I’ve been digging into the world of exploit writing lately, working on Defcon‘s previous year’s CTF qualification programs, I ran into Atlas’ presentation on “Kiddie to Hacker in 5 sleepless nights”, which talks about some of his mindset when he first got into binary exploitation.
Atlas has written a tool call disass to aid in disassembly and analysis, which is a really cool tool, but can be kind of annoying to get running on different operating systems thanks to Python’s amazingly helpful error messages </sarcasm>
Firstly, make sure you install the dependencies, Python (duh), psyco, atlasutils (from Atlas’ blog), libdisassemble and vtrace (from the Kenshoto guys). Then, install disass-cli (also from Atlas’ blog) just like you would any other python program. You might need to symlink /usr/local/bin/python to /usr/bin/python since disass-cli’s sharp-bang is hardcoded for /usr/bin/python
The first time you run disass-cli, you’ll probably hit this error:
# disass-cli
Traceback (most recent call last):
File "/usr/local/bin/disass-cli", line 3, in <module>
from disass3 import *
File "/usr/local/lib/python2.5/site-packages/disass3/__init__.py", line 105, in <module>
import bsddb
File "/usr/local/lib/python2.5/bsddb/__init__.py", line 51, in <module>
import _bsddb
ImportError: No module named _bsddb
Cryptic eh? Googling is not so helpful on this one (“Recompile Python!”) Well, to fix the problem on FreeBSD, you need to install /usr/ports/databases/py-bsddb
, which will rebuild Python with the necessary libraries, easy fix.
On OSX, you’ll need to download the newest Python distro .dmg from python.org (which will have the correct libraries). Now you can update the symlink by doing:
# rm /usr/bin/python
# ln -s /Library/Frameworks/Python.framework/Versions/2.5/bin/python /usr/bin/python
as root. Now you should be able to reinstall the dependencies for disass using the newer Python distribution and disass-cli shouldn’t complain anymore, silly broken Apple versions of Python.
Note: Alternatively, you can edit the disass-cli Python file (in /usr/local/bin/disass-cli) to use the Python distribution you installed directly without changing the symlink, that way everything else still uses Apple’s version of Python (don’t forget to install the dependency libraries for the newer version of Python also).
Hope this helps someone, exploit writing is new to me, coming from more of a network-side, always fun to learn new things
McGrew Security Blog » Blog Archive » links for 2008-04-11 wrote:
[…] Get disass-cli working properly on OSX and Freebsd I haven’t used disass yet, but Lee Hinman’s post here has reminded me about it, and now it’s on my todo . Thanks to him, I also have instructions on getting it up and going on the MacBook correctly. (tags: python security) […]
Link | April 11th, 2008 at 3:35 pm
Don C. Weber wrote:
@Lee,
Just came across you blog and added you to the RSS Feed. Good stuff. I’ll be looking here for more information on Disass3 in the near future. I’m spinning up on assembly and disassembly. It has been a rocky road but Disass, VTrace, and VDB are really coming in handy. I have a few write-ups (to include very bad assembly code) on my blog over at the Security Ripcord (http://blog.cutawaysecurity.com).
Go forth and do good things,
Don C. Weber
Link | May 7th, 2008 at 6:37 pm
Don C. Weber wrote:
If you are new to FreeBSD like me and you are having trouble installing this module, try this command:
portinstall -NPR databases/py-bsddb
Hope that helps.
Go forth and do good things,
Don C. Weber
Link | June 13th, 2008 at 7:37 pm