REVERSE ENGINEERING A BINARY 1
DISCLAIMER
Through this paper I am not encouraging people to hack, destroy or steal anything, you must comply with laws and you shall take entire responsibility if you use this knowledge for bad behavior. With great power comes great responsibilities. Reverse engineering is not always legal, check EULA/laws in your country.
THE CODE
In this paper we are going to go over the reverse engineering of a simple compiled C++ binary, if you look below I have included the source code. This program will check user input and compare it against the string 2512 , if it matches you get the printout “Correct!” or if your wrong you get “Incorrect…”:
REVERSE ENGINEERING A BINARY 2
DISCLAIMER
Through this paper I am not encouraging people to hack, destroy or steal anything, you must comply with laws and you shall take entire responsibility if you use this knowledge for bad behavior. With great power comes great responsibilities. Reverse engineering is not always legal, check EULA/laws in your country.
THE CODE
In this example we have a bit more complicated program which assigns two integers to varibles then performs a multiplication on them to get our code :
PYTHON FREQUENCY ANALYSIS FOR CIPHERS
Frequency Analysis is the study of the frequency of letters or groups of letters in a cipher text.
Using Python we can extract the count of letters, bigrams, and trigrams, lets have a look shall we:
$ ./frequency.py --help
usage: frequency.py [-h] [--letters] [--bigrams] [--trigrams] msg
positional arguments:
msg Message to count letters in
optional arguments:
-h, --help show this help message and exit
--letters, -l Frequency of letters
--bigrams, -b Frequency of bigrams
--trigrams, -t Frequency of trigrams
Lets go ahead and enter a simple sentence and do some testing:
WACKY PYTHON IMAGE CREATION
The other night I had a wacky idea of extracting each pixel from an image in order to save it as a plain text ASCII file.
Of course this is not ideal and can take a bit of time, but like most things I do with python its just for the fun of it.
I figured the easiest way to achieve this would be to use Python’s Image library and save the output to a serialized pickle text file.
CLEARING VARNISH CACHE WITHOUT RESTART
There has been a number of times when I’ve needed to clear the Varnish caching server’s cache, but had no clue how to do this. This resulted in me restarting Varnish, which really wasn’t needed.
The easiest way to clear the Varnish cache (without restarting) is by using the varnishadm command line tool:
varnishadm -T 127.0.0.1:6082 url.purge .
The man page for varnishd shows a number of command which can be used with varnishadm , but the one we need is url.purge:
PYTHON RUNNING SYSTEM COMMAND
So there are a few ways to run system command using python, but I tend to find the below approach the easiest to use and has error handling.
First off I would create a function rather than running the commands over and over:
import subprocess
def run(command):
'''takes a string command and hands back a subprocess object'''
process = subprocess.Popen(command.split(), shell=False, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
process.wait()
return process
The function itself is pretty small and makes use of the subprocess library .
CREATING QR CODE WITH GOOGLE
So today I thought I would be neat to show how to quickly create QR codes using Google’s Chart Tools .
Google gives us a extremely easy way to create QR code by sending GET data request via URL: https://chart.googleapis.com/chart?cht=qr&chs=300x300&chl=nessy That is nice and easy, but I figured I would wrap this up in a small Python script just because:
#!/usr/bin/env python
from urllib2 import quote, urlopen, Request
from poster.encode import multipart_encode
from poster.streaminghttp import register_openers
import sys
def create(width, heigth, data):
'''Builds a URL for Google to create us a QR code'''
# build and make URL request
google_chart = 'https://chart.googleapis.com'
url = '%s/chart?cht=qr&chs=%sx%s&chl=%s' % (google_chart, width, heigth, quote(data))
request = urlopen(url)
response = request.read()
# write QR code to file
f = open('qr.png', 'w')
f.write(response)
f.close
return 'Wrote qr.png..'
def read(qr_file):
'''Reads a QR code by URL'''
# post image to decode page
register_openers()
datagen, headers = multipart_encode({'f': open(qr_file)})
request = Request('http://zxing.org/w/decode', datagen, headers)
response = urlopen(request).read()
return response
if sys.argv[1] == 'create':
print create(300, 300, sys.argv[2])
if sys.argv[1] == 'read':
print read(sys.argv[2])
Basic usage works like so:
BRUTE FORCING SALTED PASSWORD
Since my last post showed how to check a salted password, I figured this time we can look over some example code for brute forcing a salted password. Of course this is just proof of concept and should not be used on any password you do not have access to.
The code I tossed together is using a bit of some examples I found online, and is no where near optimized for speed, but as I will show it will work.
UNIX SHA-512 PASSWORDS & PYTHON
Well today I spent a bit of time looking up how /etc/shadow created their shadow passwords.
I found a good source for the method at http://www.akkadia.org/drepper/SHA-crypt.txt , and if you take some time to review it you will notice the steps are a bit involved
Lucky for us Python has a Crypt module that works nicely.
First off I started by creating a dummy user with the password of test on one of my Linux computers:
WORDLIST WITH ALL POSSIBLE ASCII ELEMENTS
After a bit of thinking I believe I have a better way to create all possible ASCII pass phrases, rather than create a recursive function that calls itself as I did in the previous post.
This method takes a slightly different approach, but I believe it to return the same results.
First off let’s create a list of all lower case ASCII character numbers:
>>> chars = range(97, 123)
>>> chars
[97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112,
113, 114, 115, 116, 117, 118, 119, 120, 121, 122]
>>> map(chr, chars)
['a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p',
'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z']
Next we can set our max word width and current word width variables: