11-15-16
Dylan says:
I'm spending these last few weeks writing a paper on modifying running programs on linux -- this will become part of my Plan as well. This week I've been off in my own world reversing a game and writing a memory hack.
The game:
Tools:
Github project:
Will says:
I spent some time modifying programs on OS/X.
Some methods I found were:
1a. Find a function you wish to exploit, then create a dynamic library (dylib) with your own version of that function and link it with t he program as you start it.
Like this:
sudo gcc -shared -fPIC -v -o lib"leet function here".dylib "leet function"
1b. Now inject this function into the process you want to exploit with (this is apparently tricky on mac os/x) one of the following methods:
DYLD_FORCE_FLAT_NAMESPACE=1 DYLD_INSERT_LIBRARIES [then call program]
[compile sources]
[compile .o files into a dylib]
DYLD_INSERT_LIBRARIES=./[program name]
Forcing flat namespaces is especially important on mac. There is a chance this will break larger programs that have hierarchical headers and namespaces, but the injection will likely not succeed without it.
including this—
- define DYLD_INTERPOSE(_replacment,_replacee)__attribute__((used)) static struct{ const void* replacment; const void* replacee; } _interpose_##_replacee__attribute__ ((section ("__DATA,__interpose"))) = { (const void*)(unsigned long)&_replacment, (const void*)(unsigned long)&_replacee };
In the source for your injected dylib function is sometimes important under recent versions of OS X
Sources:
^that's an old example that will not work anymore
Defcon stuff below:
^ that last one is good to watch just for the humor IMO
