Upgrade to Pro — share decks privately, control downloads, hide ads and more …

自作バイナリエディタを用いたバイナリ解析

@tkmru
March 05, 2016
Programming
3
2.2k

 自作バイナリエディタを用いたバイナリ解析

セキュリティ・キャンプ・フォーラム 2016/03/04

@tkmru

March 05, 2016
Tweet

More Decks by @tkmru

See All by @tkmru
ipa-medit: Memory search and patch tool for IPA without Jailbreaking/ipa-medit-bh2022-europe
tkmru
0
250
Ipa-medit: Memory modification tool for iOS apps without Jailbreaking/ipa-medit-codeblue2022
tkmru
0
120
趣味と実益のための著名なOSSライブラリ起因の脆弱性の探求/seccamp2021-b5
tkmru
0
4.5k
Ipa-medit: Memory Search and Patch Tool for IPA Without Jailbreaking @Black Hat USA 2021 Arsenal/ipa-medit-bh2021-usa
tkmru
1
4k
Learn the essential way of thinking about vulnerabilities through post-exploitation on middlewares (MySQL/PostgreSQL編)/seccamp2020-b8
tkmru
3
760
apk-medit: memory search and patch tool for debuggable APK @CODE BLUE 2020 Bluebox
tkmru
0
180
apk-medit: memory search and patch tool for debuggable APK @Black Hat USA 2020 Arsenal/apk-medit-bh2020-usa
tkmru
0
3.9k
めんどうくさいゲームセキュリティ
tkmru
20
10k
Linux Rootkit Internals
tkmru
1
1.8k

Other Decks in Programming

See All in Programming
[技育CAMPアカデミア]アイディアを形に!【超入門】スマホアプリ開発〜リリースまでの流れをご紹介
teamlab
PRO
0
380
Apache Hive 4 on Treasure Data
ryukobayashi
0
330
AWS Application Composerで始める、 サーバーレスなデータ基盤構築 / 20240406-jawsug-hokuriku-shinkansen
kasacchiful
1
260
Git Lint
bkuhlmann
4
750
CA.swift19 恋するAIアプリ開発の裏側
oskmr
0
360
DMMプラットフォームがTiDB Cloudを採用した背景
pospome
8
4.1k
見た目から始める生産性向上
ikumatadokoro
7
850
StoreKit2によるiOSのアプリ内課金のリニューアル
kangnux
0
110
FigmaとPHPで作る1ミリたりとも表示崩れしない最強の帳票印刷ソリューション
ttskch
43
19k
Hanami and htmx
bkuhlmann
0
210
エンターテイメント業界で利用されるAWS
demuyan
0
210
Compose-View Interop in Practice (mDevCamp 2024)
stewemetal
0
140

Featured

See All Featured
Designing Dashboards & Data Visualisations in Web Apps
destraynor
226
51k
Reflections from 52 weeks, 52 projects
jeffersonlam
345
19k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
60
14k
Making the Leap to Tech Lead
cromwellryan
124
8.5k
Typedesign – Prime Four
hannesfritz
36
2.1k
The Power of CSS Pseudo Elements
geoffreycrofte
60
5k
A Philosophy of Restraint
colly
197
16k
Build your cross-platform service in a week with App Engine
jlugia
225
17k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
155
14k
RailsConf 2023
tenderlove
4
540
The Art of Programming - Codeland 2020
erikaheidi
42
12k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
19
1.7k

Transcript

  1. ࣗ࡞όΠφϦΤσΟλΛ ༻͍ͨόΠφϦղੳ ˏtkmru ͚ͨ·Δ 2016-03-04 Fri Security Camp Forum

  2. ୭ʁ • ໊લ: ͚ͨ·Δ (@tkmru) • ॴଐ: ๭େֶ ৘ใཧ޻ֶ෦ •

    CTFνʔϜ: TomoriNao

  3. ༑རಸॹ(SECCON 2015 Intercollege)

