Feeds:
Posts
Comments

Archive for the ‘Uncategorized’ Category

This is one of my favorite function in gdb. It will make your life easier instead of typing repetition commands. Hook is a user defined command but you have to combine with a pseudo-command that already exist.

For example, you want to disassemble a program code and display the value of the program register every time you stop the process. Instead of typing 2 commands every time its stop, you can define it into one command with hook.

(gdb) define hook-stop

Type commands for definition of “hook-stop”.
End with a line saying just “end”.
>disassemble _start
>info reg $rax $rbx
>end

Let’s try.
In this tutorial I use:
-Xubuntu 18.04
-GNU gdb (Ubuntu 8.1-0ubuntu3.2) 8.1.0.20180409-git
-NASM version 2.13.02
-GNU ld (GNU Binutils for Ubuntu) 2.30

Use the simple assembly code below:

1 section .text
2 global _start
3
4 _start:
5
6      mov rax,3
7      mov rbx,2
8      add rax,rbx
9      sub rbx,1
10
11     ;Exit
12     mov eax,1
13     mov ebx,0
14     int 0x80

Compile it with nasm.

darklinux@darklinuxpc:~$ nasm -f elf64 -g reg.asm -o reg.o
darklinux@darklinuxpc:~$ ld reg.o -o reg
darklinux@darklinuxpc:~$ gdb -silent reg

Reading symbols from reg…done.

(gdb) break _start
Breakpoint 1 at 0x400080
(gdb) set disassembly-flavor intel

Define the hook-stop with 2 commands, disassemble _start and info reg $rax $rbx, close with ‘end’.
(gdb) define hook-stop
Type commands for definition of “hook-stop”.
End with a line saying just “end”.
>disassemble _start
>info reg $rax $rbx
>end

(more…)

Read Full Post »

What is DVWA?

DVWA is web application that is designed to be hacked. It was written using PHP and use MYSQL as its database. There are few level of difficulties for you to test your hacking skill in a legal environtment. It will help web developers, teachers, students or any one who are interested in learning web security application. In Indonesia, 8 years in jail for hacking penalty. So, dvwa is a good option.

Before we start, I assume that you are already has and familiar with Docker Container and XAMPP server. If not, you can read my article about how to install xampp in docker.

Lets start. First, you have to download the dvwa application and xampp from its source:
http://www.dvwa.co.uk/

In this tutorial, I use xubuntu 18.04 64bit as host, Docker 18.09.9, i386/ubuntu:bionic for docker image and XAMPP for Linux 7.1.32 for php/mysql server.
dvwa01

Step 1. Copy dvwa files to opt/lampp/htdocs directory in docker container

First, you have to extract the file DVWA-master.zip
darklinux@darklinuxpc:~$ ls -l DVWA-master.zip
-rw-rw-r-- 1 darklinux darklinux 1350473 Mei 11 15:20 DVWA-master.zip
darklinux@darklinuxpc:~$ unzip DVWA-master.zip

dvwa02

(more…)

Read Full Post »

In this tutorial I will show you how to read data from Arduino Uno using pySerial library from Python and visualize it into Live Plot graph.
I assume that you have already familiar with Matplotlib. If not, you can read my article about it.

What you need?
Arduino Uno (you can use other type).
-Temperature sensor LD35
USB connector
-3 small cable

Before we start you have to make sure that you have already installed python libraries below:
Matplotlib
pySerial
drawnow

Since I have already Matplolib library, I just need to install Pyserial and Drawnow.

$ pip3 install pyserial
Collecting pyserial
Downloading 
https://files.pythonhosted.org/packages/0d/e4/2a744dd9e3be04a0c0907414e2a01a7c88bb3915cbe3c8cc06e209f59c30/pyserial-3.4-py2.py3-none-any.whl (193kB)
100% |████████████████████████████████| 194kB 30kB/s
Installing collected packages: pyserial
Successfully installed pyserial-3.4
$

Before you install ‘drawnow’ library, you have to install ‘html5lib==1.0b10’ first.

