Strategy</text>
|
||||
|
||||
<!-- Full Width: 4-Step Attack Flow -->
|
||||
<rect x="30" y="105" width="1140" height="280" class="pnl" rx="8"/>
|
||||
<text x="600" y="148" text-anchor="middle" class="sub">Attack Flow (4 Steps)</text>
|
||||
<line x1="50" y1="163" x2="1150" y2="163" stroke="#1a1a2e"/>
|
||||
|
||||
<!-- Step 1 -->
|
||||
<rect x="55" y="185" width="230" height="80" rx="6" fill="#0f0f1a" stroke="#00d4ff" stroke-width="2"/>
|
||||
<text x="170" y="220" text-anchor="middle" class="cyn">1. Break at</text>
|
||||
<text x="170" y="250" text-anchor="middle" class="cyn">printf call</text>
|
||||
|
||||
<!-- Arrow -->
|
||||
<line x1="285" y1="225" x2="330" y2="225" stroke="#888888" stroke-width="3"/>
|
||||
<polygon points="330,215 355,225 330,235" fill="#888888"/>
|
||||
|
||||
<!-- Step 2 -->
|
||||
<rect x="360" y="185" width="230" height="80" rx="6" fill="#0f1a0f" stroke="#00ff41" stroke-width="2"/>
|
||||
<text x="475" y="220" text-anchor="middle" class="grn">2. Write new</text>
|
||||
<text x="475" y="250" text-anchor="middle" class="grn">string to SRAM</text>
|
||||
|
||||
<!-- Arrow -->
|
||||
<line x1="590" y1="225" x2="635" y2="225" stroke="#888888" stroke-width="3"/>
|
||||
<polygon points="635,215 660,225 635,235" fill="#888888"/>
|
||||
|
||||
<!-- Step 3 -->
|
||||
<rect x="665" y="185" width="230" height="80" rx="6" fill="#1a1a0f" stroke="#ffaa00" stroke-width="2"/>
|
||||
<text x="780" y="220" text-anchor="middle" class="amb">3. Set r0 to</text>
|
||||
<text x="780" y="250" text-anchor="middle" class="amb">SRAM addr</text>
|
||||
|
||||
<!-- Arrow -->
|
||||
<line x1="895" y1="225" x2="940" y2="225" stroke="#888888" stroke-width="3"/>
|
||||
<polygon points="940,215 965,225 940,235" fill="#888888"/>
|
||||
|
||||
<!-- Step 4 -->
|
||||
<rect x="970" y="185" width="180" height="80" rx="6" fill="#1a0f0f" stroke="#ff0040" stroke-width="2"/>
|
||||
<text x="1060" y="220" text-anchor="middle" class="red">4. Continue</text>
|
||||
<text x="1060" y="250" text-anchor="middle" class="red">execution</text>
|
||||
|
||||
<text x="600" y="340" text-anchor="middle" class="txt">printf reads r0, prints "hacky, world"!</text>
|
||||
|
||||
<!-- Bottom Left: Normal Flow -->
|
||||
<rect x="30" y="405" width="560" height="375" class="pnl" rx="8"/>
|
||||
<text x="310" y="448" text-anchor="middle" class="sub">Normal Flow</text>
|
||||
<line x1="50" y1="463" x2="570" y2="463" stroke="#1a1a2e"/>
|
||||
|
||||
<rect x="55" y="485" width="500" height="42" rx="4" fill="#0a0a0f" stroke="#1a1a2e"/>
|
||||
<text x="70" y="513" class="txt">LDR r0, ="hello"</text>
|
||||
|
||||
<rect x="55" y="537" width="500" height="42" rx="4" fill="#0a0a0f" stroke="#1a1a2e"/>
|
||||
<text x="70" y="565" class="txt">BL printf</text>
|
||||
|
||||
<text x="310" y="630" text-anchor="middle" class="grn">Output:</text>
|
||||
<text x="310" y="665" text-anchor="middle" class="txt">"hello, world"</text>
