quinta-feira, 25 de maio de 2023

Vlang Binary Debugging

Why vlang? V is a featured, productive, safe and confortable language highly compatible with c, that generates neat binaries with c-speed, the decompilation also seems quite clear as c code.
https://vlang.io/

After open the binary with radare in debug mode "-d" we proceed to do the binary recursive analysis with "aaaa" the more a's the more deep analys.



The function names are modified when the binary is crafted, if we have a function named hello in a module named main we will have the symbol main__hello, but we can locate them quicly thanks to radare's grep done with "~" token in this case applied to the "afl" command which lists all the symbols.


Being in debug mode we can use "d*" commands, for example "db" for breakpointing the function and then "dc" to start or continue execution.


Let's dissasemble the function with "pD" command, it also displays the function variables and arguments as well, note also the xref "call xref from main"


Let's take a look to the function arguments, radare detect's this three 64bits registers used on the function.


Actually the function parameter is rsi that contains a testing html to test the href extraction algorithm.


The string structure is quite simple and it's plenty of implemented methods.




With F8 we can step over the code as we were in ollydbg on linux.


Note the rip marker sliding into the code.


We can recognize the aray creations, and the s.index_after() function used to find substrings since a specific position.


If we take a look de dissasembly we sill see quite a few calls to tos3() functions.
Those functions are involved in string initialization, and implements safety checks.

  • tos(string, len)
  • tos2(byteptr)
  • tos3(charptr)

In this case I have a crash in my V code and I want to know what is crashing, just continue the execution with "dc" and see what poits the rip register.



In visual mode "V" we can see previous instructions to figure out the arguments and state.


We've located the crash on the substring operation which is something like "s2 := s1[a..b]" probably one of the arguments of the substring is out of bounds but luckily the V language has safety checks and is a controlled termination:



Switching the basic block view "space" we can see the execution flow, in this case we know the loops and branches because we have the code but this view also we can see the tos3 parameter "href=" which is useful to locate the position on the code.



When it reach the substr, we can see the parameters with "tab" command.



Looking the implementation the radare parameter calculation is quite exact.


Let's check the param values:


so the indexes are from 0x0e to 0x24 which are inside the buffer, lets continue to next iteration,
if we set a breakpoint and check every iteration, on latest iteration before the crash we have the values 0x2c to 0x70 with overflows the buffer and produces a controlled termination of the v compiled process.





Continue reading
  1. World No 1 Hacker Software
  2. Pentest Automation Tools
  3. Wifi Hacker Tools For Windows
  4. Blackhat Hacker Tools
  5. Hacking Tools Kit
  6. Pentest Tools Apk
  7. Hacker Tools For Mac
  8. How To Hack
  9. Pentest Tools Windows
  10. Hack Tools Pc
  11. Pentest Tools For Windows
  12. Hack App
  13. Hacking Tools Download
  14. Pentest Tools For Windows
  15. Install Pentest Tools Ubuntu
  16. Pentest Tools Nmap
  17. Hack Tool Apk No Root
  18. Github Hacking Tools
  19. Nsa Hacker Tools
  20. Hacking Tools 2020
  21. Pentest Tools Windows
  22. Pentest Tools Alternative
  23. Pentest Tools
  24. Hacking Tools Free Download
  25. Hacker Search Tools
  26. Pentest Tools List
  27. Android Hack Tools Github
  28. Hacking Tools For Mac
  29. Pentest Tools For Android
  30. Hackrf Tools
  31. Hacking Tools
  32. Hack Rom Tools
  33. Hacker Tool Kit
  34. Hack Tools 2019
  35. Hack Tool Apk
  36. What Are Hacking Tools
  37. Hacker Tools For Windows
  38. Pentest Tools Nmap
  39. Pentest Tools Github
  40. Pentest Tools Apk
  41. Pentest Tools Website Vulnerability
  42. Bluetooth Hacking Tools Kali
  43. Pentest Tools List
  44. Game Hacking
  45. Tools For Hacker
  46. Blackhat Hacker Tools
  47. Tools For Hacker
  48. Underground Hacker Sites
  49. Hack Tools 2019
  50. World No 1 Hacker Software
  51. Hacking Tools For Games
  52. Pentest Tools Alternative
  53. Bluetooth Hacking Tools Kali
  54. Pentest Box Tools Download
  55. Pentest Tools For Ubuntu
  56. Hack Tools Download
  57. Hacker
  58. Pentest Tools Download
  59. Best Hacking Tools 2019
  60. What Is Hacking Tools
  61. Hack Tools For Pc
  62. Pentest Tools Website
  63. Hacker Search Tools
  64. Hacker Tools Software
  65. Hack Tools For Games
  66. Pentest Tools Open Source
  67. Pentest Tools Download
  68. Hackers Toolbox
  69. Nsa Hack Tools Download
  70. Pentest Tools Tcp Port Scanner
  71. Physical Pentest Tools
  72. Hacker Tools 2020
  73. Hacker Tools Apk
  74. Github Hacking Tools
  75. Game Hacking
  76. Hack Tool Apk No Root
  77. Hacker Tool Kit
  78. Pentest Tools Alternative
  79. Bluetooth Hacking Tools Kali
  80. Hacker Tools 2019
  81. Hacker Security Tools
  82. Best Hacking Tools 2019
  83. Hack Tools For Mac
  84. Pentest Tools
  85. Hack Tools
  86. Pentest Tools Windows
  87. Growth Hacker Tools
  88. Hacker Tools For Mac
  89. Pentest Tools For Android
  90. Hack Tools For Ubuntu
  91. Hacking Tools Github
  92. Hack Tools For Ubuntu
  93. Android Hack Tools Github
  94. Hack Tools Download
  95. Hackrf Tools
  96. Pentest Tools Review
  97. Hack Tools For Mac
  98. Hacker Tools Windows
  99. Pentest Tools Tcp Port Scanner
  100. What Is Hacking Tools
  101. What Is Hacking Tools
  102. Pentest Tools Framework
  103. Hack Tools 2019
  104. Tools Used For Hacking
  105. Top Pentest Tools
  106. Pentest Tools Website
  107. Pentest Tools Alternative
  108. Pentest Tools Nmap
  109. Termux Hacking Tools 2019
  110. Hacking Tools Online
  111. Hacker Tools Github
  112. Pentest Tools Tcp Port Scanner
  113. Hack Tools For Games
  114. Hak5 Tools
  115. Hacking Tools Free Download
  116. Ethical Hacker Tools
  117. Hack Tools Online
  118. Hack Tools Download
  119. Hack Rom Tools
  120. Physical Pentest Tools
  121. Pentest Tools Windows
  122. Pentest Tools Framework
  123. Free Pentest Tools For Windows
  124. What Is Hacking Tools
  125. Hacker Tools 2020
  126. Hacker Tools
  127. Hacker Tools Free Download
  128. Ethical Hacker Tools
  129. Hack App
  130. Hack And Tools
  131. Pentest Tools Review
  132. Bluetooth Hacking Tools Kali
  133. Pentest Tools For Windows
  134. Pentest Tools Website Vulnerability
  135. Hacking Tools Free Download
  136. Hacking Tools For Beginners
  137. Hack Tools
  138. Pentest Tools Review
  139. Nsa Hack Tools
  140. Pentest Tools Find Subdomains
  141. Pentest Tools Apk
Postado por às

Nenhum comentário:

Postar um comentário

Assinar: Postar comentários (Atom)