Time-Travel Debugging in PANDA

During a weekend hackathon with some of the Lincoln Lab maintainers of PANDA, I implemented a really useful feature — time-travel debugging!

As has been discussed in Ret2Systems’ great blog post, time-travel debugging is an invaluable tool in the reverse engineer’s arsenal. While Mozilla’s brilliant rr is the dominant choice for Linux user binaries and WinDBG Preview works on Windows binaries, PANDA can debug user and kernel space on both systems.

In this blog post, I’ll talk about the simple design behind reverse-execution and demonstrate its utility in root-causing a Linux kernel n-day.

Read More

Investing in a Good Note-Taking Application

Perhaps the best investment that you could make in your own learning, knowledge retention, and organization is a good note-taking application. Over the years, I’ve dumped all of my accumulated knowledge about computer science, security, and technology into various note-taking apps, ensuring that I can easily recall information from the thousands of different sources that I’ve found useful.

This post will be a general braindump of the factors behind choosing a note-taking app, a shameless plug for my favorite one, Quiver, and an explanation of how I use a note-taking app effectively.

Read More

DEF CON Quals 2018: It's a Me

Category: pwnable      |      Points: 124      |      Solves: 49      |      Challenge files

1
2
3
4
5
6
7
> checksec mario
[*] '/home/raywang/ctf/DEFCONQ2018/mario'
Arch: amd64-64-little
RELRO: Full RELRO
Stack: Canary found
NX: NX enabled
PIE: PIE enabled

Summary

This is a classic C++ menu challenge that features a UAF and heap overflow with a vtable pointer overwrite. The main heap techniques involve using a free unsorted bin chunk to leak a libc and heap address, as well as some feng shui to place an object in an overflow-able region on the heap. fortenforge, qzqxq, and I combined to reverse the binary and discover the 3 separate vulnerabilities.

Read More

My Favorite Films of All Time

I discovered my interest in film at the start of college. As an arts reviewer for The Tech, MIT’s student newspaper, I had the luxury of attending advance press screenings of big-name films like Suicide Squad and the final Hobbit film. But more importantly, my reviews cultivated an appreciation for the medium and an insatiable desire to experience all it had to offer. Since then, I’ve devoured films of all genres and eras, directors and actors, cinematographers and writers.

Read More

Formal Verification: The Gap Between Perfect Code and Reality

Thanks to Vlad Brown and Drawings Team for Russian and Uzbek translations.

In Fall 2017, I took MIT’s 6.826, Principles of Computer Systems, taught by Turing Award-winner Butler Lampson, Nickolai Zeldovich, and Frans Kaashoek. Despite its rudimentary title, it’s a grad class on building formally verified systems. Using the proof language Coq, we wrote specifications, implementations, and proofs of toy structures: a remapped disk, an atomic pair of blocks, and a replicated disk. We also read quite a few papers from the state-of-the-art in formal methods.

I went into the class believing that formal verification is the future — the only solution to a world of software ridden with bugs and security issues. But after recent events and a semester of trying to apply formal methods, I’m a serious skeptic. In this post, I’ll discuss why I think formal verification has a long way to go — and why it just doesn’t work right now.

Read More

Formal Reasoning in Coq — a Beginner's Guide

I’m currently taking the Fall 2017 iteration of 6.826, Principles of Computer Systems. This class has been offered in various forms over the years, but this iteration is quite different. It focuses on formal verification of computer systems using Coq, a language for mechanical theorem proving.

The goal of this class is to write the spec, implementation, and proofs for a formally verified RAID filesystem in Coq, then generate Haskell code from it.

Read More