15 213 recitation bomb lab
play

15-213 Recitation: Bomb Lab 21 Sep 2015 Monil Shah, Shelton DSouza - PowerPoint PPT Presentation

Feb 29, 2024 •581 likes •804 views

Carnegie Mellon 15-213 Recitation: Bomb Lab 21 Sep 2015 Monil Shah, Shelton DSouza Carnegie Mellon Agenda Bomb Lab Overview Assembly Refresher Introduction to GDB Unix Refresher Bomb Lab Demo Carnegie Mellon Downloading

  1. Carnegie Mellon 15-213 Recitation: Bomb Lab 21 Sep 2015 Monil Shah, Shelton D’Souza

  2. Carnegie Mellon Agenda ■ Bomb Lab Overview ■ Assembly Refresher ■ Introduction to GDB ■ Unix Refresher ■ Bomb Lab Demo

  3. Carnegie Mellon Downloading Your Bomb ■ Please read the writeup. Please read the writeup . Please Read The Writeup. ■ Your bomb is unique to you. Dr. Evil has created one million billion bombs, and can distribute as many new ones as he pleases. ■ Bombs have six phases which get progressively harder more fun to use. ■ Bombs can only run on the shark clusters. They will blow up if you attempt to run them locally.

  4. Carnegie Mellon Exploding Your Bomb ■ Blowing up your bomb notifies Autolab. ■ Dr. Evil takes 0.5 of your points each time. ■ Inputting the right string moves you to the next phase. ■ Jumping between phases detonates the bomb

  5. Carnegie Mellon Examining Your Bomb ■ You get: ■ An executable ■ A readme ■ A heavily redacted source file ■ Source file just makes fun of you. ■ Outsmart Dr. Evil by examining the executable

  6. Carnegie Mellon x64 Assembly: Registers %rax %r8 %eax %r8d Return Arg 5 %rbx %r9 %ebx %r9d Arg 6 %rcx %r10 %ecx %r10d Arg 4 %rdx %r11 %edx %r11d Arg 3 %rsi %r12 %esi %r12d Arg 2 %rdi %r13 %edi %r13d Arg 1 %rsp %r14 %esp %r14d Stack ptr %rbp %r15 %ebp %r15d

  7. Carnegie Mellon x64 Assembly: Operands Type Syntax Example Notes $-42 Don’t mix up Start with $ Constants decimal and hex $0x15213b %esi Start with % Can store values Registers or addresses %rax (%rbx) Parentheses Parentheses Memory 0x1c(%rax) around a register dereference. Locations 0x4(%rcx, %rdi, 0x1) or an addressing Look up mode addressing modes!

  8. Carnegie Mellon x64 Assembly: Arithmetic Operations Instruction Effect mov %rbx, %rdx rdx = rbx add (%rdx), %r8 r8 += value at rdx mul $3, %r8 r8 *= 3 sub $1, %r8 r8-- lea (%rdx,%rbx,2), %rdx rdx = rdx + rbx*2 ■ Doesn’t dereference

  9. Carnegie Mellon x64 Assembly: Comparisons ■ Comparison, cmp , compares two values ■ Result determines next conditional jump instruction ■ cmp b,a computes a-b , test b,a computes a&b ■ Pay attention to operand order If %r10 > %r9 , cmpl %r9, %r10 then jump to jg 8675309 8675309

  10. Carnegie Mellon x64 Assembly: Jumps Instruction Effect Instruction Effect jmp ja Always jump Jump if above (unsigned >) je/jz jae Jump if eq / zero Jump if above / equal jne/jnz jb Jump if !eq / !zero Jump if below (unsigned <) jg jbe Jump if greater Jump if below / equal jge js Jump if greater / eq Jump if sign bit is 1 (neg) jl jns Jump if less Jump if sign bit is 0 (pos) jle Jump if less / eq

  11. Carnegie Mellon x64 Assembly: A Quick Drill cmp $0x15213, %r12 If , jump to addr jge deadbeef 0xdeadbeef cmp %rax, %rdi If , jump to addr jae 15213b 0x15213b test %r8, %r8 jnz (%rsi) If , jump to .

  12. Carnegie Mellon x64 Assembly: A Quick Drill cmp $0x15213, %r12 If %r12 >= 0x15213 , jge deadbeef jump to 0xdeadbeef cmp %rax, %rdi jae 15213b test %r8, %r8 jnz (%rsi)

  13. Carnegie Mellon x64 Assembly: A Quick Drill cmp $0x15213, %r12 jge deadbeef cmp %rax, %rdi If the unsigned value of jae 15213b %rdi is at or above the unsigned value of %rax , test %r8, %r8 jump to 0x15213b . jnz (%rsi)

  14. Carnegie Mellon x64 Assembly: A Quick Drill cmp $0x15213, %r12 jge deadbeef cmp %rax, %rdi jae 15213b test %r8, %r8 jnz (%rsi) If %r8 & %r8 is not zero, jump to the address stored in %rsi .

