Stack Protection

In this tutorial, you are asked to explain all stack protection mechanisms and identify them in the various assembly dumps of the auth.c. Displayed below. You may also choose to explore the code and compilation variations live at https://godbolt.org/z/4KqvvnrMM

#include <stdio.h>
#include <string.h>
#define BUFFER_SIZE 256 

void accessDenied(){
    printf("Access denied!\n");
}
void accessGranted(){
    printf("Access granted!\n");
}

int pwd(char *arg){
    char password[BUFFER_SIZE]; 
    strcpy(password, arg);
    return strcmp(password, "S3cF41l");
}

int main(int argc, char **argv){
    if (!pwd(argv[1])){
        accessGranted();
        return 0;
    }else{
        accessDenied();
        return 1; 
    }
}

Fortified Source Functions

  1. What are Fortified Source Functions and how do they work?
  2. How to enable it on Linux?
  3. In auth-fortify-enable.x86, can you identify the “fortified” called to strcpy?

Stack Canaries

  1. What are stack canaries and how do they work?
  2. How to enable it on Linux?
  3. In auth-canary-enable.x86, can you identify where the canary is set and verifies in the function pwd?

Non Executable Stack

  1. What is a non executable stack and how does it work?
  2. How to enable it on Linux?
  3. There is actually no difference at all between auth-all-disable.x86 and auth-nex-enable.x86, why?

ASLR - Address Space Layout Randomization

  1. What is ASLR and how does it work?
  2. How to enable it on Linux?

PIC/PIE - Position Independent Code

  1. What is a position independent code and how does it work?
  2. How to enable it on Linux?
  3. In auth-pie-enable.x86, can you identify where/how the binary gets the offset to calculate the absolute address of the function pwd?

Malware

  1. What are the two main approaches use by antivirus software to detect malwares?

  2. What is the difference between static analysis and dynamic analysis?

  3. In a malware, what is the difference between the payload and the infection vector?

  4. What are the common techniques use to make malware undetectable by antivirus software?

  5. Defines these concepts related to modern malware: