27C3 - Version 1.6.3
27th Chaos Communication Congress
We come in peace
Referenten | |
---|---|
kornau |
Programm | |
---|---|
Tag | Day 4 - 2010-12-30 |
Raum | Saal 2 |
Beginn | 14:30 |
Dauer | 00:30 |
Info | |
ID | 4168 |
Veranstaltungstyp | Vortrag |
Track | Hacking |
Sprache der Veranstaltung | englisch |
Feedback | |
---|---|
Haben Sie diese Veranstaltung besucht? Feedback abgeben |
A framework for automated architecture-independent gadget search
CCC edition
We demonstrate that automated, architecture-independent gadget search is possible. Gadgets are code fragments which can be used to build unintended programs from existing code in memory. Our contribution is a framework of algorithms capable of locating a Turing-complete gadget set.
Translating machine code into an intermediate language allows our framework to be used for many different CPU architectures with minimal architecture-dependent adjustments. We define the paradigm of free-branch instructions to succinctly capture which gadgets will be found by our framework and investigate side effects of the gadgets produced. Furthermore we discuss architectural idiosyncrasies for several widely spread CPU architectures and how they need to be taken into account by the generic algorithms when locating gadgets.