columbia / egalito-shadow-stack-app Goto Github PK
View Code? Open in Web Editor NEWShadow stack exercise from SSSS 2021
License: Other
Shadow stack exercise from SSSS 2021
License: Other
Welcome to the Egalito shadow stack exercise. Your goal is to build a constant-offset shadow stack transformation tool. An app framework has been provided, and you must add the following functionality: 1. Allocate 10MB shadow stack at address real stack - 0xb00000 (2*10MB). [Inject egalito_allocate_shadow_stack via libinject.so, and add a call to this function in __libc_start_main i.e. at program start.] 2. Add the following at every function prologue: push %r11 mov 0x8(%rsp),%r11 mov %r11,-0xb00000(%rsp) pop %r11 3. Add the following at every function epilogue: pushfd push %r11 mov 0x8(%rsp),%r11 cmp %r11,-0xb00000(%rsp) jne shadowstack_violation pop %r11 popfd 4. Inject the following target function to jump to for violations: egalito_shadowstack_violation: ud2 The various places that need code added are marked with EXERCISE, please grep for this. You can view the solution with "git diff master solution". The code can be built on its own with "make". You can test it with $ make && cd test && make $ ../app/etapp -q vuln vuln.ss [...] $ perl vuln.pl ./vuln.ss spawn child process {./vuln.ss} child wrote {buf is at 0x7fff6c22c2f0, target is at 0x55ed93e3e11e} exploit is {AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA} child process output {} child process output {buf: [AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA]} child process output {successful exploit! congratulations.} child exited with status 1 This executes an exploit against the vulnerable program vuln. Your goal is to make this attack fail. The exit status will show 11 (SIGSEGV) if you caused a crash, and status 4 (SIGILL) if you successfully hit the shadow stack violation function. For more details on how to run this test case, see test/README.txt.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.