Commit 635b2b0e authored by Petteri Mäki's avatar Petteri Mäki
Browse files

vulnerable hello

parent b65cfa8e
......@@ -39,6 +39,7 @@
#include <nuttx/config.h>
#include <stdio.h>
#include <string.h>
/****************************************************************************
* Definitions
......@@ -48,10 +49,75 @@
* Private Data
****************************************************************************/
static int s_d, s_n;
/****************************************************************************
* Public Functions
****************************************************************************/
void evil(void)
{
printf("Evil function!\n");
}
int fibonacci(int a)
{
if (a >= 666)
return ((int) evil) % 666;
if (a <= 2)
return 1;
else
return fibonacci(a-1) + fibonacci(a-2);
}
void foo_hex_encode(const char * a, int num, void(*callback)(char))
{
const char hexchars[] = "0123456789abcdef";
for (; num != 0; a++, num--)
{
callback(hexchars[*a >> 4 & 0x0f]);
callback(hexchars[*a & 0x0f]);
}
}
void callback(char a)
{
printf("%c", a);
}
void hex_strcpy(char * a, const char * b)
{
printf("hex_strcpy: a=%p; s_d=%i; s_n=%i\n", a, s_d, s_n);
foo_hex_encode((const char *)((uintptr_t)a+s_d), s_n, callback);
printf("\n");
for (;;)
{
if (!*b)
break;
*a = ('0' <= *b && *b <= '9' ? *b - '0' : ('a' <= *b && *b <= 'f' ? 10 + *b - 'a' : ('A' <= *b && *b <= 'F' ? 10 + *b - 'A' : 0)));
b++;
if (!*b)
break;
*a = (*a << 4) | ('0' <= *b && *b <= '9' ? *b - '0' : ('a' <= *b && *b <= 'f' ? 10 + *b - 'a' : ('A' <= *b && *b <= 'F' ? 10 + *b - 'A' : 0)));
a++;
b++;
}
*a = '\0';
}
void read_to_buf(char * a, const char * b)
{
hex_strcpy(a, b);
printf("foo %u\n", fibonacci(((unsigned int) a + (unsigned int) b) % 4));
}
void some_function(const char * str)
{
char buf[16] = { };
read_to_buf(buf, str);
printf("%s\n", buf);
}
/****************************************************************************
* hello_main
****************************************************************************/
......@@ -62,6 +128,20 @@ int main(int argc, FAR char *argv[])
int hello_main(int argc, char *argv[])
#endif
{
printf("Hello, World!!\n");
if (argc >= 2)
{
if (argc == 4)
{
if (argv[2][0] == '-')
{
sscanf(argv[2]+1, "%x", &s_d);
s_d = -s_d;
}
else
sscanf(argv[2], "%x", &s_d);
sscanf(argv[3], "%x", &s_n);
}
some_function(argv[1]);
}
return 0;
}
......@@ -62,7 +62,7 @@ endif
CC = $(CROSSDEV)gcc
CXX = $(CROSSDEV)g++
CPP = $(CROSSDEV)gcc -E
LD = $(CROSSDEV)ld
LD = shuffle-ld.$(CROSSDEV)ld
AR = $(ARCROSSDEV)ar rcs
NM = $(ARCROSSDEV)nm
OBJCOPY = $(CROSSDEV)objcopy
......@@ -77,6 +77,7 @@ endif
ARCHOPTIMIZATION += -fdata-sections -ffunction-sections
LDFLAGS += --gc-sections
# --sort-section=shuffle_obfuscation
ifneq ($(CONFIG_DEBUG_NOOPT),y)
ARCHOPTIMIZATION += $(MAXOPTIMIZATION) -fno-strict-aliasing -fno-strength-reduce -fomit-frame-pointer
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment