Kernel mode VS User mode

One of the most interesting and commonly used concepts in the x86 architecture is Protected mode and it’s support in 4 modes(aka rings):

  • Ring 0 – Supervisor (kernel),
  • Ring 1.
  • Ring 2.
  • Ring 3 – User.

It was a challenging idea to grasp and I’ll try to explain it as clearly as possible in this post. We’ll cover the following concepts:

  • GDT,  LDT,  IDT.
  • Virtual memory translation.
  • ASLR and Kernel ASLR (KASLR).

Continue reading “Kernel mode VS User mode”

Airplane – With the best

Overview

Airplane is this year’s shabak’s challenge for researchers. I solved that challenge a while back and decided to publish my solution here. There are three parts to the challenge and I will cover the third one in this post.

The ReadMe.txt file contain:

hint:
Maybe this program doesn't do more than it seems, our special agent have told us that when the program was executed in a different country, it behaved differently

When we run the program:

29

Continue reading “Airplane – With the best”

Airplane – Should work

Overview

Airplane is this year’s shabak’s challenge for researchers. I solved that challenge a while back and decided to publish my solution here. There are three parts to the challenge and I will cover the second one in this post.

The ReadMe.txt file contain:

hint:
Same as before, this executable has a password that you need to extract, but unlike the last time, you will face against a simple Anti debugging Technique and many more fun stuff

First, as with the first part lets just run the Second.exe and see what happens:

1

Continue reading “Airplane – Should work”

Calc (pwnable.tw)

Overview

I chose to write about that exercise (calc) from pwnable.tw for two reasons:

  • During my attempt to solve that challenge I spent some time to find the vulnerability and found completely unrelated overrun that got me crazy!
  • Well, you need to start somewhere right?

So like any good researcher, before trying anything I ran the program and saw what it does… what a shocker, it’s a calculator:

1

Continue reading “Calc (pwnable.tw)”