Site updated: 2019-07-10 17:03:27
This commit is contained in:
parent
a6903c7ff7
commit
cfd2f6b90b
@ -548,7 +548,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -570,7 +570,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -641,7 +641,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -720,7 +720,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -742,7 +742,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -829,7 +829,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -622,7 +622,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -644,7 +644,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -731,7 +731,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -622,7 +622,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -644,7 +644,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -731,7 +731,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
File diff suppressed because one or more lines are too long
@ -585,7 +585,7 @@ Server -------wire----------|
|
|||||||
<li><strong>连接(四元组)推断:</strong> 每一轮使用30个重复包测试一个端口,如果端口号正确,就会发现RTT大幅增加。如果还要完成 <strong><em>web缓存投毒</em></strong> ,还需要傀儡初始化连接来协助,根据系统不同,有不同的端口选择算法可以优化:<strong><em>windows&macOS</em></strong> 使用全局和顺序端口分配策略为其TCP连接选择短暂的端口号,这意味着攻击者可以在观察到与恶意Web服务器的初始连接后推断出要使用的下一个端口号,这完全消除了对端口号推断的需要。<strong><em>NAT</em></strong> 端口保留,不需要关心外部端口被转换成不可预知的内部端口。<strong><em>来自同一域名的多个IP地址</em></strong>,这意味着攻击者需要付出更大的代价来推断端口号。</li>
|
<li><strong>连接(四元组)推断:</strong> 每一轮使用30个重复包测试一个端口,如果端口号正确,就会发现RTT大幅增加。如果还要完成 <strong><em>web缓存投毒</em></strong> ,还需要傀儡初始化连接来协助,根据系统不同,有不同的端口选择算法可以优化:<strong><em>windows&macOS</em></strong> 使用全局和顺序端口分配策略为其TCP连接选择短暂的端口号,这意味着攻击者可以在观察到与恶意Web服务器的初始连接后推断出要使用的下一个端口号,这完全消除了对端口号推断的需要。<strong><em>NAT</em></strong> 端口保留,不需要关心外部端口被转换成不可预知的内部端口。<strong><em>来自同一域名的多个IP地址</em></strong>,这意味着攻击者需要付出更大的代价来推断端口号。</li>
|
||||||
<li><strong>序列号推断:</strong> 通过利用时序侧信道来判断是否存在相应的响应,从而将窗口序列号与窗外序列号区分开来。一旦我们得到一个 <strong><em>窗口内序列号</em></strong>,通过进行二分搜索进一步将序列号空间缩小到单个值 <strong><em>RCV.NXT</em></strong>。如果还要使用傀儡建立的连接发起web缓存投毒,可以进一步优化:<strong><em>增大接收窗口的大小</em></strong>,可以减少猜测的迭代次数,通常可以放大到500000(之前是65535),而且根据RFC793,窗口放大之后就永远不会缩小。<br><img src="./9-序列号推断.PNG" alt></li>
|
<li><strong>序列号推断:</strong> 通过利用时序侧信道来判断是否存在相应的响应,从而将窗口序列号与窗外序列号区分开来。一旦我们得到一个 <strong><em>窗口内序列号</em></strong>,通过进行二分搜索进一步将序列号空间缩小到单个值 <strong><em>RCV.NXT</em></strong>。如果还要使用傀儡建立的连接发起web缓存投毒,可以进一步优化:<strong><em>增大接收窗口的大小</em></strong>,可以减少猜测的迭代次数,通常可以放大到500000(之前是65535),而且根据RFC793,窗口放大之后就永远不会缩小。<br><img src="./9-序列号推断.PNG" alt></li>
|
||||||
<li><p><strong>TCP劫持:</strong> 通过劫持傀儡初始化的连接,可以简化web缓存投毒的过程。三个os在ACK验证上都不符合规范,所以各自处理情况也不同——<strong><em>windows</em></strong>:客户端必须持续发送请求以防止ACK接收窗口仅为一个字节,这要求攻击者必须能准确预期下一个序列号并解决大量流量带来的噪声。<br>因此,作者设计了一种新策略,该策略利用处理重叠数据的TCP行为和处理损坏的HTTP响应的浏览器行为——在Windows主机上缓冲的攻击者注入数据可能会破坏来自服务器的真实HTTP响应。 <strong><em>(1)注入</em></strong>,傀儡不断从服务器上请求脚本,而攻击者发送2^23/|wnd|个欺骗性数据包,这些包的窗口序列号与RCV.NXT加上偏移量相匹配,其中|wnd|为ack接收窗口大小,第i个数据包的ACK号为i*|wnd|,payload为</p>
|
<li><p><strong>TCP劫持:</strong> 通过劫持傀儡初始化的连接,可以简化web缓存投毒的过程。三个os在ACK验证上都不符合规范,所以各自处理情况也不同——<strong><em>windows</em></strong>:客户端必须持续发送请求以防止ACK接收窗口仅为一个字节,这要求攻击者必须能准确预期下一个序列号并解决大量流量带来的噪声。<br>因此,作者设计了一种新策略,该策略利用处理重叠数据的TCP行为和处理损坏的HTTP响应的浏览器行为——在Windows主机上缓冲的攻击者注入数据可能会破坏来自服务器的真实HTTP响应。 <strong><em>(1)注入</em></strong>,傀儡不断从服务器上请求脚本,而攻击者发送2^23/|wnd|个欺骗性数据包,这些包的窗口序列号与RCV.NXT加上偏移量相匹配,其中|wnd|为ack接收窗口大小,第i个数据包的ACK号为i*|wnd|,payload为</p>
|
||||||
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">websocket.send(|wnd|*i)</span><br></pre></td></tr></table></figure>
|
<figure class="highlight coq"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">websocket.send(|<span class="type">wnd</span>|<span class="type">*i</span>)</span><br></pre></td></tr></table></figure>
|
||||||
<p> 因此,这些数据包中包含有效ACK号的一个包将被缓冲,并破坏真实的HTTP响应头。浏览器执行注入的脚本时,它将通过websocket发送猜测的ACK号,提供有效的窗口内ACK号。<br><img src="./9-http注入.PNG" alt><br><strong><em>(2)利用</em></strong>,由于客户端已经接受了额外的欺骗payload,推进了其预期的序列号,因此客户端和服务器实际上已经被去同步。攻击者现在可以简单地发送欺骗性响应(知道预期的序列号和有效的ACK号)。如果我们只想执行一次性注入,只需用恶意脚本替换第一步中的payload就足够了。<br>此外,针对Windows的注入步骤存在更加通用的替代策略,不依赖于浏览器行为。 具体来说,由于HTTP响应的前几个字节是可预先确定的(即HTTP),不破坏真实的响应,而是覆盖标题和正文以形成合法但恶意的响应。 在这种情况下,浏览器将完全忘记注入的存在。 这表明一旦序列号泄露,就存在各种方法来有效地将数据注入浏览器,而不用进行基于时间信道的慢得多的ACK号推断。</p>
|
<p> 因此,这些数据包中包含有效ACK号的一个包将被缓冲,并破坏真实的HTTP响应头。浏览器执行注入的脚本时,它将通过websocket发送猜测的ACK号,提供有效的窗口内ACK号。<br><img src="./9-http注入.PNG" alt><br><strong><em>(2)利用</em></strong>,由于客户端已经接受了额外的欺骗payload,推进了其预期的序列号,因此客户端和服务器实际上已经被去同步。攻击者现在可以简单地发送欺骗性响应(知道预期的序列号和有效的ACK号)。如果我们只想执行一次性注入,只需用恶意脚本替换第一步中的payload就足够了。<br>此外,针对Windows的注入步骤存在更加通用的替代策略,不依赖于浏览器行为。 具体来说,由于HTTP响应的前几个字节是可预先确定的(即HTTP),不破坏真实的响应,而是覆盖标题和正文以形成合法但恶意的响应。 在这种情况下,浏览器将完全忘记注入的存在。 这表明一旦序列号泄露,就存在各种方法来有效地将数据注入浏览器,而不用进行基于时间信道的慢得多的ACK号推断。</p>
|
||||||
</li>
|
</li>
|
||||||
</ul>
|
</ul>
|
||||||
@ -750,7 +750,7 @@ Server -------wire----------|
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -772,7 +772,7 @@ Server -------wire----------|
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -859,7 +859,7 @@ Server -------wire----------|
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -399,7 +399,7 @@
|
|||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="字数统计">
|
<span title="字数统计">
|
||||||
143 字
|
127 字
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
|
|
||||||
@ -436,7 +436,7 @@
|
|||||||
|
|
||||||
<h1 id="qq数据库采用简单加密——异或加密"><a href="#qq数据库采用简单加密——异或加密" class="headerlink" title="qq数据库采用简单加密——异或加密"></a>qq数据库采用简单加密——异或加密</h1><h2 id="数据获取:"><a href="#数据获取:" class="headerlink" title="数据获取:"></a>数据获取:</h2><p>DENGTA_META.xml—IMEI:867179032952446<br>databases/2685371834.db——数据库文件</p>
|
<h1 id="qq数据库采用简单加密——异或加密"><a href="#qq数据库采用简单加密——异或加密" class="headerlink" title="qq数据库采用简单加密——异或加密"></a>qq数据库采用简单加密——异或加密</h1><h2 id="数据获取:"><a href="#数据获取:" class="headerlink" title="数据获取:"></a>数据获取:</h2><p>DENGTA_META.xml—IMEI:867179032952446<br>databases/2685371834.db——数据库文件</p>
|
||||||
<h2 id="解密方式:"><a href="#解密方式:" class="headerlink" title="解密方式:"></a>解密方式:</h2><p>明文msg_t 密文msg_Data key:IMEI<br>msg_t = msg_Data[i]^IMEI[i%15]</p>
|
<h2 id="解密方式:"><a href="#解密方式:" class="headerlink" title="解密方式:"></a>解密方式:</h2><p>明文msg_t 密文msg_Data key:IMEI<br>msg_t = msg_Data[i]^IMEI[i%15]</p>
|
||||||
<h2 id="实验:"><a href="#实验:" class="headerlink" title="实验:"></a>实验:</h2><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br></pre></td><td class="code"><pre><span class="line">import sqlite3</span><br><span class="line"></span><br><span class="line">IMEI = '867179032952446'</span><br><span class="line">conn = sqlite3.connect('2685371834.db')</span><br><span class="line">c = conn.cursor()</span><br><span class="line"></span><br><span class="line">def _decrypt(foo):</span><br><span class="line"> substr = ''</span><br><span class="line"> #print(len(foo))</span><br><span class="line"> for i in range(0,len(foo)):</span><br><span class="line"> substr += chr(ord(foo[i]) ^ ord(IMEI[i%15]))</span><br><span class="line"> return substr</span><br><span class="line"></span><br><span class="line">#rem = c.execute("SELECT uin, remark, name FROM Friends")</span><br><span class="line">Msg = c.execute("SELECT msgData, senderuin, time FROM mr_friend_0FC9764CD248C8100C82A089152FB98B_New")</span><br><span class="line"></span><br><span class="line">for msg in Msg:</span><br><span class="line"> uid = _decrypt(msg[1])</span><br><span class="line"> print("\n"+uid+":")</span><br><span class="line"> try:</span><br><span class="line"> msgData = _decrypt(msg[0]).decode('utf-8')</span><br><span class="line"> print(msgData)</span><br><span class="line"> except:</span><br><span class="line"> pass</span><br></pre></td></tr></table></figure>
|
<h2 id="实验:"><a href="#实验:" class="headerlink" title="实验:"></a>实验:</h2><figure class="highlight python"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br><span class="line">15</span><br><span class="line">16</span><br><span class="line">17</span><br><span class="line">18</span><br><span class="line">19</span><br><span class="line">20</span><br><span class="line">21</span><br><span class="line">22</span><br><span class="line">23</span><br><span class="line">24</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">import</span> sqlite3</span><br><span class="line"></span><br><span class="line">IMEI = <span class="string">'867179032952446'</span></span><br><span class="line">conn = sqlite3.connect(<span class="string">'2685371834.db'</span>)</span><br><span class="line">c = conn.cursor()</span><br><span class="line"></span><br><span class="line"><span class="function"><span class="keyword">def</span> <span class="title">_decrypt</span><span class="params">(foo)</span>:</span></span><br><span class="line"> substr = <span class="string">''</span></span><br><span class="line"> <span class="comment">#print(len(foo))</span></span><br><span class="line"> <span class="keyword">for</span> i <span class="keyword">in</span> range(<span class="number">0</span>,len(foo)):</span><br><span class="line"> substr += chr(ord(foo[i]) ^ ord(IMEI[i%<span class="number">15</span>]))</span><br><span class="line"> <span class="keyword">return</span> substr</span><br><span class="line"></span><br><span class="line"><span class="comment">#rem = c.execute("SELECT uin, remark, name FROM Friends")</span></span><br><span class="line">Msg = c.execute(<span class="string">"SELECT msgData, senderuin, time FROM mr_friend_0FC9764CD248C8100C82A089152FB98B_New"</span>)</span><br><span class="line"></span><br><span class="line"><span class="keyword">for</span> msg <span class="keyword">in</span> Msg:</span><br><span class="line"> uid = _decrypt(msg[<span class="number">1</span>])</span><br><span class="line"> print(<span class="string">"\n"</span>+uid+<span class="string">":"</span>)</span><br><span class="line"> <span class="keyword">try</span>:</span><br><span class="line"> msgData = _decrypt(msg[<span class="number">0</span>]).decode(<span class="string">'utf-8'</span>)</span><br><span class="line"> print(msgData)</span><br><span class="line"> <span class="keyword">except</span>:</span><br><span class="line"> <span class="keyword">pass</span></span><br></pre></td></tr></table></figure>
|
||||||
<h2 id="结果"><a href="#结果" class="headerlink" title="结果"></a>结果</h2><p><img src="https://res.cloudinary.com/dozyfkbg3/image/upload/v1552728077/qq.png" alt></p>
|
<h2 id="结果"><a href="#结果" class="headerlink" title="结果"></a>结果</h2><p><img src="https://res.cloudinary.com/dozyfkbg3/image/upload/v1552728077/qq.png" alt></p>
|
||||||
|
|
||||||
|
|
||||||
@ -599,7 +599,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -621,7 +621,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -708,7 +708,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -397,7 +397,7 @@
|
|||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="字数统计">
|
<span title="字数统计">
|
||||||
690 字
|
686 字
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
|
|
||||||
@ -432,15 +432,15 @@
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
<h1 id="小米固件工具mkxqimage"><a href="#小米固件工具mkxqimage" class="headerlink" title="小米固件工具mkxqimage"></a>小米固件工具mkxqimage</h1><p>小米自己改了个打包解包固件的工具,基于 trx 改的(本质上还是 trx 格式),加了 RSA 验证和解包功能,路由系统里自带:<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">Usage:</span><br><span class="line">mkxqimg [-o outfile] [-p private_key] [-f file] [-f file [-f file [-f file ]]]</span><br><span class="line"> [-x file]</span><br><span class="line"> [-I]</span><br></pre></td></tr></table></figure></p>
|
<h1 id="小米固件工具mkxqimage"><a href="#小米固件工具mkxqimage" class="headerlink" title="小米固件工具mkxqimage"></a>小米固件工具mkxqimage</h1><p>小米自己改了个打包解包固件的工具,基于 trx 改的(本质上还是 trx 格式),加了 RSA 验证和解包功能,路由系统里自带:<br><figure class="highlight inform7"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">Usage:</span><br><span class="line">mkxqimg <span class="comment">[-o outfile]</span> <span class="comment">[-p private_key]</span> <span class="comment">[-f file]</span> <span class="comment">[-f file <span class="comment">[-f file <span class="comment">[-f file ]</span>]</span>]</span></span><br><span class="line"> <span class="comment">[-x file]</span></span><br><span class="line"> <span class="comment">[-I]</span></span><br></pre></td></tr></table></figure></p>
|
||||||
<h2 id="固件解包"><a href="#固件解包" class="headerlink" title="固件解包"></a>固件解包</h2><p>固件工具mkxqimage完成对固件的解包,在解包前先检查Checksum是否正确,然后利用RSA公钥/usr/share/xiaoqiang/public.pem检查RSA签名,这两个步骤通过后,根据[0x0C]的固件类型,以及[0x10]、[0x14]、[0x18]和[0x1C]的4个偏移量拆分固件。</p>
|
<h2 id="固件解包"><a href="#固件解包" class="headerlink" title="固件解包"></a>固件解包</h2><p>固件工具mkxqimage完成对固件的解包,在解包前先检查Checksum是否正确,然后利用RSA公钥/usr/share/xiaoqiang/public.pem检查RSA签名,这两个步骤通过后,根据[0x0C]的固件类型,以及[0x10]、[0x14]、[0x18]和[0x1C]的4个偏移量拆分固件。</p>
|
||||||
<h2 id="固件打包"><a href="#固件打包" class="headerlink" title="固件打包"></a>固件打包</h2><p>小米官方在打包固件时用RSA私钥计算出固件的RSA签名,小米路由器下载固件后用RSA公钥来验证RSA签名,有效地防止固件被篡改。</p>
|
<h2 id="固件打包"><a href="#固件打包" class="headerlink" title="固件打包"></a>固件打包</h2><p>小米官方在打包固件时用RSA私钥计算出固件的RSA签名,小米路由器下载固件后用RSA公钥来验证RSA签名,有效地防止固件被篡改。</p>
|
||||||
<h2 id="固件格式"><a href="#固件格式" class="headerlink" title="固件格式"></a><a href="http://www.iptvfans.cn/wiki/index.php/%E5%B0%8F%E7%B1%B3%E8%B7%AF%E7%94%B1%E5%99%A8%E5%9B%BA%E4%BB%B6%E5%88%86%E6%9E%90" target="_blank" rel="noopener">固件格式</a></h2><p>路由固件的格式,基本是基于 openwrt 的 trx 这个简单的二进制文件格式<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">48 44 52 30 63 D4 11 03 FE 3D 1A FD 05 00 02 00</span><br><span class="line">20 00 00 00 20 00 FE 00 00 00 00 00 00 00 00 00</span><br><span class="line">FF 04 00 EA 14 F0 9F E5 14 F0 9F E5 14 F0 9F E5</span><br></pre></td></tr></table></figure></p>
|
<h2 id="固件格式"><a href="#固件格式" class="headerlink" title="固件格式"></a><a href="http://www.iptvfans.cn/wiki/index.php/%E5%B0%8F%E7%B1%B3%E8%B7%AF%E7%94%B1%E5%99%A8%E5%9B%BA%E4%BB%B6%E5%88%86%E6%9E%90" target="_blank" rel="noopener">固件格式</a></h2><p>路由固件的格式,基本是基于 openwrt 的 trx 这个简单的二进制文件格式<br><figure class="highlight lsl"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line"><span class="number">48</span> <span class="number">44</span> <span class="number">52</span> <span class="number">30</span> <span class="number">63</span> D4 <span class="number">11</span> <span class="number">03</span> FE <span class="number">3</span>D <span class="number">1</span>A FD <span class="number">05</span> <span class="number">00</span> <span class="number">02</span> <span class="number">00</span></span><br><span class="line"><span class="number">20</span> <span class="number">00</span> <span class="number">00</span> <span class="number">00</span> <span class="number">20</span> <span class="number">00</span> FE <span class="number">00</span> <span class="number">00</span> <span class="number">00</span> <span class="number">00</span> <span class="number">00</span> <span class="number">00</span> <span class="number">00</span> <span class="number">00</span> <span class="number">00</span></span><br><span class="line">FF <span class="number">04</span> <span class="number">00</span> EA <span class="number">14</span> F0 <span class="number">9</span>F E5 <span class="number">14</span> F0 <span class="number">9</span>F E5 <span class="number">14</span> F0 <span class="number">9</span>F E5</span><br></pre></td></tr></table></figure></p>
|
||||||
<p>第1~4字节:ASCII字符串“HDR0”,作为固件的标识;<br>第5~8字节:4字节整型数0x0311D464,表示固件的大小:51500132字节;<br>第9~12字节:固件的检查和;<br>第13~14字节:0x0005,表示固件中包含哪些部分;<br>第15~16字节:0x0002,表示固件格式版本号;<br>第17~20字节:0x00000020,表示固件第一部分在整个固件中的偏移量,0.4.85固件的第一部分是brcm4709_nor.bin,也就是Flash中除0xfe0000-0xff0000的board_data外的全镜像;<br>第21~24字节:0x00FE0020,表示固件第二部分在整个固件中的偏移量,0.4.85固件的第二部分是root.ext4.lzma,也就是硬盘中128M固件的压缩包;<br>第33字节开始是固件的正式内容开始。</p>
|
<p>第1~4字节:ASCII字符串“HDR0”,作为固件的标识;<br>第5~8字节:4字节整型数0x0311D464,表示固件的大小:51500132字节;<br>第9~12字节:固件的检查和;<br>第13~14字节:0x0005,表示固件中包含哪些部分;<br>第15~16字节:0x0002,表示固件格式版本号;<br>第17~20字节:0x00000020,表示固件第一部分在整个固件中的偏移量,0.4.85固件的第一部分是brcm4709_nor.bin,也就是Flash中除0xfe0000-0xff0000的board_data外的全镜像;<br>第21~24字节:0x00FE0020,表示固件第二部分在整个固件中的偏移量,0.4.85固件的第二部分是root.ext4.lzma,也就是硬盘中128M固件的压缩包;<br>第33字节开始是固件的正式内容开始。</p>
|
||||||
<h2 id="小米开启ssh工具包"><a href="#小米开启ssh工具包" class="headerlink" title="小米开启ssh工具包"></a>小米开启ssh工具包</h2><p>使用mkxqimage解包<br>(现在会提示秘钥不存在)<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">error fopen public key</span><br><span class="line">Image verify failed, not formal image</span><br></pre></td></tr></table></figure></p>
|
<h2 id="小米开启ssh工具包"><a href="#小米开启ssh工具包" class="headerlink" title="小米开启ssh工具包"></a>小米开启ssh工具包</h2><p>使用mkxqimage解包<br>(现在会提示秘钥不存在)<br><figure class="highlight subunit"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"><span class="keyword">error </span>fopen public key</span><br><span class="line">Image verify failed, not formal image</span><br></pre></td></tr></table></figure></p>
|
||||||
<p>如果能解包应该可以得到脚本文件upsetting.sh</p>
|
<p>如果能解包应该可以得到脚本文件upsetting.sh</p>
|
||||||
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">#!/bin/sh</span><br><span class="line">nvram set ssh_en=1</span><br><span class="line">nvram set flag_init_root_pwd=1</span><br><span class="line">nvram commit</span><br></pre></td></tr></table></figure>
|
<figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">#!/bin/sh</span></span><br><span class="line">nvram <span class="built_in">set</span> ssh_en=1</span><br><span class="line">nvram <span class="built_in">set</span> flag_init_root_pwd=1</span><br><span class="line">nvram commit</span><br></pre></td></tr></table></figure>
|
||||||
<p>执行脚本文件upsetting.sh后,将ssh_en设置为1,同时设置了flag_init_root_pwd项。当正式启动时,/usr/sbin/boot_check脚本检测到flag_init_root_pwd=1时,自动修改root用户密码,具体脚本为:<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br></pre></td><td class="code"><pre><span class="line">flg_init_pwd=`nvram get flag_init_root_pwd`</span><br><span class="line">if [ "$flg_init_pwd" = "1" ]; then</span><br><span class="line"> init_pwd=`mkxqimage -I`</span><br><span class="line"> (echo $init_pwd; sleep 1; echo $init_pwd) | passwd root</span><br><span class="line"> nvram unset flag_init_root_pwd</span><br><span class="line"> nvram commit</span><br><span class="line">fi</span><br></pre></td></tr></table></figure></p>
|
<p>执行脚本文件upsetting.sh后,将ssh_en设置为1,同时设置了flag_init_root_pwd项。当正式启动时,/usr/sbin/boot_check脚本检测到flag_init_root_pwd=1时,自动修改root用户密码,具体脚本为:<br><figure class="highlight routeros"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br></pre></td><td class="code"><pre><span class="line"><span class="attribute">flg_init_pwd</span>=`nvram <span class="builtin-name">get</span> flag_init_root_pwd`</span><br><span class="line"><span class="keyword">if</span> [ <span class="string">"<span class="variable">$flg_init_pwd</span>"</span> = <span class="string">"1"</span> ]; then</span><br><span class="line"> <span class="attribute">init_pwd</span>=`mkxqimage -I`</span><br><span class="line"> (echo <span class="variable">$init_pwd</span>; sleep 1; echo <span class="variable">$init_pwd</span>) | passwd root</span><br><span class="line"> nvram unset flag_init_root_pwd</span><br><span class="line"> nvram commit</span><br><span class="line">fi</span><br></pre></td></tr></table></figure></p>
|
||||||
<p>初始密码是mkxqimage -I的结果,实际是根据路由器的序列号计算得到。路由器的序列号印在底盖上,12位数字,如:561000088888</p>
|
<p>初始密码是mkxqimage -I的结果,实际是根据路由器的序列号计算得到。路由器的序列号印在底盖上,12位数字,如:561000088888</p>
|
||||||
<p>初始密码计算算法为:</p>
|
<p>初始密码计算算法为:</p>
|
||||||
<p><code>substr(md5(SN+"A2E371B0-B34B-48A5-8C40-A7133F3B5D88"), 0, 8)</code></p>
|
<p><code>substr(md5(SN+"A2E371B0-B34B-48A5-8C40-A7133F3B5D88"), 0, 8)</code></p>
|
||||||
@ -606,7 +606,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -628,7 +628,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -715,7 +715,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
@ -665,7 +665,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -687,7 +687,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -774,7 +774,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
@ -445,7 +445,7 @@
|
|||||||
</ol>
|
</ol>
|
||||||
<h2 id="IAT表修复"><a href="#IAT表修复" class="headerlink" title="IAT表修复"></a>IAT表修复</h2><p>为了确保操作系统将正确的API函数地址填充到IAT中,应该满足一下几点要求:<br>1:可执行文件各IAT项所在的文件偏移处必须是一个指针,指向一个字符串。<br>2:该字符串为API函数的名称。<br>如果这两项满足,就可以确保程序在启动时,操作系统会将正确的API函数地址填充到IAT中。<br>假如,我们当前位于被加壳程序的OEP处,我们接下来可以将程序dump出来,但是在dump之前我们必须修复IAT,为什么要修复IAT呢?难道壳将IAT破坏了吗?对,的确是这样,壳压根不需要原程序的IAT,因为被加壳程序首先会执行解密例程,读取IAT中所需要的API的名称指针,然后定位到API函数地址,将其填入到IAT中,这个时候,IAT中已经被填充了正确的API函数地址,对应的API函数名称的字符串已经不需要了,可以清除掉。<br>大部分的壳会将API函数名称对应的字符串以密文的形式保存到某个地址处,让Cracker们不能那么容易找到它们。</p>
|
<h2 id="IAT表修复"><a href="#IAT表修复" class="headerlink" title="IAT表修复"></a>IAT表修复</h2><p>为了确保操作系统将正确的API函数地址填充到IAT中,应该满足一下几点要求:<br>1:可执行文件各IAT项所在的文件偏移处必须是一个指针,指向一个字符串。<br>2:该字符串为API函数的名称。<br>如果这两项满足,就可以确保程序在启动时,操作系统会将正确的API函数地址填充到IAT中。<br>假如,我们当前位于被加壳程序的OEP处,我们接下来可以将程序dump出来,但是在dump之前我们必须修复IAT,为什么要修复IAT呢?难道壳将IAT破坏了吗?对,的确是这样,壳压根不需要原程序的IAT,因为被加壳程序首先会执行解密例程,读取IAT中所需要的API的名称指针,然后定位到API函数地址,将其填入到IAT中,这个时候,IAT中已经被填充了正确的API函数地址,对应的API函数名称的字符串已经不需要了,可以清除掉。<br>大部分的壳会将API函数名称对应的字符串以密文的形式保存到某个地址处,让Cracker们不能那么容易找到它们。</p>
|
||||||
<h1 id="压缩壳"><a href="#压缩壳" class="headerlink" title="压缩壳"></a>压缩壳</h1><p>压缩壳的特点就是减小软件的体积,加密保护不是重点。目前,兼容性和稳定性较好的压缩壳有UPX、ASPack、PECompact等。</p>
|
<h1 id="压缩壳"><a href="#压缩壳" class="headerlink" title="压缩壳"></a>压缩壳</h1><p>压缩壳的特点就是减小软件的体积,加密保护不是重点。目前,兼容性和稳定性较好的压缩壳有UPX、ASPack、PECompact等。</p>
|
||||||
<h2 id="UPX"><a href="#UPX" class="headerlink" title="UPX"></a><a href="https://upx.github.io/" target="_blank" rel="noopener">UPX</a></h2><p>UPX-the Ultimate Packer for eXecutables是以命令行方式操作的可执行文件压缩程序。<br>UPX早期的压缩引擎是有UPX自己实现的,其3.x版本也支持LZMA第三方压缩引擎。UPX除了对目标程序进行压缩,也可以解压缩。它不包含任何反调试或保护策略。另外,UPX保护工具UPXPR、UPX-sCRAMBLER等可修改UPX加壳标志,使其自解压功能失效。<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">Usage: upx [-123456789dlthVL] [-qvfk] [-o file] file</span><br></pre></td></tr></table></figure></p>
|
<h2 id="UPX"><a href="#UPX" class="headerlink" title="UPX"></a><a href="https://upx.github.io/" target="_blank" rel="noopener">UPX</a></h2><p>UPX-the Ultimate Packer for eXecutables是以命令行方式操作的可执行文件压缩程序。<br>UPX早期的压缩引擎是有UPX自己实现的,其3.x版本也支持LZMA第三方压缩引擎。UPX除了对目标程序进行压缩,也可以解压缩。它不包含任何反调试或保护策略。另外,UPX保护工具UPXPR、UPX-sCRAMBLER等可修改UPX加壳标志,使其自解压功能失效。<br><figure class="highlight accesslog"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">Usage: upx <span class="string">[-123456789dlthVL]</span> <span class="string">[-qvfk]</span> <span class="string">[-o file]</span> file</span><br></pre></td></tr></table></figure></p>
|
||||||
<h3 id="识别UPX加壳"><a href="#识别UPX加壳" class="headerlink" title="识别UPX加壳"></a>识别UPX加壳</h3><p>被加壳程序:点击按钮之后弹框</p>
|
<h3 id="识别UPX加壳"><a href="#识别UPX加壳" class="headerlink" title="识别UPX加壳"></a>识别UPX加壳</h3><p>被加壳程序:点击按钮之后弹框</p>
|
||||||
<ol>
|
<ol>
|
||||||
<li><p>导入函数很少<br>未加壳程序的导入函数:<br><img src="https://res.cloudinary.com/dozyfkbg3/image/upload/v1557817831/%E5%8A%A0%E5%A3%B3/1.png" alt><br>加壳后的导入函数:<br><img src="https://res.cloudinary.com/dozyfkbg3/image/upload/v1557817867/%E5%8A%A0%E5%A3%B3/2.png" alt></p>
|
<li><p>导入函数很少<br>未加壳程序的导入函数:<br><img src="https://res.cloudinary.com/dozyfkbg3/image/upload/v1557817831/%E5%8A%A0%E5%A3%B3/1.png" alt><br>加壳后的导入函数:<br><img src="https://res.cloudinary.com/dozyfkbg3/image/upload/v1557817867/%E5%8A%A0%E5%A3%B3/2.png" alt></p>
|
||||||
@ -463,7 +463,7 @@
|
|||||||
<li><p>熵值计算<br>压缩或加密数据更接近于随机数据,熵值更高。如使用PEiD计算熵值<br><img src="https://res.cloudinary.com/dozyfkbg3/image/upload/v1557821441/%E5%8A%A0%E5%A3%B3/6.png" alt><br>PEiD计算熵值的方法:<br>1.重新组织需要计算的数据<br>i.以下数据不列入计算熵的范围:导出表数据、导入表数据、资源数据、重定向数据。<br>ii. 尾部全0的数据不列入计算熵的范围。<br>iii. PE头不列入计算熵的范围。<br>2.分别计算每一部分数据的熵E和该部分数据大小S。<br>3.以下列公式得到整个PE文件的熵 Entropy = ∑Ei * Si / ∑Si (i = 1,2…n)。</p>
|
<li><p>熵值计算<br>压缩或加密数据更接近于随机数据,熵值更高。如使用PEiD计算熵值<br><img src="https://res.cloudinary.com/dozyfkbg3/image/upload/v1557821441/%E5%8A%A0%E5%A3%B3/6.png" alt><br>PEiD计算熵值的方法:<br>1.重新组织需要计算的数据<br>i.以下数据不列入计算熵的范围:导出表数据、导入表数据、资源数据、重定向数据。<br>ii. 尾部全0的数据不列入计算熵的范围。<br>iii. PE头不列入计算熵的范围。<br>2.分别计算每一部分数据的熵E和该部分数据大小S。<br>3.以下列公式得到整个PE文件的熵 Entropy = ∑Ei * Si / ∑Si (i = 1,2…n)。</p>
|
||||||
</li>
|
</li>
|
||||||
</ol>
|
</ol>
|
||||||
<h3 id="UPX手动脱壳"><a href="#UPX手动脱壳" class="headerlink" title="UPX手动脱壳"></a>UPX手动脱壳</h3><p>根据 <strong><em>栈平衡原理</em></strong> 寻找OEP<br>在编写加壳软件时,必须保证外壳初始化的现场环境(各寄存器值)与原程序的现场环境相同。因此,加壳程序在初始化时保存各寄存器的值,待外壳执行完毕后恢复寄存器的内容,最后跳转到原程序执行。通常用pushad(push eax/ecx/edx/ebx/esp/ebp/esi/edi)、popad来保存和恢复现场环境。<br>首先用Ollydbg加载已加壳的程序,起始代码如下:<br><img src="https://res.cloudinary.com/dozyfkbg3/image/upload/v1557836854/%E5%8A%A0%E5%A3%B3/7.png" alt><br>此时现场环境(寄存器值)如下:<br><img src="https://res.cloudinary.com/dozyfkbg3/image/upload/v1557837144/%E5%8A%A0%E5%A3%B3/8.png" alt><br>在执行pushad指令后,寄存器的值被压入栈中,如下所示:<br><img src="https://res.cloudinary.com/dozyfkbg3/image/upload/v1557837250/%E5%8A%A0%E5%A3%B3/9.png" alt><br>此时esp指向12FFA4h,对这个地址设置硬件访问断点,然后运行程序,在调用popad恢复现场环境时会访问12FFA4h,造成中断,此时离OEP已经不远了:<br><img src="https://res.cloudinary.com/dozyfkbg3/image/upload/v1557837519/%E5%8A%A0%E5%A3%B3/10.png" alt><br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">005B5155 .- E9 9506F4FF jmp carckUPX.004F57EF</span><br></pre></td></tr></table></figure></p>
|
<h3 id="UPX手动脱壳"><a href="#UPX手动脱壳" class="headerlink" title="UPX手动脱壳"></a>UPX手动脱壳</h3><p>根据 <strong><em>栈平衡原理</em></strong> 寻找OEP<br>在编写加壳软件时,必须保证外壳初始化的现场环境(各寄存器值)与原程序的现场环境相同。因此,加壳程序在初始化时保存各寄存器的值,待外壳执行完毕后恢复寄存器的内容,最后跳转到原程序执行。通常用pushad(push eax/ecx/edx/ebx/esp/ebp/esi/edi)、popad来保存和恢复现场环境。<br>首先用Ollydbg加载已加壳的程序,起始代码如下:<br><img src="https://res.cloudinary.com/dozyfkbg3/image/upload/v1557836854/%E5%8A%A0%E5%A3%B3/7.png" alt><br>此时现场环境(寄存器值)如下:<br><img src="https://res.cloudinary.com/dozyfkbg3/image/upload/v1557837144/%E5%8A%A0%E5%A3%B3/8.png" alt><br>在执行pushad指令后,寄存器的值被压入栈中,如下所示:<br><img src="https://res.cloudinary.com/dozyfkbg3/image/upload/v1557837250/%E5%8A%A0%E5%A3%B3/9.png" alt><br>此时esp指向12FFA4h,对这个地址设置硬件访问断点,然后运行程序,在调用popad恢复现场环境时会访问12FFA4h,造成中断,此时离OEP已经不远了:<br><img src="https://res.cloudinary.com/dozyfkbg3/image/upload/v1557837519/%E5%8A%A0%E5%A3%B3/10.png" alt><br><figure class="highlight maxima"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line"><span class="number">005B5155</span> .- E9 9506F4FF jmp carckUPX.<span class="number">004F57EF</span></span><br></pre></td></tr></table></figure></p>
|
||||||
<p>即为跳转到OEP的指令,设置断点,跟进到004F57EF,此时我们就来到了OEP。<br>dump和修复IAT表的工具很多。</p>
|
<p>即为跳转到OEP的指令,设置断点,跟进到004F57EF,此时我们就来到了OEP。<br>dump和修复IAT表的工具很多。</p>
|
||||||
<ol>
|
<ol>
|
||||||
<li>使用Ollydump进行程序脱壳和IAT表修复。<br><img src="https://res.cloudinary.com/dozyfkbg3/image/upload/v1557837859/%E5%8A%A0%E5%A3%B3/11.png" alt><br>使用PEiD检查,果然壳已经脱掉!</li>
|
<li>使用Ollydump进行程序脱壳和IAT表修复。<br><img src="https://res.cloudinary.com/dozyfkbg3/image/upload/v1557837859/%E5%8A%A0%E5%A3%B3/11.png" alt><br>使用PEiD检查,果然壳已经脱掉!</li>
|
||||||
@ -630,7 +630,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -652,7 +652,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -739,7 +739,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -468,8 +468,8 @@
|
|||||||
</table>
|
</table>
|
||||||
|
|
||||||
<hr>
|
<hr>
|
||||||
<h1 id="0x02-AFL快速入门"><a href="#0x02-AFL快速入门" class="headerlink" title="0x02 AFL快速入门"></a>0x02 <a href="http://lcamtuf.coredump.cx/afl/QuickStartGuide.txt" target="_blank" rel="noopener">AFL快速入门</a></h1><p>1)用<code>make</code>编译AFL。如果构建失败,请参阅docs / INSTALL以获取提示。<br>2)查找或编写一个相当快速和简单的程序,该程序从<strong><em>文件或标准输入</em></strong>中获取数据,以一种有价值的方式处理它,然后干净地退出。如果测试网络服务,请将其修改为在前台运行并从stdin读取。在对使用校验和的格式进行模糊测试时,也要注释掉校验和验证码。<br>遇到故障时,程序必须正常崩溃。注意自定义SIGSEGV或SIGABRT处理程序和后台进程。有关检测非崩溃缺陷的提示,请参阅<code>docs/README</code>中的第11节。<br>3)使用afl-gcc编译要模糊的程序/库。一种常见的方法是:<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">$ CC = /path/to/afl-gcc CXX =/path/to/afl-g++ ./configure --disable-shared</span><br><span class="line">$ make clean all</span><br></pre></td></tr></table></figure></p>
|
<h1 id="0x02-AFL快速入门"><a href="#0x02-AFL快速入门" class="headerlink" title="0x02 AFL快速入门"></a>0x02 <a href="http://lcamtuf.coredump.cx/afl/QuickStartGuide.txt" target="_blank" rel="noopener">AFL快速入门</a></h1><p>1)用<code>make</code>编译AFL。如果构建失败,请参阅docs / INSTALL以获取提示。<br>2)查找或编写一个相当快速和简单的程序,该程序从<strong><em>文件或标准输入</em></strong>中获取数据,以一种有价值的方式处理它,然后干净地退出。如果测试网络服务,请将其修改为在前台运行并从stdin读取。在对使用校验和的格式进行模糊测试时,也要注释掉校验和验证码。<br>遇到故障时,程序必须正常崩溃。注意自定义SIGSEGV或SIGABRT处理程序和后台进程。有关检测非崩溃缺陷的提示,请参阅<code>docs/README</code>中的第11节。<br>3)使用afl-gcc编译要模糊的程序/库。一种常见的方法是:<br><figure class="highlight elixir"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"><span class="variable">$ </span>CC = <span class="regexp">/path/to</span><span class="regexp">/afl-gcc CXX =/path</span><span class="regexp">/to/afl</span>-g++ ./configure --disable-shared</span><br><span class="line"><span class="variable">$ </span>make clean all</span><br></pre></td></tr></table></figure></p>
|
||||||
<p>如果程序构建失败,请联系 <a href="mailto:afl-users@googlegroups.com" target="_blank" rel="noopener">afl-users@googlegroups.com</a>。<br>4)获取一个对程序有意义的小而有效的输入文件。在模糊详细语法(SQL,HTTP等)时,也要创建字典,如<code>dictionaries/README.dictionaries</code>中所述。<br>5)如果程序从stdin读取,则运行<code>afl-fuzz</code>,如下所示:<br><code>./afl-fuzz -i testcase_dir -o findings_dir -- /path/to/tested/program [... program's cmdline ...]</code><br> 如果程序从文件中获取输入,则可以在程序的命令行中输入@@; AFL会为您放置一个自动生成的文件名。</p>
|
<p>如果程序构建失败,请联系 <a href="mailto:afl-users@googlegroups.com" target="_blank" rel="noopener">afl-users@googlegroups.com</a>。<br>4)获取一个对程序有意义的小而有效的输入文件。在模糊详细语法(SQL,HTTP等)时,也要创建字典,如<code>dictionaries/README.dictionaries</code>中所述。<br>5)如果程序从stdin读取,则运行<code>afl-fuzz</code>,如下所示:<br><code>./afl-fuzz -i testcase_dir -o findings_dir -- /path/to/tested/program [... program's cmdline ...]</code><br> 如果程序从文件中获取输入,则可以在程序的命令行中输入@@; AFL会为您放置一个自动生成的文件名。</p>
|
||||||
<p><strong>一些参考文档</strong></p>
|
<p><strong>一些参考文档</strong></p>
|
||||||
<blockquote>
|
<blockquote>
|
||||||
