For this assignment, you are to complete two labtainers. Neither Labtainer requires a report, and there are no written questions for this assignment, so it is worth half the normal amount of assignment credit (50 points). Make sure you use checklab when working these, and get all of the goals checked off! There are separate submission assignments in Canvas for each labtainer, so make sure you turn in the right lab to the right place!
(15 points) Do the strace labtainer. This is actually a pretty trivial labtainer, and there’s not much to “figure out.” The main point for doing this is to have you run a standard built-in tool (strace) that monitors all system calls made by a program, and is useful for dynamic analysis, debugging, and reverse engineering. Give some thought to how this tool can expose the internal operations of a program (there’s nothing to turn in for this thinking, but think about it - really!)
(35 points) Do the formatstring labtainer. You do have to figure some things out for this labtainer, working with addresses of data in memory. It’s nowhere near as tricky as the buffer overflow labtainer, however. If you need a more gentle introduction to format strings, you can do the basic printf labtainer for practice and learning (don’t turn this in if you do it).
The vulnerable program reads the format string using scanf to get a string ("%s"). This reads a whitespace-delimited string, so despite the fact that the lab write-up shows some example format strings with spaces in them, your string for the vulnerable program may not include spaces!
The labtainer says “we hardcode the secrets using constants 0x44 and 0x55.” That’s incorrect. The secrets are randomly set when you set up the labtainer, and can be different for each student. They are not 0x44 and 0x55, so don’t look for those values!
While the secret values are specified as random numbers, it’s important to note that they will always be printable ASCII characters.