CalvinBackup/Embedded-Hacking
1
0
Fork 0
mirror of https://github.com/mytechnotalent/Embedded-Hacking.git synced 2026-04-01 09:00:18 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
Embedded-Hacking/WEEK02/WEEK02-03.md
Kevin Thomas 1457a4bb8e Refactor E and S
2026-03-19 15:01:07 -04:00

2.6 KiB
Raw Permalink Blame History

Embedded Systems Reverse Engineering

Repository

Week 2

Hello, World - Debugging and Hacking Basics: Debugging and Hacking a Basic Program for the Pico 2

Non-Credit Practice Exercise 3: Examine Memory Around Your String

Objective

Inspect the byte-level layout of your injected string in SRAM and correlate bytes to characters.

Prerequisites

  • Pico 2 connected with OpenOCD, GDB, and a serial monitor ready
  • build\0x0001_hello-world.elf flashed and running
  • Ability to break before __wrap_puts at 0x1000023c
  • A payload already written to SRAM (e.g., at 0x20000000 from Exercise 1)

Task Description

You will use x/20b to view the bytes surrounding your injected string, decode the characters, and confirm the presence of control characters and the null terminator.

Step-by-Step Instructions

Step 1: Connect and Halt
(gdb) target extended-remote :3333
(gdb) monitor reset halt
Step 2: Break Before puts() and Run
(gdb) b *0x1000023c
(gdb) c
Step 3: Ensure a String Exists in SRAM

If needed, re-inject a payload:

(gdb) set {char[14]} 0x20000000 = {'h','a','c','k','y',',',' ','w','o','r','l','d','\r','\0'}
(gdb) set $r0 = 0x20000000
Step 4: Examine Bytes Around the String
(gdb) x/20b 0x20000000
Step 5: Decode the Output
  • Map each byte to ASCII: e.g., 0x68 ? h, 0x0d ? \r, 0x00 ? \0.
  • Note any bytes before/after the string to ensure you did not overwrite adjacent data.
Step 6: Resume Execution
(gdb) c

Expected Output

  • A byte dump where the sequence matches your string (68 61 63 6b 79 2c 20 77 6f 72 6c 64 0d 00).
  • Confirmation of the carriage return (0x0d) and null terminator (0x00).
  • Stable program output in PuTTY after resuming.

Questions for Reflection

Question 1: Which bytes mark the end of the printable string, and why are they needed?
Question 2: How would misaligned writes show up in the byte view?
Question 3: What risks arise if you overwrite bytes immediately after your string?

Tips and Hints

  • Use x/20bx if you prefer hex with ASCII side-by-side.
  • Keep the dump length modest (20 bytes) to avoid clutter while still seeing context.
  • If the bytes look incorrect, re-run the injection command to reset the buffer.

Next Steps

  • Try viewing a different address (e.g., 0x20001000) to compare layouts.
  • Experiment with longer strings and observe how the byte dump grows.
  • Move on to Exercise 4 to automate the hack workflow.
Reference in New Issue View Git Blame Copy Permalink