From f82b2dd1473dfa41a4e3477a3a37651557ff6670 Mon Sep 17 00:00:00 2001 From: Ward Wouts Date: Thu, 16 Jan 2020 15:05:49 +0100 Subject: [PATCH] Improve stack description & intro --- Stack.drawio | 1 + Stack.png | Bin 0 -> 12169 bytes index.html | 24 ++++++++++++++++++++++-- 3 files changed, 23 insertions(+), 2 deletions(-) create mode 100644 Stack.drawio create mode 100644 Stack.png diff --git a/Stack.drawio b/Stack.drawio new file mode 100644 index 0000000..8f86748 --- /dev/null +++ b/Stack.drawio @@ -0,0 +1 @@ +7Vhfb9owHPw0PG5K7JCEx0LLpqmTqlVatafJiX9JrDk2MqbAPv1s4oSEpBqryqgEEgLn/Dd3lzPxCM/KzSdFFsVXSYGPkEc3I3w7QsgPEBrZj0e3FRLFuAJyxahrtAce2W9woOfQFaOw7DTUUnLNFl0wlUJAqjsYUUquu80yybuzLkgOPeAxJbyPPjGqiwqNx94e/wwsL+qZfc/VlKRu7IBlQahctyB8N8IzJaWuSuVmBtySV/NS9Zu/UNssTIHQx3T4cXP3hf28f1iKp+2tf5supvPnD76T55nwlbtjt1q9rSkwC1/YIpXpqtxNNl0XTMPjgqQWXxvlDVbokpsr3xQTuRIU6H1SA8tKV++jF8SRH02ab8PCNGOczySXajcdzrIMpantpJX8Ba0aGibhODQ1bs2gNGxeZMNvODbmBFmCVlvTxHWInCrOlkHgrtd7kf1auaIlMKobEmesvBl6z70pOPr/RQo8IEXILd2UPZtibovfiWIk4eaRcHVmrlb1QI+5IiVYbiQTGtTR/b6BXilh75RSBctmwkQddjoc6sA/qnKD1f/v1jkwAx1DTIMhM8QoweGZzdA87G9vhqBnhofqdkyGrUSqmRQ9og0BustmlzUhBRxQ7CDCWS7MZQo7i+CppZOZFLxxFSWj1E4zKF9X4DfQo8nMWpC4L0gw9HCeTI7xhcYkit9fTobXnDxTTr7aDScMyuiSgzLA7y0o4wsNymDy/oJycg3KMwXlq91wuqCsb+LqhrYbCMTZYDaEaQxJdpptE6Nj3XCynK5jueWGWcE4vYhd8/D1Akdn3jVR/21v3qjggaA9Ldoi1OdKlh1KlkVD1fG011tyucntMd7H6uQMVb922O1ut7XpuDvaC+zwQuq0cFP19lwIX9hzo0nivdW/H6+rIxoPPFfegJDRyYTsvye2hDTM86uSQ0r68f9T0lzuD113da2ja3z3Bw== \ No newline at end of file diff --git a/Stack.png b/Stack.png new file mode 100644 index 0000000000000000000000000000000000000000..677cc9513385dfe4c2342f80ef44bd041fb93900 GIT binary patch literal 12169 zcmeHtcTf|`zi$+epdiSxAVNUps3t#Q=eXl0ZmE0SQ(RrAo7bidaAa z6-7{pf=Kg#f{0S3N$(v3yp6#5ojdQ}_h#r5uu-S2+ue)qHA-N_|ObJVu2d$&R$ zkZneWde#ugMkoZbA%|}>7+Hz*+60085lPX!6Y%o)kzqsH}HT zNr^_I$$OBoGIG($_8q9y8>3Bp)c zpRQL1`|8{lh)rC>dc2^gd?SUbASeqJ9wT&5cES^l! zcE>5%BWWZHPb&kg1r4ERi$)Vo%?