https://github.com/kodpe/gnl-station-tester
Loading...
Loading...
Loading...
So, you've stumbled upon my little corner of the coding universe. Cool, welcome aboard!
Let's get one thing straight - I'm not here to do your homework. Nope, that's all on you, my friend. The real magic happens when you're banging your head against the keyboard at 2 AM, wondering why your code won't compile. Trust me, I've been there.
This gitbook? It's like my coding diary, but way less embarrassing and hopefully way more useful. Think of this as your coding buddy. You know, the one you text at midnight asking, "Dude, what the heck is a pointer again?" I'm here to help you get those "Aha!" moments, not to spoon-feed you solutions.
Copy-pasting code? Sure, it's tempting. But it's also like trying to get buff by watching gym videos. Spoiler alert: it doesn't work.
So, ready to dive into the wild world of 42? Grab your favorite caffeinated beverage, put on your debugging pants, and let's do this!
PS: Remember, in the immortal words of some programmer way smarter than me: "It's not a bug, it's an undocumented feature." Happy coding!
I started my 42 cursus on September 2021, and I'm all about keeping this guide fresh, so if you spot anything that seems off or outdated, give me a shout. I'll fix it faster than you can say "Segmentation fault".
The information you gather from this blog, all the techniques, proofs-of-concept code, or whatever else you may possibly find here, are strictly for educational purposes. I do not condone the usage of anything you might gather from this blog for malicious purposes. I've made this blog therein, to consolidate my learning by teaching it to the world.
This project is about creating a function that, allows reading a line ending with a newline character '\n' from a file descriptor, without knowing its size beforehand.
We're going to break down a solution to the infamous get_next_line project from 42 School. get_next_line is like a patient reader. Its job is to read a file, line by line, whenever you ask it to. It's pretty handy when you don't want to (or can't) load an entire file into memory at once.
Let's dive in and see how this implementation tackles the challenge!
In our get_next_line function, we use a static variable like this:
This buffer isn't just any ordinary variable. Oh no, it's got superpowers! Let's break down why it's so special:
Persistent Memory: Unlike regular variables that forget everything when the function ends, our static buffer remembers its contents between function calls. It's like having a notepad that doesn't get erased when you close the book!
Picking Up Where We Left Off: Thanks to this memory, we can continue reading from exactly where we stopped last time. No need to start from the beginning of the file each time get_next_line is called.
Handling Partial Reads: Sometimes, we might read more than one line into our buffer. The static variable allows us to keep that extra data for the next function call, ensuring we don't lose any information.
Let's walk through a typical lifecycle of our static buffer:
First Call:
We allocate memory for buffer and read from the file.
We extract the first line and return it.
Any leftover data stays in buffer.
Subsequent Calls:
buffer still contains the leftover data from last time.
We start by checking if there's a complete line in buffer.
If not, we read more from the file and append to buffer.
We extract the next line and update buffer again.
Last Call:
We've reached the end of the file.
We return any remaining data in buffer.
We free buffer and set it to NULL.
Efficiency: We don't need to re-read the entire file for each line. We just continue from where we left off.
Simplicity: The static variable handles the state management for us. No need to pass around a pointer to keep track of our position.
Memory Management: We can allocate memory once and reuse it, rather than allocating new memory for each function call.
While our static buffer is awesome, it does come with a few quirks:
Multiple File Descriptors: If you're reading from multiple files, you'll need to handle each file descriptor separately.
Memory Usage: The buffer sticks around until the program ends, even if you're done reading the file.
Thread Safety: If you're working in a multi-threaded environment, you'll need extra care to make this thread-safe.
Buffer, Our Old Friend: Just like in our buffer overflow example, get_next_line uses a buffer. But don't worry, it's not trying to overflow anything! This buffer is more like a temporary storage space.
Reading Chunks: Instead of reading the whole file at once, it reads chunks into the buffer. Think of it like taking bites of a sandwich instead of shoving the whole thing in your mouth.
Searching for the Newline: After each read, it looks for the '\n' character. It's like playing "Where's Waldo?", but Waldo is a newline, and the crowd is our buffer full of characters.
Returning the Line: When it finds a newline (or reaches the end of the file), it says "Aha! Here's a complete line!" and returns it to you.
Remembering Where It Left Off: Here's where it gets clever. It remembers where it stopped, so the next time you call it, it starts from there. It's like using a bookmark in a really long book.
Imagine you're reading this buffer overflow article line by line using get_next_line. It would go something like this:
First call: "Hello "
Second call: "My name "
Third call: "is John!"
...and so on, until it reaches the end of the file.
So there you have it! get_next_line is like a diligent reader with a really good memory. It reads bit by bit, always remembers where it left off, and hands you neat, tidy lines of text whenever you ask.
