GDB is a short for GNU debugger. Almost all *nix OSes comes with it. So if you are playing a ctf or want to debug something quickly GDB is the way. Today we are going to learn gdb by disassembling a simple program. A picoCTF 2018 problem. File is here. We have to get the flag out.
To start we have to make the downloaded application able to run. So in the terminal go where you saved your file and run this command.
chmod +x <application name> and then we can start gdb by gdb <application name>
Its a 64bit linux application so make sure you have 64bit version of os installed. (everybody is 64bit mostly)
And we will be greeted like this.
Then you can type run to execute the program. Now we will see what it does.
Seems it in the buffer. In the memory, if we can stop the program before it exits and read memory somehow at that point we might get the flag. Let’s try to do that.
Before that let’s get things a little spicy. Did you know you can have a fancy GUI in gdb?Well, you can. Type tui enable in the prompt and you may find this.
As you can see we have nothing interesting there. It just says source not available because there is no source file present. But if you create a simple hello world program in c or anything and keeping the file name the same on both source file and we can see the source by following this guide here.
Since we don’t have source we can switch the display to something informational. Like assembly display. That would be nice. To do that we can type.
(gdb) layout asm
It seems nice and you can use either arrow keys or page up and down to navigate the asm. The white line indicates that perticular window is focused now. If you want to change the focus type fs next/prev.
As we can see the assembly code we can decode some information about the control flow of the program. And try to stop where it is necessary. We will use breakpoints for this. It’s vital tool in software development when you have a bug to fix or trace a error. To set up breakpoints you will have to type.
(gdb) b <place to stop>
As we can read the asm we can stop whenever we like. let’s find someplace to stop the program.
Type b main+65 (short for breakpoint main+65) and see what happens with typing r (short for run).
We can delete the created breakpoint because we don’t need it. Type info breakpoint or ( i b ). And we will see the current breakpoints with the index number. To delete type delete <number> in the prompt.
And we will set the breakpoint in main function that exists. I tried it to narrow it down. But google isn’t helping me. If you know just type it in the comment section. But for now let’s put the breakpoint in main.
(gdb) b main and run it with r . Soon you will be stopped at the breakpoint. We will run the program step by step until we find something interesting like this. To step instructions we use stepti ( or si ). And we can step though instructions. In the asm layout we can see that it highlights the current instruction it runs. So it is easier to keep track on what we are running. after couple hundred of instructions I came upon this.
We came upon this. decrypt flag. As you remember after this program exits. So it’s important that we stop now. You can see I have run a command backtrace. It shows us current state of stack. As for now current function is ??( ) and it was invoked with decrypt_flag( ) which was invoked with main( ) . Like that we can trace the stack. Hence backtrace. 😀
I need to see the buffer now. That must be where the flag exist.
A little bit of tricks I learned as I searched are…
finish– jumps to the end of the function. Very useful in long debugging.- You can put breakpoints in any function as in the name of the function in the left corner without
+number info proc mappingsyou can find the location of your stack and heap.printf "%s", (char*) flag_buf. It should print the flag in the buffer. I was surpriced by the printf.x/s <location>prints the locations data as a string.s = string. There were couple more other arguments to print it as a char,int etc.- To run GDB with arguments/ file redirections we can use
run < fileorrun arg1 arg2
Finally figured it out with this command.
Let’s meet with another post for more knowledge.
Sala's Blog 
One thought on “Quick intro to GDB”