CS 410 SNHU Assembly C File Identifying and Fixing Vulnerabilities Project

You did such a fantastic job with Project 1, I could use your assistance on a much easier continuance / modification of it, Project Two. In this continuance, you will edit the c++ file you created and patch up some potential security concerns. I’ve attached the previous module’s completed assignment and rubric as an example, done on another file. This should be the last time I require assistance, thank you for expanding my knowledge! Let me know in a reply if you’d like me to send you the c++ file you created originally, as I still have it.

STUDENT NAME:
ASSIGNMENT NAME:
SCHOOL:
To complete this assignment, examine the file for security flaws and reverse engineer it to C.
Submit a Microsoft Word document that contains the following:
1. A detailed list of the steps you took converting the binary file to C
2. Commented assembly code that corresponds to the binary file
3. Commented C code that corresponds to the assembly file, including the logical errors or
security flaws (The comments for this code should include explanations of the logical or security
flaws.)
4. The corrected C code with comments
A detailed list of the steps you took converting the binary file to C
Steps
I used gdb debugger to analyse and convert the binary file into a working c program. With the
help of gdb commands I was able to find out all the methods that are in the binary file apart from
the main function. I used the below commands to get more information and to step in each line
of the binary code at run time.
a. Info functions
This command will display all the functions that are in the binary file.
b. Disas functionname
This command can be used to disassable the function provided. This means that it will
provide the assembly code of the function.
c. b *0x00000000004006f2
This command is used to add a break point at a given line in the code, this will help
during running the code.
Available functions and their users.
To display all the functions in the binary file, I used infor functions in gdb tool. It displayed all
the functions as show below.
Image 1. Available functions
From the image, the binary file is composed of DisplayMenu function and the main function.
When the code is executed, we get the following results.
Image 2. Executed Code.
In C program, the such menu can be displayed using a printf statement, all the the lines can be in
one String then using a printf , they can be displayed on the screen. However we can check the
assembly part of this function in gdb.
Disassembling the DisplayMenu function
From the above image, there are several lines where printf function has been called. A value is
moved int the address eax, and then a printf method is called. The printf method prints strings of
data, which means that all each line is printed independently as seen in the blow C program.
Int main(){
printf (“Line 1\n”);
printf (“- 1)Add
-\n”);
printf (“- 2)Subtract – \n”);
printf (“- 3)Multiply – \n”);
printf (” – 4)Exit
– \n”);
printf (“—————-\n”);
}
The above main function in c will produce the same menu as seen in our application.
0x000000000040062d :
push %rbp
0x000000000040062e :
mov %rsp,%rbp
0x0000000000400631 :
sub $0x10,%rsp
0x0000000000400635 :
mov $0x400874,%edi
0x000000000040063a : mov $0x0,%eax
0x000000000040063f : callq 0x4004f0
1
0x0000000000400644 : mov $0x400885,%edi
0x0000000000400649 : mov $0x0,%eax
0x000000000040064e : callq 0x4004f0
2
0x0000000000400653 : mov $0x400896,%edi
0x0000000000400658 : mov $0x0,%eax
0x000000000040065d : callq 0x4004f0
3
0x0000000000400662 : mov $0x4008a7,%edi
0x0000000000400667 : mov $0x0,%eax
0x000000000040066c : callq 0x4004f0
4
0x0000000000400671 : mov $0x4008b8,%edi
0x0000000000400676 : mov $0x0,%eax
0x000000000040067b : callq 0x4004f0
5
0x0000000000400680 : mov $0x400874,%edi
0x0000000000400685 : mov $0x0,%eax
0x000000000040068a : callq 0x4004f0
0x000000000040068f : mov %rax,-0x8(%rbp)
0x0000000000400693 : movsd -0x8(%rbp),%xmm0
0x0000000000400698 : leaveq
0x0000000000400699 : retq
6
From the assembly code above, we can see that on line 18, 33 , 48, 63 , 78 and 93 have called the
printf function. The other lines use mov command, which actually moves a string data into eax
for display on the screen.
Disassembling the Main Function.
When we disassembly the main function, we get the sample assembly code below.
The above code, is an assembly representation of the first part of the binary file. On line 16, a
jmpq command is used. The program jumps to line 311 of the program.
On line 311 above, the program moves a value into address eax, this value is the compared with
value $0x5, if not equal then the program jumps back to line 21 of the main function. This can be
a while loop since when the values are equal, the project just exit this can be the same as
While(condition is not true){
Block of code
}
From lines 21 onwards, we also see the program calls the command puts,
The DisplayMenu Function is not called in any place, and when we use break points, we found
out that this lines print the menu, as seen in the image below.