<p><a href="http://lcamtuf.coredump.cx/afl/README.txt" target="_blank" rel="noopener">docs/README</a> - AFL的一般介绍,<br><a href="https://github.com/mirrorer/afl/blob/master/docs/perf_tips.txt" target="_blank" rel="noopener">docs/perf_tips.txt</a> - 关于如何快速模糊的简单提示,<br><a href="http://lcamtuf.coredump.cx/afl/status_screen.txt" target="_blank" rel="noopener">docs/status_screen.txt</a> - UI中显示的花絮的解释,<br><a href="https://github.com/mirrorer/afl/blob/master/docs/parallel_fuzzing.txt" target="_blank" rel="noopener">docs/parallel_fuzzing.txt</a> - 关于在多个核上运行AFL的建议<br><a href="http://lcamtuf.coredump.cx/afl/demo/" target="_blank" rel="noopener">Generated test cases for common image formats</a> - 生成图像文件测试用例的demo<br><a href="http://lcamtuf.coredump.cx/afl/technical_details.txt" target="_blank" rel="noopener">Technical “whitepaper” for afl-fuzz</a> - 技术白皮书</p>
|
<p><a href="http://lcamtuf.coredump.cx/afl/README.txt" target="_blank" rel="noopener">docs/README</a> - AFL的一般介绍,<br><a href="https://github.com/mirrorer/afl/blob/master/docs/perf_tips.txt" target="_blank" rel="noopener">docs/perf_tips.txt</a> - 关于如何快速模糊的简单提示,<br><a href="http://lcamtuf.coredump.cx/afl/status_screen.txt" target="_blank" rel="noopener">docs/status_screen.txt</a> - UI中显示的花絮的解释,<br><a href="https://github.com/mirrorer/afl/blob/master/docs/parallel_fuzzing.txt" target="_blank" rel="noopener">docs/parallel_fuzzing.txt</a> - 关于在多个核上运行AFL的建议<br><a href="http://lcamtuf.coredump.cx/afl/demo/" target="_blank" rel="noopener">Generated test cases for common image formats</a> - 生成图像文件测试用例的demo<br><a href="http://lcamtuf.coredump.cx/afl/technical_details.txt" target="_blank" rel="noopener">Technical “whitepaper” for afl-fuzz</a> - 技术白皮书</p>
|
||||||
@ -486,10 +486,10 @@
|
|||||||
</ol>
|
</ol>
|
||||||
<hr>
|
<hr>
|
||||||
<h1 id="0x04-AFL-README"><a href="#0x04-AFL-README" class="headerlink" title="0x04 AFL README"></a>0x04 <a href="http://lcamtuf.coredump.cx/afl/README.txt" target="_blank" rel="noopener">AFL README</a></h1><blockquote>
|
<h1 id="0x04-AFL-README"><a href="#0x04-AFL-README" class="headerlink" title="0x04 AFL README"></a>0x04 <a href="http://lcamtuf.coredump.cx/afl/README.txt" target="_blank" rel="noopener">AFL README</a></h1><blockquote>
|
||||||
<p>Written and maintained by Michal Zalewski <a href="mailto:lcamtuf@google.com" target="_blank" rel="noopener">lcamtuf@google.com</a></p>
|
<p>Written and maintained by Michal Zalewski <a href="mailto:lcamtuf@google.com" target="_blank" rel="noopener">lcamtuf@google.com</a></p>
|
||||||
<p> Copyright 2013, 2014, 2015, 2016 Google Inc. All rights reserved.<br> Released under terms and conditions of Apache License, Version 2.0.</p>
|
<p> Copyright 2013, 2014, 2015, 2016 Google Inc. All rights reserved.<br> Released under terms and conditions of Apache License, Version 2.0.</p>
|
||||||
<p> For new versions and additional information, check out:<br> <a href="http://lcamtuf.coredump.cx/afl/" target="_blank" rel="noopener">http://lcamtuf.coredump.cx/afl/</a></p>
|
<p> For new versions and additional information, check out:<br> <a href="http://lcamtuf.coredump.cx/afl/" target="_blank" rel="noopener">http://lcamtuf.coredump.cx/afl/</a></p>
|
||||||
<p> To compare notes with other users or get notified about major new features,<br> send a mail to <a href="mailto:afl-users+subscribe@googlegroups.com" target="_blank" rel="noopener">afl-users+subscribe@googlegroups.com</a>.</p>
|
<p> To compare notes with other users or get notified about major new features,<br> send a mail to <a href="mailto:afl-users+subscribe@googlegroups.com" target="_blank" rel="noopener">afl-users+subscribe@googlegroups.com</a>.</p>
|
||||||
<p> <strong>See QuickStartGuide.txt if you don’t have time to read this file.</strong></p>
|
<p> <strong>See QuickStartGuide.txt if you don’t have time to read this file.</strong></p>
|
||||||
</blockquote>
|
</blockquote>
|
||||||
<h2 id="1)具有导向性的模糊测试的挑战"><a href="#1)具有导向性的模糊测试的挑战" class="headerlink" title="1)具有导向性的模糊测试的挑战"></a>1)具有导向性的模糊测试的挑战</h2><p>Fuzzing是用于识别真实软件中的安全问题的最强大且经过验证的策略之一;它负责安全关键软件中迄今为止发现的绝大多数远程代码执行和权限提升漏洞。<br>不幸的是,模糊测试也不够有力。盲目的、随机的变异使得它不太可能在测试代码中达到某些代码路径,从而使一些漏洞超出了这种技术的范围。<br>已经有许多尝试来解决这个问题。早期方法之一 - 由Tavis Ormandy开创 - 是一种 <strong>语义库蒸馏(corpus distillation)</strong> 。网上找到的一些大型语料库中往往包含大量的文件,这时就需要对其精简,该方法依赖于覆盖信号从大量高质量的候选文件语料库中选择有趣种子的子集,然后通过传统方式对其进行模糊处理。该方法非常有效,但需要这样的语料库随时可用。正因为如此,<strong>代码覆盖率</strong> 也只是衡量程序执行状态的一个简单化的度量,这种方式并不适合后续引导fuzzing测试的。<br>其他更复杂的研究集中在诸如 <strong>程序流分析(“concoic execution”),符号执行或静态分析</strong> 等技术上。所有这些方法在实验环境中都非常有前景,但在实际应用中往往会遇到可靠性和性能问题 - 部分高价值的程序都有非常复杂的内部状态和执行路径,在这一方面符号执行和concolic技术往往会显得不够健壮(如路径爆炸问题),所以仍然稍逊于传统的fuzzing技术。</p>
|
<h2 id="1)具有导向性的模糊测试的挑战"><a href="#1)具有导向性的模糊测试的挑战" class="headerlink" title="1)具有导向性的模糊测试的挑战"></a>1)具有导向性的模糊测试的挑战</h2><p>Fuzzing是用于识别真实软件中的安全问题的最强大且经过验证的策略之一;它负责安全关键软件中迄今为止发现的绝大多数远程代码执行和权限提升漏洞。<br>不幸的是,模糊测试也不够有力。盲目的、随机的变异使得它不太可能在测试代码中达到某些代码路径,从而使一些漏洞超出了这种技术的范围。<br>已经有许多尝试来解决这个问题。早期方法之一 - 由Tavis Ormandy开创 - 是一种 <strong>语义库蒸馏(corpus distillation)</strong> 。网上找到的一些大型语料库中往往包含大量的文件,这时就需要对其精简,该方法依赖于覆盖信号从大量高质量的候选文件语料库中选择有趣种子的子集,然后通过传统方式对其进行模糊处理。该方法非常有效,但需要这样的语料库随时可用。正因为如此,<strong>代码覆盖率</strong> 也只是衡量程序执行状态的一个简单化的度量,这种方式并不适合后续引导fuzzing测试的。<br>其他更复杂的研究集中在诸如 <strong>程序流分析(“concoic execution”),符号执行或静态分析</strong> 等技术上。所有这些方法在实验环境中都非常有前景,但在实际应用中往往会遇到可靠性和性能问题 - 部分高价值的程序都有非常复杂的内部状态和执行路径,在这一方面符号执行和concolic技术往往会显得不够健壮(如路径爆炸问题),所以仍然稍逊于传统的fuzzing技术。</p>
|
||||||
@ -505,19 +505,19 @@
|
|||||||
<p><img src="https://image.3001.net/images/20181207/1544168163_5c0a22e3eedce.jpg" width="60%" div align="center/"></p>
|
<p><img src="https://image.3001.net/images/20181207/1544168163_5c0a22e3eedce.jpg" width="60%" div align="center/"></p>
|
||||||
<p>发现的测试用例也会定期被淘汰,以消除那些被更新,更高覆盖率的发现所淘汰的测试用例。并经历其他几个插桩驱动(instrumentation-driven)的努力最小化步骤。<br>作为模糊测试过程的一个副作用,该工具创建了一个小型,独立的有趣测试用例集。这些对于播种其他劳动力或资源密集型测试方案非常有用 - 例如,用于压力测试浏览器,办公应用程序,图形套件或闭源工具。<br>该模糊器经过全面测试,可提供远远优于盲目模糊或仅覆盖工具的开箱即用性能。</p>
|
<p>发现的测试用例也会定期被淘汰,以消除那些被更新,更高覆盖率的发现所淘汰的测试用例。并经历其他几个插桩驱动(instrumentation-driven)的努力最小化步骤。<br>作为模糊测试过程的一个副作用,该工具创建了一个小型,独立的有趣测试用例集。这些对于播种其他劳动力或资源密集型测试方案非常有用 - 例如,用于压力测试浏览器,办公应用程序,图形套件或闭源工具。<br>该模糊器经过全面测试,可提供远远优于盲目模糊或仅覆盖工具的开箱即用性能。</p>
|
||||||
<h2 id="3)用于AFL的插桩(instrumentation)程序"><a href="#3)用于AFL的插桩(instrumentation)程序" class="headerlink" title="3)用于AFL的插桩(instrumentation)程序"></a>3)用于AFL的插桩(instrumentation)程序</h2><p>当源代码可用时,可以通过配套工具 <strong>注入instrumentation</strong> ,该工具可作为第三方代码的任何标准构建过程中gcc或clang的替代品。<br>instrumentation具有相当适度的性能影响;与afl-fuzz实现的其他优化相结合,大多数程序可以像传统工具一样快速或甚至更快地进行模糊测试。</p>
|
<h2 id="3)用于AFL的插桩(instrumentation)程序"><a href="#3)用于AFL的插桩(instrumentation)程序" class="headerlink" title="3)用于AFL的插桩(instrumentation)程序"></a>3)用于AFL的插桩(instrumentation)程序</h2><p>当源代码可用时,可以通过配套工具 <strong>注入instrumentation</strong> ,该工具可作为第三方代码的任何标准构建过程中gcc或clang的替代品。<br>instrumentation具有相当适度的性能影响;与afl-fuzz实现的其他优化相结合,大多数程序可以像传统工具一样快速或甚至更快地进行模糊测试。</p>
|
||||||
<p><strong>重新编译目标程序</strong> 的正确方法可能会有所不同,具体取决于构建过程的具体情况,但几乎通用的方法是:<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">$ CC = /path/to/afl/afl-gcc ./configure</span><br><span class="line">$ make clean all</span><br><span class="line">对于C ++程序,您还需要将CXX = / path /设置为/ afl / afl g ++。</span><br></pre></td></tr></table></figure></p>
|
<p><strong>重新编译目标程序</strong> 的正确方法可能会有所不同,具体取决于构建过程的具体情况,但几乎通用的方法是:<br><figure class="highlight elixir"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line"><span class="variable">$ </span>CC = <span class="regexp">/path/to</span><span class="regexp">/afl/afl</span>-gcc ./configure</span><br><span class="line"><span class="variable">$ </span>make clean all</span><br><span class="line">对于C ++程序,您还需要将CXX = <span class="regexp">/ path /</span>设置为/ afl / afl g ++。</span><br></pre></td></tr></table></figure></p>
