Part 36 - x64 C++ 3 Hacking [Part 3]
For a complete table of contents of all the lessons please click below as it will give you a brief of each lesson in addition to the topics it will cover. https://github.com/mytechnotalent/Reverse-Engineering-Tutorial
Let’s review our code:
Compile:
Run:
Let’s remember this line above when we compare against our hacked binary.
Let’s open up our binary for write mode and simply analyze the binary.
Ok, there is a lot going on here. Let’s break it down. First, we open up Radare 2 in write mode by typing ‘r2 -w ./1‘ and then use the ‘aaa‘ command to analyze the binary. We then use ‘s sym.main‘ to seek to the main routine of the binary which is our entry point. We then do a ‘pdf‘ command to disassemble the binary.
We see what we refer to as the prologue where we push rbp the stack base pointer onto the stack. We then move rsp into rbp for safe keeping and then we reserve 0x10 hex bytes or 16 decimal bytes on the stack to make room for our string.
If none of this makes sense please go back to the beginning of the tutorial series to review basic assembly and the registers as it is CRITICAL you understand this before we move forward.
We can clearly see the qword of ‘Hello World\n‘ at memory address 0x2005 and then we see our C++ library call for the output stream which is cout to display our string to the terminal.
Let’s examine 0x2005 to verify that our string is at that location:
NOW TIME FOR THE HACK!
Let’s hack the value to something like:
Now let’s see what is now inside memory value @ 0x2005!
BOOM! As we can see we have hacked the value and when we quit Radare 2 it will write it and modify our binary as such.,
As you can see we have hacked the binary! This is very basic but now you have an elementary level of understanding of Reverse Engineering a C++ binary.
Next week we will continue our journey into C and step-by-step reverse engineering.