I get that when you enter more than 32 bytes of information it overflows into the next memory address. However, I don't really understand why that allows us to know the value of the safe variable. Could you please explain this a bit further?
Since this is a controlled program for teaching buffer overflow issues, the program has been programmed specifically so that the user input buffer overflows into the safe variable after bytes in excess to 32 are written to the user input buffer. The program also has a special function called print_heap, that's used to check both the values of the input buffer as well as the safe variable. All of these program functions are defined in the chall.c source code file. I hope that explanation helps. 🐸
im a little confused how the second adress got changed after writing to the buffer. whats supposed to happenif there wasnt a buffer overflow? does writing to the buffer just change the content of the top thing on the heap?
This exercise is meant to illustrate how insecurely-written code can lead to buffer overflows. If the code were securely written, it would check if the user input was larger than the memory buffer, and refuse to accept any input larger than the memory buffer size. Writing to the buffer doesn't write to the top of the memory heap, but it does write to the address assigned to it when the program starts. Each time the input buffer is written to, it writes to the same address, which is not the top of the memory heap. I hope this explanation helped a bit.
I really dont like this chanllenge, because as far as I know, in C programming, when initializing heap memory, the address will be random, I think there is no way to guarantee input_data and safe var will be close to each other, maybe this challenge is an exception or I am wrong. Anyway, thank you for making the video
This comment really made me think, and I took a look at the source code for the challenge. One function from that source code, the print_heap function, prints out the pointer addresses of the two variables when its called. It could be that they didn't design the challenge with a specific buffer overflow size in mind. The challenge authors are listed as ABRXS and PR1OR1TYQ, so maybe we could try asking them in the picoCTF Discord?
I get that when you enter more than 32 bytes of information it overflows into the next memory address. However, I don't really understand why that allows us to know the value of the safe variable. Could you please explain this a bit further?
Since this is a controlled program for teaching buffer overflow issues, the program has been programmed specifically so that the user input buffer overflows into the safe variable after bytes in excess to 32 are written to the user input buffer. The program also has a special function called print_heap, that's used to check both the values of the input buffer as well as the safe variable. All of these program functions are defined in the chall.c source code file. I hope that explanation helps. 🐸
im a little confused how the second adress got changed after writing to the buffer. whats supposed to happenif there wasnt a buffer overflow? does writing to the buffer just change the content of the top thing on the heap?
This exercise is meant to illustrate how insecurely-written code can lead to buffer overflows. If the code were securely written, it would check if the user input was larger than the memory buffer, and refuse to accept any input larger than the memory buffer size. Writing to the buffer doesn't write to the top of the memory heap, but it does write to the address assigned to it when the program starts. Each time the input buffer is written to, it writes to the same address, which is not the top of the memory heap. I hope this explanation helped a bit.
@@theshyhat thanks so much!!
You are the best on UA-cam!
Bro i follow all the tutorial about this binary exploit now i get new knowledge about binary exploit
I really dont like this chanllenge, because as far as I know, in C programming, when initializing heap memory, the address will be random, I think there is no way to guarantee input_data and safe var will be close to each other, maybe this challenge is an exception or I am wrong. Anyway, thank you for making the video
This comment really made me think, and I took a look at the source code for the challenge. One function from that source code, the print_heap function, prints out the pointer addresses of the two variables when its called. It could be that they didn't design the challenge with a specific buffer overflow size in mind. The challenge authors are listed as ABRXS and PR1OR1TYQ, so maybe we could try asking them in the picoCTF Discord?
asking chatgpt to subtract hexes is hilarious. it is better to use python instead
Haha. I've been burned by chatgpt with math before, it's true. There's dozens of websites that can get the job done out there. 😁