Buffer Overflows pt. 1

Posted on 7th May 2011 in Tutorials

From a book I’m reading called Hacking: The Art of Exploitation, I recently learned what a buffer overflow is, and how it can be used to make a program do something totally separate from what it was designed to do (such as run code that spawns, for example, a shell prompt with root privileges). A buffer overflow is the result of a character buffer in C being filled with more bytes of data than were allotted to it. C doesn’t have any measures in place to stop the programmer from accidentally (or purposefully) overflowing a character buffer, which means that if you put ten bytes (characters) into an 8-byte buffer, you’ll see the entered values actually overflowing into variables that are next to the buffer in memory. Example:

Let’s say you declare two 8-byte buffers, one after another, at the top of your main function, like this:

char buffer_one[8], buffer_two[8];

What is this line of code actually doing? It allocates memory that will be used to store two buffers. The buffers are actually located right next to each other in memory. buffer_two might be located at 0xbffff29c, and buffer_one might be located at 0xbffff2a4. The reason that the second buffer is at a lower memory address is that the stack structure in memory that contains a function’s variables grows up toward lower addresses, rather than down toward the higher ones. You’ll notice that the two example memory addresses I just gave are exactly 8 bytes apart (a4-9c), which is due to the declaration of buffer_two as one that would be used to hold up to 8 bytes of data (buffer_one is also 8-bytes long, with the allocated memory ending at 0xbffff2bb). This is fine if nothing longer than 8 bytes ever gets copied to these buffers, but in the event that it does, it will cause a buffer overflow.

Say that we used strcpy() to copy a command-line argument into the space allocated for buffer_two like this:

strcpy(buffer_two, argv[1]);

We could run the example with different values for buffer_two just by adding them at the command line. Something like

./a.out AAAAAAAAAAAAAAAAAAAAAA

where the long string of A’s is the set of characters that will be copied into buffer_two. Remember that since the second character buffer is located at a memory address lower than that of the first one, any characters beyond the eighth in buffer_two will overflow into the next memory addresses, which happen to belong to buffer_one. If, after copying the argument to the buffer, you were to print the contents of each buffer with

printf("buffer_two is at %p and contains \'%s\'\n", buffer_two, buffer_two);
printf("buffer_one is at %p and contains \'%s\'\n", buffer_one, buffer_one);

you’d see that both buffers contained some part of the argument string. buffer_two, located before buffer_one in memory, has overflowed into buffer_one. We only ever assigned the argument to the second buffer, yet part of it appears when we print the first buffer. This is the basic idea of a buffer overflow.

Check back for more in the next few days. I’m going to explain some more, including how to use a buffer overflow to divert the control flow of a program to different sections of the existing code. Thanks for reading!

comments: 0 » tags: , , , ,

From my brain to yours

Posted on 7th May 2011 in Something Daily

If you were to ask why I haven’t written in a few days, there are a lot of possible answers that I could give you. Most of them are true, except for the one where I tell you that I didn’t write because I was held captive by samurai – that one’s not true….yet. Among the more “real” responses to that question are “because I was moving from my dorm to an apartment”, “because I was completely caught up in trying to learn buffer overflows and wouldn’t rest until I could get one to work”, “because I felt that I had nothing to write about” and “because I was taking finals and writing final papers”.

I’ve been doing a lot of thinking recently about how I want this blog to go. I seem to be leaning in the direction of making it much more tech-oriented, despite the fact that certain sectors of my psyche get very angry with that idea. I’m not worried about those sectors, though, so I plan to start doing a lot more tutorials and writing about technology in general. It’s something I think I can do well at. For close to six months, I’ve used this blog basically as a place to dump all the thoughts of a day out of my mind, a process which, while being quite therapeutic, probably yields incredibly uninteresting reading. Not that I’m just in blogging for the popularity – readership really isn’t my primary concern. But I’m realizing the power of the blog platform and that it’s totally within my reach to do something awesome with it.

So with that new knowledge (or assumption), I’m going to attempt and change the focus of this blog just by changing what I write about. Expect much more knowledge to flow forth from my brain to yours.

comments: 0 » tags: , , ,

[insert name of beatles song here]

Posted on 24th April 2011 in Something Daily

Yesterday I got the first comment ever to be perpetrated on this blog that involved a positive reaction to one of my computer tutorials. It was the one where I explain how to make the keyboard backlight buttons work on Macbooks running Ubuntu. Surprisingly, someone actually followed the steps and it worked for them! Unexpected, for sure. Yet, of course, totally awesome.

I spent most of this wonderful afternoon in central park with my friend Sarah, just chatting and enjoying the very nice weather. I would have felt awful not spending at least part of today outside. I was tempted to wear shorts – that’s how warm it was, you guys. I got over my fear of sitting in the grass in new jeans, and I was reminded of the Tower of Terror by all the buildings surrounding central park. You know, they kind of look like this when you’re in the park and there are trees blocking the lower portions.

