jueves, 25 de mayo de 2023

Vlang Binary Debugging

Why vlang? V is a featured, productive, safe and confortable language highly compatible with c, that generates neat binaries with c-speed, the decompilation also seems quite clear as c code.
https://vlang.io/

After open the binary with radare in debug mode "-d" we proceed to do the binary recursive analysis with "aaaa" the more a's the more deep analys.



The function names are modified when the binary is crafted, if we have a function named hello in a module named main we will have the symbol main__hello, but we can locate them quicly thanks to radare's grep done with "~" token in this case applied to the "afl" command which lists all the symbols.


Being in debug mode we can use "d*" commands, for example "db" for breakpointing the function and then "dc" to start or continue execution.


Let's dissasemble the function with "pD" command, it also displays the function variables and arguments as well, note also the xref "call xref from main"


Let's take a look to the function arguments, radare detect's this three 64bits registers used on the function.


Actually the function parameter is rsi that contains a testing html to test the href extraction algorithm.


The string structure is quite simple and it's plenty of implemented methods.




With F8 we can step over the code as we were in ollydbg on linux.


Note the rip marker sliding into the code.


We can recognize the aray creations, and the s.index_after() function used to find substrings since a specific position.


If we take a look de dissasembly we sill see quite a few calls to tos3() functions.
Those functions are involved in string initialization, and implements safety checks.

  • tos(string, len)
  • tos2(byteptr)
  • tos3(charptr)

In this case I have a crash in my V code and I want to know what is crashing, just continue the execution with "dc" and see what poits the rip register.



In visual mode "V" we can see previous instructions to figure out the arguments and state.


We've located the crash on the substring operation which is something like "s2 := s1[a..b]" probably one of the arguments of the substring is out of bounds but luckily the V language has safety checks and is a controlled termination:



Switching the basic block view "space" we can see the execution flow, in this case we know the loops and branches because we have the code but this view also we can see the tos3 parameter "href=" which is useful to locate the position on the code.



When it reach the substr, we can see the parameters with "tab" command.



Looking the implementation the radare parameter calculation is quite exact.


Let's check the param values:


so the indexes are from 0x0e to 0x24 which are inside the buffer, lets continue to next iteration,
if we set a breakpoint and check every iteration, on latest iteration before the crash we have the values 0x2c to 0x70 with overflows the buffer and produces a controlled termination of the v compiled process.





