Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Why do you need to override the printf definition? #4

Open
CaledoniaProject opened this issue Sep 24, 2022 · 1 comment
Open

Why do you need to override the printf definition? #4

CaledoniaProject opened this issue Sep 24, 2022 · 1 comment

Comments

@CaledoniaProject
Copy link

I'm watching your presentation on DEFCON, on page 51 you have:

qwe

In the post-exploitation stage you can upload any binary files, why would do you this

Using: #define printf ((int(*)(char *, ...)) 0xdeadbeef)
@ogianatiempo
Copy link
Contributor

ogianatiempo commented Sep 26, 2022
edited
Loading

We can't upload files since there's no filesystem on these devices. However, we can write arbitrary data directly to memory and execute that. The problem is that the code you write must be self contained or, if it uses external functions, it must have a way to find or know the location of such functions. Since there's no address space randomization, the location of external functions such as printf will be the same every time.

The purpose of that define is to let the compiler/linker know the address of printf in memory, so when the code calls printf it will jump to the right address during runtime. You can see the actual addresses for the Nebula 300 plus here:
https://github.com/infobyte/cve-2022-27255/blob/main/exploits_nexxt/exploit_custom_command_injector/main.c#L4

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@CaledoniaProject @ogianatiempo