Show page

Differences

This shows you the differences between two versions of the page.

--- cns:labs:lab-01 [2020/10/11 20:10]
dennis.plosceanu [6. Extra: ARM Tasks] added command to run qemu headless
+++ cns:labs:lab-01 [2021/10/12 16:07] (current)
razvan.deaconescu [Tasks]
@@ Line 8: / Line 8: @@
 In the introductory lab we'll spice things up a bit by providing some simple binaries (with no source code) for you to play with. In order to solve the lab, you'll have to perform both **static analysis** and **dynamic analysis** on said binaries.
-If you're too comfortable with the x86 architecture and feel that you could use some challenge, the [[http://elf.cs.pub.ro/oss/res/labs/lab-01.tar.gz|lab archive]] also contains the binaries compiled for ARM. You can try them out by running a Raspbian image on [[http://www.unixmen.com/emulating-raspbian-using-qemu/|QEMU]] ([[http://ftp.jaist.ac.jp/pub/raspberrypi/raspbian/images/raspbian-2015-05-07/|Raspbian image]], [[https://github.com/dhruvvyas90/qemu-rpi-kernel/blob/master/kernel-qemu-3.10.25-wheezy|Linux kernel image]]).
+For consistency we recommend you use the provided [[cns:resources:vm|Kali Virtual Machine]] for all the labs from this point forward.
+As a bonus the same tasks in this lab are compiled for the ARM architecture, you can use the [[cns:resources:vm|Debian ARM Virtual Machine]] for these tasks.
 ===== Tasks =====
-All content necessary for the CNS laboratory tasks can be found in [[cns:resources:repo|the CNS public repository]].
+All content necessary for the CNS laboratory tasks can be found in [[cns:resources:repo|the CNS public repository]], in the ''labs/01-introduction/'' folder.
 ==== 1. even-password  ====
@@ Line 70: / Line 72: @@
 <code>
 $ # python
-$ python -c 'print ("\x02"*20 + "\x03")' # output 0x02 20 times, followed by 0x03 and a newline
+$ python -c 'import sys; sys.stdout.buffer.write(b"\x02"*20 + b"\x03")' # output 0x02 20 times, followed by 0x03 and a newline
 $ # perl
@@ Line 163: / Line 165: @@
 Try the above tasks using the ARM binaries. For static analysis you can use Radare2 directly on the host machine. For the other tools (gdb, strace, objdump) you can use the QEMU setup described in the introduction.
-  - For scrolling in the QEMU VM you can use ''Shift PageUp'' and ''Shift PageDown''.
-  - In order to copy the lab binaries in the QEMU machine, you can temporary mount and update the RPI image.
-<code>
-$ file 2015-05-05-raspbian-wheezy.img
-;; From the output of the file command, take the partition 2 'startsector'
-;; value an multiply by 512, and use this figure as the offset value in the mount command below.
-$ sudo mount 2015-05-05-raspbian-wheezy.img -o offset=62914560 /mnt
-;; Add the tasks in the filesystem mounted in /mnt.
-$ sudo umount 2015-05-05-raspbian-wheezy.img /mnt
-</code>
-<note tip>
-You can also run qemu in a non-graphical mode so you can access it directly in your terminal window (like with ssh).
-Instead of the command in the tutorial from the introduction run:
-<code>
-qemu-system-arm -kernel kernel-qemu-3.10.25-wheezy -cpu arm1176 -m 256 -M versatilepb -no-reboot -append "root=/dev/sda2 panic=1 rootfstype=ext4 rw init=/bin/bash console=ttyAMA0" -hda 2015-05-05-raspbian-wheezy.img -nographic -serial mon:stdio
-</code>
-</note>
 ===== Resources =====

Resources

Labs

Lectures

Assignments

Extra

cns/labs/lab-01.1602436226.txt.gz · Last modified: 2020/10/11 20:10 by dennis.plosceanu

Show page Old revisions

Media Manager Back to top