🔐Blog of OsandaSecurity Researching and Reverse Engineering pentesting

Data Packing

I was doing some random experiments using assembly and C. This is a simple example in packing 2 numbers inside a register in assembly. Let’s assume

$latex al < 2^{5}&bg=232225&fg=bbbbbb&s=4$
$latex bl < 2^{3}&bg=232225&fg=bbbbbb&s=4$

We want to store these 2 values inside the dl register. The dl register is of 8 bits, so 5 + 3 = 8 bits

Packing

; al < 2 ^ 5, bl < 2 ^ 3

mov al, bl

shl dl, 3

or dl, bl ; xor would also work fine

Unpacking

mov cl, dl ; Make a copy of dl

and dl, 111b ; Extract lowest 3 bits (b)

mov bl, dl

shr cl, 3 ; Extract highest 5 bits (a)

mov al, cl

(more…)

String Length Function in NASM

In certain situations when I want to print some string to stdout we need the length for the write syscall in linux. So we can’t always depend on the $-string macro, which is valid for a defined string.

We use the REPNE (REPeat while Not Equal) instruction which will loop as long as CX != 0. Along with REPNE we use SCASB (scan byte string). It compares the content of the accumulator (AL, AX, or EAX) against the current value pointed at by ES:[EDI]. In the end we calculate the difference between offsets of the scanned string (EDI) and the original string (EBX) to find the length.

_strlen:

  push ebx
  push ecx

  mov   ebx, edi            
  xor   al, al                               
  mov   ecx, 0xffffffff     
                                                     
  repne scasb               ; REPeat while Not Equal [edi] != al

  sub   edi, ebx            ; length = offset of (edi - ebx)
  mov   eax, edi            

  pop ebx
  pop ecx
  ret

(more…)

A Simple Web Crawler

This is very simple web crawler I coded for fun. It uses a breadth first search algorithm in crawling urls.
– This tool might be useful in finding subdomains

Download: https://github.com/OsandaMalith/WebCrawler/releases

Magic Folder Hide

This is a application which I coded in last year but I have forgotten to make a blog post. Using this tool you can create a ‘..’ folder in Windows and store your data inside it. No one can access your files using the explorer since the path is not valid, they can only see the name 🙂

This trick can be used in pentesting and is widely used by malware for hiding other malicious files. I coded this tool just for fun 😀

(more…)

Hiding Data Inside Memory Addresses

This is a small finding I found while I was experimenting on pointers in C. Usually in C the arithmetic on pointers depend on the size of the data types. If we initialize a int variable, the compiler will allocate 4 bytes in memory since its 32 bits. I assume you are well aware of these basics in C 🙂 I wanted to store data inside the empty addresses allocated by int data type. This is a bit challenging in a high level programming language. Of course using inline assembly I could have achieved this. But I wanted to achieve this using native C operators.
To understand this let’s begin from a simple approach.

#include <stdio.h>

int main() {

unsigned int var = 100;

unsigned int var2 = 200;

printf("%u\n",var);

printf("%u\n",var2);

}

(more…)

Exe2Image

This is A simple utility to convert EXE files to PNG images and vice versa. This is written using Java 8. Inspired by this article.

View post on imgur.com

Putty.exe converted to an image using green pixels.

View post on imgur.com

Download:
https://github.com/OsandaMalith/Exe2Image/releases

This tool was added to PentestBox : https://modules.pentestbox.com/#forensics

Softpedia:
http://www.softpedia.com/get/Security/Encrypting/EXE-to-Image-Converter.shtml

Other Shares:
http://www.kitploit.com/2017/09/exe2image-simple-utility-to-convert-exe.html

Packing

Unpacking

Share this:

Share this:

Share this:

Share this:

Share this:

Share this: