feat: lab5

Author: YingMuo

lab5/Makefile

@@ -0,0 +1,19 @@
+CC=gcc
+
+.PHONY: all
+all: bss_overflow_asan
+
+bss_overflow_asan: bss_overflow.c libantiasan.so
+	$(CC) -fsanitize=address -Og -g -o $@ $< -lantiasan -L.
+
+libantiasan.so: antiasan.c
+	$(CC) -g -fPIC -c antiasan.c
+	$(CC) -shared antiasan.o -o libantiasan.so
+
+.PHINY: run
+run:
+	LD_LIBRARY_PATH=. ./bss_overflow_asan
+
+.PHONY: clean
+clean:
+	rm bss_overflow_asan antiasan.o libantiasan.so

lab5/README.md

@@ -0,0 +1,26 @@
+# Lab5
+
+## Introduction
+
+In this lab, you will write a function antoasan to bypass detection of ASan in `antiasan.c`.
+
+## Preparation (Important!!!)
+
+1. Sync fork your branch (e.g., `SQLab:311XXXXXX`)
+2. `git checkout -b lab5` (**NOT** your student ID !!!)
+
+## Requirement
+
+1. (100%) write a function antoasan to bypass detection of ASan in `antiasan.c`.
+You can run `validate.sh` in your local to test if you satisfy the requirements.
+
+Please note that you must not alter files other than `antiasan.c`. You will get 0 points if
+
+1. you modify other files to achieve requirements.
+2. you can't pass all CI on your PR.
+
+## Submission
+
+You need to open a pull request to your branch (e.g. 311XXXXXX, your student number) and contain the code that satisfies the abovementioned requirements.
+
+Moreover, please submit the URL of your PR to E3. Your submission will only be accepted when you present at both places.

lab5/ans

@@ -0,0 +1,4 @@
+LD_LIBRARY_PATH=. ./bss_overflow_asan
+gBadBuf = HAHAHAHAHAHAHAHAHAHAHAH
+gS = HAHAHAHAHAHAHAHAHAHAHAH
+gS = HAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAH

lab5/antiasan.c

@@ -0,0 +1,6 @@
+#include <string.h>
+
+void antiasan(unsigned long addr)
+{
+
+}

lab5/antiasan.h

@@ -0,0 +1,6 @@
+#ifndef HIJACK_H
+#define HIJACK_H
+
+void antiasan(unsigned long);
+
+#endif

lab5/bss_overflow.c

@@ -0,0 +1,21 @@
+#include <stdio.h>
+#include <string.h>
+#include "antiasan.h"
+
+char gS[0x18];
+char gBadBuf[0x87];
+
+int main(void)
+{
+        strcpy(gBadBuf, "HAHAHAHAHAHAHAHAHAHAHAH");
+        strcpy(gS, "HAHAHAHAHAHAHAHAHAHAHAH");
+        printf("gBadBuf = %s\n", gBadBuf);
+        printf("gS = %s\n", gS);
+        antiasan((unsigned long)&gBadBuf);
+        for (int i = 0; i < 0x10; i += 2) {
+                gS[0x17 + i] = 'A';
+                gS[0x17 + i + 1] = 'H';
+        }
+        printf("gS = %s\n", gS);
+        return 0;
+}

lab5/validate.sh

@@ -0,0 +1,43 @@
+#!/bin/bash
+
+# Check for unwanted files
+for file in *; do
+  if [[ $file != "bss_overflow.c" && $file != "antiasan.c" && $file != "antiasan.h" && $file != "Makefile" && $file != "README.md" && $file != "validate.sh" && $file != "ans" ]]; then
+    echo "[!] Unwanted file detected: $file."
+    exit 1
+  fi
+done
+
+test_path="${BASH_SOURCE[0]}"
+solution_path="$(realpath .)"
+tmp_dir=$(mktemp -d -t lab5-XXXXXXXXXX)
+answer=""
+
+cd $tmp_dir
+
+rm -rf *
+cp $solution_path/Makefile .
+cp $solution_path/*.c .
+cp $solution_path/*.h .
+cp $solution_path/ans .
+
+make
+make run > out 2>&1
+result=$(diff --strip-trailing-cr ans out)
+if [[ -n $result ]]; then
+  echo "[!] Expected: "
+  cat ans
+  echo ""
+  echo "[!] Actual:   "
+  cat out
+  echo ""
+  exit 1
+else
+  echo "[V] Pass"
+fi
+
+rm -rf $tmp_dir
+
+exit 0
+
+# vim: set fenc=utf8 ff=unix et sw=2 ts=2 sts=2: