labs:disassembly
Differences
This shows you the differences between two versions of the page.
|
labs:disassembly [2016/04/07 18:08] manuelei |
labs:disassembly [2020/08/31 21:03] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== Mario Kart Disassembly ====== | ||
| - | |||
| - | In this lab you learn how code and data are represented in memory and how to make low-level changes to a program in an assembly language. You will create modifications (mods) to a game. | ||
| - | |||
| - | ===== Exercises ===== | ||
| - | |||
| - | * Download the zip file http://www.disco.ethz.ch/lectures/fachpraktikum/exercises/disassembly.zip. It contains the executables for this lab. | ||
| - | |||
| - | * Stage 1: Find the correct input to "beat" this program. | ||
| - | |||
| - | * Stage 2: When you run this program, a popup will appear that asks you to pay for a license. Disable this popup (or postpone it for a long time). | ||
| - | |||
| - | * Now you are ready to hack into SuperTuxKart! The game is installed on your machines. Show us your abilities by modifying the game in cool ways. For instance, make your kart faster, get better items, etc. Before you start modifying the binary, we recommend you to save a backup copy of it so when you break the game, you always have a clean copy. (You can also do a fresh install with the package manager.) If you prefer, you can also modify a different game. | ||
| - | |||
| - | ===== Recommended Tools ===== | ||
| - | |||
| - | * Text editor: Geany or Kate | ||
| - | * Hex editor: Bless | ||
| - | * Disassembler: objdump | ||
| - | |||
| - | * IA-32 cheat sheet (GNU format): http://www.cs.utsa.edu/~clark/cs3843/IA32cheatSheet.pdf | ||
| - | * Intel IA-32 instruction set reference: http://www.intel.com/content/dam/www/public/us/en/documents/manuals/64-ia-32-architectures-software-developer-instruction-set-reference-manual-325383.pdf | ||
| - | |||
| - | * We have written a tool which allows you to insert your own machine code (produced e.g. with as) into a binary. It is contained in the same zip folder as the other executables. \\ Usage: ./elf_tool <executable_file> <new_machine_code_file (inject_code.bin)> <insertion_address>. \\ The tool inserts the code into the executable, and writes a jump to the new code at the specified insertion_address (given in hexadecimal, e.g. 80487f0). Note that the inserted jump will **overwrite 6 bytes** of the code, so if the overwritten code is still needed, you have to repeat it in your new code. | ||
| - | * Assembling: Write assembly in a file called inject_code.s and execute the following command to get the machine code binary file required for the elf_tool: as %%--%%32 -o inject_code.o inject_code.s && objcopy -O binary inject_code.o inject_code.bin && rm inject_code.o | ||
labs/disassembly.txt ยท Last modified: 2020/08/31 21:03 (external edit)
Page Tools
