vuln: auditing source code

most common vulnerabilities:

  • memory corruption: same data copied into memmory parts not assigned for it. often comes with these functions:
    • strcat, strcpy, sprintf, gets,…
  • data type bugs: types interchanged
    • e.g., library function expects short and one overhands int
  • metachar injection: when getting input and executed
    • use metachar of the specified language and even underlying lib
    • sql injection: try to trick the input field to give back data that wasnt planned
  • tips:
    • check size calculations
    • dynamic memory alloc (malloc,..)
    • pointer arithmetic

it basics: types and number representation

types (int,long,..) often vary in size and therfore one uses standard types: qtypes_t where q is a qualifier, type is the base type, s is the width in bits and _t is an extension so you know you are using the C99 defined types (e.g., uint8_t)

negative binary number representations:

  1. sign bit: one bit is specialized as a sign bit
  2. one’s complement:
    • “not” operator applied to positive number yields neg. number
    • advantage: subtraction is easy (just add and also add additional carry over bit)
  3. two’s complement:
    • same as one’s comp. but you always add an additional one
    • advantag: subtraction is even easier (just add) and all simple math op. are now easy to manage



machine level code

  • eip: address in memory of next instruction
  • registers: some hold important addresses other used for temporary data
    • on 32-bit architecture 8 registers are used
    • 2 have special meaning:
      • Stack pointer: esp
      • frame pointer: ebp
    • others are general purpose for most part: eax,ebx,ecx,edx,edi,esi
    • either 32bit pointers (e??) or 16bit version (??)
    • e?x can also be accessed as 8bit pointer: ?h, ?l
    • example: eax, ax, ah, al
  • different notations: GAS (gnu assembly) is used here
  • instructions can have arguments(operands)
    • immediate/const
      • using $ notation: $0x1F
    • register
      • using value stored within an register
      • notation: %eax: use eax as value
    • memory
      • get value within some memory block
      • different notations:
        • (%eax): get value stored in memory refernced from eax
        • 0x123: get value from address 0x123
  • data movement:
    • move:
      • movl src, dst
      • movl $eax,$ebx:
    • push/pop from stack:
      • push src
      • pop dst
  • stack
    • grows downward: top element has lowest addr
    • convention: draw stack upside-down
    • esp: holds addr of top elem in stack
    • pushing dword:
      • decrementing esp by 4
      • push val into addr of esp

program  memory used for: object code, OS info, run-time stack for managing procedure calls and returns, and blocks of memory allocated by the user. addressed using virtual addresses.




a compiler translates source code into machine level code

  1. preprocessor: inlcudes and macros are expanded
  2. compiler: generates assembly code
  3. compiler: generates binary object code
  4. linker: links object code with std. libr functions (e.g. printf) and creates executable


    • just show assembly from c source file:
      gcc -O2 -S code.c
    • compile and assemble to create object file:
      gcc -O2 -c code.c
    • to disassemble an object file again:
      objdump -d code.o
    • actually creating an executable (linking object files and one needs to have a main file):
      gcc -O2 -o prog code.o main.c

I used these example files:

int accum = 0;

int sum(int x, int y) 4{
  int t = x + y;
  accum += t;
  return t;
int main(){
  return sum(1,3);

git usage

super easy explanation given in this link

the usual workflow for changing is as follows:

    1. local changes
    2. add: local index
    3. commit: local head

push: repository

the commands:

  • adding files:
    • git add <file>
    • git add *
  • committing changes to local index:
    • git commit -m “msg”
  • pushing to the repo:
    • git push
    • git push origin master
  • mit repo zu aktualisieren:
    • git pull
  • check status:
    • git status
  • set name/email:
    $ git config --global "John Doe"
    $ git config --global

openssl for ssl certs

openssl can work well with ssl certs.

the following links explains the following points in detail:

  • create private keys (domain.key)
  • create certificate requests (domain.csr)
  • create certificates (domain.crt)
  • view certificates
  • converting certificate formats (PEM<->DER<->PKCS7<->PKCS12)

other useful cmds:

  • checking the remote cert:
     $ openssl s_client -servername -connect | openssl x509 -text


use mmcli for sending SMS

I use an UMTS modem with my raspberry pi 1.

the package mmcli is quite useful for handling the modem (e.g., sending SMS,..)

    • list modems:
      $ mmcli -L
      Found 1 modems:
      	/org/freedesktop/ModemManager1/Modem/0 [huawei] E176
      • retrieve modem id from the output (here it is: 0)
    • enable modem:
      $ sudo mmcli -m 0 -e
      successfully enabled the modem
    • create sms:
      $ sudo mmcli -m 0 --messaging-create-sms="text='Hello world',number='+1234567890'"
      Successfully created new SMS:
      	/org/freedesktop/ModemManager1/SMS/12 (unknown)
      • retrieve sms id from output (here: 12)
    • send sms:
      $ sudo mmcli -s 12 --send
      successfully sent the SMS
    • list modem settings:
      • full:
        $ mmcli -m 0
      • simplified output:
        $ mmcli -m 0 --simple-status
    • list sms in memory:
      $ mmcli -m 0 --messaging-list-sms
    • read received sms:
      $ mmcli -s XY

      where XY is a number from the list sms statement