Part 19 – Hacking ADDS

For a complete table of contents of all the lessons please click below as it will give you a brief of each lesson in addition to the topics it will cover. https://github.com/mytechnotalent/Reverse-Engineering-Tutorial

Let’s once again re-examine our code:

Part 19 – Hacking ADDS - 图1

We again add 100 decimal into r1, 4,294,967,295 into r2. We then add r1 and r2 and place in r0.

Lets debug:

Part 19 – Hacking ADDS - 图2

We again see adds which sets the flags in the CPSR. We have to remember when we debug in GDB, the value of the CPSR is in hex. In order to see what flags are set, we must convert the hex to binary. This will make sense as we start to debug and hack this example in the coming tutorials.

We need to remember that bits 31, 20, 29 and 28 in the CPSR indicate the following:

bit 31 - N = Negative Flag

bit 30 - Z = Zero Flag

bit 29 - C = Carry Flag

bit 28 - V = Overflow Flag

We see the CPSR at 10 hex. 10 hex in binary is 0001.

Therefore if the value in binary was 0001 of bit 31, 30, 29 and 28 (NZCV) that would mean:

Negative Flag NOT Set

Zero Flag NOT SET

Carry Flag NOT SET

Overflow Flag Set

Lets take a look if we step again:

Part 19 – Hacking ADDS - 图3

We see 4294967295 decimal or 0xffffffff in r2. We know if we step again we will cause the CPSR to change from 0001 to 0010 which means:

The value in binary is 0010 of bit 31, 30, 29 and 28 (NZCV) that would mean:

Negative Flag NOT Set

Zero Flag NOT SET

Carry Flag SET

Overflow Flag NOT Set

This action sets the carry flag. However lets hack:

Part 19 – Hacking ADDS - 图4

We hacked r2 and changed the value to 1 decimal and 0x1 hex. NOW we know before the CPSR went to 0010 last time however now that we hacked this, lets see what happens to the CPSR when we step.

Part 19 – Hacking ADDS - 图5

BAM! We hacked it and see r0 is 101 and therefore did NOT trigger the carry flag and kept the CPSR at 0x10 hex which means 0001 binary which means:

Therefore if the value in binary was 0001 of bit 31, 30, 29 and 28 (NZCV) that would mean:

Negative Flag NOT Set

Zero Flag NOT SET

Carry Flag NOT SET

Overflow Flag Set

It is so important that you understand this lesson in its entirety. If not, please review the last two weeks lessons.

Next week we will dive into ADC.