Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Binary Exploitation - Basic 補充篇
Search
LJP-TW
May 26, 2021
Technology
1
44
Binary Exploitation - Basic 補充篇
2021/05/26 台科資安社 社課
直播記錄檔:
https://www.youtube.com/watch?v=I3X69ADZOnw
- TLS
LJP-TW
May 26, 2021
Tweet
Share
More Decks by LJP-TW
See All by LJP-TW
Reverse Engineering - 1
ljptw
0
1.6k
Reverse Engineering - 2
ljptw
0
720
Reverse Engineering - 3
ljptw
0
560
Re:0 從零開始的逆向工程
ljptw
1
1.2k
Linux 極入門篇
ljptw
1
280
Fuzzing 101
ljptw
1
170
Binary Exploitation - File Structure
ljptw
1
280
Binary Exploitation - Heap
ljptw
1
150
Binary Exploitation - Basic
ljptw
1
110
Other Decks in Technology
See All in Technology
開発者が知っておきたい複雑さの正体/where-the-complexity-comes-from
hanhan1978
6
2.4k
Datadog On-Call と Cloud SIEM で作る SOC 基盤
kuriyosh
0
160
仕様は“書く”より“語る” - 分断を超えたチーム開発の実践 / 20251115 Naoki Takahashi
shift_evolve
PRO
1
290
AIでテストプロセスを自動化しよう251113.pdf
sakatakazunori
0
100
エンジニア採用と 技術広報の取り組みと注力点/techpr1112
nishiuma
0
130
“それなりに”安全なWebアプリケーションの作り方
xryuseix
0
270
[JDDStudy #10] 社内Agent勉強会の取り組み紹介
yp_genzitsu
1
130
LINE公式アカウントの技術スタックと開発の裏側
lycorptech_jp
PRO
0
340
お試しで oxlint を導入してみる #vuefes_aftertalk
bengo4com
2
1.4k
品質保証の取り組みを広げる仕組みづくり〜スキルの移譲と自律を支える実践知〜
tarappo
2
840
嗚呼、当時の本番環境の状態で AI Agentを再評価したいなぁ...
po3rin
0
400
コンピューティングリソース何を使えばいいの?
tomokusaba
1
130
Featured
See All Featured
Designing Experiences People Love
moore
142
24k
Agile that works and the tools we love
rasmusluckow
331
21k
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
4.1k
The Illustrated Children's Guide to Kubernetes
chrisshort
51
51k
Automating Front-end Workflow
addyosmani
1371
200k
Learning to Love Humans: Emotional Interface Design
aarron
274
41k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
31
2.9k
Building Applications with DynamoDB
mza
96
6.7k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
31
2.7k
Context Engineering - Making Every Token Count
addyosmani
9
380
Fantastic passwords and where to find them - at NoRuKo
philnash
52
3.5k
How Fast Is Fast Enough? [PerfNow 2025]
tammyeverts
3
310
Transcript
2021/5/26 NTUSTISC Binary Exploitation aka Pwn Basic 補充篇
# whoami - LJP / LJP-TW - Pwn / Rev
- NTUST / NCTU / NYCU - 10sec CTF Team 1
Outline - TLS 2
TLS 3
TLS - TLS 全名 Thread-Local Storage - Linux x64 使用
fs 暫存器記著 TLS 的位置 - Stack Canary 就是存在 TLS 中 4
TLS - fs 為 Segment Register - 計算方式 reg:offset =
ref + offset - 這時候你用 gdb 想看一下 fs 等於多少卻發現 - 難道 Canary 從 [0+0x28] 拿來的?? 5
TLS - GDB 也是 Process, fs = 0 是指 GDB
自己的 fs - 所以要怎麼拿到觀測中的 Process 的 fs? - 呼叫 arch_prctl 6 Ref: https://fasterthanli.me/series/making-our-own-executable-packer/part-13
TLS - Pwngdb 有實作取得 TLS 的功能 - 閱讀一下怎麼實作的, 發現其實一樣 -
https://github.com/scwuaptx/Pwngdb/blob/master/pwndbg/pwngdb.py#L77 7
TLS Demo 8
ljptw
hanhan1978
kuriyosh
shift_evolve
sakatakazunori
nishiuma
xryuseix
yp_genzitsu
lycorptech_jp
bengo4com
tarappo
po3rin
tomokusaba
moore
rasmusluckow
kastner
chrisshort
addyosmani
aarron
danielanewman
mza
bluesmoon
philnash
tammyeverts