  15. Carnegie Mellon Diffusing Your Bomb ■ objdump -t bomb examines the symbol table ■ objdump -d bomb disassembles all bomb code ■ strings bomb prints all printable strings ■ gdb bomb will open up the G NU D e b ugger ■ Examine while stepping through your program registers ▪ the stack ▪ contents of program memory ▪ instruction stream ▪

  16. Carnegie Mellon Using gdb ■ break <location> ■ Stop execution at function name or address ■ Reset breakpoints when restarting gdb ■ run <args> ■ Run program with args <args> ■ Convenient for specifying text file with answers ■ disas <fun> , but not dis ■ stepi / nexti ■ Steps / does not step through function calls

  17. Carnegie Mellon Using gdb ■ info registers ■ Print hex values in every register ■ print ( /x or /d ) $eax - Yes, use $ ■ Print hex or decimal contents of %eax ■ x $register, x 0xaddress ■ Prints what’s in the register / at the given address ■ By default, prints one word (4 bytes) ■ Specify format: /s, /[num][size][format] ▪ x/8a 0x15213 ▪ x/4wd 0xdeadbeef

  18. Carnegie Mellon sscanf ■ Bomb uses sscanf for reading strings ■ Figure out what phase expects for input ■ Check out man sscanf for formatting string details

  19. Carnegie Mellon If you get stuck ■ Please read the writeup. Please read the writeup . Please Read The Writeup. ■ CS:APP Chapter 3 ■ View lecture notes and course FAQ at http://cs.cmu.edu/~213 ■ Office hours Sun - Thu 6:00-9:00PM in WeH 5207 ■ man gdb, man sscanf, man objdump

  20. Carnegie Mellon Unix Refresher – This Saturday - 9/19/2015 You should know cd, ls, scp, ssh, tar, and chmod by now. Use man <command> for help. <Control-C> exits your current program.

  21. Carnegie Mellon Bomb Lab Demo...

Recommend

15-213 Recitation: Attack Lab Jenna MacCarley 28 Sep 2015 Carnegie Mellon Reminder Bomb lab

15-213 Recitation: Attack Lab Jenna MacCarley 28 Sep 2015 Carnegie Mellon Reminder Bomb lab

Carnegie Mellon 15-213 Recitation: Attack Lab Jenna MacCarley 28 Sep 2015 Carnegie Mellon Reminder Bomb lab is due tomorrow! Attack lab is released tomorrow!! Carnegie Mellon Agenda Stack review Attack lab overview Phases

882 views • 19 slides
BOMB PROMOTIONS BOMB PROMOTIONS IS A NYC-BASED MARKETING TEAM SPECIALIZING IN PROMOTIONS FOR

BOMB PROMOTIONS BOMB PROMOTIONS IS A NYC-BASED MARKETING TEAM SPECIALIZING IN PROMOTIONS FOR

BOMB PROMOTIONS BOMB PROMOTIONS IS A NYC-BASED MARKETING TEAM SPECIALIZING IN PROMOTIONS FOR CORPORATIONS, LOCAL BUSINESSES &amp; THE ENTERTAINMENT INDUSTRY. Bomb Promotions has been handling the distribution &amp; circulation of posters,

535 views • 27 slides
SCARC BOMB THREAT TRAINING BOMB THREATS American schools and companies receive thousands of

SCARC BOMB THREAT TRAINING BOMB THREATS American schools and companies receive thousands of

SCARC BOMB THREAT TRAINING BOMB THREATS American schools and companies receive thousands of bomb threat calls every year. Very few of these are warnings of real bombs. A large percentage of these calls prove to be hoaxes; however, all bomb

589 views • 17 slides
4190.308 Computer Architecture, Fall 2014 Bomb Lab: Defusing a Binary Bomb Assigned: Mon., Oct

4190.308 Computer Architecture, Fall 2014 Bomb Lab: Defusing a Binary Bomb Assigned: Mon., Oct

4190.308 Computer Architecture, Fall 2014 Bomb Lab: Defusing a Binary Bomb Assigned: Mon., Oct 20, Due: Mon., Nov 03, 17:00 1 Introduction Someone has planted a slew of binary bombs on our universitys machines. A binary bomb is a

183 views • 4 slides
Temporary Living Lab (eCollaboration between Slovenian, Hungarian and Austrian police bomb

Temporary Living Lab (eCollaboration between Slovenian, Hungarian and Austrian police bomb

Temporary Living Lab (eCollaboration between Slovenian, Hungarian and Austrian police bomb disposal units ) Organization: Bomb disposal unit Slovenia Klemen POGAAR User: Matev GLADEK Technologist: Partner: Bomb disposal unit Hungary

37 views • 3 slides
CSE 351 Section 4 Program Stack &amp; Procedure Calls Bomb Lab! How is it going?

CSE 351 Section 4 Program Stack &amp; Procedure Calls Bomb Lab! How is it going?

CSE 351 Section 4 Program Stack &amp; Procedure Calls Bomb Lab! How is it going? Bomb-defusing tips If you have trouble figuring out what a phase is doing, try working backwards Write out everything that happens, and you might be

313 views • 12 slides
GSI Colloquium Bastian Lher October 2017 What does it take to fjnd a dirty bomb? Bastian

GSI Colloquium Bastian Lher October 2017 What does it take to fjnd a dirty bomb? Bastian

GSI Colloquium Bastian Lher October 2017 What does it take to fjnd a dirty bomb? Bastian Lher GSI Kolloquium October 2017 What does it take to fjnd a dirty bomb? Find 10.300.000 results Finding means discovering Bomb An explosive

1.84k views • 145 slides
Th The e At Atom omic ic Bo Bomb mb Manhattan Project Beginning in 1939, the United States

Th The e At Atom omic ic Bo Bomb mb Manhattan Project Beginning in 1939, the United States

Th The e At Atom omic ic Bo Bomb mb Manhattan Project Beginning in 1939, the United States had been working on a top-secret new weapon that would use atomic energy to create an explosive many times more powerful than any other bomb.

250 views • 21 slides
Photo(C)John Rodsted www.stopclustermunitions.org Cluster bombs The cluster bomb problem A

Photo(C)John Rodsted www.stopclustermunitions.org Cluster bombs The cluster bomb problem A

Photo(C)John Rodsted www.stopclustermunitions.org Cluster bombs The cluster bomb problem A cluster bomb releases dozens to hundreds of submunitions shattering over vast amounts of land It is an indiscriminate weapon; it cant

393 views • 13 slides
Revisiting the Elitzur-Vaidman bomb paradox Colin Benjamin, NISER, Bhubaneswar. Feb. 18. 2015

Revisiting the Elitzur-Vaidman bomb paradox Colin Benjamin, NISER, Bhubaneswar. Feb. 18. 2015

Revisiting the Elitzur-Vaidman bomb paradox Colin Benjamin, NISER, Bhubaneswar. Feb. 18. 2015 Outline Mach-Zehnder interferometer Elitzur-Vaidman Bomb paradox Elitzur-Vaidman bomb paradox for electrons Elitzur-Vaidman

660 views • 26 slides
The 2% Time Bomb Why Most Restaurants Fail Speakers Dixie McCurly Stephen Gross The 2% Time

The 2% Time Bomb Why Most Restaurants Fail Speakers Dixie McCurly Stephen Gross The 2% Time

The 2% Time Bomb Why Most Restaurants Fail Speakers Dixie McCurly Stephen Gross The 2% Time Bomb Why Most Restaurants Fail Agenda - Introductions - - What is The 2% Time Bomb? - - How do you prevent it? - - Q&amp;A - What is The 2% Time

603 views • 38 slides
Recursion continued Midterm Exam 2 parts Part 1 done in recitation Programming

Recursion continued Midterm Exam 2 parts Part 1 done in recitation Programming

9/26/2016 Recursion continued Midterm Exam 2 parts Part 1 done in recitation Programming using server Covers material done in Recitation Part 2 Friday 8am to 4pm in CS110 lab Question/Answer Similar format to

317 views • 11 slides
Recitation 3: Synchronisation Kai Mast E L 3 3 T H4 X0 R ? Which of the following is

Recitation 3: Synchronisation Kai Mast E L 3 3 T H4 X0 R ? Which of the following is

Recitation 3: Synchronisation Kai Mast E L 3 3 T H4 X0 R ? Which of the following is the best way to wait for two predicates to be true? Which of the following are (virtually) shared by threads within a single process? (A) Heap (B)

242 views • 13 slides
MB : SGX SGX-BO BOMB Locking Down the Processor via the Rowhammer Attack Yeongjin Jang *,

MB : SGX SGX-BO BOMB Locking Down the Processor via the Rowhammer Attack Yeongjin Jang *,

MB : SGX SGX-BO BOMB Locking Down the Processor via the Rowhammer Attack Yeongjin Jang *, Jaehyuk Lee , Sangho Lee , and Taesoo Kim Oregon State University* KAIST Georgia Institute of Technology TL;DR SGX locks up the