At least that’s what I think whenever I’m in the park. It reminds me of when we went there, and I rode that ride for the first and last time. Falling straight down isn’t really my thing. I like falling sideways, or forward.

I continued learning assembly, C, and as a result, memory architecture, today, and learned an interesting lesson in the process. Of course, this makes total sense, but I had to learn it firsthand. I’m following a tutorial that uses Linux and the GNU debugger to step through programs and teach assembly, and I decided to try it on Mac. I downloaded XCode and started running all of the tutorial examples, but soon found out that all of the register names are different under Mac. EIP wasn’t doing anything for me other than causing an unknown register error. So I examined the registers, and sure enough, they were all totally different from the Linux ones. I’m sure they have similar functions, but for now, I’m sticking to Linux, because that’s what the book I’m using covers, and it covers it very well. Interesting lesson, though. I also noted that the memory addresses that my Mac was displaying were twice as long as those on my Linux system, which makes a lot of sense as the Mac has 4GB of RAM and the Linux box only has 2GB. Hooray for learning.

Maybe I’ll go watch a movie tonight. Maybe I’ll just keep coding. Both are fun.

comments: 2 » tags: , , , , , , , , , , , ,

Grandpa Jeff Bridges

Posted on 29th December 2010 in Something Daily

I was afraid this would happen. After only a handful of days off from school, I’m already feeling way too lazy for my own good. I like to think of myself as a pretty hard worker, and most of the time I don’t have any problem believing that. Right now, though, I am being extremely lazy. I think I watched more television and movies yesterday than I have on any single day of the last year (video games not included, obviously – but that does include the Lord of the Rings marathons). I watched Bill and Ted, Yessongs, True Grit in the theater (which was incredible by the way) and Audition after midnight. Let me just say a few things about those last two: Jeff Bridges is one hundred per cent the man, I didn’t really want to see that guy get his foot chopped off, the scene with the two guys in the cabin was awesome, and Audition was a lot less scary than I expected it to be. Even watching it at 1 AM didn’t really seem to make that much of a difference. I mean it was definitely gory, and it was definitely an interesting head game, but scary…not really. It’s a Japanese film from the late nineties about this guy whose wife dies and he holds an audition to find himself a new wife – it starts out pretty light and almost romantic-comedy-ish, and at certain point pretty quickly devolves to some classic horror incomprehensibility. It may be due to how tired I was, but I still don’t really know how it makes sense. I just need some time to wrap my brain around it. But it was pretty awesome, regardless.

I don’t watch scary movies too often, but one thing I’ve noticed about the ones I have seen is that a lot of the fear that I get out of them has depended on how scary I expected them to be. Maybe that’s just me, but I feel like horror movies would be a lot less affecting to me if I started watching them not knowing anything about them. I really think the genre depends to some degree on that anticipation and assumption that’s performed by the audience before they even sit down in the theater.

Instead of watching movies today, I decided to make myself a bit more useful and fix my mom’s ancient laptop that ran Windows XP but a few hours ago. My dad insisted that I use the upgrade DVD he bought to install Windows 7, but of course, due to my growing intolerance of things made by Microsoft, I spent a lot of energy attempting to convince him to go the way of Ubuntu. I tried to highlight the increase in performance the laptop would experience once being wiped and reinstalled with Meerkat, as well as the OS’ resistance to viruses, a problem that the computer had run into far too many times in the past. So just a few minutes ago, I managed to convince my parents and I’m now working on the switch from Windows XP to Ubuntu. I’ve never used Wine before, but that’s apparently what has to be done in order for iTunes to run. It’ll be an adventure. Anyway, that whole thing (backup, installation, and configuration included) has given me a nice big project that’s filled most of my day.

I’m seeing the Wu-Tang tomorrow in Philly! That should certainly be interesting. Until then, I’m going to be enjoying my break and chilling….so very hard.

comments: 0 » tags: , , , , , , , ,

Afternoon Delight recorded in dead of night

Posted on 18th December 2010 in Something Daily

I went out to breakfast with London this morning. I woke up at 7:30 for some reason, and hung out until about 9:30 when we skated to Silver Spurs. It’s a very tasty place to eat breakfast, especially the bacon, egg, and cheese on a bagel. They make their bacon just perfectly every single time, and that’s a very important thing for a breakfast diner to do. As we all know, bacon is the most important food group, as it is delicious, nutritious, and turns any meal into something that you can’t wait to eat. Also, during our trip to and from the restaurant, I avoided looking like an idiot on my skateboard, which is kind of rare for me. This can only mean one thing: I must be improving.

