This is an entry for the HoneyNet Reverse Challenge.

Entrant: Dion Mendel
email: [email protected]
Country: Australia

Required Deliverables:

File Description
index.html This file
timestamp.html Timestamp of MD5 checksums of all files listed and submitted
summary.html The summary for a non-technical audience, such as management or media.
advisory.html Advisory for a technical audience, such as administrators and incident handlers within an organization.
analysis.html Details showing how the analysis was obtained, showing tools and methods used.
answers.html Answers to the questions.
costs.html Incident cost-estimate.
files/bin/decoder Decoder required by question 3.
bonus.html Answers to the bonus questions.

Additional files included:

Tools used in disassembly / decompilation

File Description
files/bin/search_static Searches a statically linked executable for object files
files/bin/elfgrep.c Component used by search_static
files/bin/elfgrep_fixup Component used by search_static
files/bin/gensymbols Generates a symbol table from object files found by search_static
files/bin/gendump Generates a disassembly listing of an executable
files/bin/decomp_fixup_signs Filters a disassembly listing from gendump by changing unsigned values to signed
files/bin/decomp_insert_symbols Filters a disassembly listing from gendump by inserting symbols generated by gensymbols
files/bin/decomp_strip Filters a disassembly listing from gendump by removing library code found by search_static
files/bin/decomp_xref_data Filters a disassembly listing from gendump by providing cross references to data in the .rodata section
files/bin/decomp_xref_jumps Filters a disassembly listing from gendump by providing cross references to conditional and unconditional jumps

Data generated during disassembly (referred to in the analysis)

File Description
files/rh_5.3.12-8.out Results of searching for object files from RedHat 4.0 libc5
files/rh_5.3.12-17.out Results of searching for object files from RedHat 4.1 libc5
files/rh_5.3.12-18.2.out Results of searching for object files from RedHat 4.2 libc5
files/rh_5.3.12-18.5.out Results of searching for object files from RedHat 4.2 libc5
files/slackware3.1.out Results of searching for object files from Slackware 3.1 libc5
files/object_files Listing of object files from Slackware 3.1 libc5 after manual conflict resolution
files/symbols Regenerated symbol table from object_files listing
files/symbols.modified Hand modified version of symbols
files/dump4 Disassembly listing after applying some of the decomp_* filters
files/dump5 Disassembly listing after applying all of the decomp_* filters
files/dummy.dump Disassembly listing of simple test program

C source files

File Description
files/the-binary.c Decompiled version of the-binary
files/jolt2.c Original source of an attack method used by the-binary
files/handler.c Control program written to control the-binary

Other files

File Description
files/snort.log Supplied packet capture data used to test the decoder for question 3
files/slackware3.1/libc.a.gz libc 5 object files from Slackware 3.1 used in analysis (compressed)
files/slackware3.1/libgcc.a.gz gcc 2.7.2 object files from Slackware 3.1 used in analysis (compressed)