Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
lehrkraefte:blc:informatik:ffprg2-2018:ffprg2-2018 [2019/01/11 16:37] Ivo Blöchliger [7-Segment-Anzeige-Demo] |
lehrkraefte:blc:informatik:ffprg2-2018:ffprg2-2018 [2019/01/25 15:34] (current) Ivo Blöchliger [Assembler und Hacking (Stackoverflow)] |
||
---|---|---|---|
Line 11: | Line 11: | ||
* Dokumentation: | * Dokumentation: | ||
- | ====== Assembler und Hacking (Stackoverflow) ====== | + | ====== Hacking ====== |
+ | ===== XSS: Cross Site Scripting ===== | ||
+ | https:// | ||
+ | |||
+ | ===== Assembler und Hacking (Stackoverflow) ===== | ||
+ | Ein aktueller Hack vom letzten Chaos Computer Congress: https:// | ||
+ | |||
* https:// | * https:// | ||
Line 27: | Line 34: | ||
JMP start | JMP start | ||
+ | </ | ||
+ | |||
+ | Mit etwas mehr Assembler Voodoo: | ||
+ | <code asm> | ||
+ | start: | ||
+ | MOV A,1 | ||
+ | loopA: | ||
+ | MOV B, 253 | ||
+ | loopB: | ||
+ | MOV [B], A | ||
+ | INC B | ||
+ | JNC loopB | ||
+ | |||
+ | SHL A,1 | ||
+ | JNC loopA | ||
+ | |||
+ | JMP start | ||
+ | </ | ||
+ | |||
+ | Der L0L-Dreizeiler | ||
+ | <code asm> | ||
+ | MOV [253], 0111000b | ||
+ | MOV [254], 0111111b | ||
+ | MOV [255], 0111000b | ||
+ | </ | ||
+ | |||
+ | |||
+ | Manipulierte Rücksprungadresse | ||
+ | |||
+ | <code asm> | ||
+ | mov A, ' | ||
+ | start: | ||
+ | inc A ; Erhöht den Inhalt vom Register A um 1 | ||
+ | mov [232], A ; | ||
+ | call bla ; | ||
+ | ruecksprung: | ||
+ | hlt ;Halt | ||
+ | |||
+ | |||
+ | bla: | ||
+ | mov [253], A ;Alle 7 Bits für 7-Segment-Anzeige | ||
+ | mov [SP+1], start ; Rücksprungadresse überschreiben | ||
+ | ret ; | ||
+ | </ | ||
+ | |||
+ | |||
+ | Ausgabe des LOL-Codes: | ||
+ | <code asm> | ||
+ | |||
+ | lol: | ||
+ | MOV [253], 0111000b | ||
+ | MOV [254], 0111111b | ||
+ | MOV [255], 0111000b | ||
+ | |||
+ | fertig: | ||
+ | mov A, fertig | ||
+ | dec A | ||
+ | mov B, 252 | ||
+ | loop: | ||
+ | mov C, [A] | ||
+ | mov [B], C | ||
+ | dec B | ||
+ | dec A | ||
+ | JNC loop | ||
+ | hlt | ||
+ | |||
</ | </ | ||
===== Hackme Code ===== | ===== Hackme Code ===== | ||
Line 59: | Line 132: | ||
Schaffen Sie es, indem Sie nur die DB-Zeile anpassen (das wäre so quasi der User-Input), | Schaffen Sie es, indem Sie nur die DB-Zeile anpassen (das wäre so quasi der User-Input), | ||
+ | <hidden Lösungsvorschlag> | ||
+ | Mit Rücksprung direkt in die DB-Konstante (Adresse 0x02) | ||
+ | <code asm> | ||
+ | DB " | ||
+ | </ | ||
+ | Oder mit Rücksprung in die kopierten Daten an der Adresse 0xdc: | ||
+ | <code asm> | ||
+ | DB " | ||
+ | </ | ||
+ | |||
+ | </ | ||
+ | |||
+ | |||
+ | ===== Busy Beaver ===== | ||
+ | <code asm> | ||
+ | start: | ||
+ | MOV B, 255 | ||
+ | |||
+ | humpfdidumpf: | ||
+ | MOV A, [B] | ||
+ | INC A | ||
+ | MOV [B], A | ||
+ | JNC humpfdidumpf | ||
+ | while: | ||
+ | DEC B | ||
+ | CMP B, ende | ||
+ | JE ende | ||
+ | MOV A, [B] | ||
+ | INC A | ||
+ | MOV [B], A | ||
+ | JC while | ||
+ | JMP start | ||
+ | ende: | ||
+ | HLT | ||
+ | </ | ||
===== Roborobo-Fernbedienung / Ivobot ===== | ===== Roborobo-Fernbedienung / Ivobot ===== |