diff --git a/.gitignore b/.gitignore index 9bb6336..b4d88f7 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,5 @@ +.vscode/ + ## Core latex/pdflatex auxiliary files: *.aux *.lof diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..e69de29 diff --git a/doc/1.6.4_block_cipher.md b/doc/1.6.4_block_cipher.md index 57dc77a..18de5ad 100644 --- a/doc/1.6.4_block_cipher.md +++ b/doc/1.6.4_block_cipher.md @@ -18,6 +18,9 @@ ## 分组密码概述 #### Feistel 密码结构 +Feistel 结构是分组密码的一个通用结构。其加密算法的输入是长度为 2*w* 比特的明文分组及密钥 *K*。明文分组被分为两半:![L0][1] 和 ![R0][2] + +![](../pic/1.6.4_feistel.png) ## 数据加密标准 @@ -48,3 +51,7 @@ - [Data Encryption Standard](https://en.wikipedia.org/wiki/Data_Encryption_Standard) - [Advanced Encryption Standard](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) - [Block cipher mode of operation](https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation) + + + [1]: http://chart.apis.google.com/chart?cht=tx&chl=L_0 + [2]: http://chart.apis.google.com/chart?cht=tx&chl=R_0 diff --git a/doc/6.1.9_rhme3_exploitation.md b/doc/6.1.9_rhme3_exploitation.md index 21f04c1..3d130c0 100644 --- a/doc/6.1.9_rhme3_exploitation.md +++ b/doc/6.1.9_rhme3_exploitation.md @@ -18,6 +18,32 @@ Partial RELRO Canary found NX enabled No PIE No RPATH No RU ``` 64 位程序,保护措施除了 PIE 都开启了。 +但其实这个程序并不能运行,它是一个线下赛的题目,会对做一些环境检查和处理,直接 nop 掉就好了: +``` +| 0x004021ad bf18264000 mov edi, 0x402618 +| 0x004021b2 e87ceeffff call sym.background_process +| 0x004021b7 bf39050000 mov edi, 0x539 ; 1337 +| 0x004021bc e85eefffff call sym.serve_forever +| 0x004021c1 8945f8 mov dword [local_8h], eax +| 0x004021c4 8b45f8 mov eax, dword [local_8h] +| 0x004021c7 89c7 mov edi, eax +| 0x004021c9 e8c6f0ffff call sym.set_io +``` +``` +$ python2 -c 'print "90"*33' > nop.txt +``` +``` +[0x00400ec0]> s 0x004021ad +[0x004021ad]> cat ./nop.txt +909090909090909090909090909090909090909090909090909090909090909090 +[0x004021ad]> wxf ./nop.txt +``` + +最后把它运行起来: +``` +$ socat tcp4-listen:10001,reuseaddr,fork exec:"LD_PRELOAD=./libc.so.6 ./main.elf" & +``` + ## 题目解析 玩一下,一看就是堆利用的题目: diff --git a/pic/1.6.4_feistel.png b/pic/1.6.4_feistel.png new file mode 100644 index 0000000..f8e3fd4 Binary files /dev/null and b/pic/1.6.4_feistel.png differ