|
||||
|
||||
<text x="310" y="735" text-anchor="middle" class="dim">Prints original string</text>
|
||||
|
||||
<!-- Bottom Right: Hacked Flow -->
|
||||
<rect x="620" y="405" width="550" height="375" class="pnl" rx="8"/>
|
||||
<text x="895" y="448" text-anchor="middle" class="sub">Hacked Flow</text>
|
||||
<line x1="640" y1="463" x2="1150" y2="463" stroke="#1a1a2e"/>
|
||||
|
||||
<rect x="645" y="485" width="500" height="42" rx="4" fill="#0a0a0f" stroke="#1a1a2e"/>
|
||||
<text x="660" y="513" class="txt">LDR r0, ="hello"</text>
|
||||
|
||||
<rect x="645" y="537" width="500" height="42" rx="4" fill="#1a0f0f" stroke="#ff0040" stroke-width="2"/>
|
||||
<text x="660" y="565" class="red">r0 = 0x20040000</text>
|
||||
|
||||
<rect x="645" y="589" width="500" height="42" rx="4" fill="#0a0a0f" stroke="#1a1a2e"/>
|
||||
<text x="660" y="617" class="txt">BL printf</text>
|
||||
|
||||
<text x="895" y="682" text-anchor="middle" class="red">Output:</text>
|
||||
<text x="895" y="717" text-anchor="middle" class="txt">"hacky, world"</text>
|
||||
|
||||
<text x="895" y="755" text-anchor="middle" class="dim">Prints our string</text>
|
||||
</svg>
|
||||
@@ -0,0 +1,80 @@
|
||||
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1200 800">
|
||||
<style>
|
||||
.bg{fill:#0a0a0f}.pnl{fill:#12121a;stroke:#1a1a2e}.hdr{fill:#12121a}
|
||||
.title{font:bold 42px 'Courier New',monospace;fill:#00ff41}
|
||||
.sub{font:bold 28px 'Courier New',monospace;fill:#00d4ff}
|
||||
.txt{font:24px 'Courier New',monospace;fill:#c0c0c0}
|
||||
.dim{font:20px 'Courier New',monospace;fill:#888}
|
||||
.grn{font:bold 24px 'Courier New',monospace;fill:#00ff41}
|
||||
.red{font:bold 24px 'Courier New',monospace;fill:#ff0040}
|
||||
.cyn{font:bold 24px 'Courier New',monospace;fill:#00d4ff}
|
||||
.amb{font:bold 24px 'Courier New',monospace;fill:#ffaa00}
|
||||
.badge{stroke:#00ff41;rx:14}
|
||||
</style>
|
||||
<rect class="bg" width="1200" height="800"/>
|
||||
|
||||
<!-- Title -->
|
||||
<text x="600" y="52" text-anchor="middle" class="title">Failed vs Real Hack</text>
|
||||
<text x="600" y="88" text-anchor="middle" class="dim">Attack Methodology</text>
|
||||
|
||||
<!-- Left Panel: Failed Attempt -->
|
||||
<rect x="30" y="105" width="560" height="675" class="pnl" rx="8"/>
|
||||
<text x="310" y="148" text-anchor="middle" class="sub">Failed Attempt</text>
|
||||
<line x1="50" y1="163" x2="570" y2="163" stroke="#1a1a2e"/>
|
||||
|
||||
<text x="55" y="205" class="red">The Bad Idea</text>
|
||||
<text x="55" y="240" class="txt">Set r0 to point</text>
|
||||
<text x="55" y="272" class="txt">at a string literal</text>
|
||||
<text x="55" y="304" class="txt">like "hacky"</text>
|
||||
|
||||
<line x1="50" y1="332" x2="570" y2="332" stroke="#1a1a2e"/>
|
||||
|
||||
<text x="55" y="372" class="amb">Why It Fails</text>
|
||||
<text x="55" y="407" class="txt">r0 only holds a</text>