  4. None

  5. ຊ୊͸༑རಸॹͰͳ͘ ʮࣗ࡞όΠφϦΤσΟλΛ ༻͍ͨόΠφϦղੳʯ

  6. όΠφϦΤσΟλͱ͸ • ͲΜͳϑΝΠϧͰ΋16ਐ਺Ͱදࣔ͢Δ • ͋΍͍͠ϑΝΠϧΛ࠷ॳʹͿͪࠐΉιϑτ

  7. BZ http://www.forest.impress.co.jp/library/img/review/10014/html/bz1.jpg.html

  8. Stirling http://1.bp.blogspot.com/-O5txkaVlhRg/US3i8jFWvjI/AAAAAAAAdTA/uaDiY_RHDMc/s1600/02.png

  9. ໨grep • όΠφϦΤσΟλ্ͰΑ͘ߦΘΕΔղੳٕ๏ • ໨ࢹͰॏཁͦ͏ͳσʔλΛݟ͚ͭΔߦҝ • Ή͔͍ͣ͠

  10. ʮҰൠతʹ໨grep͸όΠφϦΤ σΟλʹ౥ࡌ͞Ε͍ͯΔϏοτϚο ϓϏϡʔΛۦ࢖͠ɺ ஁͑ΒΕͨ ؟ྗɺݚ͗੅·͞Εͨ໺ੜͷצ ʹΑͬͯൃش͞ΕΔೳྗͰ͋Γɺ ஁࿅ͷ౓߹͍ʹΑͬͯେ͖͘ݸਓ ͕ࠩੜ͡ΔೳྗͰ͋Δɻʯ https://gist.github.com/yoggy/4116843

  11. ϓϩʹ͔͠Ͱ͖ͳ͍

  12. طଘͷόΠφϦΤσΟλ΁ͷෆຬ • mac޲͚ʹ͸σϑΝΫτελϯμʔυͱ͍͑ Δ΋ͷ͕ͳ͍ • ϓϩͰ͸ͳ͍ਓ͕໨grep͢Δͱݟམͱ͕͠ൃ ੜ͢Δ → ΫϩεϓϥοτϑΥʔϜͰղੳΛࣗಈԽͯ͠ ͘ΕΔόΠφϦΤσΟλ͕΄͍͠

  13. ͦ͜Ͱࣗ࡞όΠφϦΤσΟλ

  14. biwx(ͼ͎ͬ͘͢)

  15. ࡐྉ • Python • wxPython - C++ͷGUIϥΠϒϥϦ ʮwxWidgetsʯͷϥούʔ binary editor

    + wxPython = biwx

  16. ಛ௃ • ΫϩεϓϥοτϑΥʔϜ • Φʔϓϯιʔε • ϑΝΠϧͷγάωΠνϟΛ৭෼͚ • ৄࡉ৘ใΛදࣔ(γάωΠνϟͷ৔ॴɺPDFͷύʔε) •

    ࣗಈղੳػೳ

  17. ࣗಈղੳػೳ • ૊Έࠐ·ΕͨϑΝΠϧͷ੾Γग़͠ • όΠφϦͷ୯७ͳ੾Γग़͠ • PDFͷࣗಈύʔε

  18. σϞ1 SECCON CTF 2015 Steganography 1 MrFusion.gpjb

  19. MrFusion.gpjb • Α͘෼͔Βͳ͍ϑΝΠϧ͕༩͑ΒΕΔ • ͳ͔ʹෳ਺ͷը૾ϑΝΠϧ͕Ӆ͞Ε͍ͯΔ • औΓग़ͯ͠ॱ൪ʹಡΊ͹౴͕͑෼͔Δ

  20. flag SECCON{OCT 21 2015 0728}

  21. σϞ2 malicious PDFͷղੳ

  22. malicious PDFͷղੳ • PDFʹ͸JavaScriptίʔυΛຒΊࠐΊΔ • Adobe ReaderͰ JavaScript ࣮ߦݖݶ͕༗ޮ ʹͳ͍ͬͯΕ͹࣮ߦ͞ΕΔ

  23. ࠓޙͷల๬ • ࣗಈղੳػೳͷ֦ॆ • γΣϧίʔυͷղੳ • ղੳऀ͕Ѫ༻͢Δπʔϧʹҭ͍͖͍ͯͯͨ

  24. ͝ਗ਼ௌ͋Γ͕ͱ͏͍͟͝·ͨ͠