====================[ Extra Credit: Disassembling x86 code ]==================== In this exercise, you will get an archive with an x86_64 executable program for Linux or MacOS (see below for info about 32-bit systems). You objective is to learn enough about it---by disassembling it, running it under the debugger, and/or tracing it (using such tools as Linux's strace and MacOS' dtruss) or whatever other tools---so that you will have it print your token. When executed, this program will interact with your OS by making some _system calls_. If it likes what it sees, it will attempt to execute some more code. You need to understand what the program is looking for, and manipulate you system so that the program does like what it sees (Hint: you can create this condition with one Unix shell command.) This new code, if it succeeds, will print your token---but it will likely NOT succeed the first time (in fact, its chance of random success is about 1 in 60). For this code to succeed, you will need to manipulate your system some more (again, a single Unix command would suffice). If the code succeeds, it will print your token and an intelligible message. If it fails, it may: - print another message (without a token), - print some jibberish, - and/or crash. Your goal is to get it to succeed. NOTE: This code uses tricks that aren't meant to be used by regular, well-engineered programs. Thus, don't be surprised by program crashes; don't run these programs as "root", and the crashes will not harm your system. Understanding the causes of these crashes will help you understand your system better. (*) I know some of you run 32-bit Linux; since the exercise depends on some properties of 64-bit code, I will ask you to use CS machines to solve this exercises. If, however, working from your CS account is hard for you, I will provide a custom 32-bit version by request. 1. How to get get your archive file. Take the last 4 digits of your student ID, convert them to all lowercase. Add this 4-byte word to the URL http://www.cs.dartmouth.edu/~sergey/cs59/x86/hw-x86-extra/ and download the .zip archive you find there For example, assume my ID is F000XYZ. Then I'll get: http://www.cs.dartmouth.edu/~sergey/cs59/x86/hw-x86-extra/0xyz/ If you are auditing this course, I don't know your ID. Use the 0xyz example above to get your archive. Pick the right archive for your system, "linux" for 64-bit Linux, "darwin" for MacOS X. In this extra credit exercise, you can pick the theme of your program's messages. If you a fan of J.R.R. Tolkien's 'The Hobbit', pick the one with 'hobbit'. If you like H.P. Lovecraft's stories, pick the one with 'lovecraft'. If don't care for either, pick the 'plain' version. Regardless of the theme, the essence of the exercise remains the same; there are no deep hints in the themes either. 2. In this .zip archive you'll find two executable files, one with hints (unstripped), the other without it (stripped). You can start with either; the stripped file gives you a better taste of what professional reversing of x86 code (such as malware code) looks like. 3. Once you extract the token, submit it in an email to me. Also, submit the shell commands that you used to manipulate the unmodified program to disgorge its token. For full credit, submit it before noon of Saturday 04/30. 4. You may discover your token by luck, by changing the program, and/or by manipulating its state while running it under the debugger. Your exercise will be complete when you get the program to print the token without changing the file or the running program's state (say, with a debugger). 5. Keep a log of your work. The Unix command "script" is probably easiest, but using Emacs in shell mode also works (https://www.masteringemacs.org/article/running-shells-in-emacs-overview) 6. If you get stuck, send me email with questions. The first hint is always free :) Also, keep in mind that if you help me find a bug in my programs that might also affect other students, I will give you extra credit. 7. This is extra credit, so the point is to expose you to some intricacies of x86-based systems. You are _expected_ to go above and beyond the things we discussed in class AND to talk to other students. Google away, talk to each other, post on the Slack channel https://cs59.slack.com/ or email to the class list. ----------------------------[ Policy Note: ]---------------------------- The only rule is that you DO NOT post step-by-step walk-throughs of the actual solution. You are, however, encouraged to discuss the tools and techniques, and exchange the tips and tricks of using the tools. Extra credit may be given for extra-helpful advice shared :) Think of this as a "NO SPOILERS" policy you would use on a book/movie you happen to like and want to hook others on. If really in doubt, ask :) ------------------------------------------------------------------------ Good luck!