Therefore the main also prints the menu without calling the DisplayMenu function.
One the menu has been printed, starting from line 98, as seen in the below image, the programs
calls scanf method, this allow user to enter an input. Once the input is received, the next line
compares the value with 1, if not equal then the program jumps to line 175 else it continue
executing the other lines.
Using a c program, this can resemble the following pseudocode.
Int main(){
While(){
Print line 1
Print line 2
Print line 3
Print line 4
Print line 5
Print line 6
Get user choice
If(choice != 1){
Perform addition
}
}
}
Therefore from line 111 upto line 165 the program performs a specific action. From the menu
that we obtained above, and with the help of the condition at line 106, this must be the operation
for addition, however when we check the code below we see a sub, instead of add, therefore the
menu does not correspond with the blocks of codes i.e when one chooses the first option for
adding, the operation which we be done is subtraction.
Sample Assembly Code
//compare user input with 1
//if equal then the program continues, otherwise it jumps to line 175
//equivalent to
//IF(choice == 1){ do this }else{ go to line 175}
0x0000000000400704 : cmp $0x1,%eax
0x0000000000400707 : jne 0x400749
//this block of code allow user to enter the two numbers
//scanf(“%d \n %d”, &var_a,&var_b);
0x0000000000400709 : lea -0x14(%rbp),%rdx
0x000000000040070d : lea -0x18(%rbp),%rax
0x0000000000400711 : mov %rax,%rsi
0x0000000000400714 : mov $0x4008cc,%edi
0x0000000000400719 : mov $0x0,%eax
0x000000000040071e : callq 0x400520
//Once values are received, they are moved to specific memory address before subtraction takes place.
0x0000000000400723 : mov -0x18(%rbp),%edx
0x0000000000400726 : mov -0x14(%rbp),%eax
0x0000000000400729 : mov %edx,%ecx
//Subtraction takes place here result = var_1 – var_b
0x000000000040072b : sub %eax,%ecx
0x000000000040072d : mov -0x14(%rbp),%edx
0x0000000000400730 : mov -0x18(%rbp),%eax
0x0000000000400733 : mov %eax,%esi
0x0000000000400735 : mov $0x4008d2,%edi
0x000000000040073a : mov $0x0,%eax
// the results are then displayed on the screen printf(“%d + %d = result”, var_a,var_b,result);
0x000000000040073f : callq 0x4004f0
There we can convert this block to C as seen below
IF (choice == 1){
scanf(“%d \n %d”, &var_a,&var_b);
result = var_a – var_b;
printf(“%d + %d = %d”, var_1,var_b,result)
}
After this block of code, the program execution jumps to line 311, which as discussed earlier,
this is the starting point of the loop, in case user choice was 1, once the above block has been
executed, the program then jumps to line 311, where it will compare the choice with 5, if equal it
will exit else it will strat printing the menu from line 21.
When user selects 2 this time intead of 1, then the program execution will jump to line 175,
where the value will be compared with 2, as seen below, if its equal to two then the block from
line 175 to line 236 will be executed.
This block of code is called when user selects option 2, according to the menu, it should perfom
subtraction but according to the code above, it performs binary addition.
Sample Assembly Code for this Block
0x000000000040074c : cmp $0x2,%eax
//if values are not equal the program
// Compares value in eax with value 2
jumps to line 234
0x000000000040074f : jne 0x40078d
//the block below allow user to add the two vaues, eg 4 and 5
//equivalent to scanf(“%d \n %d”, &var_a,&var_b);
0x0000000000400751 : lea -0x14(%rbp),%rdx
0x0000000000400755 : lea -0x18(%rbp),%rax
0x0000000000400759 : mov %rax,%rsi
0x000000000040075c : mov $0x4008cc,%edi
0x0000000000400761 : mov $0x0,%eax
0x0000000000400766 : callq 0x400520
//Once use input the values they are moved into their respective memory addresses
//this block the performs addition of the two numbers
//result = var_a + var_b
0x000000000040076b : mov -0x18(%rbp),%edx
0x000000000040076e : mov -0x14(%rbp),%eax
0x0000000000400771 : lea (%rdx,%rax,1),%ecx
0x0000000000400774 : mov -0x14(%rbp),%edx
0x0000000000400777 : mov -0x18(%rbp),%eax
0x000000000040077a : mov %eax,%esi
0x000000000040077c : mov $0x4008e0,%edi
0x0000000000400781 : mov $0x0,%eax
//The results together with the other values are printed on the screen
//printf(“%d – %d = result”, var_a,var_b,result);
0x0000000000400786 : callq 0x4004f0
//program jumps to line 311, where the loop with either continue or program ends
0x000000000040078b : jmp 0x4007d1
Sample C code
IF (choice == 2){
scanf(“%d \n %d”, &var_a,&var_b);
result = var_a + var_b;
printf(“%d – %d = %d”, var_1,var_b,result)
}
When user Choose option other than 1 and 2, then the program jumps to line, 246, the value is
compare with 3, if equal the block of code from line 251 to line 306 is executed. According to
the menu, this block is ought to perform binary multiplication, however according to the results
when the program is rung, a binary division is performed.
