I wanted to demonstrate that passwords in clear are easy to read from a program:
#include <stdio.h>
#include <string.h>
int main(int argc, char** argv)
{
char password[] = "a big refreshing lemonade";
return strcmp(argv[1], password);
}
But it does not work as expected:
$ gcc foo.c
$ hexdump -C a.out | grep -C2 'lem'
000006c0 00 00 00 48 89 45 f8 31 c0 48 b8 61 20 62 69 67 |...H.E.1.H.a big|
000006d0 20 72 65 48 ba 66 72 65 73 68 69 6e 67 48 89 45 | reH.freshingH.E|
000006e0 d0 48 89 55 d8 48 b8 20 6c 65 6d 6f 6e 61 64 48 |.H.U.H. lemonadH|
000006f0 89 45 e0 66 c7 45 e8 65 00 48 8b 45 c0 48 83 c0 |.E.f.E.e.H.E.H..|
00000700 08 48 8b 00 48 8d 55 d0 48 89 d6 48 89 c7 e8 6d |.H..H.U.H..H...m|
I notice some weird characters. Why is that?
It's because the strings aren't being stored as static data.
For example if you had this:
const char* password = "a big refreshing lemonade";
Or even this:
static char password[] = "a big refreshing lemonade";
It is stored contiguously in the binary (You see "a big refreshing lemonade" next to each other) in the constants section.
If you look at the assembly output, you see this:
6:test.c **** char password[] = "a big refreshing lemonade";
23 .loc 1 6 0
24 001e 48B86120 movabsq $7309940773697495137, %rax
24 62696720
24 7265
25 0028 48BA6672 movabsq $7453010330678293094, %rdx
25 65736869
25 6E67
26 0032 488945D0 movq %rax, -48(%rbp)
27 0036 488955D8 movq %rdx, -40(%rbp)
28 003a 48B8206C movabsq $7233183901389515808, %rax
28 656D6F6E
28 6164
29 0044 488945E0 movq %rax, -32(%rbp)
30 0048 66C745E8 movw $101, -24(%rbp)
30 6500
Where you see a lot of movabsq
, which loads a 64 bit constant. So, what it does load 8 bytes at a time into password
.
You'll notice that the first constant (7309940773697495137) is the little-endian form of "a big re"
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With