packing_bizarre_adventure w. dump

gio-del · Jan 4, 2024 · 3164ec4 · 3164ec4
1 parent 30b038d
commit 3164ec4
Show file tree

Hide file tree

Showing 4 changed files with 76 additions and 72 deletions.
diff --git a/writeups/packing/packing_bizarre_adventure/.gdb_history b/writeups/packing/packing_bizarre_adventure/.gdb_history
@@ -1,75 +1,3 @@
-c
-c
-c
-c
-c
-exit
-start
-ni
-ni
-si
-disass decode
-b *0x00005555555552db
-c
-ni
-disass decode
-b *0x000055555555536f
-c
-disass decode
-ni
-disass decode
-b *0x000055555555536f
-c
-ni
-c
-c
-c
-c
-ni
-exit
-start
-disass decode
-b *0x0000555555555461
-c
-ni
-exit
-start
-ni
-ni
-si
-disass decode
-ni
-disass decode
-disass 0x0000555555555486,+10
-disass 0x0000555555555486,+30
-b *0x00005555555552db
-c
-disass decode
-b *0x000055555555536f
-c
-ni
-disass decode
-exit
-start
-r
-exit
-start
-disass decode
-b *0x0000555555555486
-r
-disass decode
-exit
-r
-disass decode
-exit
-start
-disass main
-b *0x0000555555555562
-c
-disass decode
-exit
-start
-disass decode
 ni
 ni
 si
@@ -254,3 +182,75 @@ c
 ni
 disass decode
 exit
+start
+b decode
+c
+disass decode
+b *0x000055555555537c
+c
+disass decode
+start
+c
+disass decode
+b *0x0000555555555369
+c
+ni
+info b
+info break
+del 2
+info break
+del 3
+del 5
+b *0x55555555536f
+c
+ni
+start
+c
+start
+info break
+del 6
+b decode
+c
+disass decode
+hb *0x000055555555537f
+c
+start
+info break
+del 10
+c
+disass decode
+b *0x0000555555555369
+c
+start
+c
+c
+ni
+info decode
+disass decode
+vmmap
+dump binary memory
+dump binary memory dump_step1 0x555555554000 0x555555559000
+start
+c
+c
+ni
+disass decode
+b *0x0000555555555464
+c
+ni
+b *0x5555555552d5
+c
+disass decode
+ni
+info break
+del 9
+del 12
+del 15
+del 16
+info break
+b *0x555555555369
+c
+disass decode
+vmmap
+dump binary memory dump_step2 0x555555554000 0x555555559000
+exit
diff --git a/writeups/packing/packing_bizarre_adventure/dump_step1 b/writeups/packing/packing_bizarre_adventure/dump_step1
diff --git a/writeups/packing/packing_bizarre_adventure/dump_step2 b/writeups/packing/packing_bizarre_adventure/dump_step2
diff --git a/writeups/packing/packing_bizarre_adventure/writeup_sketch b/writeups/packing/packing_bizarre_adventure/writeup_sketch
@@ -59,3 +59,7 @@ If these bytes match the program returns to the decryption part for a second ste
 # Second Part
 
 After the decryption routine, the last 16 bytes are basically found in the same way of the previous step
+
+## Alternative Solution
+
+Dump the two steps and statically analyze them