summaryrefslogtreecommitdiff
path: root/content/blog/cs166-tips-tricks.md
diff options
context:
space:
mode:
Diffstat (limited to 'content/blog/cs166-tips-tricks.md')
-rw-r--r--content/blog/cs166-tips-tricks.md36
1 files changed, 18 insertions, 18 deletions
diff --git a/content/blog/cs166-tips-tricks.md b/content/blog/cs166-tips-tricks.md
index 82a17e9..f9bbb8c 100644
--- a/content/blog/cs166-tips-tricks.md
+++ b/content/blog/cs166-tips-tricks.md
@@ -23,13 +23,13 @@ A very light, Windows-only hex editor. I use it on my laptop for quick things. I
ImHex <https://imhex.werwolv.net/>
-Much more powerful, but heavier. It has builtin support for pattern matching, processing, disassembly, etc. It also just looks _really really nice_, 200% eye candy factor.
+Much more powerful, but heavier. It has built-in support for pattern matching, processing, disassembly, etc. It also just looks _really really nice_, 200% eye candy factor.
## C compiler
Some assignments supply C source code that you'll have to compile. In general, they are not compatible with MSVC (Visual Studio), so special care needs taken on Windows.
- macOS: install Xcode Command Line Tools, which contains an Apple-flavored clang. Alternatively, install either clang or gcc from [Homebrew](https://brew.sh/).
-- Liunx: your distro's gcc will do. Or clang if you like that. Honestly if you use Linux why are you even reading this section, go away. :P
+- Linux: your distro's gcc will do. Or clang if you like that. Honestly if you use Linux why are you even reading this section, go away. :P
- Windows: install some flavor of gcc
- I highly recommend <https://nuwen.net/mingw.html>
It’s tiny, just a zip file. Unzip it, you get a `open_distro_window.bat`, which when opened gives you a terminal with everything setup. There is _zero_ room for `PATH` to go wrong.
@@ -38,7 +38,7 @@ Some assignments supply C source code that you'll have to compile. In general, t
{{< details summary="What's MinGW and what does it have to do with msys2 and cygwin" >}}
In short, gcc is to MinGW as Linux is to distros.
-gcc is a whole bunch of code that can turn C source code, among other things, into an executable. It's designed to run on various \*nix platforms.
+gcc is a bunch of code that can turn C source code, among other things, into an executable. It's designed to run on various \*nix platforms.
MinGW is a bunch of extra code _on top of gcc_ to make it (1) run on Windows, and (2) produce Windows ("PECOFF") executable.
@@ -50,7 +50,7 @@ For MinGW, these projects do the same job:
- https://cygwin.com/ \
This one tries to emulate the *nix environment on Windows. Comes with quite a few extra programs like bash. _See google._
- https://www.msys2.org/ \
- This one builds a whole bunch of softwares in addition to MinGW: bash, make, etc. It's quite complicated, due to those software requring compatibility layers like cygwin to function. I won't explain here. _See google._
+ This one builds a bunch of software in addition to MinGW: bash, make, etc. It's quite complicated, due to those software requiring compatibility layers like cygwin to function. I won't explain here. _See google._
- etc.
Regardless of which one you download, you get a copy of gcc (and MinGW). The difference is the default configs, and the extra software they ship with gcc.
@@ -69,17 +69,17 @@ I am talking specifically about the offline disassembly and analysis functions.
I recommend **Ghidra** because that's what I use.
Realistically, for the things you'll do in this class, either choice will work just fine.
-Similarly, comments below are targeted to use for this class. They're are shallow on purpose.
+Similarly, comments below are targeted to use for this class. They're shallow on purpose.
- [Ghidra](https://ghidra-sre.org). Completely free and open-source. Looks kind of ugly but once you get over that and interaction logic, it's good.
-- [ ] [IDA Pro](https://hex-rays.com/ida-pro). Slightly closer eye candy. The built-in pattern matching works slightly better. Lots of people like it, so it (must also be) good. _This costs money_, there is a [free version](https://hex-rays.com/ida-free) but it doesn't come with a decompiler... not good.
+- [IDA Pro](https://hex-rays.com/ida-pro). Slightly closer eye candy. The built-in pattern matching works slightly better. Lots of people like it, so it (must also be) good. _This costs money_, there is a [free version](https://hex-rays.com/ida-free), but it doesn't come with a decompiler... not good.
- According to legend, alfs who have passed the great challenge will be rewarded a completely legitimate, legal way of using IDA Pro. Let the brave thus sail forth.
+ According to legend, all who have passed the great challenge will be rewarded a completely legitimate, legal way of using IDA Pro. Let the brave thus sail forth.
-- [Binary Ninja](https://binary.ninja). Apparently this is a thing so I'm including it here for completeness, never used, never heard until today, no remarks.
+- [Binary Ninja](https://binary.ninja). Apparently this is a thing, so I'm including it here for completeness, never used, never heard until today, no remarks.
-None of these are intuitive, so please consult the respective _manuals_ and youtube _tutorial videos_ copiously. I shall not provide any guidance here because this blog will turn into the thickness of _Critique of Pure Reason_ or something.
+None of these are intuitive, so please consult the respective _manuals_ and YouTube _tutorial videos_ copiously. I shall not provide any guidance here because this blog will turn into the thickness of _Critique of Pure Reason_ or something.
