1 00:00:01,600 --> 00:00:03,080 Welcome back. 2 00:00:03,100 --> 00:00:11,770 Remember in the previous lesson I gave you an exercise a problem to solve or a challenge and that is 3 00:00:12,160 --> 00:00:18,430 to find a way to bash the file so that when he runs it will not quit. 4 00:00:19,030 --> 00:00:23,230 Instead you will continue to show the flag. 5 00:00:24,540 --> 00:00:28,200 So in this lesson I will give you the solution. 6 00:00:29,010 --> 00:00:36,750 So in this lesson I will show you how to patch using jumps and how to assemble jam instructions. 7 00:00:36,750 --> 00:00:37,980 So let us get started. 8 00:00:41,340 --> 00:00:47,580 We will open our bash file using excessive for DB e.g. 9 00:00:57,870 --> 00:01:02,500 then we will press F nine to go to the entry point. 10 00:01:06,480 --> 00:01:14,530 Next we will scroll down and look for our patch on a patch. 11 00:01:14,520 --> 00:01:19,360 The gem instruction with two piece. 12 00:01:19,580 --> 00:01:28,420 So now we need the program to stop at the correct place and is still a seating issue passed there. 13 00:01:28,910 --> 00:01:40,150 So how do we make the program pass instead of seating so the tip I gave you was to use jam so here is 14 00:01:40,150 --> 00:01:46,480 the solution after the program runs in cost. 15 00:01:46,510 --> 00:01:55,890 This uh instruction if we show the flag and we want the flag to keep on showing instead of a seating 16 00:01:55,890 --> 00:02:02,940 so why we need to do is that it must prevent a session from continuing. 17 00:02:02,940 --> 00:02:06,490 How do we prevent a session continuing. 18 00:02:06,510 --> 00:02:10,970 One way is to use a jam over here. 19 00:02:12,220 --> 00:02:17,440 We can assemble a jam here to return to the previous instruction. 20 00:02:18,380 --> 00:02:23,800 Over and over again in a tight loop so it will keep on looping. 21 00:02:24,140 --> 00:02:32,730 If I put a jam to the previous address top here when it comes to this live instruction you agenda on 22 00:02:32,740 --> 00:02:36,560 top so let's try. 23 00:02:36,570 --> 00:02:46,760 So now I will assemble the jam instruction at this address this double create or express spacebar to 24 00:02:46,760 --> 00:02:57,330 open the assemble dialog make sure this is checked and here we are going to jam to this address. 25 00:02:57,330 --> 00:02:59,410 The address just before leave. 26 00:02:59,490 --> 00:03:01,320 So we should copy this address. 27 00:03:01,380 --> 00:03:14,810 Let me close this first and copy this address so select this address rightly copy select address now 28 00:03:15,230 --> 00:03:22,970 come down to the living structure and press spacebar or double T and type J. 29 00:03:23,120 --> 00:03:34,750 And B unconditional and jam and a rightly can paste address issue copy up here no it is that you get 30 00:03:34,750 --> 00:03:36,720 an error in very state. 31 00:03:37,420 --> 00:03:47,500 What you need to do is a pretty pen zero axing front zero eyes is a symbol for hex decimal. 32 00:03:47,830 --> 00:03:57,200 So you need to put your eyes in front to tell the assembler that you are using hexadecimal. 33 00:03:57,510 --> 00:04:00,980 Then make sure this is Czech and then click Okay. 34 00:04:00,980 --> 00:04:07,100 So notice we are jumping to this address whenever we come in here. 35 00:04:07,150 --> 00:04:13,870 We jump to the previous address click OK and entry X to close the assembler. 36 00:04:13,870 --> 00:04:22,570 So now we have modified our leave instruction to jump to previous address and it has also feeling the 37 00:04:22,570 --> 00:04:25,400 extra bytes if knobs. 38 00:04:25,420 --> 00:04:34,670 So this is important to maintain the size of the of the program so whenever it comes here you jumped 39 00:04:34,750 --> 00:04:40,100 the previous line again and again repeatedly. 40 00:04:40,280 --> 00:04:44,690 So let us now create a new batch file. 41 00:04:44,870 --> 00:04:52,780 Press on F on the file and select pacifier and then click on Bashar. 42 00:04:52,910 --> 00:05:05,630 Button now select and you knew for how far it best to the easy safe 43 00:05:08,710 --> 00:05:16,420 and you can close the data and now look the new batch to open it. 44 00:05:19,150 --> 00:05:21,220 Press F nine. 45 00:05:21,250 --> 00:05:27,730 Go to entry point and notice this time you don't have her any bricks. 46 00:05:27,920 --> 00:05:28,910 Just go ahead. 47 00:05:28,910 --> 00:05:38,330 Press the F nine to run and you can see the program did not exit is it open. 48 00:05:38,460 --> 00:05:45,150 So you have solve the challenge now let us try to test it from the command line. 49 00:05:47,200 --> 00:05:49,000 So we open come online 50 00:05:52,340 --> 00:05:58,410 idea are too low key and you push too far and try to run it from here. 51 00:06:04,090 --> 00:06:04,840 Press enter 52 00:06:07,940 --> 00:06:11,980 and you can see the program stay open. 53 00:06:12,140 --> 00:06:18,610 Up AC so this is how we can best the fire using and jam. 54 00:06:18,730 --> 00:06:21,450 So if you wanted to see the file you just close it 55 00:06:25,340 --> 00:06:25,720 so. 56 00:06:25,730 --> 00:06:26,480 Same thing here. 57 00:06:26,550 --> 00:06:29,730 Even I see the far the yes and the debugger. 58 00:06:30,410 --> 00:06:43,870 So once again when you want a special file you have a jump first you get the address get the address. 59 00:06:43,870 --> 00:06:50,600 You want to jump to so the address you want to jump to is here so once you get the address that you 60 00:06:50,600 --> 00:06:52,330 want to jump to you. 61 00:06:52,380 --> 00:07:03,410 Just assembly using a new instruction jump followed by 0 x in front to indicate is hexadecimal and then 62 00:07:03,410 --> 00:07:11,350 you base your address on the one instruction before it and then make sure this is check. 63 00:07:11,570 --> 00:07:14,130 Okay so that is all. 64 00:07:14,420 --> 00:07:17,330 So thank you for watching. 65 00:07:17,420 --> 00:07:20,500 In this lesson we have learned how to best jumps. 66 00:07:21,200 --> 00:07:24,630 How to best file if demonstrations. 67 00:07:24,790 --> 00:07:26,300 I'll see you in the next lesson.