Skip to content

Assembly Language Programming projects from the Fall 2021 semester at UAF.

Notifications You must be signed in to change notification settings

TechSolomon/cs301

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

36 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

cs301

Assembly Language Programming projects from the Fall 2021 semester at UAF.

Final Project: Reverse Engineering Prior CTF

Purpose: Disassemble a binary and add relevant comments under each line.

Problem Solving

This project started with an EC2 instance on AWS running Amazon Linux. I practiced running class examples of x86 assembly, shifting towards two Capture The Flag (CTF) events that dealt with reverse engineering binary files. Some early attempts at running code are in the practice directory.

Reverse engineering binary and executable files is a crucial skill for several reasons. Functional analysis and understanding the behavior allow for a better notion of the intentions behind its construction and purpose – both vitally important for cyber defense and malware deconstruction.

Technical Approach

Upon becoming more accustomed to MetaCTF's Baffling Buffer 1 and Google CTF’s rev-cpp challenges, I focused on annotating unknown assembly and source code. Initial feedback followed with the recommendation of the Binary Bomb Challenge – a unique problem set to hone skills in both reverse engineering and understanding of the underlying assembly language.

Ghidra is a free and open-source tool developed by the National Security Agency, which provides fascinating insights into both a loaded binary via its automatic analysis. As shown below, this allows us to use the imported results summary to understand how the binary was compiled and use auto analysis to determine the flow of the program to best guess C code based on its respective assembly language.

CS 301 Import Results Summary

One example process includes the annotation of unrecognized assembly. With hosting support from the UAF Cyber Security Club, I used a Kali Linux virtual machine to run the challenge’s executables and static binaries through Ghidra for the initial project scope.

Project Code

Finalized and commented code can be found in the annotation.asm file in the src directory, along with additional notes from the Binary Bomb Challenge in the NOTES.md and STRINGS.md files.

Some of the most common instructions inside the binary’s function main included: PUSH, MOV, SUB, CMP, JNZ, JMP, CALL, TEST, and XOR. As shown below, Ghidra greatly assisted in best guessing the flow of control of C code based on the assembly language.

CS 301 Binary Bomb 2

Conclusion

Lessons learned with this project included code comment consistency and the organization of a project across multiple operating systems (Linux, macOS, & virtual machine). My favorite aspect would be exploring different binary files and comprehending the data structures and control flow from various diffusion tasks.

In the future, I hope to experiment more with tracking my progress of code translation into other high-level languages and trying out other disassemblers, such as IDA Pro. I look forward to taking what I have learned from the Binary Bomb Challenge and applying it to future CTF events and projects – all while inter-splicing an improved understanding of the underlying assembly language.

Further Reading

About

Assembly Language Programming projects from the Fall 2021 semester at UAF.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published