I was feeling very lethargic last night, a state that was only amplified by the fact that I was home alone for a number of hours. I was worried that, due to my mindset, I was going to let the evening get away from me without accomplishing anything. Luckily, when I was in the shower, I (for some reason) had the idea to complete my recording of my one-man version of “Afternoon Delight”, the song they sing in that one scene in anchorman:
[funnyordie id=f5ab70baec width=480 height=400]

Anchorman – Afternoon Delight from Ron Burgundy

So I spent about two hours last night tracking this with Jen in the room and noises all around my suite, working off of the clip (I didn’t listen to the original recording of the song). Rode NT1-A, Fast Track Pro, Logic Express. Why? Because I can, and because it’s funny to me.

Afternoon Delight by Raised by Robots

Apparently now this is the kind of thing that I do with my spare time. My singing needs a bit of work…just be glad you’re not hearing the takes I didn’t use. I experimented with tuning in Logic, but it sounded too artificial with the plugin that’s included in Express. So it’s just me with some reverb.

In other news, I practiced my crontab skills last night when I made London’s computer have a spoken conversation with mine at a certain time. I got the idea because Bryant’s computer says the time every hour on the hour, and I thought it would be funny to schedule mine to, about five seconds before the hour, say “Hey Bryant’s computer, what time is it?” So I did that and it was easy, and then got the idea to have my computer talk to London’s. I had them have a silly little conversation, and when London came back and heard it happen for no apparent reason, he was a bit confused and definitely got a kick out of it.

So the point is, I didn’t think I was going to do crap last night and actually ended up accomplishing a few minor things. Today is the day for not doing. Rather, today is the day for Resident Evil 4.

comments: 0 » tags: , , , , , , , , , ,

Operating Systems Dilemma

Posted on 1st December 2010 in Something Daily

This week is becoming interesting. Mondays and Tuesdays are always pretty easy: I don’t have a lot of classes, and homework is usually due later in the week. So when I go home, I can hang out. Like how I didn’t really accomplish anything yesterday and just played New Super Mario Bros. Wii with Eric. I mean it’s a pretty good game – almost as good as being productive. Almost. We finished all the regular levels, including the crazy frantic battle at the end where giant bowser is running after you – we were all screaming. It was crazy. But now, since we apparently don’t have better things to do, we’re going through the game again and getting all of the star coins to unlock the really difficult secret levels. It’s not as bad as the replay gimmick in Super Mario Galaxy 2 that makes you play the whole game twice, but it’s similar. But who am I to complain? It’s fun – I mean I’m playing it, right? Anyway the week is getting interesting because I know that tonight is going to involve a large amount of frantic work that’s all due tomorrow. And the South Park season is over, so I don’t have that to break up the craziness tonight. But today’s the craziest. Tomorrow will be better. And now for something completely different.

Considering the process of building my own desktop computer has made me a bit uncomfortable with my affinity for Mac OS X. My original idea for a computer build was essentially “Make a computer that runs OS X”. Doing a little research, I found out about the Hackintosh community and the compendiums (compendia?) they keep of OS X compatible parts. This is all good, but doing a bit of research on the process outside of that community has led me to the realization that installing X on a non-Mac computer is ultimately more work than it’s worth. Choosing the correct parts seems to be the easy part, with the numerous lists of compatible motherboards and processors floating around the internet. The impression that I get is that hacking the OS, installing and running it successfully are the hard parts. I’m positive that it’s doable, and I’ll probably try to do it eventually. I won’t however, have a very high expectation of success, and I’ll pick hardware that’s compatible with both Ubuntu and OS X.

The thing is, I’m worried that using OS X exclusively will lead to me wasting money in the future, not to mention becoming married to one company/OS. I don’t want to have to ‘settle’ for an operating system that I’m not amazing with, or that doesn’t run the software that I need, because it doesn’t run on my hardware. My ideal situation is, of course, running OS X on non-Apple hardware, for the experience of building my own computer for a cheaper price than Apple and running the software that I know/require. I can see why Apple makes it so difficult to do this, though. They really don’t want me to do this. So I’ll try and make a Hackintosh when the time comes.

However, short of getting that to work, I’m practicing as much as I can with Linux (which isn’t a whole lot different anyway), because apparently Linux can run on tons of hardware types. I dual boot 10.6.5 and 10.10 on my white MacBook, and I pretty much only use the Linux partition these days. It’s good practice, and I love finding all of the downloadable packages for added commandline functionality that you can’t really use in OS X. It’s a great system, I just reeeeeally wish that Logic and Steam were compatible with it. If they were, I’d drop OS X in a second. Seriously. Watch, I’ll do it.

And no, I won’t use Windows. UNIX owns DOS and the system under Vista and 7.