Related posts


  1. Pentest Tools For Android
  2. Pentest Tools Url Fuzzer
  3. Pentest Tools Alternative
  4. Beginner Hacker Tools
  5. Easy Hack Tools
  6. Pentest Tools Nmap
  7. What Is Hacking Tools
  8. Hacker Tools Software
  9. Hacking Tools Hardware
  10. Install Pentest Tools Ubuntu
  11. Kik Hack Tools
  12. Hack Tools Mac
  13. Pentest Tools Apk
  14. Ethical Hacker Tools
  15. Hack Tools For Pc
  16. Hacking Tools
  17. Pentest Recon Tools
  18. How To Install Pentest Tools In Ubuntu
  19. Install Pentest Tools Ubuntu
  20. Hacking App
  21. Hack Tools 2019
  22. Hacker Tools Hardware
  23. World No 1 Hacker Software
  24. Hacking App
  25. Hacker Tools 2019
  26. Hacking Tools Windows 10
  27. What Is Hacking Tools
  28. Pentest Tools Nmap
  29. Hack And Tools
  30. Github Hacking Tools
  31. Hack Tools
  32. Hacking Tools
  33. Pentest Tools Alternative
  34. Hak5 Tools
  35. Hack Tools Github
  36. Hacking Tools Mac
  37. Hacker Tools 2020
  38. Hack Website Online Tool
  39. Hack Tool Apk
  40. New Hack Tools
  41. Pentest Tools Website Vulnerability
  42. Github Hacking Tools
  43. Bluetooth Hacking Tools Kali
  44. How To Hack
  45. Pentest Tools Bluekeep
  46. Hacker Tools
  47. Hacker Tools
  48. Hack Tool Apk
  49. Best Hacking Tools 2020
  50. Blackhat Hacker Tools
  51. Pentest Tools Online
  52. Nsa Hacker Tools
  53. Hacker Tools
  54. Hacking Tools For Windows 7
  55. Pentest Tools Port Scanner
  56. Install Pentest Tools Ubuntu
  57. Hack Tools For Mac
  58. Hack Tools Download
  59. Hack Tools For Pc
  60. Top Pentest Tools
  61. Hacker Hardware Tools
  62. Pentest Tools Tcp Port Scanner
  63. Hacking Tools Windows 10
  64. Hacking App
  65. Hack Tool Apk No Root
  66. Hack Tools 2019
  67. Pentest Tools Kali Linux
  68. Hacking Tools Download
  69. New Hack Tools
  70. Hack And Tools
  71. Pentest Tools Subdomain
  72. What Is Hacking Tools
  73. Hacking Tools For Windows Free Download
  74. Hack Tools For Ubuntu
  75. Hacker Tools Github
  76. Hacker Tools Github
  77. Pentest Tools Review
  78. Hacking Tools Name
  79. Hack Tools For Windows
  80. Pentest Tools Tcp Port Scanner
  81. Beginner Hacker Tools
  82. Hacking Tools Windows
  83. Kik Hack Tools
  84. Pentest Tools For Android
  85. Hack Tools For Windows
  86. Hacker Tools Github
  87. Pentest Tools Kali Linux
  88. Beginner Hacker Tools
  89. Hack Tools 2019
  90. Pentest Tools Subdomain
  91. Hacking Tools Download
  92. Hack Tools For Ubuntu
  93. Hacker Tools Github
  94. Hack Tools 2019
  95. Hack Tools Github
  96. Hacking Tools 2019
  97. Pentest Tools Framework
  98. Hacker Tools Software
  99. Nsa Hack Tools
  100. Hacker Tools Free
  101. Tools 4 Hack
  102. Hacking Tools Pc
  103. Hacking Tools Free Download
  104. Hak5 Tools
  105. Pentest Box Tools Download
  106. Install Pentest Tools Ubuntu
  107. Nsa Hack Tools Download
  108. How To Make Hacking Tools
  109. Hack Tool Apk No Root
  110. Hack Tool Apk No Root
  111. Hacking Apps
  112. What Are Hacking Tools
  113. Hack Tools
  114. Hacking Tools Name
  115. Hacker Tools Free
  116. Pentest Tools Online
  117. Hacking Tools Pc
  118. Hacker Tools Linux
  119. Hacking Tools Online
  120. Hacks And Tools
  121. Hack Tools For Mac
  122. Pentest Tools For Ubuntu
  123. Android Hack Tools Github
  124. Pentest Tools Website
  125. Hacker Tools
  126. Pentest Tools Website Vulnerability
  127. Hacker Tools List
  128. Hack Tools For Games
  129. Pentest Tools Url Fuzzer
  130. How To Make Hacking Tools
  131. Hacking Tools And Software
  132. Hack Tool Apk
  133. Pentest Tools Review
  134. Best Pentesting Tools 2018
  135. Blackhat Hacker Tools
  136. Hacker Tools Free
  137. Hack Tools 2019
  138. Hacking Tools For Kali Linux
  139. Hack Tools For Ubuntu
  140. Pentest Tools Subdomain
  141. New Hacker Tools
  142. Hacker Tool Kit
  143. Hacking Tools Kit
  144. Hacker Tools Apk Download
  145. Hak5 Tools
  146. How To Hack
  147. Hacker Tools Mac
  148. Hacker Tools For Pc
  149. Hacking Tools For Windows
  150. Hacker Hardware Tools
  151. Hacker Tools Online
Publicado por en

No hay comentarios:

Publicar un comentario

Suscribirse a: Enviar comentarios (Atom)