Sample Assembly Code
Sample Assembly Code – Next Page
Equivalent C Code
IF (choice == 3){
scanf(“%d \n %d”, &var_a,&var_b);
result = var_a / var_b;
printf(“%d – %d = %d”, var_1,var_b,result)
}
//Compares value, user choice with 3, if equal this block will be executed, else program jumps to line311
//same as IF(choice == 3 ){do this block}else{ go to line 311}
0x0000000000400790 : cmp $0x3,%eax
0x0000000000400793 : jne 0x4007d1
//this block will allow user to enter the two values
// scanf(“%d \n %d”, &var_a,&var_b);
0x0000000000400795 : lea -0x14(%rbp),%rdx
0x0000000000400799 : lea -0x18(%rbp),%rax
0x000000000040079d : mov %rax,%rsi
0x00000000004007a0 : mov $0x4008cc,%edi
0x00000000004007a5 : mov $0x0,%eax
0x00000000004007aa : callq 0x400520
//this block performs binary division,
//result = var_a / var_b
0x00000000004007af : mov -0x18(%rbp),%eax
0x00000000004007b2 : mov -0x14(%rbp),%ebx
0x00000000004007b5 : cltd
0x00000000004007b6 : idiv %ebx
0x00000000004007b8 : mov %eax,%ecx
0x00000000004007ba : mov -0x14(%rbp),%edx
0x00000000004007bd : mov -0x18(%rbp),%eax
0x00000000004007c0 : mov %eax,%esi
0x00000000004007c2 : mov $0x4008e0,%edi
0x00000000004007c7 : mov $0x0,%eax
//finally value is printed on the screen
// printf(“%d – %d = result”, var_a,var_b,result);
0x00000000004007cc : callq 0x4004f0
This is the last block of assembly dumped by gdb, we can find out that there is no condition
created for option four, therefore when one chooses option 4, the program never terminates. Also
user needs to type 5, which is in line 311 in order for the application to exit.
Observations
From the analysis above, the menu provided does not conform to the actions that are taken when
once user selects a choice. The multiplication part does division of the numbers provide, the
addition part performs subtraction and the choice for subtraction does addition. Also the exit
option does not work since the program expects 5 for it to exit.
Commented C Code that corresponds to the binary File
int main() {
int choice = 0; //initialize choice with zero
int var_a, var_b,result; //other variables of type integer
while (choice != 5) {
printf(“—————-\n”); //display a line of dots
//Display Menu
printf(“- 1)Add -\n”);
printf(“- 2)Subtract -\n”);
printf(“- 3)Multiply -\n”);
printf(“- 4)Exit -\n”);
printf(“—————-\n”);
scanf(“%d\n “, &choice); //allow user enter choice
if (choice == 1) {
scanf(“%d \n %d”, &var_a,&var_b);
result = var_a – var_b;//binary subtraction
printf(“%d + %d = %d \n”, var_a,var_b,result); //display on screen
} else if (choice == 2) {
scanf(“%d \n %d”, &var_a,&var_b);
result = var_a + var_b;//binary addition
printf(“%d – %d = %d \n”, var_a,var_b,result);
} else if (choice == 3) {
scanf(“%d \n %d”, &var_a,&var_b);
result = var_a / var_b;//binary devision
printf(“%d – %d = %d \n”, var_1,var_b,result);
}else if(choice == 5){
return (EXIT_SUCCESS); //program exit
}}
return (EXIT_SUCCESS); //program exit
}
Display Menu Function
void DisplayMenu ()
{
//print out menu
printf (“—————-“);
printf (“- 1)Add -“);
printf (“- 2)Subtract -“);
printf (“- 3)Multiply -“);
printf (“- 4)Exit -“);
printf (“—————-“);
}
In the above C program, we see the following errors
1. First option of the menu perform binary subtraction instead of addition
2. The second option does binary addition instead of subtraction
3. The third option does division instead of multiplication. Therefore the menu
should be changed to conform to the conditions in the code.
4. Also the display menu method should be called instead of recoding the menu
again inside the loop.
5. Also the program display subtraction to the user that a subtraction has been done,
when the division is done in the application.
6. Also the program exit when you type 5 instead of 4. Therefore it should be
changed to 4 in the code or use 5 instead of 4 in the menu.
The Corrected C Program
int main() {
int choice = 0; //initialize choice with zero
int var_a, var_b,result; //other variables of type integer
while (choice != 5) {
printf(“—————-\n”); //display a line of dots
DisplayMenu();
scanf(“%d\n “, &choice); //allow user enter choice
if (choice == 1) {
scanf(“%d \n %d”, &var_a,&var_b);
result = var_a + var_b;//binary subtraction
printf(“%d + %d = %d \n”, var_a,var_b,result); //display on screen
} else if (choice == 2) {
scanf(“%d \n %d”, &var_a,&var_b);
result = var_a – var_b;//binary addition
printf(“%d – %d = %d \n”, var_a,var_b,result);
} else if (choice == 3) {
scanf(“%d \n %d”, &var_a,&var_b);
result = var_a * var_b;//binary devision
printf(“%d * %d = %d \n”, var_1,var_b,result);
}else if(choice == 4){
return (EXIT_SUCCESS); //program exit
}}
return (EXIT_SUCCESS); //program exit
}
Display Menu Function
void DisplayMenu ()
{
//print out menu
printf (“—————-“);
printf (“- 1)Add -“);
printf (“- 2)Subtract -“);
printf (“- 3)Multiply -“);
printf (“- 4)Exit -“);
printf (“—————-“);
}
CS 410 Project Two Security Report Template
Instructions
Fill in the table in step one. In steps two and three, replace the bracketed text with your answer in your
own words.
1. Identify where multiple security vulnerabilities are present within the blocks of C++ code. You
may add columns and extend this table as you see fit.
Block of C++ Code
Identified Security Vulnerability
2. Explain the security vulnerabilities that are found in the blocks of C++ code.
[In a paragraph or two for each security vulnerability, explain in detail how and why these are security
vulnerabilities.]
3. Describe recommendations for how the security vulnerabilities can be fixed.
[In a paragraph or two for each recommendation, describe how you would fix these vulnerabilities.]
1
6/8/2021
Binary to C++ With Security Vulnerabilities Activity Guidelines and Rubric – CS-410-T5470 Software Reverse Engineering 21EW5
CS-410-T5470 Software Reverse Engineering 21EW5
Binary to C++ With Security Vulnerabilities Activity
Guidelines and Rubric


Overview
In previous activities, you converted files using languages including binary, assembly, and C++. You have successfully completed a
full conversion of legacy code, from binary to C++. In this activity, you will convert legacy binary code to C++, examine the code for
security vulnerabilities, fix the identified security vulnerabilities, and report on those vulnerabilities. This is a key step toward the
successful completion of Project Two, which is centered on fixing security vulnerabilities. The coding for this assignment will be
performed in Codio. You will submit the completed Binary to C++ With Security Vulnerabilities Activity Template and a new binary
file and CPP file.
Prompt
Specifically, you must address the following rubric criteria:
1. Convert the binary file to assembly code.
These files can be found in the Software Reverse Engineering Playground in the Module Six file folder in Codio.
2. Explain the functionality of the blocks of assembly code.
Use the Binary to C++ With Security Vulnerabilities Activity Template to complete this step.
3. Convert the assembly code to binary.
Create a new binary file for submission.
4. Convert the assembly code to C++ code.
Use the Binary to C++ With Security Vulnerabilities Activity Template to complete this step.
Compile the C++ code in the Eclipse integrated development environment.
5. Identify the security vulnerabilities within the C++ code.
Comment within the C++ code to indicate where the security vulnerabilities are identified.
6. Fix the identified security vulnerabilities within the C++ code.
Correct the C++ code to fix the security vulnerabilities.
7. Explain how the updated C++ code fixes the identified vulnerabilities.
Comment within the C++ code to indicate how the security vulnerabilities were fixed.
Guidelines for Submission
Binary to C++ With Security Vulnerabilities Activity Template
This should be a Word document. Use the Binary to C++ With Security Vulnerabilities Activity Template to convert the legacy binary
file into assembly, explain the functionality of the assembly code, and convert the assembly code to C++ code.
C++ File
This file includes your comments on the identified security vulnerabilities, the fixes, and the comments about how the security
vulnerabilities were fixed. This file is needed to ensure that the code, identified vulnerabilities, fixes, and comments are correct.
