Posts

Showing posts from July, 2019

Simplest Fibonacci Assembly Code

Image
Tl;Dr There is an insanely cool, simple and elegant way to calculate Fibonacci numbers in assembly using only 2 opcodes!

Full disclosure: this post is inspired by chapter two of the book "xchg rax, rax".
Fibonacci Numbers Just a simple review: Fibonacci Numbers are calculated with the formula below.


So for example to get the 3'rd Fibonacci number, we need to sum the 2nd and 1st Fibonacci numbers.
The Code ๐Ÿ‘จ‍๐Ÿ’ป๐Ÿ‘ฉ‍๐Ÿ’ป Behold! Below is the most elegant code you will ever see for in assembly


Source available here.
Explanation๐Ÿง  The magic happens in the XADD opcode which is an "xchg (exchange)" and "add"  operation in one opcode. It works exactly as you would expect: first exchange the two operands, and then add them saving the result to the first operand. Official Intel documentation here.

Next, the "loop" opcode changes the code flow to jump back and re-execute the xadd opcode multiple times.
Understanding ✔ To completely understand why and ho…

Serv-U CVE-2019-12181 Patch Analysis

Image
TL;DR ๐Ÿ‘“ The patch in Serv-U FTP server version 15.1.7 that fixes my vulnerability (CVE-2019-12181), does so properly. Continue reading to for a walkthrough of the patch analysis.

This blog post depends on knowledge and context from this blog post, please read it before continuing.
Motivation ๐Ÿง  I was told by a smart and trusted @yoavalon that failed patches are a norm in our industry, and I should therefore ensure the vulnerability I found is properly fixed in the latest allegedly safe version of the program.
Potentially Inadequate Fixes ๐Ÿ‘Ž It is possible (and depending on the security mindset of the company, maybe even probable) to unsuccessfully fix a vulnerability or even introduce a new vulnerability in a patch. For example, if some filtering logic is added to block malicious input from the user, it is worth ensuring the filter can't be bypassed.

Analysis Process ๐Ÿ”ฌ The first thing I did was check if my initial POC code worked on the patched Serv-U 15.1.7. Thankfully it didn…