I'm writing a program that encrypts based on bit/byte shifts. This program currently takes in a file, displays the contents, then displays the hex values.
To encrypt the file I am suppose to perform bit/byte shifts. However, I loaded the file into an array and performed shifts through the use of temp swaps. I'm pretty sure the outcome is the same, but I wanted to implement this with the proper bit shifts.
To produce the same results, do I just say load[x>>3] to shift the bits? I'm getting terrible results attempting to implement this.
Below is the entire block of code with a sample output at the end. Thanks in advance to everyone for your time.
#include <stdio.h>
#include <stdlib.h>
int main(int argc, char* argv[]) {
FILE *fp;
char ch;
char load[100];
int count1 = 0;
int count2 = 0;
int i = 0;
fp = fopen("load.txt", "r");
if (fp == NULL)
{
perror("Exiting, an error occured while opening\n");
exit(EXIT_FAILURE);
}
while((ch = fgetc(fp)) != EOF)
{
printf("%c", ch);
++count1;
}
fclose(fp);
fp = fopen("load.txt", "r");
if (fp == NULL)
{
perror("Exiting, an error occured while opening\n");
exit(EXIT_FAILURE);
}
printf("\n\n");
while((ch = fgetc(fp)) != EOF)
{
printf("%x ", ch);
++count2;
}
fclose(fp);
printf("\n\n");
printf("Count1: %d, Count2: %d \n", count1, count2);
printf("\n\n");
fp = fopen("load.txt", "r");
if (fp == NULL)
{
perror("Exiting, an error occured while opening\n");
exit(EXIT_FAILURE);
}
i = 0;
while((ch = fgetc(fp)) != EOF)
{
load[i++] = ch;
}
load[i] = 0;
fclose(fp);
// for(i = 0; i < 100; ++i)
// {
// printf("%s", load);
// }
printf("\n\n");
for(i = 0; i < 50; ++i)
{
printf("%x ", load[i]);
}
// printf("\n index i: %c\n", load[0]);
//shift bytes
char temp, temp2, temp3, temp4;
temp = load[7];
load[7] = load[11];
load[11] = temp;
temp2 = load[8];
load[8] = load[12];
load[12] = temp2;
temp3 = load[9];
load[9] = load[13];
load[13] = temp3;
temp4 = load[10];
load[10] = load[14];
load[14] = temp4;
printf("\n\n");
for(i = 0; i < 50; ++i)
{
printf("%x ", load[i]);
}
printf("\nAfter byte shift: \n %s", load);
//shift bites
temp = load[6];
load[6] = load[4];
load[4] = temp;
temp2 = load[5];
load[5] = load[3];
load[3] = temp2;
printf("\nAfter bit shift: \n %s", load);
printf("\n\n");
for(i = 0; i < 50; ++i)
{
printf("%x ", load[i]);
}
printf("\n\n");
return 0;
}
The quick brown fox jumped over the lazy dog.
54 68 65 20 71 75 69 63 6b 20 62 72 6f 77 6e 20 66 6f 78 20 6a 75 6d 70 65 64 20 6f 76 65 72 20 74 68 65 20 6c 61 7a 79 20 64 6f 67 2e a
Count1: 46, Count2: 46
54 68 65 20 71 75 69 63 6b 20 62 72 6f 77 6e 20 66 6f 78 20 6a 75 6d 70 65 64 20 6f 76 65 72 20 74 68 65 20 6c 61 7a 79 20 64 6f 67 2e a 0 0 0 0
54 68 65 20 71 75 69 72 6f 77 6e 63 6b 20 62 20 66 6f 78 20 6a 75 6d 70 65 64 20 6f 76 65 72 20 74 68 65 20 6c 61 7a 79 20 64 6f 67 2e a 0 0 0 0
After byte shift:
The quirownck b fox jumped over the lazy dog.
After bit shift:
Theui qrownck b fox jumped over the lazy dog.
54 68 65 75 69 20 71 72 6f 77 6e 63 6b 20 62 20 66 6f 78 20 6a 75 6d 70 65 64 20 6f 76 65 72 20 74 68 65 20 6c 61 7a 79 20 64 6f 67 2e a 0 0 0 0
Related
I am creating a simple CTF in buffer overflow below is the sample code:
#include <stdio.h>
void secretFunction()
{
printf("this is your flag!\n");
}
void echo()
{
char buffer[20];
printf("Enter some text:\n");
printf("%s", buffer);
printf("You entered: %s\n", buffer);
}
int main()
{
echo();
return 0;
}
Compile: gcc vuln.c -o vuln -fno-stack-protector -m32
But if we do strings vuln its displays the actual flag directly is there any way where my secretFunction is not visible when users to strings on the binary.
In my opinion, encrypting the string with xor should be the easiest way to avoid leaking strings.
#include <stdio.h>
void secretFunction()
{
//printf("this is your flag!\n");
unsigned char str[] = {184, 164, 165, 191, 236, 165, 191, 236, 181, 163, 185, 190, 236, 170, 160, 173, 171, 237, 198, 0};
for (int i = 0; i < 19; i++)
putchar(str[i] ^ 0xcc);
}
void echo()
{
char buffer[20];
printf("Enter some text:\n");
scanf("%s", buffer);
printf("You entered: %s\n", buffer);
}
int main()
{
echo();
return 0;
}
hijack the control flow:
$ ./exp.py
[+] Starting local process './vuln' argv=[b'./vuln'] : pid 4658
[DEBUG] Received 0x11 bytes:
b'Enter some text:\n'
[DEBUG] Sent 0x25 bytes:
00000000 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 │AAAA│AAAA│AAAA│AAAA│
*
00000020 f6 91 04 08 0a │····│·│
00000025
[*] Switching to interactive mode
[DEBUG] Received 0x45 bytes:
00000000 59 6f 75 20 65 6e 74 65 72 65 64 3a 20 41 41 41 │You │ente│red:│ AAA│
00000010 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 │AAAA│AAAA│AAAA│AAAA│
00000020 41 41 41 41 41 41 41 41 41 41 41 41 41 f6 91 04 │AAAA│AAAA│AAAA│A···│
00000030 08 0a 74 68 69 73 20 69 73 20 79 6f 75 72 20 66 │··th│is i│s yo│ur f│
00000040 6c 61 67 21 0a │lag!│·│
00000045
You entered: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\xf6\x9
this is your flag!
Generally, the solution is to distribute a binary which runs on a remote server, and replaces the actual key with a placeholder on the CTF-competitor's copy.
An easy way to do this is with environment variables, because the CTF
So my knowledge of pointers is a bit rusty and I think thats where I'm getting messed up, I am trying to write a function that will grab hex values (an amount n) at a specified offset in the file. And write those values to an array.
File I'm reading from, Example
0 1 2 3 4 5 6 7 8 9 A B C D E F
0 F6 EA 9D DE D8 40 1C 44 19 24 59 D2 6A 2C 48 1D
1 FC 96 DE 94 AF 95 FC 42 9B 6D DA 15 D4 CE 88 BB
2 B8 24 99 8F 65 B5 D3 7E D9 5D 51 44 89 97 61 85
3 2D 40 1A DC D5 16 1F 70 84 F9 85 58 C8 0E 13 80
4 32 AC 10 97 61 B3 16 3B 40 67 7A CA FE E1 4F 2B
5 21 A9 07 F6 80 26 66 04 20 EC 5C E8 FA 70 68 2C
6 1C 78 C4 7E 5C DA B9 9C 41 38 66 3F 19 B6 6A 3A
Here's the function I've written thus far.
aDest point's to an array of size nBytes + 1
bAddr point's to firstbyte of the memory region
OffsetAmt is a location which is relative bAddr
nBytes is just the number of bytes that I want to copy
Heres the function
void getHexBytesAt(uint8_t* const aDest, const uint8_t* const bAddr,
uint16_t OffsetAmt, uint8_t nBytes)
{
const uint8_t *point1 = bAddr; //set he address of point1 to base address value
//front point1 shift until we get to the specified offset value
for (int i = 0; i < Offset; i++)
{
point1 = (point1 + 1);
}
//set the values of *aDest to the value of point1;
//increment point1
for (int k = 0; k < nBytes; k++)
{
*aDest = point1;
point1 = (point1 + 1);
}
The problem I'm having is im not even getting the first byte copied into the array correctly,
My output looks like this Getting 9 bytes,
starting at the offset 2C
MY OUTPUT: 84 CA CA CA CA CA CA CA CA
FILE: 89 97 61 85 2D 40 1A DC D5
If you want to read the data from the Memory bAddr then you must
dereference the pointer for reading
increment the Destination pointer
This would be implemented like this:
void getHexBytesAt(uint8_t* const aDest, const uint8_t* const bAddr,
uint16_t OffsetAmt, uint8_t nBytes)
{
const uint8_t *point1 = bAddr; //set he address of point1 to base address value
//front point1 shift until we get to the specified offset value
for (int i = 0; i < OffsetAmt; i++) // fixed typo
{
point1 = (point1 + 1);
}
//set the values of *aDest to the value of point1;
//increment point1
for (int k = 0; k < nBytes; k++)
{
*aDest = *point1; // copy data from address the point1 points to
aDest = aDest + 1; // increment destination pointer
point1 = (point1 + 1);
}
}
But this can be done much simpler:
void getHexBytesAt(uint8_t* const aDest, const uint8_t* const bAddr,
uint16_t OffsetAmt, uint8_t nBytes)
{
memcpy(aDest, bAddr + OffsetAmt, nBytes);
}
You should consider replacing the function with the one-liner that implements it in your code.
