123456 A ROP (Return-Oriented Programming) attack can be used to execute arbitrary instructions by chaining together small pieces of code called "gadgets." Your goal is to create a stack layout for a ROP attack that calls a function located at 'Ox4018bd3'. Below is the assembly code for the function 'getbuf, which allocates 8 bytes of stack space for a 'char' array. This array is then passed to the 'gets' function. Additionally, you are provided with five useful gadgets and their addresses. Use these gadgets to construct the stack layout. Assembly for getbuf 1 getbuf: sub mov $8, %rsp %rsp, %rdi call gets add $8, %rsp 6 ret #Allocate 8 bytes for buffer #Load buffer address into %rdi #Call gets with buffer #Restore the stack pointer #Return to caller Stack each Layout (fill in Gadgets 8-byte section) Address Gadget Address Value (8 bytes) 0x7fffffffdfc0 0x7fffffffdfb8 0x7fffffffdfb0 0x7fffffffdfa8 0x7fffffffdfa0 0x7fffffffdf98 0x7fffffffdf90 0x7fffffffdf88 Original 0x4006a7 pop %rdi; ret Ox4006a9 pop %rsi; ret Ox4006ab pop %rax; ret 0x4006ad mov %rax, %rbx; ret Ox4006b0 pop %rbp; ret Return Address is at 0x7fffffffdf898 Task: • Fill in the stack layout on the left with the values (addresses or constants) necessary to create a ROP chain that will execute a call to the function at '0x4018bd3'. • Use the provided gadgets to control the values in registers as needed. In each of the following C code snippets, there are issues that can prevent the compiler from applying certain optimizations. For each snippet: • Circle the line number that contains compiler optimization blocker. ⚫ Select the best modification to improve optimization. 1. Which line prevents compiler optimization? Circle one: 2 3 4 5 6 Suggested solution: • Remove printf or move it outside the loop. Remove the loop. • Replace arr[i] with a constant value. 1 int sum (int *arr, int n) { 12345678 8 } } int s = 0; for (int i = 0; i < n; i++) { sarr[i]; printf("%d\n", s); return s; 2. Which line prevents compiler optimization? Circle one: 2 3 4 5 6 Suggested solution: • Move or eliminate do_extra_work() if it's not necessary inside the loop. • Remove the loop (but what about scaling?). Replace arr[i] *= factor; with arr[i] = 0; (why would that help?). 1 void scale (int *arr, int n, int factor) { 2 3 4 for (int i = 0; i < n; i++) { arr[i] factor; do_extra_work (); 5 } 6 3

Transcribed Image Text:

123456 A ROP (Return-Oriented Programming) attack can be used to execute arbitrary instructions by chaining together small pieces of code called "gadgets." Your goal is to create a stack layout for a ROP attack that calls a function located at 'Ox4018bd3'. Below is the assembly code for the function 'getbuf, which allocates 8 bytes of stack space for a 'char' array. This array is then passed to the 'gets' function. Additionally, you are provided with five useful gadgets and their addresses. Use these gadgets to construct the stack layout. Assembly for getbuf 1 getbuf: sub mov $8, %rsp %rsp, %rdi call gets add $8, %rsp 6 ret #Allocate 8 bytes for buffer #Load buffer address into %rdi #Call gets with buffer #Restore the stack pointer #Return to caller Stack each Layout (fill in Gadgets 8-byte section) Address Gadget Address Value (8 bytes) 0x7fffffffdfc0 0x7fffffffdfb8 0x7fffffffdfb0 0x7fffffffdfa8 0x7fffffffdfa0 0x7fffffffdf98 0x7fffffffdf90 0x7fffffffdf88 Original 0x4006a7 pop %rdi; ret Ox4006a9 pop %rsi; ret Ox4006ab pop %rax; ret 0x4006ad mov %rax, %rbx; ret Ox4006b0 pop %rbp; ret Return Address is at 0x7fffffffdf898 Task: • Fill in the stack layout on the left with the values (addresses or constants) necessary to create a ROP chain that will execute a call to the function at '0x4018bd3'. • Use the provided gadgets to control the values in registers as needed.

Transcribed Image Text:

In each of the following C code snippets, there are issues that can prevent the compiler from applying certain optimizations. For each snippet: • Circle the line number that contains compiler optimization blocker. ⚫ Select the best modification to improve optimization. 1. Which line prevents compiler optimization? Circle one: 2 3 4 5 6 Suggested solution: • Remove printf or move it outside the loop. Remove the loop. • Replace arr[i] with a constant value. 1 int sum (int *arr, int n) { 12345678 8 } } int s = 0; for (int i = 0; i < n; i++) { sarr[i]; printf("%d\n", s); return s; 2. Which line prevents compiler optimization? Circle one: 2 3 4 5 6 Suggested solution: • Move or eliminate do_extra_work() if it's not necessary inside the loop. • Remove the loop (but what about scaling?). Replace arr[i] *= factor; with arr[i] = 0; (why would that help?). 1 void scale (int *arr, int n, int factor) { 2 3 4 for (int i = 0; i < n; i++) { arr[i] factor; do_extra_work (); 5 } 6 3