|
||||
<text x="55" y="439" class="txt">32-bit number</text>
|
||||
<text x="55" y="471" class="txt">Not a string itself!</text>
|
||||
|
||||
<line x1="50" y1="499" x2="570" y2="499" stroke="#1a1a2e"/>
|
||||
|
||||
<text x="55" y="539" class="red">set $r0 = "HACK"</text>
|
||||
<text x="55" y="574" class="txt">GDB interprets this</text>
|
||||
<text x="55" y="611" class="txt">as an address value</text>
|
||||
<text x="55" y="643" class="txt">pointing to garbage</text>
|
||||
|
||||
<line x1="50" y1="671" x2="570" y2="671" stroke="#1a1a2e"/>
|
||||
|
||||
<text x="310" y="710" text-anchor="middle" class="red">Result: CRASH</text>
|
||||
<text x="310" y="745" text-anchor="middle" class="dim">or prints garbage</text>
|
||||
|
||||
<!-- Right Panel: Real Hack -->
|
||||
<rect x="620" y="105" width="550" height="675" class="pnl" rx="8"/>
|
||||
<text x="895" y="148" text-anchor="middle" class="sub">Real Hack</text>
|
||||
<line x1="640" y1="163" x2="1150" y2="163" stroke="#1a1a2e"/>
|
||||
|
||||
<text x="645" y="205" class="grn">The Right Way</text>
|
||||
<text x="645" y="240" class="txt">1. Write string</text>
|
||||
<text x="645" y="272" class="txt"> bytes to SRAM</text>
|
||||
<text x="645" y="304" class="txt">2. Point r0 to</text>
|
||||
<text x="645" y="336" class="txt"> that SRAM addr</text>
|
||||
|
||||
<line x1="640" y1="364" x2="1150" y2="364" stroke="#1a1a2e"/>
|
||||
|
||||
<text x="645" y="404" class="cyn">GDB Commands</text>
|
||||
|
||||
<rect x="645" y="425" width="480" height="42" rx="4" fill="#0a0a0f" stroke="#1a1a2e"/>
|
||||
<text x="660" y="453" class="grn">set {char[13]}0x20040000</text>
|
||||
|
||||
<rect x="645" y="477" width="480" height="42" rx="4" fill="#0a0a0f" stroke="#1a1a2e"/>
|
||||
<text x="660" y="505" class="grn"> = "hacky, world"</text>
|
||||
|
||||
<rect x="645" y="539" width="480" height="42" rx="4" fill="#0a0a0f" stroke="#1a1a2e"/>
|
||||
<text x="660" y="567" class="amb">set $r0 = 0x20040000</text>
|
||||
|
||||
<line x1="640" y1="610" x2="1150" y2="610" stroke="#1a1a2e"/>
|
||||
|
||||
<text x="645" y="650" class="txt">String exists in</text>
|
||||
<text x="645" y="682" class="txt">writable SRAM</text>
|
||||
<text x="645" y="714" class="txt">r0 points to it</text>
|
||||
|
||||
<text x="895" y="760" text-anchor="middle" class="grn">"hacky, world" printed!</text>
|
||||
</svg>
|
||||
@@ -0,0 +1,83 @@
|
||||
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1200 800">
|
||||
<style>
|
||||
.bg{fill:#0a0a0f}.pnl{fill:#12121a;stroke:#1a1a2e}.hdr{fill:#12121a}
|
||||
.title{font:bold 42px 'Courier New',monospace;fill:#00ff41}
|
||||
.sub{font:bold 28px 'Courier New',monospace;fill:#00d4ff}
|
||||
.txt{font:24px 'Courier New',monospace;fill:#c0c0c0}
|
||||
.dim{font:20px 'Courier New',monospace;fill:#888}
|
||||
.grn{font:bold 24px 'Courier New',monospace;fill:#00ff41}
|
||||
