Computer Architecture

profilejamesblent1
project1.pdf

Title : Project 1 Point Total : 100 Deadline : Monday March 2nd at 11.59pm

Topics Covered:

Introduction to NASM, x86-64 basic instructions and architecture, System calls, ASCII

Setting Things Up:

For this project you will be using the NASM assembler to write x86-64 assembly. NASM is accessible on linux.gl.umbc.edu and you need to make sure your program compiles on it before submission.

You can reach it from anywhere with an internet connection

• You need to use your UMBC account • ssh [email protected] • Enter your password (will not show you typing)

The first time you are in create a CMSC313 folder

• mkdir cmsc313 • cd cmsc313

You can then use your favorite editor to write the program.

To assemble your program:

• Assemble it using: nasm –f elf64 filename.asm • Link to create executable: gcc –m64 –o filename filename.o • Execute program: ./filename or filename

To transfer a file from your local computer to linux.gl.umbc.edu you can use the command below: scp myFlie [email protected]:cmsc313 This will put myFile in the cmsc313 directory on linux.gl.umbc.edu

Project Description Part 1:

Write and submit a NASM assembly language program “string.asm” that:

• Asks the user for an 8 character string. • A number representing the number of characters that should be cut off the string. • Displays the unedited string to the user . • And finally displays the edited string to the user with the number of characters

removed.

Notes:

• The characters will be removed starting with the left most character. • The characters can be a letter, number, space or others for example #,$ and so on. • Remember characters are read in in ASCII. • You do not need to use Jumps or Loops in this project.

General Project (Hard) Requirements:

• Code that does not compile will receive 50% off • We are programming for 64 bit Intel Architecture • This is an individual project and any work submitted should be your own • You must have a comment at the top of the code detailing what the code does. • This comment should also include your full name and user ID.

• You must use good coding style with respect to variable names, spacing, labels and comments.

• Submit only the .asm file named firstname_lastname_string.asm to blackboard. • You cannot use C/C++ function calls. You have to use system calls

Project Description Part 2:

Legacy safety-critical infrastructure often consists of vulnerabilities such as buffer overflows allowing for exploiting control flow of the system. Part 2 of this project consists of designing and leveraging a buffer overflow exploit to hijack the control flow of a piece of remote function actuator software (aka vehicle start button). Normal behavior consists of taking a password (string) as input and then start the vehicle if the password is correct. An example scenario is below:

$ ./rfa password

Message1: Vehicle has started

$

General Project (Hard) Requirements:

• Reverse engineer password for vehicle to start • Debug software to find return address from vehicle start function • Craft buffer overflow exploit to hijack control flow • Open terminal shell to the attacker

Grading Rubric:

• [60] Part 1 o [10] Display prompts to user o [10] Display unedited messages o [10] Display edited message o [40] Text edit functionality o [10] Use of system calls o [10] Program exits correctly

o [10] Style (e.g. comments, etc.) • [40] Part 2

o [20] Reverse engineer vehicle password o [30] Find return address from vehicle start function o [30] Valid buffer overflow exploit o [20] Open terminal shell