Programming Homework Help

TASK:

Using the ASM code below describe all items in section “It is requested”.

There is no need for introductory part, please, get right to the analysis.

Good quality and readable screenshots with description are a must.

Attached document is a course material on Reverse Engineering for your convenience. In the end of the document there are practical cases examples.

STATEMENT

An executable binary file has been obtained that, after its execution, shows a text with a numeric code. This code is generated from a text string stored in the binary itself.

After listing the ASM code, the binary file was deleted and it is not possible to access it, only the ASM code copied at the end of the exercise.

It is necessary to be able to reuse said code generation algorithm, which is why reverse engineering work is required to analyze the binary and reconstruct the source code in such a way that it can be modified and recompiled correctly.

It is requested:

1. Divide the code into basic blocks.

• Take into account the existing breaks within the function and divide the lines into basic blocks of code.

2. Make the flow diagram with the basic blocks.

• Once the basic blocks of the previous exercise have been obtained, carry out the flow diagram by joining the basic blocks with arrows.

3. Is there any control structure? Indicates which basic blocks are involved in it.

4. Convert the complete code of the function to code C.

• With what you learned about code reconstruction, convert this main () function to C code.
• In <+36> the address of the string indicated in bold is loaded in eax .

“3jd9cjfk98hnd”

• In <+110> the address of the string indicated in red is loaded in eax

“[+] Generated code:% i n”

5. Compile the generated code and indicate the resulting code after its execution. Compile in 32bits by adding the option -m32 as indicated in the following command:

$ gcc source.c -o source.c -m32

• Once executed, a text will appear on the screen, indicating the complete text.

6. Modify the source code in C, so that it generates a new code from another string.

• Modify the string <+36> in the C code, by the following string:

“Congratulations!”

• Compile the C code, execute and indicate the complete text obtained.

ASM code -x86 32 bits

Dump of assembler code for function main:

0x0000054d <+0>: read ecx, [esp + 0x4]

0x00000551 <+4>: and esp, 0xfffffff0

0x00000554 <+7>: push DWORD PTR [ecx-0x4]

0x00000557 <+10>: push ebp

0x00000558 <+11>: mov ebp, esp

0x0000055a <+13>: push ebx

0x0000055b <+14>: push ecx

0x0000055c <+15>: sub esp, 0x10

0x0000055f <+18>: call 0x450 <__ x86.get_pc_thunk.bx>

0x00000564 <+23>: add ebx, 0x1a9c

0x0000056a <+29>: mov DWORD PTR [ebp-0x10], 0x0

0x00000571 <+36>: read eax, [ebx-0x19a0]; “3jd9cjfk98hnd”

0x00000577 <+42>: mov DWORD PTR [ebp-0x14], eax

0x0000057a <+45>: sub esp, 0xc

0x0000057d <+48>: push DWORD PTR [ebp-0x14]

0x00000580 <+51>: call 0x3e0 <strlen @ plt>

0x00000585 <+56>: add esp, 0x10

0x00000588 <+59>: mov DWORD PTR [ebp-0x18], eax

0x0000058b <+62>: mov DWORD PTR [ebp-0xc], 0x0

0x00000592 <+69>: jmp 0x5ad <main + 96>

0x00000594 <+71>: mov edx, DWORD PTR [ebp-0xc]

0x00000597 <+74>: mov eax, DWORD PTR [ebp-0x14]

0x0000059a <+77>: add eax, edx

0x0000059c <+79>: movzx eax, BYTE PTR [eax]

0x0000059f <+82>: movsx eax, al

0x000005a2 <+85>: imul eax, DWORD PTR [ebp-0x18]

0x000005a6 <+89>: add DWORD PTR [ebp-0x10], eax

0x000005a9 <+92>: add DWORD PTR [ebp-0xc], 0x1

0x000005ad <+96>: mov eax, DWORD PTR [ebp-0xc]

0x000005b0 <+99>: cmp eax, DWORD PTR [ebp-0x18]

0x000005b3 <+102>: jl 0x594 <main + 71>

0x000005b5 <+104>: sub esp, 0x8

0x000005b8 <+107>: push DWORD PTR [ebp-0x10]

0x000005bb <+110>: read eax, [ebx-0x1992]; “[+] Generated code:% i n”

0x000005c1 <+116>: push eax

0x000005c2 <+117>: call 0x3d0 <printf @ plt>

0x000005c7 <+122>: add esp, 0x10

0x000005ca <+125>: mov eax, 0x0

0x000005cf <+130>: read esp, [ebp-0x8]

0x000005d2 <+133>: pop ecx

0x000005d3 <+134>: pop ebx

0x000005d4 <+135>: pop ebp

0x000005d5 <+136>: read esp, [ecx-0x4]

0x000005d8 <+139>: ret

End of assembler dump.