Computer Architecture
Title : Project 1 Point Total : 100 Deadline : Monday March 2nd at 11.59pm
Topics Covered:
Introduction to NASM, x86-64 basic instructions and architecture, System calls, ASCII
Setting Things Up:
For this project you will be using the NASM assembler to write x86-64 assembly. NASM is accessible on linux.gl.umbc.edu and you need to make sure your program compiles on it before submission.
You can reach it from anywhere with an internet connection
• You need to use your UMBC account • ssh [email protected] • Enter your password (will not show you typing)
The first time you are in create a CMSC313 folder
• mkdir cmsc313 • cd cmsc313
You can then use your favorite editor to write the program.
To assemble your program:
• Assemble it using: nasm –f elf64 filename.asm • Link to create executable: gcc –m64 –o filename filename.o • Execute program: ./filename or filename
To transfer a file from your local computer to linux.gl.umbc.edu you can use the command below: scp myFlie [email protected]:cmsc313 This will put myFile in the cmsc313 directory on linux.gl.umbc.edu
Project Description Part 1:
Write and submit a NASM assembly language program “string.asm” that:
• Asks the user for an 8 character string. • A number representing the number of characters that should be cut off the string. • Displays the unedited string to the user . • And finally displays the edited string to the user with the number of characters
removed.
Notes:
• The characters will be removed starting with the left most character. • The characters can be a letter, number, space or others for example #,$ and so on. • Remember characters are read in in ASCII. • You do not need to use Jumps or Loops in this project.
General Project (Hard) Requirements:
• Code that does not compile will receive 50% off • We are programming for 64 bit Intel Architecture • This is an individual project and any work submitted should be your own • You must have a comment at the top of the code detailing what the code does. • This comment should also include your full name and user ID.
• You must use good coding style with respect to variable names, spacing, labels and comments.
• Submit only the .asm file named firstname_lastname_string.asm to blackboard. • You cannot use C/C++ function calls. You have to use system calls
Project Description Part 2:
Legacy safety-critical infrastructure often consists of vulnerabilities such as buffer overflows allowing for exploiting control flow of the system. Part 2 of this project consists of designing and leveraging a buffer overflow exploit to hijack the control flow of a piece of remote function actuator software (aka vehicle start button). Normal behavior consists of taking a password (string) as input and then start the vehicle if the password is correct. An example scenario is below:
$ ./rfa password
Message1: Vehicle has started
$
General Project (Hard) Requirements:
• Reverse engineer password for vehicle to start • Debug software to find return address from vehicle start function • Craft buffer overflow exploit to hijack control flow • Open terminal shell to the attacker
Grading Rubric:
• [60] Part 1 o [10] Display prompts to user o [10] Display unedited messages o [10] Display edited message o [40] Text edit functionality o [10] Use of system calls o [10] Program exits correctly
o [10] Style (e.g. comments, etc.) • [40] Part 2
o [20] Reverse engineer vehicle password o [30] Find return address from vehicle start function o [30] Valid buffer overflow exploit o [20] Open terminal shell