BTW: There is no file used in the code. You should review your question.
I have a problem with my PIC24F16KA102. I am using the PicKit2 UART Tool to communicate with the PC.
So, these are my routines:
UART1Init:
void UART1Init(int BAUDRATE)
{
U1BRG = BAUDRATE;
U1MODEbits.UARTEN = 1; // UART2 is Enabled
U1MODEbits.USIDL = 0; // Continue operation at Idlestate
U1MODEbits.IREN = 0; // IrDA En/Decoder is disabled
U1MODEbits.RTSMD = 0; // flow control mode
U1MODEbits.UEN = 0b10; // UTX, RTX, U2CTS, U2RTS are enable and on use.
U1MODEbits.WAKE = 1; // Wake-up on start bit is enabled
U1MODEbits.LPBACK = 0; // Loop-back is disabled
U1MODEbits.ABAUD = 0; // auto baud is disabled
U1MODEbits.RXINV = 0; // No RX inversion
U1MODEbits.BRGH = 0; // low boud rate
U1MODEbits.PDSEL = 0b00; // 8bit no parity
U1MODEbits.STSEL = 1; // one stop bit
U1STAbits.UTXISEL1 = 0b00;
U1STAbits.UTXBRK = 0; // sync break tx is disabled
U1STAbits.UTXEN = 1; //transmit is enabled
U1MODEbits.RXINV = 1; //Invert RX and TX Idle state
U1STAbits.UTXINV = 1;
}
void UART1putChar(unsigned char ch)
{
while(U1STAbits.UTXBF == 1); //wait till transmit buffer is not full anymore
U1TXREG = (ch);
}
char UART1GetChar()
{
char Temp;
//wait for buffer to fill up, wait for interrupt
while(IFS0bits.U1RXIF == 0);
Temp = U1RXREG;
//reset interrupt
IFS0bits.U1RXIF = 0;
//return my received byte
return Temp;
}
and the main function:
int main(void) {
init();
TRISB=0x0004;
UART1Init(25);
while(1)
{
UART1putChar(UART1GetChar());
}
return 0;
}
When I use the PicKit2 UART Tool to send and receive characters, this is what I get:
hekllo
TX: 68 65 6B 6C 6C 6F
RX: 85
TX: 68 65 6B 6C 6C 6F
RX: 85
TX: 68 65 6B 6C 6C 6F
RX: 88
TX: 68 65 6B 6C 6C 6F
RX: 85
TX: 68 65 6B 6C 6C 6F
RX: 63 0C
TX: 68 65 6B 6C 6C 6F
RX: 88
TX: 68 65 6B 6C 6C 6F
RX: 88
TX: 68 65 6B 6C 6C 6F
RX: 61 0C
When I transmit the "1" character, I never receive an "1", but sometimes I receive "//carriage return ? ".
So, my question is : Where should I start debugging? What can possibly go wrong?
I am developing a Client/Server based on UDP I want to send different messages to the client from the server. There are different C structures defined for each message.
I would like to understand what is wrong in the way I am serializing the data.
struct Task
{
int mType;
int tType;
int cCnt;
int* cId;
char data[128];
};
Serialization/Deserialization functions
unsigned char * serialize_int(unsigned char *buffer, int value)
{
buffer[0] = value >> 24;
buffer[1] = value >> 16;
buffer[2] = value >> 8;
buffer[3] = value;
return buffer + 4;
}
unsigned char * serialize_char(unsigned char *buffer, char value)
{
buffer[0] = value;
return buffer + 1;
}
int deserialize_int(unsigned char *buffer)
{
int value = 0;
value |= buffer[0] << 24;
value |= buffer[1] << 16;
value |= buffer[2] << 8;
value |= buffer[3];
return value;
}
char deserialize_char(unsigned char *buffer)
{
return buffer[0];
}
Sender side code to serialize the structure
unsigned char* serializeTask(unsigned char* msg, const Task* t)
{
msg = serialize_int(msg,t->mType);
msg = serialize_int(msg,t->tkType);
msg = serialize_int(msg,t->cCnt);
for(int i=0; i<t->cCnt; i++)
msg = serialize_int(msg,t->cId[i*4]);
for(int i=0; i<strlen(data); i++)
msg = serialize_char(msg,t->data[i]);
return msg;
}
Receiver side code to de-serialize data
printf("Msg type:%d\n", deserialize_int(message) );
printf("Task Type:%d\n", deserialize_int(message+4) );
printf("Task Count:%d\n", deserialize_int(message+8));
Output
Msg type:50364598 //Expected value is 3
Task Type:-2013036362 //Expected value is 1
Task Count:1745191094 //Expected value is 3
Question 1:
Why is the de-serialized value not same as expected?