.red{font:bold 24px 'Courier New',monospace;fill:#ff0040}
|
||||
.cyn{font:bold 24px 'Courier New',monospace;fill:#00d4ff}
|
||||
.amb{font:bold 24px 'Courier New',monospace;fill:#ffaa00}
|
||||
.badge{stroke:#00ff41;rx:14}
|
||||
</style>
|
||||
<rect class="bg" width="1200" height="800"/>
|
||||
|
||||
<!-- Title -->
|
||||
<text x="600" y="52" text-anchor="middle" class="title">Writing to SRAM</text>
|
||||
<text x="600" y="88" text-anchor="middle" class="dim">Memory Manipulation</text>
|
||||
|
||||
<!-- Left Panel: Memory View -->
|
||||
<rect x="30" y="105" width="540" height="675" class="pnl" rx="8"/>
|
||||
<text x="300" y="148" text-anchor="middle" class="sub">SRAM at 0x20040000</text>
|
||||
<line x1="50" y1="163" x2="550" y2="163" stroke="#1a1a2e"/>
|
||||
|
||||
<!-- Before -->
|
||||
<text x="55" y="205" class="red">Before (empty)</text>
|
||||
|
||||
<rect x="55" y="225" width="490" height="42" rx="4" fill="#0a0a0f" stroke="#1a1a2e"/>
|
||||
<text x="70" y="253" class="dim">00 00 00 00 00 00 00 00</text>
|
||||
|
||||
<rect x="55" y="277" width="490" height="42" rx="4" fill="#0a0a0f" stroke="#1a1a2e"/>
|
||||
<text x="70" y="305" class="dim">00 00 00 00 00 00 00 00</text>
|
||||
|
||||
<!-- After -->
|
||||
<text x="55" y="370" class="grn">After writing</text>
|
||||
|
||||
<rect x="55" y="390" width="490" height="42" rx="4" fill="#0f1a0f" stroke="#00ff41" stroke-width="2"/>
|
||||
<text x="70" y="418" class="grn">68 61 63 6b 79 2c 20 77</text>
|
||||
|
||||
<text x="55" y="470" class="dim">h a c k y , w</text>
|
||||
|
||||
<!-- The GDB command -->
|
||||
<text x="55" y="530" class="amb">GDB Command:</text>
|
||||
|
||||
<rect x="55" y="548" width="490" height="90" rx="5" fill="#0a0a0f" stroke="#ffaa00" stroke-width="2"/>
|
||||
<text x="70" y="580" class="txt">set {char[13]}</text>
|
||||
<text x="70" y="612" class="txt">0x20040000 = "hacky, world"</text>
|
||||
|
||||
<!-- Verify -->
|
||||
<text x="55" y="680" class="cyn">Verify with:</text>
|
||||
<rect x="55" y="698" width="490" height="42" rx="5" fill="#0a0a0f" stroke="#1a1a2e"/>
|
||||
<text x="70" y="726" class="txt">x/s 0x20040000</text>
|
||||
|
||||
<!-- Right Panel: Why SRAM -->
|
||||
<rect x="600" y="105" width="570" height="675" class="pnl" rx="8"/>
|
||||
<text x="885" y="148" text-anchor="middle" class="sub">Why SRAM?</text>
|
||||
<line x1="620" y1="163" x2="1150" y2="163" stroke="#1a1a2e"/>
|
||||
|
||||
<text x="625" y="205" class="grn">SRAM = writable</text>
|
||||
<text x="625" y="240" class="txt">RAM at 0x20000000</text>
|
||||
<text x="625" y="272" class="txt">We can write any</text>
|
||||
<text x="625" y="304" class="txt">data here via GDB</text>
|
||||
|
||||
<line x1="620" y1="332" x2="1150" y2="332" stroke="#1a1a2e"/>
|
||||
|
||||
<text x="625" y="372" class="red">Flash = read-only</text>
|
||||
<text x="625" y="407" class="txt">XIP at 0x10000000</text>
|
||||