Hey, I found a picture of young Stephen Colbert. Believe it.

comments: 2 » tags: , , , , , , , , , , , , , , , , ,

Everywhere I Go I Own

Posted on 23rd November 2010 in Something Daily

I’m going to see mc chris in Brooklyn in a few minutes. I don’t know what it’s going to be like yet, but I’m definitely excited. I’ll write about it for sure, of course. I don’t know if he’ll be doing older stuff, or some things off of his new albums. I just hope he does some of the ones I like. But either way, it’ll be interesting to see what a show of his is actually like – he’s kind of mythological to me, like he doesn’t really exist. I guess I’ve felt that way about a lot of bands before I saw them. It’s a function of listening to music without knowing that much about the people who made it. It’s often startling to see these people in the flesh when you’re so used to your mental picture of them that you constructed from their music. It’s similar to when a movie comes out based on a book that you know really well. You’ve figured out all the characters and settings for yourself, and then you’re looking at another person’s interpretation of them in the movie, and it doesn’t necessarily match your original conception. Anyway, mc chris seems like he’s the man, and I am very excited to see him in person.

I started researching some resources today for building computers from scratch. I found a nice resource in Tom’s Hardware – there’s a lot of great information for beginner PC builders there. I learned exactly what components are necessary for a PC to work – motherboard, storage, memory, video and sound cards, power supply, etc. I’m definitely considering building my own the next time I need a new computer. The only thing is that it seems pretty tough to build one that Mac OS X will run on, since Macs use proprietary hardware that can’t be found anywhere else. Still, I’m investigating it, though it’s pretty likely that were I to build my own computer, it would run Ubuntu and/or Windows.

comments: 0 » tags: , , , , , ,

Will it blend? Yes it will.

Posted on 3rd November 2010 in Something Daily

A few weeks ago, I picked up a program called Blender from these great Internets of ours. It’s a freeware 3D design environment that’s really good for learning the basics of 3D art (at least I think so, I don’t really have anything to compare it with). It gives you an XYZ coordinate plane to work on, and you typically work by starting with a basic shape and chopping or extending it. The confusing part when I started out was getting the cursor where I wanted in the 3D space, which is difficult when using a flat screen and a mouse that only moves on the XY plane.

I learned it by going through these Wiki-tutorials and just building all the stuff that they explain. So I’ve got the goblets, the penguin, the volcano, the water, the rocket launcher, the ‘realistic’ eyeball, and a bunch more from those. I also came up with a few designs on my own, which were of course based on classic Nintendo games (shocker, right? Who would have guessed?). I’ll put some of my more favorite ones up here in the next few days. For starters, here’s the Nintendo 64 3D ‘N’ shaped logo (I know there are lighting issues, but it was like my 3rd day of using Blender ever. Give me a break.).

The Nintendo 64 Logo, rendered 9/27/10

Something very interesting that I learned from making this object: It has 64 total faces (inside and outside) and 64 vertices. How crazy is it that Nintendo would hide that kind of easter egg in their logo?! I mean obviously it’s awesome…just think about that. The logo, in a way, implicitly says “Nintendo 64″ – N + 64 (faces+vertices). Crazy, man. Just crazy.

So yeah, Blender is really fun. I went about making this one in a pretty roundabout way, since I was in the process of learning the interface, but It ended up looking almost exactly like the real thing. If you’re into games or game design, certainly check it out – really if you’re just bored and near your computer. It’s just fun. And there’s a built-in animation and game engine that uses Python, so it’s possible to just use Blender to make full 3D games. Sort of confusing to learn without a tutorial, but the fact that the tutorial is a wiki really helps, since people can edit posts that were unclear and add helper comments. All around, it’s awesome. I’ll put up another one of these tomorrow.

This brought to mind another thought: I am excited for the day in the future when fully 3-dimensional displays are designed and released for me to buy. Not like a flat screen that makes images look like they’re coming out at you (like we have now), but a 3D environment that you can view from any angle in space. I’m envisioning a cubic hologram or something like that, where you can stick your hand or a cursor in and mark any point in the space by moving around it. Flat screens will be a thing of the past. Wouldn’t this be cool? It sure would make using Blender a lot easier.

Listening to Band of Horses – Cease to Begin. This is one of those albums that I used to love to blast in the empty auditorium of my high school when I got there early for theater tech. It’s “big room” music. I think it’s the reverb on his voice that makes it great for playing in a huge space.

I don’t know if you’ve ever heard of FreddieW, but he’s a really talented younger filmmaker who puts all of these awesome shorts on YouTube. If you’ve ever played Team Fortress 2, The Rocket Jump should make sense to you. And if not, it’s still super cool.

Get some sleep tonight. Sleep is very important. You’ll be happier if you sleep.

comments: 0 » tags: , , , , , , , ,