$ pip3 install html5lib==1.0b10
Collecting html5lib==1.0b10
Downloading 
https://files.pythonhosted.org/packages/2f/747793ca2d36f676b740efc04b7ba887c610119beb5841d1805cb3515616cb/html5lib-1.0b10-py2.py3-none-any.whl (112kB)
100% |████████████████████████████████| 112kB 11kB/s
Collecting webencodings (from html5lib==1.0b10)
Downloading 
https://files.pythonhosted.org/packages/f4/24/2a3e3df732393fed8b3ebf2ec078f05546de641fe1b667ee316ec1dcf3b7/webencodings-0.5.1-py2.py3-none-any.whl
Collecting six (from html5lib==1.0b10)
Using cached https://files.pythonhosted.org/packages/65/eb/1f97cb97bfc2390a276969c6fae16075da282f5058082d4cb10c6c5c1dba/six-1.14.0-py2.py3-none-any.whl
Collecting setuptools>=18.5 (from html5lib==1.0b10)
Downloading 
https://files.pythonhosted.org/packages/a0/df/635cdb901ee4a8a42ec68e480c49f85f4c59e8816effbf57d9e6ee8b3588/setuptools-46.1.3-py3-none-any.whl (582kB) 100% |████████████████████████████████| 583kB 107kB/s Installing collected packages: webencodings, six, setuptools, html5lib Successfully installed html5lib-1.0b10 setuptools-46.1.3 six-1.14.0 webencodings-0.5.1 
$

Now, you can install drawnow library

$ pip3 install drawnow
Collecting drawnow
Using cached https://files.pythonhosted.org/packages/8b/bc/3a0238eb1e6222b4e2c74fcd171453d714e2f67c0f224fd5160d83636e10/drawnow-0.72.0-py3-none-any.whl

Collecting matplotlib>=1.5 (from drawnow)
Downloading 
https://files.pythonhosted.org/packages/93/4b/52da6b1523d5139d04e02d9e26ceda6146b48f2a4e5d2abfdf1c7bac8c40/matplotlib-3.2.1-cp36-cp36m-manylinux1_x86_64.whl (12.4MB) 100% |████████████████████████████████| 12.4MB 57kB/s Collecting python-dateutil>=2.1 (from matplotlib>=1.5->drawnow) Using cached https://files.pythonhosted.org/packages/d4/70/d60450c3dd48ef87586924207ae8907090de0b306af2bce5d134d78615cb/python_dateutil-2.8.1-py2.py3-none-any.whl 

Collecting kiwisolver>=1.0.1 (from matplotlib>=1.5->drawnow)
Downloading 
https://files.pythonhosted.org/packages/ae/23/147de658aabbf968324551ea22c0c13a00284c4ef49a77002e91f79657b7/kiwisolver-1.2.0-cp36-cp36m-manylinux1_x86_64.whl (88kB) 100% |████████████████████████████████| 92kB 115kB/s 

Collecting numpy>=1.11 (from matplotlib>=1.5->drawnow) 
Downloading 
https://files.pythonhosted.org/packages/3d/fc/4763e5f17ac6e7e7d55f377cde859ca1c5d5ac624441ab45315bc578aa9e/numpy-1.18.3-cp36-cp36m-manylinux1_x86_64.whl (20.2MB) 100% |████████████████████████████████| 20.2MB 44kB/s Collecting cycler>=0.10 (from matplotlib>=1.5->drawnow) 
Using cached https://files.pythonhosted.org/packages/f7/d2/e07d3ebb2bd7af696440ce7e754c59dd546ffe1bbe732c8ab68b9c834e61/cycler-0.10.0-py2.py3-none-any.whl

