### Setup Raspberry Pi Pico SDK and Examples Source: https://0xinfection.xyz/reversing/pages/part-1-the-why-the-how Clones the Pico SDK and example repositories, initializes submodules, and installs necessary build tools like CMake and the ARM GCC toolchain. This prepares the environment for building Pico-specific C/C++ projects. ```bash mkdir pico cd pico git clone -b master https://github.com/raspberrypi/pico-sdk.git cd pico-sdk git submodule update --init cd .. git clone -b master https://github.com/raspberrypi/pico-examples.git sudo apt update sudo apt install cmake gcc-arm-none-eabi libnewlib-arm-none-eabi build-essential  ``` -------------------------------- ### Create Pico 'Hello World' Directory and C File Source: https://0xinfection.xyz/reversing/pages/part-2-hello-world Shell commands to create a new project directory and the main C source file for the 'Hello World' example on Raspberry Pi Pico. ```shell mkdir 0x02_pico_hello_world cd 0x02_pico_hello_world ``` ```shell vim 0x02_hello_world.c ``` -------------------------------- ### Radare2 Setup and Update Commands Source: https://0xinfection.xyz/reversing/pages/part-3-debugging-hello-world Commands to update Radare2 using git and install it via a provided script. This ensures the debugger is up-to-date before starting analysis. ```bash git pull radare2 sys/install.sh ``` ```bash radare2 -v ``` -------------------------------- ### Clone and Install Radare2 Source: https://0xinfection.xyz/reversing/pages/part-2-development-setup This snippet demonstrates how to clone the Radare2 repository from GitHub and execute the installation script. It assumes the user is in the 'Documents' directory and has Git installed. ```shell cd Documents git clone https://github.com/radareorg/radare2.git sys/install.sh ``` -------------------------------- ### Raspberry Pi Pico 'Hello World' C Code Source: https://0xinfection.xyz/reversing/pages/part-2-hello-world The C code for the Raspberry Pi Pico 'Hello World' example. It initializes stdio and prints 'Hello world!' to the console every second. ```c #include #include "pico/stdlib.h" int main() { stdio_init_all(); while(1) { printf("Hello world!\n"); sleep_ms(1000); } return 0; } ``` -------------------------------- ### Assembly: Stack Setup and Function Call Source: https://0xinfection.xyz/reversing/pages/part-6-debugging-char This assembly snippet shows the initial stack setup by pushing registers and then calling the stdio_init_all function, likely for standard input/output initialization. ```assembly push {r4, lr} bl sym.stdio_init_all ``` -------------------------------- ### Install Vim Editor Source: https://0xinfection.xyz/reversing/pages/part-1-the-why-the-how Installs the Vim text editor using the apt package manager, a prerequisite for editing configuration files. ```bash sudo apt install vim ``` -------------------------------- ### Install NASM Assembler Source: https://0xinfection.xyz/reversing/pages/part-20-boot-sector-basics-part-3 Installs the Netwide Assembler (NASM) on Debian/Ubuntu-based systems, required for compiling assembly code. ```bash sudo apt-get install nasm ``` -------------------------------- ### Build and Flash Pico Project Source: https://0xinfection.xyz/reversing/pages/part-2-hello-world Shell commands to build the Raspberry Pi Pico project using CMake and make, and then copy the compiled UF2 file to the mounted Pico drive. ```shell mkdir build cd build export PICO_SDK_PATH=../../pico-sdk cmake .. make ``` ```shell cp 0x02_hello_world.uf2 /Volumes/RPI-RP2 ``` -------------------------------- ### Install Radare2 from Source Source: https://0xinfection.xyz/reversing/pages/part-1-the-why-the-how Clones the Radare2 repository and installs it from source, which is necessary for obtaining the latest features required for advanced reversing. Ensure you are building from source as packaged versions may be outdated. ```bash git clone https://github.com/radareorg/radare2.git cd radare2 cd radare2 sys/install.sh ``` -------------------------------- ### Connect to Pico via Serial Console Source: https://0xinfection.xyz/reversing/pages/part-2-hello-world Shell commands to list available serial devices and connect to the Raspberry Pi Pico using the 'screen' utility to view the 'Hello World' output. ```shell ls /dev/tty. ``` ```shell screen /dev/tty.usbmodem0000000000001 ``` -------------------------------- ### CMake Configuration for Pico Project Source: https://0xinfection.xyz/reversing/pages/part-2-hello-world CMakeLists.txt file content for building the Raspberry Pi Pico 'Hello World' project. It configures the C/C++ standards, includes SDK initialization, and links the pico_stdlib library. ```cmake cmake_minimum_required(VERSION 3.13) include(pico_sdk_import.cmake) project(test_project C CXX ASM) set(CMAKE_C_STANDARD 11) set(CMAKE_CXX_STANDARD 17) pico_sdk_init() add_executable(0x02_hello_world 0x02_hello_world.c ) pico_enable_stdio_usb(0x02_hello_world 1) pico_add_extra_outputs(0x02_hello_world) target_link_libraries(0x02_hello_world pico_stdlib) ``` -------------------------------- ### Update Ubuntu System Packages Source: https://0xinfection.xyz/reversing/pages/part-17-how-to-install-linux These commands are essential for maintaining a secure and up-to-date Ubuntu system. 