*4NX})MN>x>4Fx;q2Qy(u2OPn^{ z*o|Rn>5U2?&;rcqNEHwg0~#&R^q`VXfTO27=-K(2SW^*3I=)s|ygP-VqiU{d#5Bg* zQ*EeremWF}jUAX|Zi95Bf?u?GV4$s$p%q=(R>d7-sf_njQuTxpO#Fd7C5q>@@@Nb_~0cvD~jNV1I&O&7$`z`@8L;~zkwo16P8Vr@oBpUp+fF zl8=8NSs5%e)!GORH-y<}t5QsWZjf9$-Ug~R)`p5oST|KmU2~L$JCk99!Fs!UFv&({ z{#YW#-x#B+gH^<$2yS=_Ju8@7pput4ijH$MGY_)RbMwz#tu8I1{1hZ(&IW=2}~kRE_j8My4K0XiG;5!HpE; zNw7EaQNdxY-3{&h$i8kcD7lKPKp}(h0XjrH$uq#i zhk+uaZ36tPt&k)yMICA&#m|?C#_L$qtq{6;y7o2*Ge;{Df&k3W_4jwQa5ONb(+zCw zyiJ^cMC`fzh^WsEL^XmZS(inB-AyX&h2Ip951fgnAYwvPu<+1rjADJ58t za)7s&7gif->OmsFEIdqn@h}r#A3G2ulp+j9VNl(P6f+NmA)IPuX6J@fQnG+iDF}=| zRWAsu3oKyLtf&Es?go}Hq%X|~gTymQibO(?hdmH)2nQ3$Ms$*;rGY2T%UI8v;b0pW z#K0-x^=!>l;Zz$dMKWB~6KSjH%cSbTV9Fj?C2y=UQ(1?`1rqKD=rCBvk6&N{`fISO ztlygUJOTpQ2Qkvqwx!=3zSSBd-kX>c)aDWxbpGt82i!CfWyjR=krpH+0Sa+|>OQ`$Hjv zJZt1Z=vk#&FyQmY+CaL1_O;&aT4683NU>Xuc`0YD!f$^BX1&e*A$IR<-G*By-1(~1 z!{;^#@T`R;@8T&w(EoC7m0{!Xe(6b|(vo+LZoMY)=r0rcq?KPs4#m6u67ufUho#ps zq#u76qfkc3on(RVIqe;D7fH8yGSbr(H%*uB4+Ua6#QIM3_el%9Q|Z{Q^>AbR*fz>- z3T5ZTQ%(L6lJ9?r6`v7Ih>kAVZYn7_eh%`_bnP2}9Kj{;{zcB?2Uh-v+Uy_U+V&sj zJfZNp9{zQ5y5PHlbHVqdBhl9uzQ;6#mru#C4(VGxrnmLmFZ=qI%DRNV$mViXN*DJG zIXYi-RtTBo1xDi&qXA>QPzrtf%l+vI(c1;btNEkq;?jMn4q1V7KY6*HI;d6Um$` zD;%~?jLv>-=Q3J|dmkKJa{B9lc=3E#-Dj&NOSMkcw^H|DvC)%lel4tlE!TjCsMjIf z0SR-g1CV+%vsa)Lrf$*j3?&EUE`5RGNZsc{jaAjs$UH{(@v*UaD*McEsm{dy(f9Muy@Du z4cAiW0e&esTRGCs-m|33;?~VZ(oiU_C0Oku^n4F?mrzOOqD9EyjXKuArMS&l!<9#e z?Y0F^Ye3mdYfsvWAd7+Yx*4q2^wSY}F3HN??(2&OJnd>iAii{I=%eL@NOt>_^23n( zT|KOl;E$r8rt9wXIFhn>e6GDG=sLkMU)IQ?0MyJBp5iZ({#(9(lc%<^T=qETg` zz2{5SAAD?I%rbvYX<1ZR((0<8x)wXpmndJbn-%?+x;^^Q5msw6y*;xw`0-NTu8>Ix z(0orGIvywKBYM7LFqWQsaWRqCJY;3!