init

0x02 - Tools and Basic Reverse Engineering/wyn.c

@@ -0,0 +1,14 @@
+/* wyn: whats your name program v1 */
+
+#include <stdio.h>
+#include <unistd.h>
+
+int main(int argc, char * argv[])
+{
+  char buffer[10] = {0};          /* create a 10 byte buffer */
+  printf("What's your name?\n");
+  read(STDIN_FILENO, buffer, 10); /* read 10 bytes from STDIN(0) into our buffer array */
+  printf("Hello %s\n", buffer);   /* print the buffer */
+
+  return 0;
+}

0x02 - Tools and Basic Reverse Engineering/wyn2.c

@@ -0,0 +1,14 @@
+/* wyn2: whats your name program v2 */
+
+#include <stdio.h>
+#include <unistd.h>
+
+int main(int argc, char * argv[])
+{
+  char buffer[10] = {0};           /* create a 10 byte buffer */
+  printf("What's your name?\n");
+  read(STDIN_FILENO, buffer, 100); /* read 10 bytes from STDIN(0) into our buffer array */
+  printf("Hello %s\n", buffer);    /* print the buffer */
+
+  return 0;
+}

0x03 - Extended Reverse Engineering Lab/ELF/simple.c

@@ -0,0 +1,6 @@
+#include <stdio.h>
+
+int main()
+{
+  printf("Hello World!\n");
+}

0x03 - Extended Reverse Engineering Lab/PE/simple.c

@@ -0,0 +1,7 @@
+#include <windows.h>
+
+int main()
+{
+  MessageBox(0, "Hello World!", "a simple PE executable", 0);
+  ExitProcess(0);
+}

0x03 - Extended Reverse Engineering Lab/Stack/stack.c

@@ -0,0 +1,15 @@
+int foo(int a, int b, int c)
+{
+  int x;
+  int y;
+  int z;
+
+  x=y=z=0;
+  z=x+y+a+b+c;
+  return z;
+}
+
+int main(int argc, char **argv)
+{
+  foo(1,2,3);
+}

0x04 - Reverse Engineering Lab/serial_gen.c

@@ -0,0 +1,33 @@
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+
+int main(int argc, char *argv[])
+{
+  int local_18;
+  char *param_1;
+  unsigned int local_14;
+
+  if (argc != 2) {
+    printf("%s <lastname>\n", argv[0]);
+    exit(-1);
+  }
+
+  param_1 = argv[1];
+
+  /* recreated algorithm from Ghidra */
+  local_14 = (param_1[3] ^ 0x1337U) + 0x5eeded;
+  local_18 = 0;
+
+  while (local_18 < strlen(param_1))
+  {
+    if (param_1[local_18] < ' ')
+      return 1;
+
+    local_14 = local_14 + (param_1[local_18] ^ local_14) % 0x539;
+    local_18 = local_18 + 1;
+  }
+  printf("%d\n", local_14);
+
+  return 0;
+}

0x04 - Reverse Engineering Lab/xor.c

@@ -0,0 +1,20 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#define EAX 0x12
+
+int main()
+{
+  int c;
+  char str[]= "Q}|u`sfg~sf{}|a3";
+
+  for (int i = 0; i < 0x10; i++) {
+    c = str[i];
+    printf("XOR %c,0x%x = %c\n",
+      c,
+      EAX,     // EAX after SUB EDX,EAX; MOV EAX, EDX
+      (c^EAX)  // XOR CHAR BYTE, EAX 
+    );
+  }
+}

0x05 - Introduction to Memory Corruption/arg_input_echo.c

@@ -0,0 +1,20 @@
+#include <stdio.h>
+#include <string.h>
+
+int main(int argc, char *argv[])
+{
+	if(argc != 2)
+	{
+		printf("You gave %d arguments, which is not 1\n", argc-1);
+		return 1;
+	}
+	printf("Your input as a string: \'%s\'\n", argv[1]);
+	printf("The first 4 bytes of your input as characters: \'%c%c%c%c\'\n", argv[1][0], argv[1][1], argv[1][2], argv[1][3]);
+	printf("The first 4 bytes of your input as hex bytes: 0x%02x%02x%02x%02x\n", (unsigned char)argv[1][0], (unsigned char)argv[1][1], (unsigned char)argv[1][2], (unsigned char)argv[1][3]);
+	int* i = (int*)(argv[1]);
+	printf("The first 4 bytes of your input interpreted as an integer: %d\n", *i);
+	unsigned int* j = (unsigned int*)(argv[1]);
+	printf("The first 4 bytes of your input interpreted as an unsigned integer: %u\n", *j);
+
+	return 0;
+}

0x05 - Introduction to Memory Corruption/intro_to_memory_corruption/0-overflow_example/overflow_example.c