'sudo apt-get update' refreshes the package list, and 'sudo apt-get upgrade' installs available upgrades for installed packages. ```bash sudo apt-get update sudo apt-get upgrade ``` -------------------------------- ### Install GCC Multilib for 32-bit Development Source: https://0xinfection.xyz/reversing/pages/part-17-how-to-install-linux This command installs the 'gcc-multilib' package, which is necessary for compiling 32-bit C code. This is often required for reverse engineering tasks that involve analyzing 32-bit executables. ```bash sudo apt-get install gcc-multilib ``` -------------------------------- ### C Hello World Example for EIP Manipulation Source: https://0xinfection.xyz/reversing/pages/part-12-instruction-pointer-register A simple 'Hello World' C program used to demonstrate hijacking program control via the EIP register. The example includes an 'unreachableFunction' that is not called by 'main' under normal execution. ```c #include void unreachableFunction() { printf("This function was called!"); } int main() { printf("Hello World!"); return 0; } ``` -------------------------------- ### 4-Bit Binary Addition Example Source: https://0xinfection.xyz/reversing/pages/part-3-binary-addition An example demonstrating the addition of two 4-bit binary numbers, illustrating the concept of a carry bit. ```plaintext 0111 + 0100 = 1011 ``` -------------------------------- ### Debug ADD Program with GDB Source: https://0xinfection.xyz/reversing/pages/part-15-debugging-add This snippet demonstrates how to start the GDB debugger for an executable file named 'add'. It includes commands to set a breakpoint at '_start', run the program, and inspect the CPU registers. ```bash gdb -q add b _start r i r ``` -------------------------------- ### 8-Bit Binary Addition Example Source: https://0xinfection.xyz/reversing/pages/part-3-binary-addition An example of adding two 8-bit binary numbers, showcasing a carry bit that would trigger a carry flag in a CPU. ```plaintext 01110000 + 01010101 = 11000101 ``` -------------------------------- ### Create Directory in Ubuntu Terminal Source: https://0xinfection.xyz/reversing/pages/part-17-how-to-install-linux This command sequence demonstrates how to navigate to the Desktop directory and create a new folder named 'Code' within it using the Ubuntu terminal. This is a common practice for organizing project files. ```bash cd Desktop mkdir Code ``` -------------------------------- ### Build Blink Program for Raspberry Pi Pico Source: https://0xinfection.xyz/reversing/pages/part-1-the-why-the-how Navigates to the pico-examples build directory, sets the PICO_SDK_PATH environment variable, configures the build using CMake, and then compiles the 'blink' example. This process generates a .uf2 file that can be copied to the Pico to run the program. ```bash cd pico-examples mkdir build cd build export PICO_SDK_PATH=../../pico-sdk cmake .. cd blink make ``` -------------------------------- ### Copy pico_sdk_import.cmake Source: https://0xinfection.xyz/reversing/pages/part-5-char A shell command to copy the necessary 'pico_sdk_import.cmake' file from the pico-sdk installation directory to the current project directory. ```shell cp ../pico-sdk/external/pico_sdk_import.cmake . ``` -------------------------------- ### Radare2 Print String Source: https://0xinfection.xyz/reversing/pages/part-4-debugging-hello-world Prints a string starting from a specified memory address. This command is useful for verifying the content of strings within the binary. ```shell [0x55629ca9e4]> ps @0x55629cab48 ``` -------------------------------- ### Install vim Text Editor Source: https://0xinfection.xyz/reversing/pages/part-18-vim-text-editor Installs the vim text editor on a Linux system, providing enhanced functionality over the basic vi editor. ```bash sudo apt update && sudo apt install vim ``` -------------------------------- ### Hexadecimal Addition Example Source: https://0xinfection.xyz/reversing/pages/part-6-hexadecimal-number-system Demonstrates the process of adding hexadecimal numbers. It provides an example calculation showing how to handle carries when the sum of digits exceeds F (15 in decimal). ```text Addition in hexadecimal works as follows. From this point forward all numbers in hexadecimal will have a 'h' next to the number: ``` -------------------------------- ### Debug Executable with GDB Source: https://0xinfection.xyz/reversing/pages/part-21-how-to-compile-a-program This demonstrates using the GNU Debugger (GDB) to debug an executable. It involves starting GDB, listing the source, setting a breakpoint, running the program, and disassembling the code. ```bash gdb ./exit (gdb) l (gdb) break main (gdb) run (gdb) disass ``` -------------------------------- ### C Function Definition and Call Example Source: https://0xinfection.xyz/reversing/pages/part-15-stack Demonstrates a simple C function 'addMe' that takes two integer arguments and returns their sum. It also shows how 'main' calls 'addMe', passing arguments that are expected by the called function. ```c int addMe(int a, int b) { // Function implementation here return a + b; } int main(void) { int result = addMe(5, 3); // Use the result return 0; } ``` -------------------------------- ### Binary to Decimal Conversion Example Source: https://0xinfection.xyz/reversing/pages/part-4-number-systems Demonstrates the process of converting a binary number (0101 1101) to its decimal equivalent (93) by summing the values of bits corresponding to powers of 2. ```text 0101 1101 binary = 93 decimal Calculation: (0 * 128) + (1 * 64) + (0 * 32) + (1 * 16) + (1 * 8) + (1 * 4) + (0 * 2) + (1 * 1) = 93 ``` -------------------------------- ### ARM Assembly Debugging: Stack Pointer and Link Register Manipulation Source: https://0xinfection.xyz/reversing/pages/part-15-debugging-hello-world This snippet demonstrates the initial setup in ARM Assembly, where the link register is loaded into r11 and the stack pointer is incremented by 4, preserving the link register and allocating space on the stack. ```Assembly 0x10750 # Load link register into r11 add r11, sp, #4 # Add to r11 ``` -------------------------------- ### AND Boolean Operation Example Source: https://0xinfection.xyz/reversing/pages/part-10-boolean-instructions Demonstrates the AND boolean operation, where the result is 1 only if both bits are 1. This illustrates the logic gate concept. ```text ex: 0 0 1 0 0 0 1 0 ex: 0 1 1 0 1 1 1 0 ex:——————— ex: 0 0 1 0 0 0 1 0 ``` -------------------------------- ### 8-Bit Binary Addition with Carry Flag Example Source: https://0xinfection.xyz/reversing/pages/part-3-binary-addition Demonstrates an 8-bit binary addition that results in a carry bit, which would set the carry flag in a CPU. ```plaintext 11110000 + 11010101 = (1)11000101 ``` -------------------------------- ### Debugging Assembly with GDB Source: https://0xinfection.xyz/reversing/pages/part-24-asm-hacking-1-moving-immediate-data Demonstrates loading a binary into GDB, setting a breakpoint at the start, running the program, and disassembling the code. It also shows how to step through instructions and inspect register values. ```bash gdb -q moving_immediate_data b _start r disas si i r ``` ```assembly nop ; 0x90 ``` -------------------------------- ### Radare2 Print Hex Source: https://0xinfection.xyz/reversing/pages/part-4-debugging-hello-world Displays the hexadecimal representation of data starting from a specified memory address. This is useful for examining raw machine code and data bytes. ```shell px @0x55629cab48 ``` -------------------------------- ### ARM Assembly SUB Instruction Example Source: https://0xinfection.xyz/reversing/pages/part-25-hacking-sub Demonstrates the SUB instruction in ARM Assembly. It shows how to move decimal values into registers and perform subtraction, storing the result in another register. The example also illustrates how modifying an input register can change the output. ```ARM Assembly mov r1, #67 mov r2, #53 sub r0, r1, r2 ``` -------------------------------- ### NOT Boolean Operation Example Source: https://0xinfection.xyz/reversing/pages/part-10-boolean-instructions Explains the NOT boolean operation (inversion), where a 0 becomes a 1 and a 1 becomes a 0. This demonstrates the NOT gate's function. ```text ex: 0 0 1 0 0 0 1 0 ex:——————— ex: 1 1 0 1 1 1 0 1 ``` -------------------------------- ### OR Boolean Operation Example Source: https://0xinfection.xyz/reversing/pages/part-10-boolean-instructions Illustrates the OR boolean operation, where the result is 1 if at least one of the bits is 1. This mirrors OR gate functionality. ```text ex: 0 0 1 0 0 0 1 0 ex: 0 1 1 0 1 1 1 0 ex:——————— ex: 0 1 1 0 1 1 1 0 ``` -------------------------------- ### Shell: Configure OpenOCD for Pico Debugging Source: https://0xinfection.xyz/reversing/pages/part-15-debugging-double Commands to configure and run OpenOCD for debugging a Raspberry Pi Pico. Requires OpenOCD to be installed and a Pico configured as a debugger probe. ```shell src/openocd -f interface/picoprobe.cfg -f target/rp2040.cfg -s tcl ``` -------------------------------- ### Debugging x64 Assembly with GDB Source: https://0xinfection.xyz/reversing/pages/part-27-x64-assembly-part-1 Illustrates how to use the GNU Debugger (GDB) to analyze the execution of an x64 assembly program. It includes commands for setting the debugger to Intel syntax, setting a breakpoint at the start, running the program, and examining register values. ```bash gdb ./main set disassembly-flavor intel b _start r info registers rax ``` -------------------------------- ### Decimal to Hexadecimal Conversion Example Source: https://0xinfection.xyz/reversing/pages/part-4-number-systems Explains the conversion of a decimal number (850) to its hexadecimal representation (352) using division with remainder. ```text 850 decimal = 352 hex Steps: 850 / 16 = 53 remainder 2 53 / 16 = 3 remainder 5 3 / 16 = 0 remainder 3 Reading remainders from bottom up: 352 ``` -------------------------------- ### Convert Binary to Decimal Source: https://0xinfection.xyz/reversing/pages/part-2-number-systems Demonstrates the process of converting a binary number to its decimal equivalent by summing the values of bits based on their positional weight. Example: 0101 1101 binary to 93 decimal. ```text Binary: 0101 1101 Decimal conversion using positional values: (0*128) + (1*64) + (0*32) + (1*16) + (1*8) + (1*4) + (0*2) + (1*1) = 93 ``` -------------------------------- ### CMakeLists.txt for Pico project Source: https://0xinfection.xyz/reversing/pages/part-14-double This CMakeLists.txt file configures a C/C++ project for the Raspberry Pi Pico. It sets the minimum CMake version, includes the Pico SDK, defines project properties, sets C and C++ standards, initializes the SDK, adds an executable target, enables USB stdio, and links against the pico_stdlib library. ```cmake cmake_minimum_required(VERSION 3.13) include(pico_sdk_import.cmake) project(test_project C CXX ASM) set(CMAKE_C_STANDARD 11) set(CMAKE_CXX_STANDARD 17) pico_sdk_init() add_executable(0x06_double 0x06_double.c ) pico_enable_stdio_usb(0x06_double 1) pico_add_extra_outputs(0x056_double) target_link_libraries(0x06_double pico_stdlib) ``` -------------------------------- ### Hexadecimal Subtraction Example Source: https://0xinfection.xyz/reversing/pages/part-6-hexadecimal-number-system Explains and illustrates the method for subtracting hexadecimal numbers. It covers scenarios that might involve borrowing from higher place values. ```text We will now focus on subtraction: ``` -------------------------------- ### ARM Assembly Load and Store Instructions Source: https://0xinfection.xyz/reversing/pages/part-6-registers Examples of ARM assembly instructions for loading data into a register from memory and storing register contents into memory. It highlights the use of '@' for comments. ```assembly ldr, r4, [r10] @ load r4 with the contents of r10, if r10 had the decimal value of say 22, 22 would go to r4 str, r9, [r4] @ store r9 contents into location in r4, if r9 had 0x02 hex, 0x02 would be stored into location r4 ``` -------------------------------- ### C++ Char Datatype Example Source: https://0xinfection.xyz/reversing/pages/part-9-character-primitive-datatype Demonstrates the declaration, assignment, and printing of a 'char' variable in C++. It includes the necessary iostream header for input/output operations. ```cpp #include int main() { char my_char = 'c'; std::cout << my_char << std::endl; return 0; } ``` -------------------------------- ### Decimal to Hexadecimal Conversion Example (42) Source: https://0xinfection.xyz/reversing/pages/part-6-hexadecimal-number-system Demonstrates the conversion of the decimal number 42 into its hexadecimal representation (2A). It shows the place values in both decimal and hexadecimal systems and how they relate to each other. ```text 2 x 10 ^ 0 = 2 4 x 10 ^ 1 = 40 (2 * 10 ^ 0) + (4 * 10 ^ 1) = 42 0010 1010 binary 10 * 16 ^ 0 = 10 2 * 16 ^ 1 = 32 10 + 32 = 42 decimal => 2A hexadecimal ``` -------------------------------- ### Example output with repeated message Source: https://0xinfection.xyz/reversing/pages/part-4-hacking-hello-world Demonstrates a pattern of receiving a repeated message 'Hacked World!' over a serial connection, possibly indicating a loop or status message from a device. ```text Hacked World! Hacked World! Hacked World! Hacked World! Hacked World! Hacked World! Hacked World! Hacked World! Hacked World! Hacked World! Hacked World! Hacked World! Hacked World! Hacked World! Hacked World! Hacked World! Hacked World! Hacked World! Hacked World! Hacked World! Hacked World! Hacked World! Hacked World! Hacked World! ``` -------------------------------- ### C++ 'Hello World' Program Source: https://0xinfection.xyz/reversing/pages/part-34-x64-c%2B%2B-1-code-part-1 This code snippet demonstrates a basic C++ program that utilizes the iostream library to print the string 'Hello World' followed by a newline character to the standard output (terminal). It serves as a foundational example for reverse engineering C++ applications. ```cpp #include int main() { std::cout << "Hello World" << std::endl; return 0; } ``` -------------------------------- ### Infinite Loop Assembly Code Source: https://0xinfection.xyz/reversing/pages/part-19-boot-sector-basics-part-2 This assembly code creates an infinite loop by jumping back to a label. It's a fundamental example for boot sector programming but lacks the 'magic number' required for BIOS execution. ```assembly jmp loop loop: ``` -------------------------------- ### C++ Pre-Increment Operator Example Source: https://0xinfection.xyz/reversing/pages/part-39-debugging-pre-increment-operator Demonstrates the pre-increment operator in C++. It initializes an integer, increments it before assigning to a new variable, and prints the result. Compiled using g++ and executed directly. ```cpp #include int main(void) { int myNumber = 16; int myNewNumber = ++myNumber; std::cout << myNewNumber << std::endl; return 0; } ``` -------------------------------- ### Decimal to Binary Conversion Example Source: https://0xinfection.xyz/reversing/pages/part-4-number-systems Illustrates how to convert a decimal number (120) to its binary representation (0111 1000) by repeatedly checking if powers of 2 can be subtracted from the remaining value. ```text 120 decimal = 0111 1000 binary Steps: 1) 128 in 120? No (0). Remainder: 120. 2) 64 in 120? Yes (1). Remainder: 120 - 64 = 56. 3) 32 in 56? Yes (1). Remainder: 56 - 32 = 24. 4) 16 in 24? Yes (1). Remainder: 24 - 16 = 8. 5) 8 in 8? Yes (1). Remainder: 8 - 8 = 0. 6) 4 in 0? No (0). 7) 2 in 0? No (0). 8) 1 in 0? No (0). Result: 0111 1000 ``` -------------------------------- ### x64 Assembly Subtract Example Source: https://0xinfection.xyz/reversing/pages/part-29-x64-assembly-part-3 Demonstrates loading the value 16 (0x10) into the EAX register and then subtracting 5 from it. The result is observed in the RAX register after stepping through the instructions in a debugger. ```assembly mov eax, 0x10 sub eax, 5 ``` -------------------------------- ### Assembly: Setting up boot sector, video mode, and input validation Source: https://0xinfection.xyz/reversing/pages/part-25-boot-sector-basics-part-8 This Assembly code demonstrates fundamental boot sector operations. It initializes the stack, sets a 640x200 greyscale video mode, and implements a console input handler that accepts only numeric digits (0-9). ```Assembly ; Move to the programable area of the boot sector code at address 0x7c00 mov ax, 0x7c00 mov ds, ax mov es, ax mov ss, ax mov sp, 0x7c00 ; Call video mode function call set_video_mode ; Call get character input function call get_char_input ; ... (rest of the boot sector code) set_video_mode: ; Set 640x200 greyscale console mov ah, 0x00 mov al, 0x13 ; 640x480 VGA mode, 256 colors, not greyscale ; For 640x200 greyscale, a different mode or sequence might be needed ; Example for 80x25 text mode: mov al, 0x03 int 0x10 ret get_char_input: mov ah, 0x01 ; Read character from keyboard with echo int 0x21 mov bl, al ; Store input character ; Check if the input is a numeric digit (0-9) cmp bl, '0' ; ASCII value for '0' is 0x30 jl invalid_input cmp bl, '9' ; ASCII value for '9' is 0x39 jg invalid_input ; Input is a digit, proceed ; Echo the character to the console mov ah, 0x02 ; Write character to console mov dl, bl ; Character to display int 0x21 ret invalid_input: ; Handle invalid input (e.g., ignore, display error) ; For this example, we'll just ignore and loop back for input jmp get_char_input ``` -------------------------------- ### Hexadecimal to Decimal Conversion Example Source: https://0xinfection.xyz/reversing/pages/part-4-number-systems Details the process of converting a hexadecimal number (0x5f) to its decimal equivalent (95) by multiplying each hex digit by its corresponding power of 16. ```text 0x5f hex = 95 decimal Calculation: (5 * 16^1) + (f * 16^0) = (5 * 16) + (15 * 1) = 80 + 15 = 95 ``` -------------------------------- ### Build and Flash Pico Project Source: https://0xinfection.xyz/reversing/pages/part-19-input Shell commands to build the Pico project. It includes creating a build directory, setting the PICO_SDK_PATH environment variable, running CMake configuration, compiling the project, and flashing the resulting UF2 file to the Pico board. ```shell mkdir build cd build export PICO_SDK_PATH=../../pico-sdk cmake .. make make flash ``` -------------------------------- ### Creating Bare-Metal Firmware with Infinite Loop (ARM Machine Code) Source: https://0xinfection.xyz/reversing/pages/part-11-arm-firmware-boot-procedures This snippet demonstrates how to create a minimal ARM firmware by writing machine code directly into a file named kernel.img. The provided hexadecimal sequence 'FE FF FF EA' instructs the ARM processor to perform an infinite loop, effectively halting execution at that point. This is a foundational example for understanding low-level control and the boot process. ```Hexadecimal FE FF FF EA ``` -------------------------------- ### Binary to Hexadecimal Conversion Example Source: https://0xinfection.xyz/reversing/pages/part-4-number-systems Shows the conversion of a binary number (0101 1111) to hexadecimal (0x5f) by grouping binary digits into nibbles (4 bits) and using a lookup table. ```text 0101 1111 binary = 0x5f hex Explanation: Binary is grouped into nibbles (4 bits). 0101 (binary) = 5 (hex) 1111 (binary) = f (hex) '0x' denotes hexadecimal notation. ``` -------------------------------- ### Open Binary in Radare2 Source: https://0xinfection.xyz/reversing/pages/part-4-debugging-hello-world Opens the specified binary file within the Radare2 reverse engineering framework for analysis. ```shell radare2 ./0x01_asm_64_helloworld ``` -------------------------------- ### Hexadecimal to Decimal Conversion Example (F1CD) Source: https://0xinfection.xyz/reversing/pages/part-6-hexadecimal-number-system Provides a detailed conversion of the hexadecimal number F1CD to its decimal equivalent (61,901). It shows the calculation for each digit (D, C, 1, F) based on its position and the base-16 system. ```text D --- 13 x 1 = 13 C --- 12 x 16 = 192 1 --- 1 x 256 = 256 F --- 15 x 4096 = 61,440 13 + 192 + 256 + 61,440 = 61,901 ``` -------------------------------- ### C++ Hello World Program Source: https://0xinfection.xyz/reversing/pages/part-3-hello-world A simple C++ program that outputs 'Hello World!' to the standard output using the iostream library and the endl manipulator to flush the buffer. It demonstrates basic C++ syntax and output operations. ```cpp #include int main() { std::cout << "Hello World!" << std::endl; return 0; } ``` -------------------------------- ### Copy UF2 file to Pico Source: https://0xinfection.xyz/reversing/pages/part-14-double This command copies the compiled UF2 firmware file from the build directory to the Raspberry Pi Pico's mass storage device, typically mounted as 'RPI-RP2'. This is how the firmware is transferred to the Pico for execution. ```bash cp 0x06_double.uf2 /Volumes/RPI-RP2 ``` -------------------------------- ### C Dereferencing Example Source: https://0xinfection.xyz/reversing/pages/part-43-hacking-pointers%21 Illustrates the concept of dereferencing a pointer in C to access the value stored at the memory address the pointer holds. This example shows how to modify a variable's value indirectly through its pointer. ```c #include int main(void) { int number = 5; int *pointer_to_number; pointer_to_number = &number; printf("Original value: %d\n", number); *pointer_to_number = 777; printf("New value: %d\n", number); return 0; } ``` -------------------------------- ### Run the hacked binary Source: https://0xinfection.xyz/reversing/pages/part-5-hacking-hello-world Executes the modified binary from the command line. This demonstrates the result of the hacking process. ```bash ./0x01_asm_64_helloworld ``` -------------------------------- ### Compile Assembly Code (ADC Example) Source: https://0xinfection.xyz/reversing/pages/part-20-adc These commands compile an assembly file (adc.s) into an object file (adc.o) and then link the object file to create an executable (adc). This process is used to prepare assembly code for execution, common in reverse engineering and low-level programming. ```shell as -o adc.o adc.s ld -o adc adc.o ``` -------------------------------- ### CMakeLists.txt for Pico Project Source: https://0xinfection.xyz/reversing/pages/part-5-char Configures a Raspberry Pi Pico project using CMake. It sets the C/C++ standards, initializes the Pico SDK, defines the executable name and source files, enables USB stdio, and links the pico_stdlib library. ```cmake cmake_minimum_required(VERSION 3.13) include(pico_sdk_import.cmake) project(test_project C CXX ASM) set(CMAKE_C_STANDARD 11) set(CMAKE_CXX_STANDARD 17) pico_sdk_init() add_executable(0x03_char 0x03_char.c ) pico_enable_stdio_usb(0x03_char 1) pico_add_extra_outputs(0x03_char) target_link_libraries(0x03_char pico_stdlib) ``` -------------------------------- ### Serial Output: Pico Integer Printing Source: https://0xinfection.xyz/reversing/pages/part-8-int This represents the expected serial output from the Pico board after deploying the 'int' example. It shows the integer value '40' being printed repeatedly every second, confirming the code is executing as intended. ```text 40 40 40 40 40 40 40 40 40 40 40 40 ``` -------------------------------- ### Hexadecimal to Decimal Conversion Example (F5) Source: https://0xinfection.xyz/reversing/pages/part-6-hexadecimal-number-system Illustrates the conversion of the hexadecimal number F5 into its decimal equivalent (245). It breaks down the calculation by considering the place value of each hexadecimal digit (F and 5). ```text 5 x 16 ^ 0 = 5 15 x 16 ^ 1 = 240 5 + 240 = 245 decimal => F5 hexadecimal ``` -------------------------------- ### Convert Decimal to Binary Source: https://0xinfection.xyz/reversing/pages/part-2-number-systems Explains how to convert a decimal number to binary by repeatedly checking if the next power of 2 can be subtracted. A '1' is placed if subtraction is possible, '0' otherwise. Example: 120 decimal to 0111 1000 binary. ```text Decimal: 120 1) Can 128 fit inside of 120: No, therefore 0. 2) Can 64 fit inside of 120: Yes, therefore 1, then 120 – 64 = 56. 3) Can 32 fit inside of 56: Yes, therefore 1, then 56 – 32 = 24. 4) Can 16 fit inside of 24: Yes, therefore 1, then 24 – 16 = 8. 5) Can 8 fit inside of 8: Yes, therefore 1, then 8 – 8 = 0. 6) Can 4 fit inside of 0: No, therefore 0. 7) Can 2 fit inside of 0: No, therefore 0. 8) Can 1 fit inside of 0: No, therefore 0. Result: 0111 1000 binary ``` -------------------------------- ### Main Application Logic (main.c) Source: https://0xinfection.xyz/reversing/pages/part-19-input Initializes all standard I/O for the Pico and sets up the main loop. It continuously calls input_proc to capture user input and print_proc to handle output based on the input. ```c #include #include "pico/stdlib.h" #include "print.h" #include "input.h" int main() { stdio_init_all(); const int USB_STRING_SIZE = 100; char usb_char; usb_char = '\0'; char usb_string[USB_STRING_SIZE]; usb_string[0] = '\0'; while(1) { input_proc('f', &usb_char, usb_string, &USB_STRING_SIZE); print_proc(&usb_char, usb_string); } return 0; } ``` -------------------------------- ### Run Executable Source: https://0xinfection.xyz/reversing/pages/part-3-hello-world This command executes the compiled program '0x01_asm64_helloworld'. It demonstrates how to run an executable file from the current directory in a Unix-like environment. ```bash ./0x01_asm64_helloworld ``` -------------------------------- ### ARM Assembly SUB Instruction Example Source: https://0xinfection.xyz/reversing/pages/part-24-debugging-sub Demonstrates the SUB instruction in ARM assembly. It moves decimal values 67 and 53 into registers r1 and r2 respectively, then subtracts r1 from r2, storing the result in r0. The example includes debugging steps to show register values. ```ARM Assembly MOV r1, #67 MOV r2, #53 SUB r0, r1, r2 ``` -------------------------------- ### Convert Hexadecimal to Binary Source: https://0xinfection.xyz/reversing/pages/part-2-number-systems Shows the reverse process of converting hexadecimal to binary. Each hexadecimal digit is converted into its 4-bit binary equivalent (nibble). Example: 0x3a hex to 0011 1010 binary. ```text Hexadecimal: 0x3a Convert each hex digit to its 4-bit binary representation: 3 = 0011 A (10) = 1010 Result: 0011 1010 binary ``` -------------------------------- ### C Pointer Example Source: https://0xinfection.xyz/reversing/pages/part-43-hacking-pointers%21 Demonstrates the fundamental concept of pointers in C, showing how a pointer stores the memory address of another variable. It illustrates direct assignment and how changing the value through the pointer affects the original variable. ```c #include int main(void) { int lottery_number = 7; int *lottery_pointer; lottery_pointer = &lottery_number; printf("address of lottery_number: %p\n", &lottery_number); printf("value of lottery_pointer: %p\n", lottery_pointer); printf("value of lottery_number: %d\n", lottery_number); printf("value lottery_pointer points to: %d\n", *lottery_pointer); return 0; } ``` -------------------------------- ### ARM Assembly ADD Instruction Example Source: https://0xinfection.xyz/reversing/pages/part-14-add Demonstrates the basic ADD instruction in ARM Assembly. It moves decimal values into registers r1 and r2, then adds them, storing the result in register r0. This is a fundamental operation for understanding assembly. ```assembly MOV r1, #67 MOV r2, #53 ADD r0, r1, r2 ``` -------------------------------- ### Radare2 Debugging Session Initialization Source: https://0xinfection.xyz/reversing/pages/part-3-debugging-hello-world Command to launch Radare2 with specific settings for debugging an ARM executable. It specifies the architecture, bit mode, and the ELF file to analyze. ```bash radare2 -w arm -b 16 0x02_hello_world.elf ``` -------------------------------- ### Radare2 Debug Mode Source: https://0xinfection.xyz/reversing/pages/part-10-debugging-character-primitive-datatype Starts the program in debug mode, mapping machine code from disk to a running process. ```shell ood ``` -------------------------------- ### C 'Hello World!' Program for Pico Source: https://0xinfection.xyz/reversing/pages/part-3-debugging-hello-world The standard 'Hello World!' program for the Raspberry Pi Pico, utilizing stdio_init_all() for output and a loop with a 1-second delay. This code serves as the basis for debugging exercises. ```c #include #include "pico/stdlib.h" int main() { stdio_init_all(); while(1) { printf("Hello world!