Sunday, June 4, 2023

Vlang Binary Debugging

Why vlang? V is a featured, productive, safe and confortable language highly compatible with c, that generates neat binaries with c-speed, the decompilation also seems quite clear as c code.
https://vlang.io/

After open the binary with radare in debug mode "-d" we proceed to do the binary recursive analysis with "aaaa" the more a's the more deep analys.



The function names are modified when the binary is crafted, if we have a function named hello in a module named main we will have the symbol main__hello, but we can locate them quicly thanks to radare's grep done with "~" token in this case applied to the "afl" command which lists all the symbols.


Being in debug mode we can use "d*" commands, for example "db" for breakpointing the function and then "dc" to start or continue execution.


Let's dissasemble the function with "pD" command, it also displays the function variables and arguments as well, note also the xref "call xref from main"


Let's take a look to the function arguments, radare detect's this three 64bits registers used on the function.


Actually the function parameter is rsi that contains a testing html to test the href extraction algorithm.


The string structure is quite simple and it's plenty of implemented methods.




With F8 we can step over the code as we were in ollydbg on linux.


Note the rip marker sliding into the code.


We can recognize the aray creations, and the s.index_after() function used to find substrings since a specific position.


If we take a look de dissasembly we sill see quite a few calls to tos3() functions.
Those functions are involved in string initialization, and implements safety checks.

  • tos(string, len)
  • tos2(byteptr)
  • tos3(charptr)

In this case I have a crash in my V code and I want to know what is crashing, just continue the execution with "dc" and see what poits the rip register.



In visual mode "V" we can see previous instructions to figure out the arguments and state.


We've located the crash on the substring operation which is something like "s2 := s1[a..b]" probably one of the arguments of the substring is out of bounds but luckily the V language has safety checks and is a controlled termination:



Switching the basic block view "space" we can see the execution flow, in this case we know the loops and branches because we have the code but this view also we can see the tos3 parameter "href=" which is useful to locate the position on the code.



When it reach the substr, we can see the parameters with "tab" command.



Looking the implementation the radare parameter calculation is quite exact.


Let's check the param values:


so the indexes are from 0x0e to 0x24 which are inside the buffer, lets continue to next iteration,
if we set a breakpoint and check every iteration, on latest iteration before the crash we have the values 0x2c to 0x70 with overflows the buffer and produces a controlled termination of the v compiled process.





