29C3 - Version 1.9
Speakers | |
---|---|
bx |
Schedule | |
---|---|
Day | Day 4 - 2012-12-30 |
Room | Saal 4 |
Start time | 16:00 |
Duration | 01:00 |
Info | |
ID | 5195 |
Event type | Lecture |
Language used for presentation | English |
Feedback | |
---|---|
Did you attend this event? Give Feedback |
The Care and Feeding of Weird Machines Found in Executable Metadata
The Executable and Linkable Format (ELF) is omnipresent; related OS and library code is run whenever processes are set up and serviced (e.g., dynamically linked). The loader is the stage manager for every executable. Hardly anyone appreciates the work that the ELF backstage crew (including the linker and the loader) puts in to make an executable run smoothly.
While the rest of the world focuses on the star, hackers such as the Grugq (in Cheating the ELF) and Skape (in Locreate: An Anagram for Relocate), and the ERESI/ELFsh crew, know to schmooze with the backstage crew. We can make a star out of the loader by tricking it into performing any computation by presenting it with crafted but otherwise well-formed ELF metadata. We will provide you with a new reason why you should appreciate the power of the ELF linker/loader by demonstrating how specially crafted ELF relocation and symbol table entries can act as instructions to coerce the linker/loader into performing arbitrary computation. We will also explore how these techniques can be applied to discover weird machines beyond ELF to other executable formats.