\n"); sleep_ms(1000); } return 0; } ``` -------------------------------- ### Assembly Instructions for 'Hello World!' Source: https://0xinfection.xyz/reversing/pages/part-40-hacking-hello-world%21 Analysis of the assembly code generated for the 'Hello World!' C program. This includes stack operations (push, pop), loading addresses into registers (lea), and function calls (call puts). ```assembly push rbp lea rdi, qword str.Hello_World call sym.imp.puts leave ret ``` -------------------------------- ### Radare Commands for Analysis and Debugging Source: https://0xinfection.xyz/reversing/pages/part-40-hacking-hello-world%21 A sequence of commands used within the Radare framework to analyze a binary, seek to the main function, and examine the generated assembly code. ```bash aaa s sym.main ``` -------------------------------- ### C++ Double Datatype Example Source: https://0xinfection.xyz/reversing/pages/part-18-double-primitive-datatype Demonstrates the declaration and output of a double-precision floating-point variable in C++. It requires the iostream library for input/output operations. ```cpp #include int main() { double my_double = 10.1; std::cout << my_double << std::endl; return 0; } ``` -------------------------------- ### Convert Binary to Hexadecimal Source: https://0xinfection.xyz/reversing/pages/part-2-number-systems Illustrates converting binary to hexadecimal by grouping binary digits into nibbles (4 bits) and referencing a conversion table. Each nibble corresponds to one hex digit. Example: 0101 1111 binary to 0x5f hex. ```text Binary: 0101 1111 Group into nibbles (4 bits): 0101 = 5 (decimal) 1111 = 15 (decimal) = F (hexadecimal) Result: 0x5f hex ``` -------------------------------- ### Executing a Compiled Program Source: https://0xinfection.xyz/reversing/pages/part-14-hello-world Command to run an executable file (e.g., example1) that has been compiled from a source file. The './' prefix indicates that the executable is in the current directory. ```bash ./example1 ``` -------------------------------- ### Pico Project Build Configuration (CMakeLists.txt) Source: https://0xinfection.xyz/reversing/pages/part-19-input Configures the build process for the Pico project using CMake. It specifies project details, C/C++ standards, includes the Pico SDK, adds executables, and defines targets for building and flashing. ```cmake cmake_minimum_required(VERSION 3.13) include(pico_sdk_import.cmake) project(test_project C CXX ASM) set(CMAKE_C_STANDARD 11) set(CMAKE_CXX_STANDARD 17) set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS_RELEASE}") set(CMAKE_CXX_FLAGS_RELEASE "${CMAKE_CXX_FLAGS_RELEASE}") pico_sdk_init() add_executable(main main.c print.c input.c ) pico_enable_stdio_usb(main 1) pico_enable_stdio_uart(main 0) pico_add_extra_outputs(main) target_link_libraries(main pico_stdlib hardware_i2c) add_custom_target(flash COMMAND cp main.uf2 /Volumes/RPI-RP2/ DEPENDS main ) ``` -------------------------------- ### XOR Boolean Operation Example Source: https://0xinfection.xyz/reversing/pages/part-10-boolean-instructions Shows the XOR (exclusive OR) boolean operation, where the result is 1 only if the bits are different. This corresponds to XOR gate logic. ```text ex: 0 0 1 0 0 0 1 0 ex: 0 1 1 0 1 1 1 0 ex:——————— ex: 0 1 0 0 1 1 0 0 ``` -------------------------------- ### Launch radare2 in Write Mode Source: https://0xinfection.xyz/reversing/pages/part-20-hacking-double-primitive-datatype Starts the radare2 debugger in write mode for the specified binary file. This allows for modifications to the executable. ```bash radare2 -w ./0x06_asm64_double_primitive_datatype ``` -------------------------------- ### Execute C++ Program Source: https://0xinfection.xyz/reversing/pages/part-17-constants Command to run the compiled C++ executable file named 'example2' from the current directory. ```bash ./example2 ``` -------------------------------- ### Build and Compile Pico Project Source: https://0xinfection.xyz/reversing/pages/part-5-char Shell commands to build a Raspberry Pi Pico project. It involves creating a build directory, navigating into it, setting the PICO_SDK_PATH environment variable, running CMake to configure the build, and then executing make to compile the project. ```shell mkdir build cd build export PICO_SDK_PATH=../../pico-sdk cmake .. make ``` -------------------------------- ### Radare2: Seek to Main Function Source: https://0xinfection.xyz/reversing/pages/part-7-hacking-char Navigates the debugger's attention to the 'main' function within the loaded executable. This is a common starting point for code analysis and modification. ```shell s main ``` -------------------------------- ### C 'Hello World!' Program Source: https://0xinfection.xyz/reversing/pages/part-40-hacking-hello-world%21 A basic C program that includes the standard library and uses the printf function to display 'Hello World!' to the console. The main function returns an integer. ```c #include int main() { printf("Hello World!