|
||||||
<p>clang组件(afl-clang和afl-clang ++)可以以相同的方式使用; clang用户也可以选择利用更高性能的检测模式,如llvm_mode / README.llvm中所述。</p>
|
<p>clang组件(afl-clang和afl-clang ++)可以以相同的方式使用; clang用户也可以选择利用更高性能的检测模式,如llvm_mode / README.llvm中所述。</p>
|
||||||
<p>在测试库时,您需要查找或编写一个简单的程序,该程序从stdin或文件中读取数据并将其传递给测试的库。在这种情况下,必须 <strong>将此可执行文件与已检测库的静态版本相链接</strong> ,或者确保在运行时加载正确的.so文件(通常通过设置LD_LIBRARY_PATH)。最简单的选项是 <strong>静态构建</strong> ,通常可以通过以下方式实现:<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ CC = /path/to/afl/afl-gcc ./configure --disable-shared</span><br></pre></td></tr></table></figure></p>
|
<p>在测试库时,您需要查找或编写一个简单的程序,该程序从stdin或文件中读取数据并将其传递给测试的库。在这种情况下,必须 <strong>将此可执行文件与已检测库的静态版本相链接</strong> ,或者确保在运行时加载正确的.so文件(通常通过设置LD_LIBRARY_PATH)。最简单的选项是 <strong>静态构建</strong> ,通常可以通过以下方式实现:<br><figure class="highlight elixir"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line"><span class="variable">$ </span>CC = <span class="regexp">/path/to</span><span class="regexp">/afl/afl</span>-gcc ./configure --disable-shared</span><br></pre></td></tr></table></figure></p>
|
||||||
<p>调用<code>make</code>时设置AFL_HARDEN = 1将导致CC组件自动启用代码强化选项,以便更容易检测到简单的内存错误。 Libdislocator,AFL附带的帮助程序库(请参阅libdislocator / README.dislocator)也可以帮助发现堆损坏问题。<br>PS。建议ASAN用户查看notes_for_asan.txt文件以获取重要警告。</p>
|
<p>调用<code>make</code>时设置AFL_HARDEN = 1将导致CC组件自动启用代码强化选项,以便更容易检测到简单的内存错误。 Libdislocator,AFL附带的帮助程序库(请参阅libdislocator / README.dislocator)也可以帮助发现堆损坏问题。<br>PS。建议ASAN用户查看notes_for_asan.txt文件以获取重要警告。</p>
|
||||||
<h2 id="4)检测仅二进制应用程序"><a href="#4)检测仅二进制应用程序" class="headerlink" title="4)检测仅二进制应用程序"></a>4)检测仅二进制应用程序</h2><p>当源代码为不可得时,afl为黑盒二进制文件的快速、即时检测提供实验支持。 这是通过在较不为人知的“用户空间仿真”模式下运行的QEMU版本来实现的。<br>QEMU是一个独立于AFL的项目,但您可以通过以下方式方便地构建该功能:<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">$ cd qemu_mode</span><br><span class="line">$ ./build_qemu_support.sh</span><br></pre></td></tr></table></figure></p>
|
<h2 id="4)检测仅二进制应用程序"><a href="#4)检测仅二进制应用程序" class="headerlink" title="4)检测仅二进制应用程序"></a>4)检测仅二进制应用程序</h2><p>当源代码为不可得时,afl为黑盒二进制文件的快速、即时检测提供实验支持。 这是通过在较不为人知的“用户空间仿真”模式下运行的QEMU版本来实现的。<br>QEMU是一个独立于AFL的项目,但您可以通过以下方式方便地构建该功能:<br><figure class="highlight shell"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"><span class="meta">$</span><span class="bash"> <span class="built_in">cd</span> qemu_mode</span></span><br><span class="line"><span class="meta">$</span><span class="bash"> ./build_qemu_support.sh</span></span><br></pre></td></tr></table></figure></p>
|
||||||
<p>有关其他说明和注意事项,请参阅qemu_mode / README.qemu。<br>该模式比编译时插桩(instrumentation)慢约2-5倍,对并行化的兼容较差,并且可能有一些其他的不同。</p>
|
<p>有关其他说明和注意事项,请参阅qemu_mode / README.qemu。<br>该模式比编译时插桩(instrumentation)慢约2-5倍,对并行化的兼容较差,并且可能有一些其他的不同。</p>
|
||||||
<h2 id="5)选择初始测试用例"><a href="#5)选择初始测试用例" class="headerlink" title="5)选择初始测试用例"></a>5)选择初始测试用例</h2><p>为了正确操作,模糊器需要一个或多个起始文件,其中包含目标应用程序通常所需的输入数据的良好示例。 有两个基本规则:</p>
|
<h2 id="5)选择初始测试用例"><a href="#5)选择初始测试用例" class="headerlink" title="5)选择初始测试用例"></a>5)选择初始测试用例</h2><p>为了正确操作,模糊器需要一个或多个起始文件,其中包含目标应用程序通常所需的输入数据的良好示例。 有两个基本规则:</p>
|
||||||
<blockquote>
|
<blockquote>
|
||||||
<p>测试用例足够小。 1 kB以下是理想的,尽管不是绝对必要的。 有关大小重要性的讨论,请参阅perf_tips.txt。</p>
|
<p>测试用例足够小。 1 kB以下是理想的,尽管不是绝对必要的。 有关大小重要性的讨论,请参阅perf_tips.txt。</p>
|
||||||
<p>只有在功能上彼此不同时才使用多个测试用例。 使用五十张不同的度假照片来模糊图像库是没有意义的。<br>您可以在此工具附带的<code>testcases/子目录</code>中找到许多启动文件的好例子。<br>PS。 如果有大量数据可用于筛选,您可能希望使用<code>afl-cmin</code>实用程序来识别在目标二进制文件中使用不同代码路径的功能不同的文件的子集。</p>
|
<p>只有在功能上彼此不同时才使用多个测试用例。 使用五十张不同的度假照片来模糊图像库是没有意义的。<br>您可以在此工具附带的<code>testcases/子目录</code>中找到许多启动文件的好例子。<br>PS。 如果有大量数据可用于筛选,您可能希望使用<code>afl-cmin</code>实用程序来识别在目标二进制文件中使用不同代码路径的功能不同的文件的子集。</p>
|
||||||
</blockquote>
|
</blockquote>
|
||||||
<h2 id="6)模糊测试二进制文件"><a href="#6)模糊测试二进制文件" class="headerlink" title="6)模糊测试二进制文件"></a>6)模糊测试二进制文件</h2><p>测试过程本身由afl-fuzz实用程序执行。该程序需要一个带有初始测试用例的只读目录,一个存储其输出结果的独立位置,以及要测试的二进制文件的路径。<br>对于直接从 <strong>stdin</strong> 接受输入的目标二进制文件,通常的语法是:<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ ./afl-fuzz -i testcase_dir -o findings_dir /path/to/program [... params ...]</span><br></pre></td></tr></table></figure></p>
|
<h2 id="6)模糊测试二进制文件"><a href="#6)模糊测试二进制文件" class="headerlink" title="6)模糊测试二进制文件"></a>6)模糊测试二进制文件</h2><p>测试过程本身由afl-fuzz实用程序执行。该程序需要一个带有初始测试用例的只读目录,一个存储其输出结果的独立位置,以及要测试的二进制文件的路径。<br>对于直接从 <strong>stdin</strong> 接受输入的目标二进制文件,通常的语法是:<br><figure class="highlight jboss-cli"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ <span class="string">./afl-fuzz</span> -i testcase_dir -o findings_dir <span class="string">/path/to/program</span> [<span class="string">...</span> params <span class="string">...</span>]</span><br></pre></td></tr></table></figure></p>
|
||||||
<p>对于从 <strong>文件</strong> 中获取输入的程序,使用“@@”标记目标命令行中应放置输入文件名的位置。模糊器将替换为您:<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ ./afl-fuzz -i testcase_dir -o findings_dir /path/to/program @@</span><br></pre></td></tr></table></figure></p>
|
<p>对于从 <strong>文件</strong> 中获取输入的程序,使用“@@”标记目标命令行中应放置输入文件名的位置。模糊器将替换为您:<br><figure class="highlight awk"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">$ .<span class="regexp">/afl-fuzz -i testcase_dir -o findings_dir /</span>path<span class="regexp">/to/</span>program @@</span><br></pre></td></tr></table></figure></p>
|
||||||
<p>您还可以使用-f选项将变异数据写入特定文件。如果程序需要特定的文件扩展名,那么这很有用。<br>非插桩二进制文件可以在QEMU模式下(在命令行中添加-Q)或在传统的盲目模糊模式(指定-n)中进行模糊测试。<br>您可以使用-t和-m覆盖已执行进程的默认超时和内存限制;<br>perf_tips.txt中讨论了优化模糊测试性能的技巧。</p>
|
<p>您还可以使用-f选项将变异数据写入特定文件。如果程序需要特定的文件扩展名,那么这很有用。<br>非插桩二进制文件可以在QEMU模式下(在命令行中添加-Q)或在传统的盲目模糊模式(指定-n)中进行模糊测试。<br>您可以使用-t和-m覆盖已执行进程的默认超时和内存限制;<br>perf_tips.txt中讨论了优化模糊测试性能的技巧。</p>
|
||||||
<p>请注意,afl-fuzz首先执行一系列确定性模糊测试步骤,这可能需要几天时间,但往往会产生整齐的测试用例。如果你想要快速结果 - 类似于zzuf和其他传统的模糊器 - 在命令行中添加-d选项。</p>
|
<p>请注意,afl-fuzz首先执行一系列确定性模糊测试步骤,这可能需要几天时间,但往往会产生整齐的测试用例。如果你想要快速结果 - 类似于zzuf和其他传统的模糊器 - 在命令行中添加-d选项。</p>
|
||||||
<h2 id="7)解释输出"><a href="#7)解释输出" class="headerlink" title="7)解释输出"></a>7)解释输出</h2><p>有关如何解释显示的统计信息以及监视进程运行状况的信息,请参阅<code>status_screen.txt</code>文件。请务必查阅此文件,尤其是如果任何UI元素以红色突出显示。<br>模糊过程将持续到按<code>Ctrl-C</code>为止。至少,您希望允许模糊器完成一个队列周期,这可能需要几个小时到一周左右的时间。<br>在输出目录中创建了三个子目录并实时更新:</p>
|
<h2 id="7)解释输出"><a href="#7)解释输出" class="headerlink" title="7)解释输出"></a>7)解释输出</h2><p>有关如何解释显示的统计信息以及监视进程运行状况的信息,请参阅<code>status_screen.txt</code>文件。请务必查阅此文件,尤其是如果任何UI元素以红色突出显示。<br>模糊过程将持续到按<code>Ctrl-C</code>为止。至少,您希望允许模糊器完成一个队列周期,这可能需要几个小时到一周左右的时间。<br>在输出目录中创建了三个子目录并实时更新:</p>
|
||||||
@ -526,7 +526,7 @@
|
|||||||
<li>崩溃crash/ - 导致被测程序接收致命信号的独特测试用例(例如,SIGSEGV,SIGILL,SIGABRT)。条目按接收信号分组。</li>
|
<li>崩溃crash/ - 导致被测程序接收致命信号的独特测试用例(例如,SIGSEGV,SIGILL,SIGABRT)。条目按接收信号分组。</li>
|
||||||
<li>挂起hang/ - 导致测试程序超时的独特测试用例。将某些内容归类为挂起之前的默认时间限制是1秒内的较大值和-t参数的值。可以通过设置AFL_HANG_TMOUT来微调该值,但这很少是必需的。崩溃和挂起被视为“唯一” “如果相关的执行路径涉及在先前记录的故障中未见的任何状态转换。如果可以通过多种方式达到单个错误,那么在此过程中会有一些计数通货膨胀,但这应该会迅速逐渐减少。</li>
|
<li>挂起hang/ - 导致测试程序超时的独特测试用例。将某些内容归类为挂起之前的默认时间限制是1秒内的较大值和-t参数的值。可以通过设置AFL_HANG_TMOUT来微调该值,但这很少是必需的。崩溃和挂起被视为“唯一” “如果相关的执行路径涉及在先前记录的故障中未见的任何状态转换。如果可以通过多种方式达到单个错误,那么在此过程中会有一些计数通货膨胀,但这应该会迅速逐渐减少。</li>
|
||||||
</ul>
|
</ul>
|
||||||
<p>崩溃和挂起的文件名与父、非错误的队列条目相关联。这应该有助于调试。<br>如果无法重现 <strong>afl-fuzz</strong> 发现的崩溃,最可能的原因是您没有设置与工具使用的内存限制相同的内存限制。尝试:<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">$ LIMIT_MB = 50</span><br><span class="line">$(ulimit -Sv $ [LIMIT_MB << 10]; /path/to/tested_binary ...)</span><br></pre></td></tr></table></figure></p>