Read more
  1. Hacking Tools Github
  2. Hacking Tools For Pc
  3. Hacker Tools For Mac
  4. Kik Hack Tools
  5. Best Pentesting Tools 2018
  6. Pentest Tools Windows
  7. Best Pentesting Tools 2018
  8. Pentest Tools Apk
  9. Pentest Tools Tcp Port Scanner
  10. Hack Tools For Games
  11. Hacker Tools Hardware
  12. Pentest Tools Free
  13. How To Hack
  14. Wifi Hacker Tools For Windows
  15. Hacker Tools Online
  16. Hack Tools For Windows
  17. Hack Tools Github
  18. Install Pentest Tools Ubuntu
  19. Easy Hack Tools
  20. Hack Tools Online
  21. Hack Tools For Pc
  22. Hacker Tools Github
  23. Hacker Tools Linux
  24. How To Make Hacking Tools
  25. Pentest Tools Android
  26. Pentest Tools Port Scanner
  27. Nsa Hacker Tools
  28. Pentest Tools For Windows
  29. Termux Hacking Tools 2019
  30. Pentest Tools Nmap
  31. Hackrf Tools
  32. Pentest Reporting Tools
  33. Pentest Tools Windows
  34. Hacker Techniques Tools And Incident Handling
  35. Hack Tools
  36. Hacker Tools Online
  37. Pentest Tools For Ubuntu
  38. Hacker Tools Software
  39. Hacking Tools 2019
  40. Blackhat Hacker Tools
  41. Hacking Tools Kit
  42. World No 1 Hacker Software
  43. Ethical Hacker Tools
  44. Hacking Tools Kit
  45. Hacking Tools For Mac
  46. Underground Hacker Sites
  47. Hacker Tool Kit
  48. Easy Hack Tools
  49. Hacking Apps
  50. How To Hack
  51. Nsa Hack Tools Download
  52. Hacker
  53. Nsa Hacker Tools
  54. Pentest Tools Free
  55. Computer Hacker
  56. Pentest Box Tools Download
  57. Hacker Tools For Ios
  58. Hack Tools
  59. Growth Hacker Tools
  60. Pentest Box Tools Download
  61. Github Hacking Tools
  62. Pentest Tools For Android
  63. Pentest Tools Bluekeep
  64. Best Hacking Tools 2019
  65. Black Hat Hacker Tools
  66. Hacker Tools 2020
  67. Beginner Hacker Tools
  68. New Hack Tools
  69. Hacker Tools 2020
  70. Bluetooth Hacking Tools Kali
  71. Hacking Tools Hardware
  72. Hacker Techniques Tools And Incident Handling
  73. Hackrf Tools
  74. Pentest Tools For Ubuntu
  75. Pentest Reporting Tools
  76. Pentest Tools Website
  77. Tools 4 Hack
  78. Pentest Tools For Mac
  79. Hack Tools For Windows
  80. Pentest Box Tools Download
  81. Hacking Tools For Games
  82. Pentest Tools For Android
  83. Hacker Hardware Tools
  84. Computer Hacker
  85. How To Make Hacking Tools
  86. Underground Hacker Sites
  87. Hacking Tools For Windows
  88. Hacker Tools Apk Download
  89. Pentest Tools Port Scanner
  90. Hack Tool Apk No Root
  91. Pentest Recon Tools
  92. Hacker Tools 2020
  93. Hak5 Tools
  94. How To Hack
  95. Pentest Tools Apk
  96. Hack Tools Pc
  97. Hack Tools Download
  98. Hacking Tools Pc
  99. Pentest Tools For Android
  100. Growth Hacker Tools
  101. Hacking Tools For Beginners
  102. Hacker Tools Github
  103. Hacker Tool Kit
  104. Pentest Tools Find Subdomains
  105. Tools 4 Hack
  106. Hack Tools Pc
  107. Hacking Tools For Mac
  108. Hacking Tools For Windows 7
  109. Usb Pentest Tools
  110. Hack Tools For Ubuntu
  111. Hacking Tools Free Download
  112. Pentest Tools Url Fuzzer
  113. Tools 4 Hack
  114. Pentest Tools List
  115. Hack Tools
  116. Black Hat Hacker Tools
  117. Hacking Apps
  118. Hackers Toolbox
  119. Hacks And Tools
  120. Tools For Hacker
  121. Pentest Tools Open Source
  122. Pentest Tools Framework
  123. Hack Tool Apk No Root
  124. Bluetooth Hacking Tools Kali
  125. Hacking Apps
  126. Hacker Tools Linux
  127. Pentest Tools Apk
  128. Pentest Tools For Mac
  129. Hack Tools For Windows
  130. Hacker Security Tools
  131. Hacker Tools Free Download
  132. Pentest Tools Alternative
  133. Hack Tools
  134. Hack Tools Pc
  135. Pentest Tools
  136. Pentest Tools Url Fuzzer
  137. Hak5 Tools
  138. Hacker Tools For Ios
  139. Pentest Reporting Tools
  140. Hacker Tools List
  141. Hacker Tools 2019
  142. Pentest Tools Free
  143. Pentest Tools Github
  144. Hacking Tools For Mac
  145. Pentest Tools Android
  146. Pentest Tools Nmap
  147. Pentest Tools Review
  148. Hack Tool Apk
  149. Blackhat Hacker Tools
  150. Pentest Tools Bluekeep
  151. Hack Tools For Mac
  152. New Hack Tools
  153. Blackhat Hacker Tools
  154. Hacking Tools Usb
  155. Hack Tools For Games
  156. Hacker Tools Hardware
  157. What Is Hacking Tools
  158. Hacker Tools Apk
  159. New Hacker Tools
  160. Tools Used For Hacking
  161. Pentest Tools Bluekeep
  162. Easy Hack Tools
  163. Hacking Tools 2019
  164. Pentest Tools Tcp Port Scanner
  165. Github Hacking Tools
  166. Hack Tools 2019
  167. Hacking Tools For Windows
  168. Best Hacking Tools 2020
  169. Hacking Tools 2019
  170. Pentest Tools Free
  171. Pentest Tools Linux
  172. Hacker Tools Linux
  173. Hacker Tools 2020
  174. Pentest Tools Tcp Port Scanner
  175. Hacker Tools 2019

No comments:

Post a Comment