Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chapters/data: Add checkers for
memory-security tasks
Done solving the issue 134 : chapters/data/memory-security/drills/tasks: Add solutions and checkers #134 Added the generate_skels.py infrastructure to generate the skeletons from the solutions Added checkers for the tasks which needed one Updated the README.md for every task with useful information on how to generate the skels and run the checker Added solution Updated generate_skels.py to add support for a task that requires uncommenting lines in the Makefile. Fixes #134 Signed-off-by: Vica Teodor Andrei <[email protected]>
- Loading branch information
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| support |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| PYTHON = python3 | ||
| SCRIPT = generate_skels.py | ||
|
|
||
| skels: | ||
| mkdir -p support/src | ||
| $(PYTHON) $(SCRIPT) --input ./solution/src --output ./support/src | ||
| $(PYTHON) $(SCRIPT) --input ./solution/tests --output ./support/tests | ||
|
|
||
| clean: | ||
| rm -rf support/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,159 @@ | ||
| #!/usr/bin/python3 -u | ||
| # SPDX-License-Identifier: BSD-3-Clause | ||
|
|
||
| import sys | ||
| import argparse | ||
| import os.path | ||
| import re | ||
|
|
||
|
|
||
| def process_file(src, dst, pattern, replace, remove, replace_pairs, end_string=None): | ||
| if not pattern or not replace or not remove: | ||
| print( | ||
| f"ERROR: The script behaviour is not properly specified for {src}", | ||
| file=sys.stderr, | ||
| ) | ||
| sys.exit(1) | ||
|
|
||
| fin = open(src, "r") | ||
| os.makedirs(os.path.dirname(dst), exist_ok=True) | ||
| fout = open(dst, "w") | ||
|
|
||
| remove_lines = 0 | ||
| skip_lines = 0 | ||
| uncomment_lines = 0 | ||
| end_found = True | ||
| makefile_special_handling = "Makefile" in src | ||
|
|
||
| for i, l in enumerate(fin.readlines()): | ||
| # Skip generation of file. | ||
| if "SKIP_GENERATE" in l: | ||
| fout.close() | ||
| os.remove(dst) | ||
| return | ||
|
|
||
| if end_string and not end_found: | ||
| fout.write(l) | ||
| if end_string in l: | ||
| end_found = True | ||
| continue | ||
|
|
||
| if remove_lines > 0: | ||
| remove_lines -= 1 | ||
| continue | ||
|
|
||
| if skip_lines > 0: | ||
| skip_lines -= 1 | ||
| m = re.search(pattern, l) | ||
| if m: | ||
| l = "%s%s\n" % (m.group(1), m.group(3)) | ||
| fout.write(l) | ||
| continue | ||
|
|
||
| if uncomment_lines > 0: | ||
| uncomment_lines -= 1 | ||
| for fro, to in replace_pairs: | ||
| l = re.sub(fro, to, l) | ||
| fout.write(l) | ||
| continue | ||
|
|
||
| if makefile_special_handling and "TODO" in l and "Uncomment" in l: | ||
| fout.write(l) | ||
| next_line = fin.readline() | ||
| fout.write("# " + next_line) | ||
| continue | ||
|
|
||
| m = re.search(pattern, l) | ||
| if m: | ||
| if m.group(2): | ||
| skip_lines = int(m.group(2)) | ||
| else: | ||
| skip_lines = 1 | ||
|
|
||
| if end_string and end_string not in l: | ||
| end_found = False | ||
|
|
||
| l = "%s%s\n" % (m.group(1), m.group(3)) | ||
|
|
||
| m = re.search(replace, l) | ||
| if m: | ||
| if m.group(2): | ||
| uncomment_lines = int(m.group(2)) | ||
| else: | ||
| uncomment_lines = 1 | ||
| continue | ||
|
|
||
| m = re.search(remove, l) | ||
| if m: | ||
| if m.group(2): | ||
| remove_lines = int(m.group(2)) | ||
| else: | ||
| remove_lines = 1 | ||
| continue | ||
|
|
||
| fout.write(l) | ||
|
|
||
| fout.close() | ||
|
|
||
| def main(): | ||
| parser = argparse.ArgumentParser( | ||
| description="Generate skeletons sources from reference solution sources" | ||
| ) | ||
| parser.add_argument( | ||
| "--input", help="input directory to process files", required=True | ||
| ) | ||
| parser.add_argument( | ||
| "--output", help="output directory to copy processed files", required=True | ||
| ) | ||
| args = parser.parse_args() | ||
|
|
||
| for root, dirs, files in os.walk(args.input): | ||
| new_root = os.path.join(args.output, os.path.relpath(root, args.input)) | ||
| for d in dirs: | ||
| os.makedirs(os.path.join(new_root, d), exist_ok=True) | ||
|
|
||
| for src in files: | ||
| if ( | ||
| re.match("Makefile.*$", src) | ||
| or re.match(r".*\.sh$", src) | ||
| or re.match(r".*\.[sS]$", src) | ||
| or re.match(r".*\.py$", src) | ||
| ): | ||
| pattern = r"(^\s*#\s*TODO)( [0-9]*)(:.*)" | ||
| replace = r"(^\s*#\s*REPLACE)( [0-9]*)" | ||
| remove = r"(^\s*#\s*REMOVE)( [0-9]*)" | ||
| replace_pairs = [("# ", "")] | ||
| end_string = None | ||
| elif re.match(r".*\.asm$", src): | ||
| pattern = r"(^\s*;\s*TODO)( [0-9]*)(:.*)" | ||
| replace = r"(^\s*;\s*REPLACE)( [0-9]*)" | ||
| remove = r"(^\s*;\s*REMOVE)( [0-9]*)" | ||
| replace_pairs = [("; ", "")] | ||
| end_string = None | ||
| elif ( | ||
| re.match(r".*\.[ch]$", src) | ||
| or re.match(r".*\.cpp$", src) | ||
| or re.match(r".*\.hpp$", src) | ||
| ): | ||
| pattern = r"(.*/\*\s*TODO)([ 0-9]*)(:.*)" | ||
| replace = r"(.*/\*\s*REPLACE)( [0-9]*)" | ||
| remove = r"(.*/\*\s*REMOVE)( [0-9]*)" | ||
| replace_pairs = [(r"/\* ", ""), (r" \*/", "")] | ||
| end_string = "*/" | ||
| elif re.match(r".*\.d$", src): | ||
| pattern = r"(.*//\s*TODO)([ 0-9]*)(:.*)" | ||
| replace = r"(.*//\s*REPLACE)( [0-9]*)" | ||
| remove = r"(.*//\s*REMOVE)( [0-9]*)" | ||
| replace_pairs = [(r"// ", "")] | ||
| end_string = None | ||
| else: | ||
| continue | ||
|
|
||
| dst = os.path.join(new_root, src) | ||
| src = os.path.join(root, src) | ||
| print(dst) | ||
| process_file(src, dst, pattern, replace, remove, replace_pairs, end_string) | ||
|
|
||
|
|
||
| if __name__ == "__main__": | ||
| sys.exit(main()) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| /aslr |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
File renamed without changes.
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,40 @@ | ||
| #!/bin/bash | ||
| # SPDX-License-Identifier: BSD-3-Clause | ||
|
|
||
| # | ||
| # Print test result. Printed message should fit in 72 characters. | ||
| # | ||
| # Print format is: | ||
| # | ||
| # description ...................... passed ... NNN | ||
| # description ...................... failed ... NNN | ||
| # 32 chars 24 chars 6 3 3 | ||
| # | ||
|
|
||
| print_test() | ||
| { | ||
| func="$1" | ||
| result="$2" | ||
| points="$3" | ||
|
|
||
| if test "$points" -gt 999; then | ||
| points=999 | ||
| fi | ||
|
|
||
| printf "%-32s " "${func:0:31}" | ||
| printf "........................" | ||
| if test "$result" -eq 0; then | ||
| printf " passed ... %3d\n" "$points" | ||
| else | ||
| printf " failed ... 0\n" | ||
| fi | ||
| } | ||
|
|
||
| run_test() | ||
| { | ||
| func="$1" | ||
| points="$2" | ||
| # Run in subshell. | ||
| (eval "$func") | ||
| print_test "$func" "$?" "$points" | ||
| } | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| #!/bin/bash | ||
| # SPDX-License-Identifier: BSD-3-Clause | ||
|
|
||
| source graded_test.inc.sh | ||
|
|
||
| binary=../src/aslr | ||
|
|
||
| if test -z "$SRC_PATH"; then | ||
| SRC_PATH=./../src | ||
| fi | ||
|
|
||
| test_aslr() | ||
| { | ||
| start_address=$(nm "$binary" | awk '/_start/ {print $1}' | head -n 1) | ||
| start_address_decimal=$((0x$start_address)) | ||
| if ((start_address_decimal < 0x400000)); then | ||
| exit 1 | ||
| fi | ||
| exit 0 | ||
| } | ||
|
|
||
| run_test test_aslr 100 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| support |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| PYTHON = python3 | ||
| SCRIPT = generate_skels.py | ||
|
|
||
| skels: | ||
| mkdir -p support/src | ||
| $(PYTHON) $(SCRIPT) --input ./solution/src --output ./support/src | ||
| $(PYTHON) $(SCRIPT) --input ./solution/tests --output ./support/tests | ||
|
|
||
| clean: | ||
| rm -rf support/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,9 +1,27 @@ | ||
| # Bypassing the Stack Protector | ||
|
|
||
| Navigate to `chapters/data/memory-security/drills/tasks/bypassing-stack-protector` and run `make skels` to generate the `support/` folder. | ||
| Then navigate to `support/src`. | ||
|
|
||
|
|
||
| Inspect the `chapters/data/memory-security/drills/tasks/bypassing-stack-protector/support/stack_protector.c` source file. | ||
| Compile the program and examine the object code. | ||
| Try to identify the canary value. | ||
| Using the `addr` variable, write 2 instructions: one that indexes `addr` to overwrite the canary with the correct value and one that indexes `addr` to overwrite the return address with the address of function `pawned()`. | ||
| In case of a successful exploit a video will be offered as reward. | ||
|
|
||
| If you're having difficulties solving this exercise, go through [this](../../../reading/memory-security.md) reading material. | ||
|
|
||
| ## Checker | ||
|
|
||
| To run the checker, go into the `tests` directory located in `src`, then type `make check`. | ||
| A successful output of the checker should look like this : | ||
|
|
||
| ```console | ||
| student@os:~/.../drills/tasks/aslr/support/src/tests make check | ||
| test_bypassing-stackprotector ........................ passed ... 100 | ||
|
|
||
| ======================================================================== | ||
|
|
||
| Total: 100/100 | ||
| ``` |
Oops, something went wrong.