Just like how we carefully examined each part of the buffer overflow process, get_next_line carefully manages its reading process to give you exactly what you need, when you need it. Cool, right?
Try to do it on your own and only consult the solutions in case of ultimate trouble! And if you want to look at the answers, try to understand what you are doing ;)
get_next_lineThis is where the magic happens! The function takes a file descriptor (fd) as input and returns the next line from that file. Here's what's going on:
We use a static char *buffer to keep track of what we've read between function calls.
We do some error checking first - if the file descriptor is invalid or if there's a read error, we return NULL.
We call read_file to fill our buffer with data from the file.
We extract the next line from the buffer using ft_line.
We update our buffer to remove the line we just read using ft_next.
Finally, we return the line we extracted.
read_fileThis function does the heavy lifting of reading from the file:
We allocate a buffer of size BUFFER_SIZE.
We read from the file in a loop, appending what we read to our result string.
We stop reading when we either reach the end of the file or find a newline character.
ft_lineThis function extracts a single line from our buffer:
We find the length of the line (up to a newline or the end of the buffer).
We allocate memory for our line.
We copy characters from the buffer to our line.
If we found a newline, we include it in our line.
ft_nextThis function updates our buffer after we've extracted a line:
We find the end of the first line in the buffer.
If that's the end of the buffer, we free it and return NULL.
Otherwise, we create a new buffer with everything after the first line.
We free the old buffer and return the new one.
ft_freeThis little helper function joins two strings and frees the first one. It's used when we're building up our buffer in read_file.
I won't be commenting the LIBFT functions, you have your own, I hope you know how they work.
And there you have it! That's how this implementation of get_next_line works. It's a clever use of static variables, dynamic memory allocation, and string manipulation to solve the problem of reading a file line by line.
Remember, the key challenges here are handling partial reads, dealing with lines of unknown length, and managing memory efficiently. This solution tackles all of these issues head-on!
Happy coding, and may your lines always be well-read! 😉
This project dives into the fascinating world of low-level programming and binary manipulation, challenging you to understand and modify Mach-O files (the executable format used by macOS).
Welcome to the world of Mach-O files! Before we can dive into code injection or create something as cool as your own packer, we need to get our hands dirty and understand the intricate structure of these binaries. Think of this as your blueprint for understanding how macOS executables work under the hood.
By the end of this guide, you'll not only feel comfortable navigating a Mach-O file, but also confident in modifying one. Let’s jump in.
Imagine a Mach-O file as a well-organized toolbox. Inside, you’ve got everything macOS needs to:
Load the program into memory.
Resolve any external dependencies (like dynamic libraries).
Protect the program with security features.
Execute the program starting at the right place.
It’s a modular format, which means every piece has a job, and the system knows exactly where to find it. This precision makes Mach-O files powerful but also a little tricky to work with—mess up one part, and the whole thing might crash. That’s why understanding its structure is so crucial.
To understand a Mach-O file, let’s break it down into its major components. Each part serves a specific purpose, like gears in a machine.
The header is the very first thing you’ll find in a Mach-O file. It’s like the front page of a book—it tells the system what kind of file it’s dealing with. Here are some important details stored in the header:
Magic Number: Identifies the file as a Mach-O binary (e.g., MH_MAGIC_64 for 64-bit files).
CPU Type and Subtype: Specifies the architecture (like ARM64 for Apple Silicon).
File Type: Indicates whether it’s an executable, library, or object file.
Load Command Info: Includes how many load commands follow and their total size.
The header is small but mighty. It’s the first thing the system reads, so if it’s corrupted, the program won’t even start.
How to Inspect It: Want to see the header of a Mach-O file? Use otool like this:
Right after the header, you’ll find the load commands. These are the real instructions for the operating system. They tell it how to:
Map the binary into memory.
Handle external libraries.
Set up the entry point for execution.
Some of the most common load commands include:
LC_SEGMENT_64: Describes segments in the binary, such as code or data.
LC_LOAD_DYLIB: Points to dynamic libraries the binary depends on.
LC_MAIN: Tells the system where to start execution.
LC_CODE_SIGNATURE: Holds the code signature to verify the binary’s integrity.
Why Load Commands Matter: When you’re injecting code or adding functionality, these commands will likely be the first thing you modify. For instance, adding a new library involves inserting an LC_LOAD_DYLIB command. Want to redirect execution? You’ll tweak the LC_MAIN command.
Toolbox Tip: Run this command to list all load commands in a Mach-O file:
Segments are like the big rooms in a house, and sections are the furniture inside them. Segments divide the binary into logical regions, such as:
__TEXT Segment: Where the program’s code lives. This segment is read-only and executable.
__text Section: The actual machine instructions.
__stubs Section: Data for dynamically linked functions.
__DATA Segment: Holds writable data like global variables.
__data Section: Stores initialized global variables.
__bss Section: Contains uninitialized variables.
__LINKEDIT Segment: Stores metadata for linking, like symbol tables.
Why They Matter: If you’re injecting code, you’ll likely add it to the __TEXT segment or create a new segment altogether. Segments also dictate permissions (read, write, execute), so you’ll need to ensure your modifications don’t break these rules.
