I'm working in linux on some homework and I cant seem to find anything online of what exactly the encoding actually means on MIPS instructions... I have used objdump -d to obtain a file that reads out, for example, lines like this:
68 90 8b 04 08 push $0x8048b90
what do each of the bytes in the first part mean? I assume the las four have to to with the actual register being pushed, but any help would be appreciated, or even a link to somewhere I could look up this kind of stuff because I cannot find it
Related
I have this mistery that happened to me recently with my MP3 files. I had a few MP3s that should be identical, but as I have discovered, those files doesn't seem to be identical by their content. I have tried many tools for comparison of the files, but all of them gave me the same result - those files seemed to be different.
When I looked at those files with MediaInfo, it appeared as if those files were the same. They had the same tags, same content (when comparing in Audacity) and overall I haven't noticed anything weird about it.
The last thing that came to my mind is to put these files to the diff tool. I have utilized the command
colordiff --side-by-side --suppress-common-lines -y <(xxd file1.mp3) <(xxd file2.mp3)
and got an interesting result. The output of the diff was following:
00000000: 0b08 0000 0000 3402 0002 fffa 52c0 268d ......4... | 00000000: 0b08 0000 0000 4403 0002 fffa 52c0 268d ......D...
Weird... a single 16-bit value difference. This is the only difference when comparing two files which should be identical. When comparing the whole file, the output got really messy, so I'm not sure from where this particular line came, but I guess it belongs to the file header, because I don't think the content of the MP3 would get modified, rather I do suspect the metadata.
Other than this info I'm not really sure what can cause this, but I thought it is wort a shot to share this issue with StackOVerflow to find out more. Thank you for all your replies, I will try to provide any further details if needed.
I've been trying to write a script for a buffer overflow attack on SLmail service (Within a legal setting, in a VPN. I am following a penetration testing course.).
The issue I'm having came up while trying to define which characters were bad. As it turns out, anything above 7F is getting mangled. I have followed the exact example that my textbook gave me, I tried googling for similar examples, not a single one I found ever mentioned that issue.
In theory, the only bad characters for this particular buffer should be x00, x0a and x0d.
Here everything above 7F is a mess. I get C2s and C3s appearing every other byte, while the rest of the bytes are somehow translated. (FF turns into BF, for example.). This is rendering me completely unable to have my shellcode sent through. I've tried removing some or changing the order. No matter the order I put them in, anything above 7F will come out translated with C2/C3s every other byte.
Link to both my script code and the memory dump resulting from it.
(The for is weird, I know.)
I figured it out.
I was using py3, which required strings to be encoded.
By translating the script into py2.7, I no longer needed to encode them and they went through without any mangling.
https://imgur.com/a/OOct5Z9
I'm a JPEG novice, and I'm trying to decode a (possibly corrupted) JPEG (or rather, JFIF) file.
My image viewer program complains about an illegal 0xb9 marker.
The file does not have an SOF (Start Of Frame) marker, instead it has this APP1 segment
ff e1 00 0b 50 49 43 00 02 28 3c 01 00
followed by this segment with a 0xb9 marker:
ff b9 00 11 08 06 4c 04 d3 03 01 22 00 02 11 01 03 11 01
What am I looking at here?
EDIT
I have been asked about where the file came from. Here's the story:
About 20 years ago I bought a collection of magazines on CD-ROMs. The magazines can, however, only be read on old Windows computers, so I'm trying to find another way to read them - preferably one that works on my Linux computer. As far as I can tell, the magazine pages are stored as a lot of JFIF files that are simply concatenated together.
So to start with, I've extracted one of the JFIF files, and now I'm trying to find a way to view it.
EDIT 2
I've been asked to share a picture file. I'm not sure if I'm committing a copyright violation by doing so, so I'll remove the file again after a couple of days. Anyway, one of the problematic picture files may be downloaded from here:
https://www.dropbox.com/s/9da72gdri8c9xwp/f1000.jpg
I have no idea what the file contains except that it is probably a page from MAD Magazine.
The ff b9 segment looks very much like a SOF0 segement, and changing it to ff c0 (SOF0) makes the picture visible, but only as a collection of random pixels.
The APP1 segment mentioned above contains the string PIC, which is not part of any APP1 segement type that I'm aware of.
EDIT 3
Since this question has now been answered, I will remove the file from Dropbox in order to avoid any copyright issues. Thank you to all who contributed to this.
According to ITU T.86 Amendment 1, the APP1 segment with identifier "PIC" contains "Accusoft Pegasus custom fields." This suggests that the file may have been created using Accusoft tools, and that they might be able to decode it as well.
(Indeed, in your comment above you say that you managed to successfully open the file using the demo version of Accusoft's "Apollo" picture viewer.)
As for the FFB9 segment marker, I'm still not sure what it means. I did manage to find some code in the JPEG XT reference implementation (called "libjpeg"; not to be confused with the widely used library of the same name by the Independent JPEG Group) that appears to recognize it, and includes a comment saying that it denotes "residual scan, ac coded". Whatever that means, however, I'm not 100% sure about.
Apparently it has something to do with supporting images with more than 8 bits of dynamic range per pixel, with the "residual scan" storing additional high-precision pixel data which can be combined with the basic 8 bit JPEG image data to reconstruct the full HDR image. But if so, it seems strange to have a file with only such a residual scan marker without any normal SOI marker. Given that, according to jakub_d, the JPEG XT library cannot actually parse your file, it might be that it's using the marker in some nonstandard way.
I'm trying to get shellcode from some programs I wrote. Besides taking the hex code from an objdump -D shellcode, is there a better way to purely hexdump a string? I've thrown it through hexdump as well, but that spits out way too many lines, and as it stands I don't know how to specify it to give me just the section of machine code after _start.
I need to build a simple app that takes (click only) input from 4 USB mice connected in addition to the built-in touchpad on a notebook. My preferred operating system for this setup would be Linux.
Any idea how I might be able to discern in an application which mouse a click came from? I'm open to C programming or whatever it takes. It's a simple, one-off project, so nothing too elaborate though.
For what it's worth, I think I found an answer to my question.
bobince's mention of xorg led me to look in /etc/X11/xorg.conf. That turns out to be full of comments like
# commented out by update-manager, HAL is now used
I had heard of HAL before, and not just in 2001. I tried man -k hal and found lshal, which lists 133 (!) HAL devices in my PC. In the entry for one of my mice, I found
linux.sysfs_path = '/sys/devices/pci0000:00/0000:00:0b.0/usb2/2-7/2-7:1.0/input/input6/event6'
which turns out to be a directory in the file system. Exploring from there, I discovered a reference back to /dev/input/mouse3. In fact, all my mice were sitting there in /dev/input!
Wearing my superuser cape, I was able to read /dev/input/mouse3:
root#carl-ubuntu:/dev/input# od -t x1 -w6 mouse3
0000000 09 00 00 08 00 00
*
so it turns out a left mouse click is 09 00 00 08 00 00, consistently and repeatably.
Conclusion: I can read mouse clicks from /dev/input/mouseX. Having done chmod a+r on those files, I can even read them from a normal user account. I need to figure out a way to stop 4 mice running wild in the hands of probably drunk people from actually interacting directly with the GUI, but that's a problem for another day.
MPX is where it's at for multiple-mouse and multitouch under Linux, but you'll need to be using xorg xserver 1.7 to get the ‘proper’ version of it; this is generally taken as part of X11R7.5, which has only just come out as ‘stable’ and has not been integrated by the distros yet. (Even xorg-edgers doesn't have it, though that's where you'd keep an eye on if you're an Ubuntu-er.)
GTK+ seems to have had some work put into allowing you to detect which mouse clicked (GdkEvent.gdk_event_get_device), but I don't know what the timetable is for getting this into a full stable release. Nor do I know how far along Qt4 is with it. So in summary the situation is: it works if you're willing to put the time into grabbing, compiling and fixing stuff, but it's not smooth with mainstream Linux, yet.
I'm not too sure where to start for this, but it sounds a lot to me like it'd be similar to getting multi-touch to work. Maybe start looking for multi-touch drivers for linux?
Also, luvieere's first link might be helpful.