\n"); return 0; } ``` -------------------------------- ### ARM Assembly: Setting Breakpoint and Register Examination Source: https://0xinfection.xyz/reversing/pages/part-15-debugging-hello-world This section details setting a breakpoint at 'main+16' and then examining the values within the registers, specifically focusing on register r1 which contains the 'Hello World!' string. ```Assembly # Set a breakpoint at main+16 # Let’s take a look at our register values. # We see the “Hello World!” string now residing inside of r1 ``` -------------------------------- ### Radare2 Analysis and Navigation Commands Source: https://0xinfection.xyz/reversing/pages/part-3-debugging-hello-world Basic Radare2 commands for auto-analyzing code, seeking to a specific function (main), and entering visual mode for debugging. ```bash aaaa ``` ```bash s main ``` -------------------------------- ### C++ Pre-Decrement Operator Example Source: https://0xinfection.xyz/reversing/pages/part-46-hacking-pre-decrement-operator Demonstrates the use of the pre-decrement operator in C++. It shows how decrementing a variable before its value is used affects the output. Requires a C++ compiler. ```cpp #include int main(void) { int myNumber = 16; int myNewNumber = --myNumber; std::cout << myNewNumber << std::endl; std::cout << myNumber << std::endl; return 0; } ``` -------------------------------- ### Assemble and Link ADD Program Source: https://0xinfection.xyz/reversing/pages/part-15-debugging-add This snippet shows the commands to assemble an assembly source file (add.s) into an object file (add.o) and then link the object file to create an executable (add). ```bash as -o add.o add.s ld -o add add.o ``` -------------------------------- ### Launch radare2 in write mode Source: https://0xinfection.xyz/reversing/pages/part-5-hacking-hello-world Launches the radare2 tool in write mode to allow modifications to the target binary. This is the initial step for hacking the binary. ```bash radare2 -w ./0x01_asm_64_helloworld ``` -------------------------------- ### Disassembling Code in GDB Source: https://0xinfection.xyz/reversing/pages/part-23-asm-debugging-1-moving-immediate-data Disassembles the program's code starting from the current execution point. This command is used to view the assembly instructions being executed. ```bash disas ``` -------------------------------- ### CMakeLists.txt for Pico Project Source: https://0xinfection.xyz/reversing/pages/part-11-float This CMakeLists.txt file configures a Pico project, setting the C and C++ standards, importing the Pico SDK, defining the executable name, enabling USB stdio, and linking the pico_stdlib library. It's essential for building Pico projects. ```cmake cmake_minimum_required(VERSION 3.13) include(pico_sdk_import.cmake) project(test_project C CXX ASM) set(CMAKE_C_STANDARD 11) set(CMAKE_CXX_STANDARD 17) pico_sdk_init() add_executable(0x05_float 0x05_float.c ) pico_enable_stdio_usb(0x05_float 1) pico_add_extra_outputs(0x05_float) target_link_libraries(0x05_float pico_stdlib) ``` -------------------------------- ### Compiling C++ Code with g++ Source: https://0xinfection.xyz/reversing/pages/part-14-hello-world Command to compile a C++ source file (e.g., example1.cpp) using the g++ compiler. The -o flag specifies the output executable file name (e.g., example1). ```bash g++ example1.cpp -o example1 ``` -------------------------------- ### Compiling and Linking x64 Assembly Code Source: https://0xinfection.xyz/reversing/pages/part-27-x64-assembly-part-1 Provides the commands necessary to compile an assembly file (`.asm`) into an object file (`.o`) and then link the object file to create an executable file. ```bash nasm -f elf64 main.asm -o main.o ld main.o -o main ``` -------------------------------- ### Compile C++ Program using g++ Source: https://0xinfection.xyz/reversing/pages/part-17-constants Command to compile a C++ source file named 'example2.cpp' using the g++ compiler and create an executable file named 'example2'. ```bash g++ example2.cpp -o example2 ``` -------------------------------- ### ARM Assembly: ADC Instruction Example Source: https://0xinfection.xyz/reversing/pages/part-21-debugging-adc Demonstrates the behavior of the ADC instruction in ARM assembly. It highlights how the Carry Flag, set by a previous operation, influences the result of an addition operation. ```assembly ADD r1, r1, #100 ADD r2, r2, #4294967295 ADD r3, r3, #100 ADD r4, r4, #100 ADD r0, r1, r2 ADD r5, r3, r4 // Example showing ADC behavior when Carry Flag is set // Assume a previous operation set the Carry Flag ADC r5, r3, r4 // r3 + r4 + Carry Flag -> r5 ``` -------------------------------- ### Compiling and Running a Simple C Program Source: https://0xinfection.xyz/reversing/pages/part-20-instruction-code-handling Demonstrates the compilation and execution of a basic C program that exits the operating system. This is a foundational step before analyzing its machine code. ```bash gcc test.c -o test ./test ``` -------------------------------- ### C Function Call with Arguments Source: https://0xinfection.xyz/reversing/pages/part-15-stack Demonstrates how arguments are passed to a function in C. It shows the `main` function calling `addMe` with two integer arguments, `a` and `b`, and the subsequent calculation and printing of the result. ```c int main(void) { int a = 5; int b = 10; int sum = addMe(a, b); printf("%d", sum); return 0; } int addMe(int a, int b) { return a + b; } ```