@Ibied1|d_q`{tn9`=yIaf@=c_-qbjPy90q zrSipulFkNEPtgw8j`oH7rodw#bqn5N#u>0!s=9YiC)LK%=VCq-&A;0dQi}M*9o}>H zr9<)V_o&+F;QG=%ZxJCpP~gmk{rF`6hU&5%D}gOHpdU7^=cxcU$tC`kllg`(iZ&8^Kc!0903|lK{l^rLli(CCZzPtKiIM_yl;bm z&>B)0h@J)J<-*sos_oZopLJP-t7Oe}^4DMF!F6(}AXoDq=sHj;bL~38yWZW)m3@01 zl&)XoYVJF`W=P>LQ44DjciWo}_rVbsRjXX2a!I}KL$1C4HI0OquUPw`Lf|QB%_oj4TY$IX*+LI<^%y3 zFPOG5L9qP}1p6U$2+6xP z^hl&zAMVX*x?SYm*hdu|iKr+I26<7r+O?fMzkxyQy*$xUBa$H<*>nEDpOIBdHzYCg!U5Qa!A`H* z(@#pc77rKPQuvw_O&9I4-r2r8>2uP0E`54gH{O?2-n0C-(BrxC;%q};SWp4w%dU%s zD?k|E*ehC4CtpO5tPe33Y{%+0bN&va@?jh>LWl6z%B_!yPYl`6El8TN<;1_sJ3 z7YO*VF}Sc-(T1#FVG=(#d6c; zq9W_rSDESdCGMM{MSrp{{HawO75?4&*A{(?>6>QOjn2xjB}d=&%`R52Y`?IG819dl zO*J()_jFa`%iy_fW~uh}rgre*&P6a58By`&OTte5rvu|XxH8-!^^0}dAkf2MbsK&P zOnx<**Bo!8W~6%;BnayCL-0Zgf_wN&NBS`){d{RVE^Q$--n;nE)>hno=+L2~TJvX>Ln#3 z0OO7wJ8sECJ96vEO+g=Ora7kP1TQ~PqpAVJo4IRZ=&aU62{O+DZH_iTmQ&&x=^@C4 z?-v$KKGn*%I23<13OO0F;tx%jTi%bZmHaB_;>i#)ZP>!D61ggq<|O+VHK(R|lF*=r zE&@On76ja~JasceYB^kUxm=@o)9F`FLJB9ws3DK$fzawt_D@bW;D!g2tTZ*4^C|=5 zfr+z}FHdY51_7?&4|AbVR;%7>HYTM0U|;oxdmL&*S$ik0tkLX<0=xg&%(xobnJ+tp zT{w+*d@%8gNrB7sq2Pg3@sp81rv{HedlK4135AbOqm3RGb}u=apc>Sy)F6digggUJ zh`w*~Ddz=6AW(DxEANw2@F1Od3oKD9fZocKl$6-JbK!#z@WN>fO3L6X%%}Tx!lMot zi~b0Hoi{BL`?JlGUkFw2nNfzGGe*^~%Z(R~JOf8RI4+6slZFO-=97GUW#x_wSk(MR zXri?|v`5M|GwCyB%DBGm+AF&4lN})Z$Mby1=fpZ$;x5eogGVBN?l^s+`jZIAoTH?>a|?Ce_npyF`rw)xtrxaZiH3q&VqXAHVBo$zv7Bqj^6;ZX6(ws`OvI zdNqoaW9!@$n$jz}%eZ{55u6L3LZzXxS6(DUXEtZH8607;KK;?ILm)6EwvlC_NN{*@ z503b_yOfA8tk}GPiQnpB73T3Cw{K^d|Cfqf+`bT~WYM2V z(2@M4bo)YUwW{!knuR^%J@sieYG4VRx#pZ0sIx*J%A7fSK8OAEDdNke{LUQ_yY#0U zT&f9$@qQssQgRWR0qS1XxR zaUOo*y)=;Raq@*rM=>=Y4VXrH`3D{3k>`l%tD7cl6G{SQtBk9?VY_s`j0|z%@cl9`%6z2=R2i*JFS)b;Ksaf z=YT)bZ$*tx|E?ka2bNa4<5LQ3srR&f8tuU|&YkM9sR6ad@tS4zY)-Ve^IVGRwv5uv z>Jw1)XB%Qb6&a_!Ckg%|ZuCdoHhTB*glK`1+&n3qx&_C6=?npfl)VAo6Qf z$M_6*V>rQIGV6rlcuonawHPhYHW9lJ*pnBxUxR)grKm>lZcn#Mj85m5tiBi}<}o<) zq}r9#^u{P?sAd20ppn?S(n&kuA#-Kl@)-3K2A2_*tz9KcK**;FKR|xiS~0Fv#Xdjo zhZXhP!d>hVsXb8jiBYRTXLu@@>gnh2wxGDn4f(}&5#Ne&L_4Pw)9oKj=K20!Yn4M>4ceB z!OdKkp62FP$NB5dq3D~^&!Ltzym9?