|
<p>崩溃和挂起的文件名与父、非错误的队列条目相关联。这应该有助于调试。<br>如果无法重现 <strong>afl-fuzz</strong> 发现的崩溃,最可能的原因是您没有设置与工具使用的内存限制相同的内存限制。尝试:<br><figure class="highlight elixir"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line"><span class="variable">$ </span>LIMIT_MB = <span class="number">50</span></span><br><span class="line"><span class="variable">$(</span>ulimit -Sv <span class="variable">$ </span>[LIMIT_MB << <span class="number">10</span>]; <span class="regexp">/path/to</span><span class="regexp">/tested_binary ...)</span></span><br></pre></td></tr></table></figure></p>
|
||||||
<p>更改LIMIT_MB以匹配传递给afl-fuzz的-m参数。在OpenBSD上,也将-Sv更改为-Sd。任何现有的输出目录也可用于恢复中止的作业;<br>尝试:<code>$ ./afl-fuzz -i-o_ existing_output_dir [...etc...]</code><br>如果安装了gnuplot,您还可以使用afl-plot为任何活动的模糊测试任务生成一些漂亮的图形。有关如何显示的示例,请参阅 <a href="http://lcamtuf.coredump.cx/afl/plot/" target="_blank" rel="noopener">http://lcamtuf.coredump.cx/afl/plot/</a> 。</p>
|
<p>更改LIMIT_MB以匹配传递给afl-fuzz的-m参数。在OpenBSD上,也将-Sv更改为-Sd。任何现有的输出目录也可用于恢复中止的作业;<br>尝试:<code>$ ./afl-fuzz -i-o_ existing_output_dir [...etc...]</code><br>如果安装了gnuplot,您还可以使用afl-plot为任何活动的模糊测试任务生成一些漂亮的图形。有关如何显示的示例,请参阅 <a href="http://lcamtuf.coredump.cx/afl/plot/" target="_blank" rel="noopener">http://lcamtuf.coredump.cx/afl/plot/</a> 。</p>
|
||||||
<h2 id="8)并行模糊测试"><a href="#8)并行模糊测试" class="headerlink" title="8)并行模糊测试"></a>8)并行模糊测试</h2><p>每个afl-fuzz的实例大约占用一个核。 这意味着在多核系统上,并行化是充分利用硬件所必需的。<br>有关如何在多个核心或多个联网计算机上模糊常见目标的提示,请参阅<code>parallel_fuzzing.txt</code>。<br><strong><em>并行模糊测试模式</em></strong> 还提供了一种简单的方法,用于将AFL连接到其他模糊器,动态符号执行(concrete and symbolic, concolic execution)引擎等等; 再次,请参阅 <code>parallel_fuzzing.txt</code>的最后一节以获取提示。</p>
|
<h2 id="8)并行模糊测试"><a href="#8)并行模糊测试" class="headerlink" title="8)并行模糊测试"></a>8)并行模糊测试</h2><p>每个afl-fuzz的实例大约占用一个核。 这意味着在多核系统上,并行化是充分利用硬件所必需的。<br>有关如何在多个核心或多个联网计算机上模糊常见目标的提示,请参阅<code>parallel_fuzzing.txt</code>。<br><strong><em>并行模糊测试模式</em></strong> 还提供了一种简单的方法,用于将AFL连接到其他模糊器,动态符号执行(concrete and symbolic, concolic execution)引擎等等; 再次,请参阅 <code>parallel_fuzzing.txt</code>的最后一节以获取提示。</p>
|
||||||
<h2 id="9)Fuzzer词典"><a href="#9)Fuzzer词典" class="headerlink" title="9)Fuzzer词典"></a>9)Fuzzer词典</h2><p>默认情况下,afl-fuzz变异引擎针对紧凑数据格式进行了优化 - 例如,图像,多媒体,压缩数据,正则表达式语法或shell脚本。它有点不太适合具有特别冗长和冗余的语言的语言 - 特别是包括HTML,SQL或JavaScript。<br>为了避免构建语法感知工具的麻烦,afl-fuzz提供了一种方法,使用与目标数据类型相关联的其他特殊标记的语言关键字,魔术头或可选字典为模糊测试过程设定种子,并使用它来重建底层随时随地的语法:<a href="http://lcamtuf.blogspot.com/2015/01/afl-fuzz-making-up-grammar-with.html" target="_blank" rel="noopener">http://lcamtuf.blogspot.com/2015/01/afl-fuzz-making-up-grammar-with.html</a><br>要使用此功能,首先需要使用<code>dictionaries/README.dictionaries</code>中讨论的两种格式之一创建字典;然后通过命令行中的-x选项将模糊器指向它。(该子目录中也已提供了几个常用字典。)<br>没有办法提供基础语法的更多结构化描述,但模糊器可能会根据instrumentation反馈单独找出一些。这实际上在实践中有效,比如说:<br><a href="http://lcamtuf.blogspot.com/2015/04/finding-bugs-in-sqlite-easy-way.html" target="_blank" rel="noopener">http://lcamtuf.blogspot.com/2015/04/finding-bugs-in-sqlite-easy-way.html</a><br>PS。即使没有给出明确的字典,afl-fuzz也会尝试通过在确定性字节翻转期间非常接近地观察instrumentation来提取输入语料库中的现有语法标记。这适用于某些类型的解析器和语法,但不如-x模式好。<br>如果字典真的很难找到,另一个选择是让AFL运行一段时间,然后使用作为AFL伴随实用程序的令牌捕获库。为此,请参阅<code>libtokencap/README.tokencap</code>。</p>
|
<h2 id="9)Fuzzer词典"><a href="#9)Fuzzer词典" class="headerlink" title="9)Fuzzer词典"></a>9)Fuzzer词典</h2><p>默认情况下,afl-fuzz变异引擎针对紧凑数据格式进行了优化 - 例如,图像,多媒体,压缩数据,正则表达式语法或shell脚本。它有点不太适合具有特别冗长和冗余的语言的语言 - 特别是包括HTML,SQL或JavaScript。<br>为了避免构建语法感知工具的麻烦,afl-fuzz提供了一种方法,使用与目标数据类型相关联的其他特殊标记的语言关键字,魔术头或可选字典为模糊测试过程设定种子,并使用它来重建底层随时随地的语法:<a href="http://lcamtuf.blogspot.com/2015/01/afl-fuzz-making-up-grammar-with.html" target="_blank" rel="noopener">http://lcamtuf.blogspot.com/2015/01/afl-fuzz-making-up-grammar-with.html</a><br>要使用此功能,首先需要使用<code>dictionaries/README.dictionaries</code>中讨论的两种格式之一创建字典;然后通过命令行中的-x选项将模糊器指向它。(该子目录中也已提供了几个常用字典。)<br>没有办法提供基础语法的更多结构化描述,但模糊器可能会根据instrumentation反馈单独找出一些。这实际上在实践中有效,比如说:<br><a href="http://lcamtuf.blogspot.com/2015/04/finding-bugs-in-sqlite-easy-way.html" target="_blank" rel="noopener">http://lcamtuf.blogspot.com/2015/04/finding-bugs-in-sqlite-easy-way.html</a><br>PS。即使没有给出明确的字典,afl-fuzz也会尝试通过在确定性字节翻转期间非常接近地观察instrumentation来提取输入语料库中的现有语法标记。这适用于某些类型的解析器和语法,但不如-x模式好。<br>如果字典真的很难找到,另一个选择是让AFL运行一段时间,然后使用作为AFL伴随实用程序的令牌捕获库。为此,请参阅<code>libtokencap/README.tokencap</code>。</p>
|
||||||
@ -560,7 +560,7 @@
|
|||||||
<h1 id="0x05-afl-fuzz白皮书"><a href="#0x05-afl-fuzz白皮书" class="headerlink" title="0x05 afl-fuzz白皮书"></a>0x05 <a href="http://lcamtuf.coredump.cx/afl/technical_details.txt" target="_blank" rel="noopener">afl-fuzz白皮书</a></h1><p>本文档提供了American Fuzzy Lop的简单的概述。想了解一般的使用说明,请参见 <code>README</code> 。想了解AFL背后的动机和设计目标,请参见 <a href="http://lcamtuf.coredump.cx/afl/historical_notes.txt" target="_blank" rel="noopener">historical_notes.txt</a>。</p>
|
<h1 id="0x05-afl-fuzz白皮书"><a href="#0x05-afl-fuzz白皮书" class="headerlink" title="0x05 afl-fuzz白皮书"></a>0x05 <a href="http://lcamtuf.coredump.cx/afl/technical_details.txt" target="_blank" rel="noopener">afl-fuzz白皮书</a></h1><p>本文档提供了American Fuzzy Lop的简单的概述。想了解一般的使用说明,请参见 <code>README</code> 。想了解AFL背后的动机和设计目标,请参见 <a href="http://lcamtuf.coredump.cx/afl/historical_notes.txt" target="_blank" rel="noopener">historical_notes.txt</a>。</p>
|
||||||
<h2 id="0)设计说明-Design-statement"><a href="#0)设计说明-Design-statement" class="headerlink" title="0)设计说明(Design statement)"></a>0)设计说明(Design statement)</h2><p>American Fuzzy Lop 不关注任何单一的操作规则(singular principle of operation),也不是一个针对任何特定理论的概念验证(proof of concept)。这个工具可以被认为是一系列在实践中测试过的hacks行为,我们发现这个工具惊人的有效。我们用目前最simple且最robust的方法实现了这个工具。<br>唯一的设计宗旨在于速度、可靠性和易用性。</p>
|
<h2 id="0)设计说明-Design-statement"><a href="#0)设计说明-Design-statement" class="headerlink" title="0)设计说明(Design statement)"></a>0)设计说明(Design statement)</h2><p>American Fuzzy Lop 不关注任何单一的操作规则(singular principle of operation),也不是一个针对任何特定理论的概念验证(proof of concept)。这个工具可以被认为是一系列在实践中测试过的hacks行为,我们发现这个工具惊人的有效。我们用目前最simple且最robust的方法实现了这个工具。<br>唯一的设计宗旨在于速度、可靠性和易用性。</p>
|
||||||
<h2 id="1)覆盖率计算-Coverage-measurements"><a href="#1)覆盖率计算-Coverage-measurements" class="headerlink" title="1)覆盖率计算(Coverage measurements)"></a>1)覆盖率计算(Coverage measurements)</h2><p>在编译过的程序中插桩能够捕获分支(边缘)的覆盖率,并且还能检测到粗略的分支执行命中次数(branch-taken hit counts)。在分支点注入的代码大致如下:</p>
|
<h2 id="1)覆盖率计算-Coverage-measurements"><a href="#1)覆盖率计算-Coverage-measurements" class="headerlink" title="1)覆盖率计算(Coverage measurements)"></a>1)覆盖率计算(Coverage measurements)</h2><p>在编译过的程序中插桩能够捕获分支(边缘)的覆盖率,并且还能检测到粗略的分支执行命中次数(branch-taken hit counts)。在分支点注入的代码大致如下:</p>
|
||||||
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">cur_location = <COMPILE_TIME_RANDOM>; //用一个随机数标记当前基本块</span><br><span class="line">shared_mem[cur_location ^ prev_location]++; //将当前块和前一块异或保存到shared_mem[]</span><br><span class="line">prev_location = cur_location >> 1; //cur_location右移1位区分从当前块到当前块的转跳</span><br></pre></td></tr></table></figure>
|
<figure class="highlight ruby"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">cur_location = <COMPILE_TIME_RANDOM>; <span class="regexp">//</span>用一个随机数标记当前基本块</span><br><span class="line">shared_mem[cur_location ^ prev_location]++; <span class="regexp">//</span>将当前块和前一块异或保存到shared_mem[]</span><br><span class="line">prev_location = cur_location <span class="meta">>> </span><span class="number">1</span>; <span class="regexp">//cur</span>_location右移<span class="number">1</span>位区分从当前块到当前块的转跳</span><br></pre></td></tr></table></figure>
|
||||||
