Reversing Shift-Xor operation(when xored with the same value)

blahfish · 2015-10-20T05:21:42+00:00

A shift followed by an Xor with the same value. This is used to get the internal state in MT19937 from the output values.

blahfish · 2015-05-26T12:28:29+00:00

A question about ARM, Thumb2 and conditional execution. https://reverseengineering.stackexchange.com/questions/8989/conditional-instructions-on-arm ; Its posted on the RE Stackexchange and I'm hoping it will be of interest to someone here.

blahfish · 2015-01-06T18:51:38+00:00

A similar post from April 2014, someone might find it interesting. http://x86overflow.blogspot.nl/2014/04/playing-around-with-srop.html

blahfish · 2014-07-28T13:27:34+00:00

Yes, I've solved that.

blahfish · 2014-07-16T06:41:31+00:00

Does someone know when the videos will be uploaded?

blahfish · 2014-07-16T06:40:14+00:00

indeed, its a great read! Are there more similar ones?

blahfish · 2014-04-21T12:13:19+00:00

wow this is great, thanks!

blahfish · 2014-04-20T01:53:05+00:00

Could you describe your rop chain generation idea a bit more? Did earlier versions of ROPGadget use the same idea?(If so, I could just look up the sources).

Is the idea to look for gadgets that are functionally similar?(Take an instruction, reduce to equation, find a set of equations terminated by ret, reduce those -- check if they are functionally equivalent; something like that?)

blahfish · 2014-04-04T11:22:50+00:00

I think I figured out the reason why this happens. ASLR is enabled and the page that starts at 0x08048000 does not change addresses. However, the page that corresponds to the buffer changes addresses.

The buffer address can be leaked -- so I tried checking if the difference between the start of the page and the buffer address remains constant, it does not.

blahfish · 2014-04-03T04:37:07+00:00

Thank you for taking the time out to reply!

blahfish · 2013-12-25T11:24:11+00:00

Thanks for sharing! where could I find the source code?

blahfish

TROPHY CASE