Binary File
This file is needed to run the application.
https://learn.snhu.edu/d2l/le/content/752871/viewContent/12896103/View
1/5
6/8/2021
Binary to C++ With Security Vulnerabilities Activity Guidelines and Rubric – CS-410-T5470 Software Reverse Engineering 21EW5
Binary to C++ With Security Vulnerabilities Activity Rubric
Criteria
Binary to
Exemplary
N/A
Assembly
Conversion
Proficient
Needs Improvement
Not Evident
Converts binary file
Shows progress
Does not attempt
into assembly code
toward proficiency,
criterion (0%)
(100%)
but with errors or
omissions; areas for
Value
9
improvement may
include converting
the binary file into
assembly code (85%)
Assembly
Exceeds proficiency
Explains the
Shows progress
Does not attempt
Functionality
in an exceptionally
functionality of the
toward proficiency,
criterion (0%)
clear, insightful,
sophisticated, or
blocks of assembly
code with minimal
but with errors or
omissions; areas for
creative manner
errors and adequate
improvement may
(100%)
detail (85%)
include explaining
13
the functionality of
the blocks of
assembly code with
minimal errors and
richer detail (55%)
Assembly to
Binary Conversion
N/A
Converts the
assembly code to
Shows progress
toward proficiency,
binary (100%)
but with errors or
Does not attempt
criterion (0%)
9
omissions; areas for
improvement may
include converting
the assembly code to
binary (85%)
Assembly to C++
Conversion
Exceeds proficiency
in an exceptionally
clear, insightful,
sophisticated, or
creative manner
(100%)
Converts each block
of assembly code to
C++ code with
minimal errors (85%)
Shows progress
toward proficiency,
but with errors or
omissions; areas for
improvement may
include converting
each block of
assembly code to
C++ code with fewer
errors (55%)
Does not attempt
criterion (0%)
10
Identify Security
Vulnerabilities
Exceeds proficiency
in an exceptionally
clear, insightful,
sophisticated, or
creative manner
(100%)
Identifies all of the
security
vulnerabilities within
the C++ code with
minimal errors (85%)
Shows progress
toward proficiency,
but with errors or
omissions; areas for
improvement may
include identifying all
of the security
vulnerabilities within
the C++ code with
fewer errors (55%)
Does not attempt
criterion (0%)
18
https://learn.snhu.edu/d2l/le/content/752871/viewContent/12896103/View
2/5
6/8/2021
Binary to C++ With Security Vulnerabilities Activity Guidelines and Rubric – CS-410-T5470 Software Reverse Engineering 21EW5
fewer errors (55%)
Fix Security
Exceeds proficiency
Fixes the identified
Shows progress
Does not attempt
Vulnerabilities
in an exceptionally
security
toward proficiency,
criterion (0%)
clear, insightful,
vulnerabilities within
but with errors or
sophisticated, or
the C++ code with
omissions; areas for
creative manner
minimal errors (85%)
improvement may
(100%)
18
include fixing the
identified security
vulnerabilities within
the C++ code with
fewer errors (55%)
Security
Vulnerabilities
Explanation
Exceeds proficiency
in an exceptionally
Explains how the
updated C++ code
Shows progress
toward proficiency,
clear, insightful,
fixes the identified
but with errors or
sophisticated, or
security
omissions; areas for
creative manner
vulnerabilities with
improvement may
(100%)
minimal errors (85%)
include explaining
Does not attempt
criterion (0%)
18
5
how the updated
C++ code fixes the
identified security
vulnerabilities with
fewer errors (55%)
Articulation of
Response
Exceeds proficiency
in an exceptionally
Clearly conveys
meaning with correct
Shows progress
toward proficiency,
Submission has
critical errors in
clear, insightful,
grammar, sentence
but with errors in
grammar, sentence
sophisticated, or
structure, and
grammar, sentence
structure, and
creative manner
spelling,
structure, and
spelling, preventing
demonstrating an
spelling, negatively
understanding of
understanding of
impacting readability
ideas
audience and
purpose
Total:
https://learn.snhu.edu/d2l/le/content/752871/viewContent/12896103/View
100%
3/5
6/8/2021
Binary to C++ With Security Vulnerabilities Activity Guidelines and Rubric – CS-410-T5470 Software Reverse Engineering 21EW5
Reflect in ePortfolio
Download
Print
Open with docReader
https://learn.snhu.edu/d2l/le/content/752871/viewContent/12896103/View
4/5
6/8/2021
Binary to C++ With Security Vulnerabilities Activity Guidelines and Rubric – CS-410-T5470 Software Reverse Engineering 21EW5
Activity Details
You have viewed this topic
Last Visited Jun 7, 2021 6:02 PM
https://learn.snhu.edu/d2l/le/content/752871/viewContent/12896103/View
5/5