<text x="625" y="439" class="txt">Cannot write to it</text>
|
||||
<text x="625" y="471" class="txt">during execution</text>
|
||||
<text x="625" y="503" class="dim">That's why we use RAM</text>
|
||||
|
||||
<line x1="620" y1="531" x2="1150" y2="531" stroke="#1a1a2e"/>
|
||||
|
||||
<text x="625" y="571" class="amb">Choosing Address</text>
|
||||
<text x="625" y="606" class="txt">0x20040000 is safe</text>
|
||||
<text x="625" y="638" class="txt">Far from stack</text>
|
||||
<text x="625" y="670" class="txt">and heap regions</text>
|
||||
|
||||
<line x1="620" y1="698" x2="1150" y2="698" stroke="#1a1a2e"/>
|
||||
|
||||
<text x="625" y="738" class="cyn">Null terminator</text>
|
||||
<text x="625" y="773" class="dim">\0 ends the string</text>
|
||||
</svg>
|
||||
@@ -0,0 +1,77 @@
|
||||
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1200 800">
|
||||
<style>
|
||||
.bg{fill:#0a0a0f}.pnl{fill:#12121a;stroke:#1a1a2e}.hdr{fill:#12121a}
|
||||
.title{font:bold 42px 'Courier New',monospace;fill:#00ff41}
|
||||
.sub{font:bold 28px 'Courier New',monospace;fill:#00d4ff}
|
||||
.txt{font:24px 'Courier New',monospace;fill:#c0c0c0}
|
||||
.dim{font:20px 'Courier New',monospace;fill:#888}
|
||||
.grn{font:bold 24px 'Courier New',monospace;fill:#00ff41}
|
||||
.red{font:bold 24px 'Courier New',monospace;fill:#ff0040}
|
||||
.cyn{font:bold 24px 'Courier New',monospace;fill:#00d4ff}
|
||||
.amb{font:bold 24px 'Courier New',monospace;fill:#ffaa00}
|
||||
.badge{stroke:#00ff41;rx:14}
|
||||
</style>
|
||||
<rect class="bg" width="1200" height="800"/>
|
||||
|
||||
<!-- Title -->
|
||||
<text x="600" y="52" text-anchor="middle" class="title">Register Hijack</text>
|
||||
<text x="600" y="88" text-anchor="middle" class="dim">Control Flow Attack</text>
|
||||
|
||||
<!-- Left Panel: Before Hijack -->
|
||||
<rect x="30" y="105" width="540" height="675" class="pnl" rx="8"/>
|
||||
<text x="300" y="148" text-anchor="middle" class="sub">Before Hijack</text>
|
||||
<line x1="50" y1="163" x2="550" y2="163" stroke="#1a1a2e"/>
|
||||
|
||||
<text x="55" y="205" class="dim">r0 loaded by LDR:</text>
|
||||
|
||||
<rect x="55" y="225" width="490" height="55" rx="5" fill="#0f0f1a" stroke="#00d4ff" stroke-width="2"/>
|
||||
<text x="70" y="260" class="cyn">r0 = 0x10001234</text>
|
||||
|
||||
<text x="55" y="320" class="dim">Points to flash:</text>
|
||||
|
||||
<rect x="55" y="340" width="490" height="55" rx="5" fill="#0a0a0f" stroke="#1a1a2e"/>
|
||||
<text x="70" y="375" class="txt">"hello, world\r\n"</text>
|
||||
|
||||
<text x="55" y="440" class="dim">printf will read r0</text>
|
||||
<text x="55" y="472" class="dim">and print that string</text>
|
||||
|
||||
<line x1="50" y1="510" x2="550" y2="510" stroke="#1a1a2e"/>
|
||||
|
||||
<text x="55" y="555" class="grn">The Hijack Command</text>
|
||||
|
||||
<rect x="55" y="575" width="490" height="55" rx="5" fill="#1a0f0f" stroke="#ff0040" stroke-width="2"/>
