phi1010's pages

Resolving Defines from Object Files

How to get to the actual value of recursive defines

Posted on November 2, 2020

During the analysis of OP-TEE, many C-defines were defined using other defined constants, scattered across many header files, makefiles and other data specified by the build system. This made the analysis difficult, requiring validation of the results using a disassembler, to avoid To quickly resolve the value of such defines,... [Read More]

Tags: binary dwarf c

BGET Explained

Binary Heap Exploitation on OP-TEE (2/2)

Posted on November 2, 2020

BGET [0][0] is a simple heap allocator used in OP-TEE [0][0][0]. It is simpler than glibc’s allocator, but some interesting quirks, which might make exploitation interesting. Today, we will look into the inner workings of BGET. [Read More]

Tags: security exploitation

Analyzing Makefiles

How to dump makefile variable definitions

Posted on November 2, 2020

OP-TEE uses a very extensive Makefile infrastructure with recurive invocations of make. A Make debugger with breakpoint would have been useful. To at least allow inspecting the state of the variables within Make, this script can be used: [Read More]

Tags: make debug

BGET Explained

Binary Heap Exploitation on OP-TEE (1/2)

Posted on September 14, 2020

BGET [0][0] is a simple heap allocator used in OP-TEE [0][0][0]. It is simpler than glibc’s allocator, but some interesting quirks, which might make exploitation interesting. Today, we will look into the inner workings of BGET. [Read More]

Tags: security exploitation