1. The data signature is designed to ensure
- Check data integrity
- Ensure that the data source is legal
2. The vulnerabilities that you know about the front-end are
- XSS
- CSRF
3. There are mobile hook frameworks
- xposed
- Substrate
- Cydia
- Frida
4. There are tools that can grab data packets
- ubertooth
- tcpdump
- burpsuite
- HackRF
5. What can we generally do through the UART interface on the smart device?
- View device debugging information
- Obtain device permissions
6. Which of the following statements about processes, threads, and coroutines are correct?
- Thread is heap shared, stack is private
- Generally speaking, execution overhead process> thread> coroutine
7. Which of the following are registers in the smali function
- p0
- v0
8. ARM assembly
If the following code is in the function
char dst[32];
strcpy(dst, src);
If the attacker can control the src of the function variable, the options that cannot be implemented on the ARM architecture are:
- Cover variables other than dst, change the logic of the program
- Overwrite stack data to construct ROP attack
- Overwriting the call stack causes a segfault
What can be achieved is:
- Overwrite the return address to jump to the malicious code copied by the attacker into dst
9. Which of the following tasks are often used for smart device firmware analysis:
- binwalk
10. The function in iOS is similar to url scheme but the security is better
- Universal Links
11. xor %eax,%eax What is the value of eax after the operation
- 0000 0000
12. If there is an arbitrary write vulnerability in Android, how to convert write permission to execution permission
- DexClassLoader dynamically loads dex executable files writable by the application
- The java.lang.Runtime.exec method executes the elf file that the application can write
- System.load and System.loadLibrary dynamically load the elf shared objects writable by the application
- The native code uses system, popen and other similar functions to execute the elf file that the application can write
- The native code uses dlopen to load the elf shared object writable by the application
- Utilize Multidex mechanism
13. Read the following assembly code
66a: push %rbp
66b: mov %rsp,%rbp
66e: mov %rdi,-0x18(%rbp)
672: mov %rsi,-0x20(%rbp)
676: movl $0x0,-0x4(%rbp)
67d: mov -0x4(%rbp),%eax
680: movslq %eax,%rdx
683: mov -0x20(%rbp),%rax
687: add %rdx,%rax
68a: mov -0x4(%rbp),%edx
68d: movslq %edx,%rcx
690: mov -0x18(%rbp),%rdx
694: add %rcx,%rdx
697: movzbl (%rax),%eax
69a: mov %al,(%rdx)
69c: mov -0x4(%rbp),%eax
69f: movslq %eax,%rdx
6a2: mov -0x20(%rbp),%rax
6a6: add %rdx,%rax
6a9: movzbl (%rax),%eax
6ac: test %al,%al
6ae: je 6b6
6b0: addl $0x1,-0x4(%rbp)
6b4: jmp 67d
6b6: nop
6b7: mov $0x0,%eax
6bc: pop %rbp
6bd: retq
Note: The right side of the assembly code in the form of gnu in the question is the destination operand, and the left side is the source operand %rdi, %rsi correspond to the first parameter and the second parameter respectively
ask:
- Which string function the code is most likely to be (strcpy, strlen, strcmp, etc.), write the analysis process.
- How is this function different from the string function in the C standard library?
answer:
- strcpy
- The return value is different. The standard library returns the dest pointer. The function returns 0.