503 views • 24 slides
Recitation First recitation tomorrow 56:30 here Linear algebra Geoff Gordon10-701

Recitation First recitation tomorrow 56:30 here Linear algebra Geoff Gordon10-701

Recitation First recitation tomorrow 56:30 here Linear algebra Geoff Gordon10-701 Machine LearningFall 2013 1 Probability P(a) = P(u) = P(~a) = Geoff Gordon10-701 Machine LearningFall 2013 2 Conventions Geoff

912 views • 33 slides
Recitation 2 (Scope + arrays + pointers +

Recitation 2 (Scope + arrays + pointers +

Recitation 2 (Scope + arrays + pointers + pass-by-reference) Question 1: Write a global function that takes an integer array and its size and

388 views • 9 slides
How I Learned to Stop Worrying about Exascale and Love MPI (Yes, MPI is indeed da bomb!) Pavan

How I Learned to Stop Worrying about Exascale and Love MPI (Yes, MPI is indeed da bomb!) Pavan

How I Learned to Stop Worrying about Exascale and Love MPI (Yes, MPI is indeed da bomb!) Pavan Balaji Computer Scientist and Group Lead Argonne National Laboratory Separating the Myths from Real Concerns The race to Exascale started in

357 views • 23 slides
Inheritance Recitation - 02/22/2008 CS 180 Department of Computer Science, Purdue University

Inheritance Recitation - 02/22/2008 CS 180 Department of Computer Science, Purdue University

Inheritance Recitation - 02/22/2008 CS 180 Department of Computer Science, Purdue University Announcements Project 3 grades are out. Collect at the end of the recitation. Project 5 has been posted. 2-week project.

641 views • 39 slides
[CS112] Data Structure Recitation (Section 4, 15) Changkyu Song cs1080@cs.rutgers.edu Office

[CS112] Data Structure Recitation (Section 4, 15) Changkyu Song cs1080@cs.rutgers.edu Office

[CS112] Data Structure Recitation (Section 4, 15) Changkyu Song cs1080@cs.rutgers.edu Office Hours: Tue 10:30~12:30 p.m. @ Hill 206 [CS112] Recitation #1 Weighted Adjacency Link List 1 W:0.2 W:0.7 2 3 3 1 2 2 3 T T 1 T T 1

452 views • 33 slides
Earth Movement and Earth Movement and Solar Calendar Solar Calendar Recitation 2 Recitation 2

Earth Movement and Earth Movement and Solar Calendar Solar Calendar Recitation 2 Recitation 2

Earth Movement and Earth Movement and Solar Calendar Solar Calendar Recitation 2 Recitation 2 Elliptical Orbits Elliptical Orbits The planets move along elliptical orbits around the sun. This results in both a variation in the distance

500 views • 14 slides
The Pope and the Bomb: New Nuclear Dangers and Moral Dilemmas by Bishop Oscar Cant Thursday,

The Pope and the Bomb: New Nuclear Dangers and Moral Dilemmas by Bishop Oscar Cant Thursday,

The Pope and the Bomb: New Nuclear Dangers and Moral Dilemmas by Bishop Oscar Cant Thursday, September 17, 2015 I am grateful to the co-sponsors of todays program and to my co-panelists for their time and expertise. My modest contribution

287 views • 4 slides
Lessons from the 10/5/2015 Emergency Incident The bomb threat incident of October 5 was truly a

Lessons from the 10/5/2015 Emergency Incident The bomb threat incident of October 5 was truly a

Prepared by Curtis Sommerfeld, 10/9/2015 Lessons from the 10/5/2015 Emergency Incident The bomb threat incident of October 5 was truly a cruel hoax, placing both the college community and emergency responders in harms way , causing much

373 views • 4 slides
M t Metro Transit Police Crime T it P li C i Statistics and Significant Facts Serial Bomb

M t Metro Transit Police Crime T it P li C i Statistics and Significant Facts Serial Bomb

M t Metro Transit Police Crime T it P li C i Statistics and Significant Facts Serial Bomb Suspect Arrested Serial Bomb Suspect Arrested Arrested on August 18 2009 Arrested on August 18, 2009 Collaborative effort of Metro

502 views • 13 slides
Global Economy: In Turmoil Buffetts time bomb goes off on Wall Street sparking

Global Economy: In Turmoil Buffetts time bomb goes off on Wall Street sparking

Financial Results Quarter ended September 30, 2008 October 21, 2008 Global Economy: In Turmoil Buffetts time bomb goes off on Wall Street sparking crisis of confidence * * source: Reuters Fear of recession looming large on

200 views • 7 slides

More recommend