}uk&=W9yiCHgOfo;d>vN+yNFBBdgqi3hnsOX z#6O`*ip~uvxqPxMV<*edD<#Tl`jtO>f;ViSO_x6k)!%;@SXDVKqtcyp#iK7Fi2sOc7Z_7zW7{07<9==?(Qw+?rHS{ zY7$mzHy`|6sd-{%Dh#?|u!Jx)MjBdEe;@0x%rAGpeKcq9eY4VM-eXF# zTO>M!2_%3a_xMYnsc+|9x?ndOs#F@!6+Uwj2rpET<>@FTqD!qkdLB%d4g>18oqsxc>4{^0W;I`_2+{?UX{`+NzrLEBKMwcmeH9<0{cJRm>+ zIyK74oI$g1D7+Bm^uj7r9`@!dXqXF_Xn}CN>-!PMigC138<3BGo*Je85y#2`nXcgt z2llvO7BYtO$B-Nk zkCrM4sQ6i@-NtJG(=s;3j8$AkIi$wr^^1Hu`Qeysm+L^X3)3j_?t+J|S@P#>M>`HR zr!kAeFIUW(TUM-9-bz;gy#aRW`?F7f)Zi zdDFK=&WTzuf=%_Z9m8`5!LI*O*8S5eDMRW31&0v~z7;+(+l6&-NviNq9{dX79))8O zeRREke+g2l^}S^tfAnlxO3EI30dX7msN;)?h(;v{_Er)w6C!)Ln`k(S39i@lon9%k znVIHim1=hCFEuP)C;FUhQj{%SDIYx|q%2!q4K9~;gVP2~g+l()KVzCiKq{)&jT;tG z5`?xeLEcqAxPg<3@sf(UOpmzm4!yJN`bFHF+Fvd~uUt9m<9_3_ui>)e51oO=5-BJ* zt23kQ8`Mf0#o)v}1A2$Yx10pg8esOQI3pEh54+gS)B7g;dZ>hj`DppanlFeP$78MV z0fUQE|K!5QS&Bemi8CYpt6%q+de8HM2IoqJ$FAS}dt`X+p4h)4wXX7)Fq2r1Hn)Dr z9ooE(gi=>)Dd(HB96jf^(n^Wlg~~Y%&`GCh>MPe)hwjXpsokKWo+{v0)UrWUU3sFQ z=2*|b_~Cv&8HxPtu>%P<#n)XTqe3WmmaEQC#SXW{n&l@V$PKmj)ZlubQep@3%sNIJ zFU%M-l0T1VoXhb~_Lf3um_K(A3`D=vW?#8(c9mO{tnEbUc`r4%Ut8XQM&5my7POp< zicVCNc#eGtdz%>IF;h}LROrdT%ZWmjrI3!h+CAGulN@L_KKwf>AhNk7>kLCxn! z%M?86Ll4D}ZMhwcu5Ev6vF6GI#0o}UW=6G4O_rtMqgj`@f$`P)ConaJ1M0u4qW___ zV3G;%IMlHARX*&Ul+cx6v8z)@qKjs3S0tk%>cxYH-v!jh$^KI=1IoUP(%|3q_U~K9 zf3v$4Ry4l@0@;$y{V%}pE8g#m?eFXS??;UPjZZh>+QlyFvNU=2;e3TRGTdKR1qpcj zzwU{`8Sc=6znwD!`uts|oAWlvl@5#Uk9YjYH(TBWnG+S9j^D<%hp6Eq&$r%f8Chg`}1zgE3%XPEhbuX zBATHt*{5gt3xa!2b^Y7xXA01K`8QI@F{AOy;i>WNIU3Rr zgow%QHA6`XB7)V!87B9|C>XAf+%8FrVP!7)Ccn)~P~#w%=cGuR!;61EZONLH*KxAQ z9eu2;Hls@?qDNZ~^lEY*$<|25zRpknP_*>5thL$XnJVi<&FQ%};_a{X&5LGv3jC)S zV8IiygiY($iifH*P3NACVO_ItF&IM%p;b=DC!fi3S_S8)T8-u@?UEHGPt&SjT$YRq zUi_=0sVv3=`%?i&Tw%Lo_MSm4zm*CetB}OSL}rxPkUQ$x@ix4nlpGwC;kdgusJc~# zy?61V=s{Wz$C%qMkg}*gOwu^?Aaq)?yW~s-T zVx#)R-*ufgca9^7t*@k$wSrA*I15_UPa7pc_+D0KTuZB*u62cJrP7|vGsknCRyex~ zR3?