## x86 Dynamic Analysis
@@ -91,9 +91,9 @@ I really like [x64dbg](https://x64dbg.com) (which does both x86\_32 and x86\_64)
As of the writing of this blog, I shall claim FernFlower is the best Java decompiler available._<sub>runs<sub><sub>don't slap me don't slap me</sub></sub></sub>_
-Admittedly, I'm biased because I worked on Minecraft modding for a while, and Fernflower is what the whole community settled on... anyways!
+Admittedly, I'm biased because I worked on Minecraft modding for a while, and FernFlower is what the whole community settled on... anyways!
-It's bundled in **IntelliJ IDEA**. You can just open any .class file and it will decompile.
+It's bundled in **IntelliJ IDEA**. You can just open any .class file, and it will decompile.
It's also available as a **CLI tool**. If you're going this route, consider using one of the forks that grew from the Minecraft modding efforts, such as [Vineflower](https://vineflower.org). It's not going to matter for whatever you'll be doing in this class, but support their efforts!
@@ -107,14 +107,14 @@ I did end up in quite a rabbit hole trying to find the exact solution. These are
- https://math.stackexchange.com/questions/1539271/probability-of-exactly-two-pairs-share-a-birthday-and-each-pair-shares-differen
{{< details summary="More hint" >}}
-It's the square root approximation that’s implied, but much glossed over in the textbook. Fuller explaination here:
+It's the square root approximation that’s implied, but much glossed over in the textbook. Fuller explanation here:
https://en.m.wikipedia.org/wiki/Birthday_problem#Square_approximation
{{< /details >}}
## Problem 24 - MD5 collision
### I'm getting different hashes
The messages are supposed to be binary files, but the textbook gave them in hex codes.
-You probably need something like `xxd -r -p`, or [powershell](https://stackoverflow.com/a/64927815), or your hex editor of choice, to turn it into a binary message.
+You probably need something like `xxd -r -p`, or [PowerShell](https://stackoverflow.com/a/64927815), or your hex editor of choice, to turn it into a binary message.
{{< details >}}
Something like these will work:
@@ -146,7 +146,7 @@ FYI, `cut` is used to strip the address column from the string.
{{< /details >}}
## Problem 39 - stenography
-### Getting a blank PDF on windows
+### Getting a blank PDF on Windows
The given `stegoRead.c` and `stego.c` is using `fopen(2)` in text mode, and CRT on Windows _may_ expand byte sequence 0A (\n) to 0D 0A (\r\n). I'm honestly not sure when it decides to do that.
Add `b` to the mode of all instances of `fopen(...)`. For example, change `fopen(outfname, "w")` into `fopen(outfname, "wb")`
@@ -162,7 +162,7 @@ If you have macOS/Linux, they should all work just fine in Wine (or variants it
## x86 assembly
You'll need a basic understanding of x86 32-bit assembly for this chapter. Very little is required, so whatever you know above another assembly should be transferable.
-General tip 0: x86 assembly has 2 syntax flavors, AT&T and Intel. Internet resources may use either, just be ware. GCC and whatnot by default produces AT&T syntax (🤮); if you see lots of % everywhere, or things like `movq` it's this. The textbook and all the reverse engineering tools use Intel syntax (💖 as they should); if you see square brackets `[rip+32h]` or bare `mov`'s, it's this.
+General tip 0: x86 assembly has 2 syntax flavors, AT&T and Intel. Internet resources may use either, just beware. GCC and whatnot by default produces AT&T syntax (🤮); if you see lots of % everywhere, or things like `movq` it's this. The textbook and all the reverse engineering tools use Intel syntax (💖 as they should); if you see square brackets `[rip+32h]` or bare `mov`'s, it's this.
General tip 1: `je`/`jz` and `jne`/`jnz` are the same instructions, just different mnemonics. You can always replace either with an unconditional `jmp` in place, they have the same encoding length.
@@ -173,9 +173,9 @@ General tip 3: almost all the string literals are contained in the `.rdata` sect
General tip 4: `rip` is the instruction pointer. Your debugger probably has a "set `rip` here" function to jump around.
## The program just exits immediately after I type something
-Basically, when you double click to open a .exe that's a [Console program](https://stackoverflow.com/questions/574911), Windows only keeps the terminal open for as long as the program is running. Since the program exits right after it prints the last thing, it'll "exit immediately after I type something".
+Basically, when you double-click to open a .exe that's a [Console program](https://stackoverflow.com/questions/574911), Windows only keeps the terminal open for as long as the program is running. Since the program exits right after it prints the last thing, it'll "exit immediately after I type something".
-The proper way to do this is open a Cmd or Powershell window, run the .exe from inside like `path/to/my/program.exe`.
+The proper way to do this is open a Cmd or PowerShell window, run the .exe from inside like `path/to/my/program.exe`.
This is exactly the same thing as running a command-line program on macOS or Linux: you open Terminal.app, Konsole, Gnome Terminal or whatever, and type `/path/to/my/program`
-To save you some head scratching: Note that in Powershell supports `cd D:/path/to/my/folder` directly, but Cmd you have to **type `D:` on it's own to switch drive**, followed by a separate command `cd D:/path/to/my/folder` to change directory in that drive.
+To save you some head scratching: Note that in PowerShell supports `cd D:/path/to/my/folder` directly, but Cmd you have to **type `D:` on its own to switch drive**, followed by a separate command `cd D:/path/to/my/folder` to change directory in that drive.
generated by cgit v1.3.1 (git 2.54.0) at 2026-06-05 00:05:06 +0000