@@ -0,0 +1,21 @@
+#include <stdio.h>
+#include <string.h>
+
+int main(int argc, char *argv[]) {
+	int value = 5;
+	char buffer_one[8], buffer_two[8];
+
+	strcpy(buffer_one, "one"); /* put "one" into buffer_one */
+	strcpy(buffer_two, "two"); /* put "two" into buffer_two */
+
+	printf("[BEFORE] buffer_two is at %p and contains \'%s\'\n", buffer_two, buffer_two);
+	printf("[BEFORE] buffer_one is at %p and contains \'%s\'\n", buffer_one, buffer_one);
+	printf("[BEFORE] value is at %p and is %d (0x%08x)\n", &value, value, value);
+
+	printf("\n[STRCPY] copying %d bytes into buffer_two\n\n",  strlen(argv[1]));
+	strcpy(buffer_two, argv[1]); /* copy first argument into buffer_two */
+
+	printf("[AFTER] buffer_two is at %p and contains \'%s\'\n", buffer_two, buffer_two);
+	printf("[AFTER] buffer_one is at %p and contains \'%s\'\n", buffer_one, buffer_one);
+	printf("[AFTER] value is at %p and is %d (0x%08x)\n", &value, value, value);
+}

0x05 - Introduction to Memory Corruption/intro_to_memory_corruption/1-auth_overflow/auth_overflow.c

@@ -0,0 +1,32 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+int check_authentication(char *password) {
+	int auth_flag = 0;
+	char password_buffer[16];
+
+	strcpy(password_buffer, password);
+
+	if(strcmp(password_buffer, "brillig") == 0)
+		auth_flag = 1;
+	if(strcmp(password_buffer, "outgrabe") == 0)
+		auth_flag = 1;
+
+	return auth_flag;
+}
+
+int main(int argc, char *argv[]) {
+	if(argc < 2) {
+		printf("Usage: %s <password>\n", argv[0]);
+		exit(0);
+	}
+	if(check_authentication(argv[1])) {
+		printf("\n-=-=-=-=-=-=-=-=-=-=-=-=-=-\n");
+		printf("      Access Granted.\n");
+		printf("-=-=-=-=-=-=-=-=-=-=-=-=-=-\n");
+	} else {
+		printf("\nAccess Denied.\n");
+   }
+}
+

0x05 - Introduction to Memory Corruption/intro_to_memory_corruption/2-arg_input_echo/arg_input_echo.c

@@ -0,0 +1,20 @@
+#include <stdio.h>
+#include <string.h>
+
+int main(int argc, char *argv[])
+{
+	if(argc != 2)
+	{
+		printf("You gave %d arguments, which is not 1\n", argc-1);
+		return 1;
+	}
+	printf("Your input as a string: \'%s\'\n", argv[1]);
+	printf("The first 4 bytes of your input as characters: \'%c%c%c%c\'\n", argv[1][0], argv[1][1], argv[1][2], argv[1][3]);
+	printf("The first 4 bytes of your input as hex bytes: 0x%02x%02x%02x%02x\n", (unsigned char)argv[1][0], (unsigned char)argv[1][1], (unsigned char)argv[1][2], (unsigned char)argv[1][3]);
+	int* i = (int*)(argv[1]);
+	printf("The first 4 bytes of your input interpreted as an integer: %d\n", *i);
+	unsigned int* j = (unsigned int*)(argv[1]);
+	printf("The first 4 bytes of your input interpreted as an unsigned integer: %u\n", *j);
+
+	return 0;
+}

0x05 - Introduction to Memory Corruption/intro_to_memory_corruption/2-arg_input_echo/table.txt

@@ -0,0 +1,11 @@
++---------------------------------------+
+| command (ALL OUTPUT ABCD)		|
++---------------------------------------+
+| echo -ne "\x41\x42\x43\x44"		|
++---------------------------------------+
+| printf '\x41\x42\x43\x44'		|
++---------------------------------------+
+| python -c 'print "\x41\x42\x43\x44"'	|
++---------------------------------------+
+| perl -e 'print "\x41\x42\x43\x44";'	|
++---------------------------------------+

0x05 - Introduction to Memory Corruption/intro_to_memory_corruption/3-auth_overflow2/auth_overflow2.c

@@ -0,0 +1,32 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+int check_authentication(char *password) {
+	char password_buffer[16];
+	int auth_flag = 0;
+
+	strcpy(password_buffer, password);
+
+	if(strcmp(password_buffer, "brillig") == 0)
+		auth_flag = 1;
+	if(strcmp(password_buffer, "outgrabe") == 0)
+		auth_flag = 1;
+
+	return auth_flag;
+}
+
+int main(int argc, char *argv[]) {
+	if(argc < 2) {
+		printf("Usage: %s <password>\n", argv[0]);
+		exit(0);
+	}
+	if(check_authentication(argv[1])) {
+		printf("\n-=-=-=-=-=-=-=-=-=-=-=-=-=-\n");
+		printf("      Access Granted.\n");
+		printf("-=-=-=-=-=-=-=-=-=-=-=-=-=-\n");
+	} else {
+		printf("\nAccess Denied.\n");
+   }
+}
+