Collecting pyparsing!=2.0.4,!=2.1.2,!=2.1.6,>=2.0.1 (from matplotlib>=1.5->drawnow)
Downloading 
https://files.pythonhosted.org/packages/8a/bb/488841f56197b13700afd5658fc279a2025a39e22449b7cf29864669b15d/pyparsing-2.4.7-py2.py3-none-any.whl (67kB) 100% |████████████████████████████████| 71kB 169kB/s Collecting six>=1.5 (from python-dateutil>=2.1->matplotlib>=1.5->drawnow) Using cached https://files.pythonhosted.org/packages/65/eb/1f97cb97bfc2390a276969c6fae16075da282f5058082d4cb10c6c5c1dba/six-1.14.0-py2.py3-none-any.whl 
Installing collected packages: six, python-dateutil, kiwisolver, numpy, cycler, pyparsing, matplotlib, drawnow Successfully installed cycler-0.10.0 drawnow-0.72.0 kiwisolver-1.2.0 matplotlib-3.2.1 numpy-1.18.3 pyparsing-2.4.7 python-dateutil-2.8.1 six-1.14.0 
$

There are 2 things that we will do:
-first, program your Arduino to send the temperatur data through serial port.
-second, program python to read the data and display it.

(more…)

Read Full Post »

Pandas in Python Library that is used for Data Manipulation and Analysis. It came from terms “Panel Data”. It’s open source under three-clause BSD License. Original developer was Wes McKinney in 2008 while he worked at AQR Capital Management to process Quantitative Analysis on financial data. It was written in Python, Cython and C.

Pandas in mainly used for Machine Learning.

There a lot of features available that you can used for:
-reading and writing various data format, csv, MS excel, json, html, SAS, SPSS, SQL, Google Big Query, Stata, Msgpack etc.
-Group, Join, Merge, Filter, Pivot, Reshaping data set.
-Time series function and so many more.

Installation
In this tutorial I use Python 3.6.9 (default, Nov 7 2019, 10:44:02), so the installation command will be: pip3 install pandas.
From Linux terminal type:

$ pip3 install pandas
Collecting pandas
  Downloading https://files.pythonhosted.org/packages/bb/71/8f53bdbcbc67c912b888b40def255767e475402e9df64050019149b1a943/pandas-1.0.3-cp36-cp36m-manylinux1_x86_64.whl (10.0MB)
    100% |████████████████████████████████| 10.0MB 48kB/s 
Collecting python-dateutil>=2.6.1 (from pandas)
  Using cached https://files.pythonhosted.org/packages/d4/70/d60450c3dd48ef87586924207ae8907090de0b306af2bce5d134d78615cb/python_dateutil-2.8.1-py2.py3-none-any.whl
Collecting numpy>=1.13.3 (from pandas)
  Downloading https://files.pythonhosted.org/packages/07/08/a549ba8b061005bb629b76adc000f3caaaf881028b963c2e18f811c6edc1/numpy-1.18.2-cp36-cp36m-manylinux1_x86_64.whl (20.2MB)
    100% |████████████████████████████████| 20.2MB 45kB/s 
Collecting pytz>=2017.2 (from pandas)
  Using cached https://files.pythonhosted.org/packages/e7/f9/f0b53f88060247251bf481fa6ea62cd0d25bf1b11a87888e53ce5b7c8ad2/pytz-2019.3-py2.py3-none-any.whl
Collecting six>=1.5 (from python-dateutil>=2.6.1->pandas)
  Using cached https://files.pythonhosted.org/packages/65/eb/1f97cb97bfc2390a276969c6fae16075da282f5058082d4cb10c6c5c1dba/six-1.14.0-py2.py3-none-any.whl
Installing collected packages: six, python-dateutil, numpy, pytz, pandas
Successfully installed numpy-1.18.2 pandas-1.0.3 python-dateutil-2.8.1 pytz-2019.3 six-1.14.0
$

pandas01
(more…)

Read Full Post »

Slicing is accessing parts of array content.

The syntax is:
start:stop:step

x[1:5]      → display 1 until 5 → 1,2,3,4,5
x[5:]        → display all after 5 → 6,7,8,9
x[:6]        → display from beginning until 6 → 1,2,3,4,5,6,7,8,9
x[:]          → display all → 1,2,3,4,5,6,7,8,9
x[1:9:2]  → display between 1 to 9, step 2 → 2,4,6,8
x[-1]        → display last item → 9
x[-2]        → display 2nd item from the last → 8
x[:-3]      → display all except the 3 items. → 1,2,3,4,5,6
x[::-1]     → display all in reversed → 9,8,7,6,5,4,3,2,1
x[2::-1]   → display first 3 items, reversed → 3,2,1
x[:-4:-1]  → display the last 3 items, reversed → 9,8,7
x[-2::-1]  → display all except the 1 item, reversed → 8,7,6,5,4,3,2,1

Open your Linux Terminal and practice it.