Question 2:
How is serialization/de-serialization method different from memcpy?
Task t;
memcpy(&t, msg, sizeof(t)); //msg is unsigned char* holding the struct data
EDIT
Code which invokes serializeTask
void addToDatabase(unsigned char* message, int msgSize, Task* task)
{
message = new unsigned char[2*msgSize+1];
unsigned char* msg = message; //To preserve start address of message
message = serializeTask(message, task); //Now message points to end of the array
//Insert serialized data to DB
//msg is inserted to DB
}
Serialized data stored in DB
Message:
00
03 70 B6 88 03 70 B6 68 05 70 B6 68 05 70 B6 00
00 00 00 00 00 00 00 A8 05 70 B6 AC 05 70 B6 B4
05 70 B6 C9 05 70 B6 DE 05 70 B6 E6 05 70 B6 EE
05 70 B6 FB 05 70 B6 64 65 66 00 63 6F 68 6F 72
74 73 00 70 65 6E 64 69 6E 67 5F 61 73 73 69 67
6E 5F 74 61 73 6B 73 00 70 65 6E 64 69 6E 67 5F
61 73 73 69 67 6E 5F 74 61 73 6B 73 00 6D 65 73
73 61 67 65 00 6D 65 73 73 61 67 65 00 3F 00 FF
FF 00 00 FC 90 00 00 00 00 00 00 00 C9 2D B7 00
00 00 00 10 06 70 B6 00 00 00 00 00 00 00 00 30
06 70 B6 34 06 70 B6 3C 06 70 B6
OP has 2 problems in serializeTask()
for(int i=0; i<t->cCnt; i++)
msg = serialize_int(msg,t->cId[i*4]); [i*4]
...
for(int i=0; i<strlen(data); i++)
msg = serialize_char(msg,t->data[i]); strlen(data)
Should be (assuming i<strlen(data) should have been i<strlen(t->data)
for(int i=0; i<t->cCnt; i++)
msg = serialize_int(msg,t->cId[i]); // [i]
...
for(int i=0; i<strlen(t->data); i++) // strlen(data) + 1
msg = serialize_char(msg,t->data[i]);
The first for loop serialize every 4th cId[]. OP certainly wanted to serialize consecutive cId[].
Only the length of the data string was serialized. OP certainly wanted to serialize all that and a NUL terminating byte.
The data in the posted buffer is more likely the below, which does not match the serialization code. This implies the higher level code populating Task* t is wrong. I am confident that the values seen in fields mType and tkType are either pointers or float, again Task* t is likely amiss before the serialization.
0xb6700300 or -3.576453e-06
0xb6700388 or -3.576484e-06
0xb6700568 or -3.576593e-06
0xb6700568 or -3.576593e-06
0x000000 or 0.000000e+00
0x000000 or 0.000000e+00
0xb67005a8 or -3.576608e-06
0xb67005ac or -3.576609e-06
0xb67005b4 or -3.576611e-06
0xb67005c9 or -3.576615e-06
0xb67005de or -3.576620e-06
0xb67005e6 or -3.576622e-06
0xb67005ee or -3.576624e-06
0xb67005fb or -3.576627e-06
def\0cohorts\0pending_assign_tasks\0pending_assign_tasks\0message\0message\0?\0
...
I want to do padding with PKCS7 :
char *test1 = "azertyuiopqsdfgh";
char *test2 = malloc(32*sizeof(char));
memcpy(test2, test1, strlen(test1));
char pad = (char)(32-strlen(test1));
printf("pad = %d\n", pad);
for(int i = strlen(test1) ; i < 32 ; i++) {
test2[i] = pad;
}
for (int i = 0 ; i < 32 ; i++)
printf("%x ", test2[i]);
printf("\n");
I obtain :
pad = 16
61 7a 65 72 74 79 75 69 6f 70 71 73 64 66 67 68 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10
But i want :
pad = 16
61 7a 65 72 74 79 75 69 6f 70 71 73 64 66 67 68 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16 16
How can i modify my code ?
Thanks in advance.
With
printf("%x ", test2[i]);
You are printing in hexadecimal (%x) whereas with
printf("pad = %d\n", pad);` you are printing in decimal (%d).
And (decimal) 16 => (hexa) 10, So you are displaying the right thing.
You could probably play a bit with your printing to display 16 instead of 10 but I don't think this is what you are searching for.