Part 5 - Hacking “Hello World”

For a complete table of contents of all the lessons please click below as it will give you a brief of each lesson in addition to the topics it will cover. https://github.com/mytechnotalent/hacking\_c-\_arm64

In the last lesson we spent a good deal of time really understanding what is going on inside our binary. This laid the groundwork for an easy hack.

Let’s fire up radare2 in write mode.

  1. radare2 -w ./0x01_asm_64_helloworld

Let’s auto analyze.

  1. aaa

Seek to main.

  1. s main

View disassembly.

  1. v

We see the memory addresses as they are on disk as we are not running the binary as we discussed in the last lesson.

We see that at 0xb48 we very easily find our string.

Let’s get back to the terminal view.

  1. q

Let’s verify the string.

  1. [0x000009e4]> ps @0xb48
  2. Hello World!
  3. [0x000009e4]>

Let’s hack the string.

  1. [0x000009e4]> w Hacked World @0xb48

Let’s verify the hack.

  1. [0x000009e4]> ps @0xb48
  2. Hacked World
  3. [0x000009e4]>

Let’s quit radare2.

  1. q

Now let’s run our binary again!

  1. ./0x01_asm_64_helloworld
  2. Hacked World

We see that we very easily hacked the binary. These lessons will help you understand how an attacker creates a workflow so you can learn how to anticipate and better reverse engineer.

In our next lesson we will work with simple I/O.