$ python3
Python 3.6.9 (default, Nov 7 2019, 10:44:02)
[GCC 8.3.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import numpy as np
>>> x=np.array([1,2,3,4,5,6,7,8,9])
>>> x
array([1, 2, 3, 4, 5, 6, 7, 8, 9])
 (more…)

Read Full Post »

In this article, I will show you how to do basic operation in array.

>>> import numpy as np
>>> x=np.array([[1,2,3,4],[5,6,7,8]])
>>> x
array([[1, 2, 3, 4],
[5, 6, 7, 8]])
>>> x.ravel()
array([1, 2, 3, 4, 5, 6, 7, 8])

ravel() function will create all array into 1 demensional array.

>>> x
array([[1, 2, 3, 4],
[5, 6, 7, 8]])

But the operation will not change the original array value.

>>> x.min()
1

Minimum data in the array

>>> x.max()
8

Maximum data in the array

>>> x.mean()
4.5

Average data in the array

>>> x.sum()
36

Total value in the array

>>> x.sum(axis=0)
array([ 6, 8, 10, 12])
>>> x.sum(axis=1)
array([10, 26])

math02

>>> np.sqrt(x)
array([[1. , 1.41421356, 1.73205081, 2. ],
[2.23606798, 2.44948974, 2.64575131, 2.82842712]])

Square root each data value in the array.

>>> y=np.array([[1,1,1,1],[1,1,1,1]])
>>> y
array([[1, 1, 1, 1],
[1, 1, 1, 1]])
>>> x+y
array([[2, 3, 4, 5],
[6, 7, 8, 9]])
>>> x-y
array([[0, 1, 2, 3],
[4, 5, 6, 7]])
>>> x*y
array([[1, 2, 3, 4],
[5, 6, 7, 8]])
>>>

math01

Read Full Post »

The other function of GDB is Text User Interface (TUI). GDB use curses library to show the source file, assembly output, program registers and gdb command in separate windows. The TUI mode is supported only where version of the curses library is available.

Before we start, type the code below and save it to ‘mycode.asm’.

1 section .text
2
3 global _start
4
5 _start:
6
7 mov eax,10
8 mov ebx,20
9 mov ecx,30
10 mov edx,40
11
12 ;exit
13 mov eax,0
14 int 0x80

Then compile with debugger function (-gstab)

$ nasm -f elf32 -gstab mycode.asm -o mycode.o
$ ld mycode.o -o mycode
$

There are few ways to activate TUI.

First you when you open gdb and start TUI directly.

$ gdb -tui

tui03
(more…)

Read Full Post »

Reverse the program process is very useful when you are debugging and realize that you need to go backward. Instead of re-run the whole process, starting GDB version 7, you can go to the previous process.

There are few reverse that you can do:

  1. reverse-continue or rc
  2. reverse-step or reverse-step count
  3. reverse-stepi
  4. next or reverse-next count
  5. reverse-nexti

Before you use ‘reverse’ command, you need to activate the recording process otherwise you will get an error below:
“Target child does not support this command”.

Let’s try.
Type the code below and save it to ‘break.asm’.

1 section .text
2 global _start
3 _start:
4
5 mov eax,1111
6 mov ebx,2222
7 call do_nothing1
8 call do_nothing2
9 call do_nothing3
10 mov ecx,3333
11 mov edx,4444
12 call exit
13
14
15 do_nothing1:
16 nop
17 nop
18 ret
19
20 do_nothing2:
21 nop
22 nop
23 ret
24
25 do_nothing3:
26 nop
27 nop
28 ret
29
30 exit:
31 mov eax,1
32 int 0x80

reverse01
(more…)

Read Full Post »

Older Posts »