>?f%xX4=@qtCQgvF86dt2?v^U?A6^_$&PzII*XebZcqN6zw+d!=9un0r=otM45gJQ zb9h-NJ8fwYorZBH5uNEM(D5lCcPeyWjtM>58?7$)K!{`Mxl+rH+cC;1zIl4ZqPw$2 zhP*U!CFJz1T~*_j6Mv|01h0?-^18{gZ%P&-?FVFx>Qo*nFBF4=PEIf;ex zY@>He*7(olvp|-qAMq0OyZW5H?2epWX2lmQvG(=0t;CRL8d5*k<|{iDk)ed13bT&$L{@U+f`9`sRAsI;YP5AK8W8nE(I) literal 0 HcmV?d00001 diff --git a/index.html b/index.html index 5418b18..7a8788e 100644 --- a/index.html +++ b/index.html @@ -148,9 +148,13 @@ layout: false ## Introduction ] .right-column[ -- C is full of holes, let's get to know one. +C is full of holes, let's get to know one. -- Old skool, so no OS or hardware protections. +Old skool, so no OS or hardware protections. Which today is mostly relevant in IoT. (Remember, the `S` in `IoT` stands for Security.) + +Stack smashing is making use of a buffer overflow vulnerability in code using variables on the stack. This type of vulenrability has been known for a long time. This attack was first properly documented in Phrack #49. + +.footnote[Phrack #49(http://www.phrack.org/issues/49/14.html#article)] ] --- template: inverse @@ -171,6 +175,22 @@ For x86 systems the stack grows from the largest memory address up. .footnote[Borrowed from [wikipedia](https://en.wikipedia.org/wiki/Stack-based_memory_allocation)] ] --- +.left-column[ +## Say wut? +] +.right-column[ +Whenever a function is called a frame is added to the stack. Whenever a function ends the frame is deleted. + +Such a frame consists of variables, a stored stack pointer and a return address. +] +--- +.left-column[ +## This is not helping you know... +] +.right-column.center.middle[ + +] +--- template: inverse # How does this work? ---