|
||||
<text x="300" y="610" text-anchor="middle" class="red">set $r0 = 0x20040000</text>
|
||||
|
||||
<text x="300" y="680" text-anchor="middle" class="txt">Now r0 points to</text>
|
||||
<text x="300" y="712" text-anchor="middle" class="txt">OUR string in SRAM</text>
|
||||
<text x="300" y="744" text-anchor="middle" class="dim">instead of flash</text>
|
||||
|
||||
<!-- Right Panel: After Hijack -->
|
||||
<rect x="600" y="105" width="570" height="675" class="pnl" rx="8"/>
|
||||
<text x="885" y="148" text-anchor="middle" class="sub">After Hijack</text>
|
||||
<line x1="620" y1="163" x2="1150" y2="163" stroke="#1a1a2e"/>
|
||||
|
||||
<text x="625" y="205" class="dim">r0 now contains:</text>
|
||||
|
||||
<rect x="625" y="225" width="520" height="55" rx="5" fill="#1a0f0f" stroke="#ff0040" stroke-width="2"/>
|
||||
<text x="640" y="260" class="red">r0 = 0x20040000</text>
|
||||
|
||||
<text x="625" y="320" class="dim">Points to SRAM:</text>
|
||||
|
||||
<rect x="625" y="340" width="520" height="55" rx="5" fill="#0f1a0f" stroke="#00ff41" stroke-width="2"/>
|
||||
<text x="640" y="375" class="grn">"hacky, world"</text>
|
||||
|
||||
<line x1="620" y1="430" x2="1150" y2="430" stroke="#1a1a2e"/>
|
||||
|
||||
<text x="625" y="470" class="amb">Then: continue</text>
|
||||
<text x="625" y="510" class="txt">printf reads r0</text>
|
||||
<text x="625" y="542" class="txt">Follows pointer</text>
|
||||
<text x="625" y="574" class="txt">to 0x20040000</text>
|
||||
<text x="625" y="606" class="txt">Finds "hacky, world"</text>
|
||||
<text x="625" y="638" class="txt">Prints it!</text>
|
||||
|
||||
<line x1="620" y1="678" x2="1150" y2="678" stroke="#1a1a2e"/>
|
||||
|
||||
<text x="885" y="720" text-anchor="middle" class="grn">Output changed</text>
|
||||
<text x="885" y="752" text-anchor="middle" class="grn">without touching code</text>
|
||||
</svg>
|
||||
@@ -0,0 +1,75 @@
|
||||
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1200 800">
|
||||
<style>
|
||||
.bg{fill:#0a0a0f}.pnl{fill:#12121a;stroke:#1a1a2e}.hdr{fill:#12121a}
|
||||
.title{font:bold 42px 'Courier New',monospace;fill:#00ff41}
|
||||
.sub{font:bold 28px 'Courier New',monospace;fill:#00d4ff}
|
||||
.txt{font:24px 'Courier New',monospace;fill:#c0c0c0}
|
||||
.dim{font:20px 'Courier New',monospace;fill:#888}
|
||||
.grn{font:bold 24px 'Courier New',monospace;fill:#00ff41}
|
||||
.red{font:bold 24px 'Courier New',monospace;fill:#ff0040}
|
||||
.cyn{font:bold 24px 'Courier New',monospace;fill:#00d4ff}
|
||||
.amb{font:bold 24px 'Courier New',monospace;fill:#ffaa00}
|
||||
.badge{stroke:#00ff41;rx:14}
|
||||
</style>
|
||||
<rect class="bg" width="1200" height="800"/>
|
||||
|
||||
<!-- Title -->
|
||||
<text x="600" y="52" text-anchor="middle" class="title">GDB vs Ghidra</text>
|
||||
<text x="600" y="88" text-anchor="middle" class="dim">Static vs Dynamic Analysis</text>
|
||||
|
