我试图在C中演示格式字符串漏洞。我想避免字符串命令显示我的二进制文件中的ASCII字符串。
这是我的简单代码:
#include <stdio.h>
static char secret[] = "mysecretstring";
int main(int argc, char *argv[]) {
char buf[64];
strncpy(buf, argv[1], sizeof(buf));
printf(buf);
}
答案 0 :(得分:0)
你可以用它做一些数学计算,例如:
static unsigned char secret[] = {'m' + 10, 'y' + 10, 's' + 10, 'e' + 10, 'c' + 10, 'r' + 10, 'e' + 10, 't' + 10, 's' + 10, 't' + 10, 'r' + 10, 'i' + 10, 'n' + 10, 'g' + 10};
因为你的秘密字符串可能在RO段中:
char *decode(const unsigned char *str, int c)
{
int len = 0;
char *ml, *cl;
while(*str != abs(c))
len++;
ml = malloc(len + 1);
if(ml != NULL)
{
cl = ml;
while(*str != abs(c))
*cl++ = *str++ + c;
*cl = 0;
}
return ml;
}
当然,编写将为您编写字符串文字的脚本更容易。编码机制可能要复杂得多 - 在这个例子中,我只是微不足道的
C
中的编码函数示例#define VNAMEMAX 20
#define VVALUEMAX 200
typedef struct
{
char vname[VNAMEMAX];
char vvalue[VVALUEMAX];
}VDEF_T;
VDEF_T varialbles[] =
{
{.vname = "mystring",.vvalue = "Something very secret"},
{.vname = "secret_var",.vvalue = "Something even more secret" },
{0,},
};
int code(VDEF_T *v, char *fname, int c)
{
FILE *fp = fopen(fname, "wt");
int result = (fp == NULL) * -1;
if (!result)
{
fprintf(fp, "#ifndef _MYSECRET\n#define _MYSECRET\n\n\n");
while (!result && v->vname[0])
{
fprintf(fp, "static unsigned char %s[] = {\n\t\t", v->vname);
for (int i = 0; i <= strlen(v->vvalue); i++)
{
if (fprintf(fp, "0x%02x,", v->vvalue[i] + c) < 0)
{
result = -1;
break;
}
}
if (fprintf(fp, "};\n\n") < 0) result = -1;
v++;
}
if(fprintf(fp, "#endif") < 0) result = -1;
fclose(fp);
}
return result;
}
结果.h文件;
#ifndef _MYSECRET
#define _MYSECRET
static unsigned char mystring[] = {
0x5d,0x79,0x77,0x6f,0x7e,0x72,0x73,0x78,0x71,0x2a,0x80,0x6f,0x7c,0x83,0x2a,0x7d,0x6f,0x6d,0x7c,0x6f,0x7e,0x0a,};
static unsigned char secret_var[] = {
0x5d,0x79,0x77,0x6f,0x7e,0x72,0x73,0x78,0x71,0x2a,0x6f,0x80,0x6f,0x78,0x2a,0x77,0x79,0x7c,0x6f,0x2a,0x7d,0x6f,0x6d,0x7c,0x6f,0x7e,0x0a,};
#endif