mirror, mirror on the wall

mirror, mirror on the wall

Hardcoded passwords

Posted on .

$ vim 1.c

#include 

main()
{
        char *token[]={
                "prase",
                "kon",
                "guz"
        };

        int i;

        return 0;
}

$ gcc -g 1.c # with debug

$ gdb ./a.out

GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd"...
(gdb) break main
Breakpoint 1 at 0x4005b4: file 1.c, line 9.
(gdb) run
Starting program: /data/dev/tmp/a.out

Breakpoint 1, main () at 1.c:9
9               };
(gdb) info locals
token = {0x1 , 0x1 , 0x7fffffffd7e0 ""}
i = 0
(gdb) next
13              return 0;
(gdb) info locals
token = {0x400623 "prase", 0x400629 "kon", 0x40062d "guz"}
i = 0
(gdb) quit

$ gcc 1.c # without debug

$ gdb ./a.out

GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "amd64-marcel-freebsd"...(no debugging symbols found)...
(gdb) break main
Breakpoint 1 at 0x4005b4
(gdb) run
Starting program: /data/dev/tmp/a.out
(no debugging symbols found)...(no debugging symbols found)...
Breakpoint 1, 0x00000000004005b4 in main ()
(gdb) info locals
No symbol table info available.
(gdb) disassem
Dump of assembler code for function main:
0x00000000004005b0 :    push   %rbp
0x00000000004005b1 :    mov    %rsp,%rbp
0x00000000004005b4 :    movq   $0x400623,-0x20(%rbp)
0x00000000004005bc :   movq   $0x400629,-0x18(%rbp)
0x00000000004005c4 :   movq   $0x40062d,-0x10(%rbp)
0x00000000004005cc :   mov    $0x0,%eax
0x00000000004005d1 :   leaveq
0x00000000004005d2 :   retq
0x00000000004005d3 :   nop
0x00000000004005d4 :   nop
0x00000000004005d5 :   nop
0x00000000004005d6 :   nop
0x00000000004005d7 :   nop
0x00000000004005d8 :   nop
0x00000000004005d9 :   nop
0x00000000004005da :   nop
0x00000000004005db :   nop
0x00000000004005dc :   nop
0x00000000004005dd :   nop
0x00000000004005de :   nop
0x00000000004005df :   nop
End of assembler dump.
(gdb) print (char *)0x400623
$12 = 0x400623 "prase"
(gdb) print (char *)0x400629
$13 = 0x400629 "kon"
(gdb) print (char *)0x40062d
$14 = 0x40062d "guz"

Just as reminder.

About

github

Creative Commons

RSS