4. Entry Point: Where the Magic Starts
The entry point is where the system starts executing your program. It’s defined by the LC_MAIN load command, which provides the offset to the starting function. This is the heart of the binary, and modifying it is common in code injection.
Here’s what you’ll do when injecting:
Redirect the entry point to point to your custom loader.
Have your loader do its thing (decrypting, decompressing, etc.).
Jump back to the original entry point to resume normal execution.
Now that you have a solid understanding of the Mach-O file structure, let’s take it up a notch and explore advanced techniques. These are the methods that transform basic binary modifications into powerful, functional injections. By mastering these tricks, you’ll not only be able to manipulate Mach-O files but also handle the challenges that come with making those changes while keeping the binary operational.
In this section, we focus on the art of dynamic injection—adding a dynamic library to an existing Mach-O binary. This is the core of the WoodyWoodpacker project and an essential skill for modifying macOS executables. Dynamic library injection allows you to extend the functionality of a program without rewriting its original code, making it a powerful tool for customization, testing, or, in our case, creating a dynamic injection system.
Let’s break down the techniques, challenges, and best practices to seamlessly inject a library into a Mach-O binary.
Dynamic library injection involves modifying a Mach-O binary to include a new LC_LOAD_DYLIB load command. This command instructs macOS to load a specified dynamic library at runtime. Once loaded, the library’s functions become accessible to the binary, allowing you to introduce new behavior or augment existing functionality.
In essence, you’re embedding a new dependency into the binary. The operating system will treat this library as if it were always part of the program.
Dynamic injection involves a few key steps:
Extend the Load Commands: Add a new LC_LOAD_DYLIB command to reference your library.
Adjust the Mach-O Header: Update the number and size of load commands in the header.
Ensure Space for the Library Path: Write the path of the library into the binary, ensuring alignment and padding.
Test and Debug: Validate that the binary successfully loads your library at runtime.
Step 1: Extending the Load Commands
The first step in dynamic injection is adding an LC_LOAD_DYLIB load command. This command contains the library path and metadata, such as the library's compatibility and current version.
A typical LC_LOAD_DYLIB command structure looks like this:
To add this command, locate the end of the existing load commands, append the LC_LOAD_DYLIB structure, and write the library path. Ensure the cmdsize includes the size of the structure and the library path, padded to alignment.
The Mach-O header specifies the total number and size of load commands. After adding the new load command, update these fields to reflect the changes:
Increment the ncmds field to include the new command.
Add the size of the new load command to sizeofcmds.
Example:
The LC_LOAD_DYLIB command includes an offset to the library path, which must be appended to the binary. The path must be null-terminated and padded to maintain alignment.
For instance, if you’re injecting a library located at /usr/local/lib/my_library.dylib, ensure the path fits within the allocated space. If not, you may need to extend the binary.
Here’s how you might append a library path:
Dynamic library injection isn’t complete until you test your changes. Load the modified binary in a debugger or simply run it to ensure that:
The library loads without errors.
The program executes as expected.
The new functionality introduced by the library is active.
Using otool, you can confirm that your library was successfully added:
You should see your injected library listed alongside the binary’s original dependencies.
Mach-O binaries are highly sensitive to alignment. Ensure that the library path and load command are properly padded to align with memory boundaries. Failure to do so can corrupt the binary.
Extending the binary may require resizing its segments. If there isn’t enough space for your library path, you might need to move or realign existing sections.
Modifying a Mach-O binary invalidates its code signature. To bypass this, you can remove the LC_CODE_SIGNATURE command. However, this disables macOS security checks and should only be used in controlled environments.
Here’s an example workflow for injecting a dynamic library into a Mach-O binary:
Locate the Load Commands: Use a tool like otool to inspect the existing load commands and determine where to append your LC_LOAD_DYLIB command.
Append the Load Command: Write the LC_LOAD_DYLIB structure to the binary, ensuring proper alignment.
Add the Library Path: Append the library path to the binary, padding it as needed.
Update the Header: Increment the ncmds and adjust sizeofcmds in the Mach-O header.
Test the Modified Binary: Run the binary and confirm that the library loads and functions as expected.
Debug Any Issues: Use lldb to debug runtime behavior and ensure your modifications didn’t introduce errors.
The information you gather from this blog, all the techniques, proofs-of-concept code, or whatever else you may possibly find here, are strictly for educational purposes. I do not condone the usage of anything you might gather from this blog for malicious purposes. I've made this blog therein, to consolidate my learning by teaching it to the world.