||||
<!-- Left Panel: GDB -->
|
||||
<rect x="30" y="105" width="560" height="675" class="pnl" rx="8"/>
|
||||
<text x="310" y="148" text-anchor="middle" class="sub">GDB (Dynamic)</text>
|
||||
<line x1="50" y1="163" x2="570" y2="163" stroke="#1a1a2e"/>
|
||||
|
||||
<text x="55" y="205" class="grn">Live analysis</text>
|
||||
<text x="55" y="240" class="txt">Program is running</text>
|
||||
<text x="55" y="272" class="txt">on real hardware</text>
|
||||
|
||||
<line x1="50" y1="300" x2="570" y2="300" stroke="#1a1a2e"/>
|
||||
|
||||
<text x="55" y="340" class="cyn">Capabilities</text>
|
||||
<text x="55" y="375" class="txt">Set breakpoints</text>
|
||||
<text x="55" y="407" class="txt">Read/write memory</text>
|
||||
<text x="55" y="439" class="txt">Modify registers</text>
|
||||
<text x="55" y="471" class="txt">Step instructions</text>
|
||||
<text x="55" y="503" class="txt">Watch values change</text>
|
||||
|
||||
<line x1="50" y1="531" x2="570" y2="531" stroke="#1a1a2e"/>
|
||||
|
||||
<text x="55" y="571" class="amb">Best For</text>
|
||||
<text x="55" y="606" class="txt">Live modification</text>
|
||||
<text x="55" y="638" class="txt">Runtime behavior</text>
|
||||
<text x="55" y="670" class="txt">Testing exploits</text>
|
||||
<text x="55" y="702" class="txt">Verifying attacks</text>
|
||||
|
||||
<text x="310" y="755" text-anchor="middle" class="dim">Needs running target</text>
|
||||
|
||||
<!-- Right Panel: Ghidra -->
|
||||
<rect x="620" y="105" width="550" height="675" class="pnl" rx="8"/>
|
||||
<text x="895" y="148" text-anchor="middle" class="sub">Ghidra (Static)</text>
|
||||
<line x1="640" y1="163" x2="1150" y2="163" stroke="#1a1a2e"/>
|
||||
|
||||
<text x="645" y="205" class="red">Offline analysis</text>
|
||||
<text x="645" y="240" class="txt">Just the binary file</text>
|
||||
<text x="645" y="272" class="txt">No hardware needed</text>
|
||||
|
||||
<line x1="640" y1="300" x2="1150" y2="300" stroke="#1a1a2e"/>
|
||||
|
||||
<text x="645" y="340" class="cyn">Capabilities</text>
|
||||
<text x="645" y="375" class="txt">Disassembly view</text>
|
||||
<text x="645" y="407" class="txt">Decompile to C</text>
|
||||
<text x="645" y="439" class="txt">Find functions</text>
|
||||
<text x="645" y="471" class="txt">Cross-references</text>
|
||||
<text x="645" y="503" class="txt">String search</text>
|
||||
|
||||
<line x1="640" y1="531" x2="1150" y2="531" stroke="#1a1a2e"/>
|
||||
|
||||
<text x="645" y="571" class="amb">Best For</text>
|
||||
<text x="645" y="606" class="txt">Planning attacks</text>
|
||||
<text x="645" y="638" class="txt">Understanding code</text>
|
||||
<text x="645" y="670" class="txt">Finding targets</text>
|
||||
<text x="645" y="702" class="txt">Mapping functions</text>
|
||||
|
||||
<text x="895" y="755" text-anchor="middle" class="dim">Works with just ELF</text>
|
||||
</svg>
|
||||
Reference in New Issue
Block a user