<p>cur_location 的值是随机产生的,为的是简化连接复杂对象的过程和保持XOR输出分布是均匀的。<br>shared_mem[] 数组是一个调用者 (caller) 传给被插桩的二进制程序的64kB的共享空间。其中的每一字节可以理解成对于插桩代码中特别的元组(branch_src, branch_dst)的一次命中(hit)。<br>选择这个数组大小的原因是让冲突(collisions)尽可能减少。这样通常能处理2k到10k的分支点。同时,它的大小也足以使输出图能在接受端达到毫秒级的分析。</p>
|
<p>cur_location 的值是随机产生的,为的是简化连接复杂对象的过程和保持XOR输出分布是均匀的。<br>shared_mem[] 数组是一个调用者 (caller) 传给被插桩的二进制程序的64kB的共享空间。其中的每一字节可以理解成对于插桩代码中特别的元组(branch_src, branch_dst)的一次命中(hit)。<br>选择这个数组大小的原因是让冲突(collisions)尽可能减少。这样通常能处理2k到10k的分支点。同时,它的大小也足以使输出图能在接受端达到毫秒级的分析。</p>
|
||||||
<table>
|
<table>
|
||||||
<thead>
|
<thead>
|
||||||
@ -608,7 +608,7 @@
|
|||||||
<p> A -> B -> C -> D -> E (tuples: AB, BC, CD, DE)<br> A -> B -> D -> C -> E (tuples: AB, BD, DC, CE)</p>
|
<p> A -> B -> C -> D -> E (tuples: AB, BC, CD, DE)<br> A -> B -> D -> C -> E (tuples: AB, BD, DC, CE)</p>
|
||||||
</blockquote>
|
</blockquote>
|
||||||
<p>这有助于发现底层代码的微小错误条件。因为 <strong>安全漏洞通常是一些非预期(或不正确)的语句转移(一个tuple就是一个语句转移)</strong> ,而不是没覆盖到某块代码。<br>上边伪代码的最后一行移位操作是为了让tuple具有定向性(没有这一行的话,A^B和B^A就没区别了,同样,A^A和B^B也没区别了)。采用右移的原因跟Intel CPU的一些特性有关。</p>
|
<p>这有助于发现底层代码的微小错误条件。因为 <strong>安全漏洞通常是一些非预期(或不正确)的语句转移(一个tuple就是一个语句转移)</strong> ,而不是没覆盖到某块代码。<br>上边伪代码的最后一行移位操作是为了让tuple具有定向性(没有这一行的话,A^B和B^A就没区别了,同样,A^A和B^B也没区别了)。采用右移的原因跟Intel CPU的一些特性有关。</p>
|
||||||
<h2 id="2)发现新路径-Detecting-new-behaviors"><a href="#2)发现新路径-Detecting-new-behaviors" class="headerlink" title="2)发现新路径(Detecting new behaviors)"></a>2)发现新路径(Detecting new behaviors)</h2><p>AFL的fuzzers使用一个<strong>全局Map</strong>来存储之前执行时看到的tuple。这些数据可以被用来对不同的trace进行快速对比,从而可以计算出是否新执行了一个dword指令/一个qword-wide指令/一个简单的循环。<br>当一个变异的输入产生了一个包含新tuple的执行路径时,对应的输入文件就被保存,然后被发送到下一过程(见第3部分)。对于那些没有产生新路径的输入,就算他们的instrumentation输出模式是不同的,也会被抛弃掉。<br>这种算法考虑了一个非常细粒度的、长期的对程序状态的探索,同时它还不必执行复杂的计算,不必对整个复杂的执行流进行对比,也避免了路径爆炸的影响。<br>为了说明这个算法是怎么工作的,考虑下面的两个路径,第二个路径出现了新的tuples(CA, AE):<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">#1: A -> B -> C -> D -> E</span><br><span class="line">#2: A -> B -> C -> A -> E</span><br></pre></td></tr></table></figure></p>
|
<h2 id="2)发现新路径-Detecting-new-behaviors"><a href="#2)发现新路径-Detecting-new-behaviors" class="headerlink" title="2)发现新路径(Detecting new behaviors)"></a>2)发现新路径(Detecting new behaviors)</h2><p>AFL的fuzzers使用一个<strong>全局Map</strong>来存储之前执行时看到的tuple。这些数据可以被用来对不同的trace进行快速对比,从而可以计算出是否新执行了一个dword指令/一个qword-wide指令/一个简单的循环。<br>当一个变异的输入产生了一个包含新tuple的执行路径时,对应的输入文件就被保存,然后被发送到下一过程(见第3部分)。对于那些没有产生新路径的输入,就算他们的instrumentation输出模式是不同的,也会被抛弃掉。<br>这种算法考虑了一个非常细粒度的、长期的对程序状态的探索,同时它还不必执行复杂的计算,不必对整个复杂的执行流进行对比,也避免了路径爆炸的影响。<br>为了说明这个算法是怎么工作的,考虑下面的两个路径,第二个路径出现了新的tuples(CA, AE):<br><figure class="highlight clean"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">#<span class="number">1</span>: A -> B -> C -> D -> E</span><br><span class="line">#<span class="number">2</span>: A -> B -> C -> A -> E</span><br></pre></td></tr></table></figure></p>
|
||||||
<p>因为#2的原因,以下的路径就不认为是不同的路径了,尽管看起来非常不同:<br><code>#3: A -> B -> C -> A -> B -> C -> A -> B -> C -> D -> E</code></p>
|
<p>因为#2的原因,以下的路径就不认为是不同的路径了,尽管看起来非常不同:<br><code>#3: A -> B -> C -> A -> B -> C -> A -> B -> C -> D -> E</code></p>
|
||||||
<p>除了检测新的tuple之外,AFL的fuzzer也会粗略地记录tuple的<strong>命中数(hit counts)</strong>。这些被分割成几个buckets:1, 2, 3, 4-7, 8-15, 16-31, 32-127, 128+</p>
|
<p>除了检测新的tuple之外,AFL的fuzzer也会粗略地记录tuple的<strong>命中数(hit counts)</strong>。这些被分割成几个buckets:1, 2, 3, 4-7, 8-15, 16-31, 32-127, 128+</p>
|
||||||
<p>从某种意义来说,buckets里边的数目是有实际意义的:它是一个8-bit counter和一个8-position bitmap的映射。8-bit counter是由桩生成的,8-position bitmap则依赖于每个fuzzer记录的已执行的tuple的命中数。<br>单个bucket的改变会被忽略掉: 在程序控制流中,bucket的转换会被标记成一个interesting change,传入evolutionary(见第三部分)进行处理。<br>通过命中次数(hit count),我们能够分辨控制流是否发生变化。例如一个代码块被执行了两次,但只命中了一次。并且这种方法对循环的次数不敏感(循环47次和48次没区别)。<br>这种算法通过限制内存和运行时间来保证效率。</p>
|
<p>从某种意义来说,buckets里边的数目是有实际意义的:它是一个8-bit counter和一个8-position bitmap的映射。8-bit counter是由桩生成的,8-position bitmap则依赖于每个fuzzer记录的已执行的tuple的命中数。<br>单个bucket的改变会被忽略掉: 在程序控制流中,bucket的转换会被标记成一个interesting change,传入evolutionary(见第三部分)进行处理。<br>通过命中次数(hit count),我们能够分辨控制流是否发生变化。例如一个代码块被执行了两次,但只命中了一次。并且这种方法对循环的次数不敏感(循环47次和48次没区别)。<br>这种算法通过限制内存和运行时间来保证效率。</p>
|
||||||
@ -725,23 +725,23 @@
|
|||||||
</table>
|
</table>
|
||||||
<p>在之前提到的基于遗传算法的fuzzing,是通过一个test case的进化(这里指的是用遗传算法进行变异)来实现最大覆盖。在上述实验看来,这种“贪婪”的方法似乎没有为盲目的模糊策略带来实质性的好处。</p>
|
<p>在之前提到的基于遗传算法的fuzzing,是通过一个test case的进化(这里指的是用遗传算法进行变异)来实现最大覆盖。在上述实验看来,这种“贪婪”的方法似乎没有为盲目的模糊策略带来实质性的好处。</p>
|
||||||
<h2 id="4)语料筛选(Culling-the-corpus)"><a href="#4)语料筛选(Culling-the-corpus)" class="headerlink" title="4)语料筛选(Culling the corpus)"></a>4)语料筛选(Culling the corpus)</h2><p>上文提到的渐进式语句探索路径的方法意味着:假设A和B是测试用例(test cases),且B是由A变异产生的。那么测试用例B达到的边缘覆盖率(edge coverage)是测试用例A达到的边缘覆盖率的严格超集(superset)。<br>为了优化fuzzing,AFL会用一个快速算法<strong>周期性的重新评估</strong>(re-evaluates)队列,这种算法会选择队列的一个更小的子集,并且这个子集仍能覆盖所有的tuple。算法的这个特性对这个工具特别有利(favorable)。<br>算法通过指定每一个队列入口(queue entry),根据执行时延(execution latency)和文件大小分配一个分值比例(score proportional)。然后为每一个tuple选择<strong>最低分值的entry</strong>。<br>这些tuples按下述流程进行处理:</p>
|
<h2 id="4)语料筛选(Culling-the-corpus)"><a href="#4)语料筛选(Culling-the-corpus)" class="headerlink" title="4)语料筛选(Culling the corpus)"></a>4)语料筛选(Culling the corpus)</h2><p>上文提到的渐进式语句探索路径的方法意味着:假设A和B是测试用例(test cases),且B是由A变异产生的。那么测试用例B达到的边缘覆盖率(edge coverage)是测试用例A达到的边缘覆盖率的严格超集(superset)。<br>为了优化fuzzing,AFL会用一个快速算法<strong>周期性的重新评估</strong>(re-evaluates)队列,这种算法会选择队列的一个更小的子集,并且这个子集仍能覆盖所有的tuple。算法的这个特性对这个工具特别有利(favorable)。<br>算法通过指定每一个队列入口(queue entry),根据执行时延(execution latency)和文件大小分配一个分值比例(score proportional)。然后为每一个tuple选择<strong>最低分值的entry</strong>。<br>这些tuples按下述流程进行处理:</p>
|
||||||
<figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br></pre></td><td class="code"><pre><span class="line">1) Find next tuple not yet in the temporary working set,</span><br><span class="line"></span><br><span class="line">2) Locate the winning queue entry for this tuple,</span><br><span class="line"></span><br><span class="line">3) Register *all* tuples present in that entry's trace in the working set,</span><br><span class="line"></span><br><span class="line">4) Go to #1 if there are any missing tuples in the set.</span><br></pre></td></tr></table></figure>
|
<figure class="highlight applescript"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br></pre></td><td class="code"><pre><span class="line"><span class="number">1</span>) Find next tuple <span class="keyword">not</span> yet <span class="keyword">in</span> <span class="keyword">the</span> temporary working <span class="keyword">set</span>,</span><br><span class="line"></span><br><span class="line"><span class="number">2</span>) Locate <span class="keyword">the</span> winning queue entry <span class="keyword">for</span> this tuple,</span><br><span class="line"></span><br><span class="line"><span class="number">3</span>) Register *all* tuples present <span class="keyword">in</span> <span class="keyword">that</span> entry's trace <span class="keyword">in</span> <span class="keyword">the</span> working <span class="keyword">set</span>,</span><br><span class="line"></span><br><span class="line"><span class="number">4</span>) Go <span class="keyword">to</span> <span class="comment">#1 if there are any missing tuples in the set.</span></span><br></pre></td></tr></table></figure>
|
||||||
<p>“favored” entries 产生的语料,会比初始的数据集小5到10倍。没有被选择的也没有被扔掉,而是在遇到下列对队列时,以一定概率略过:<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br></pre></td><td class="code"><pre><span class="line">- If there are new, yet-to-be-fuzzed favorites present in the queue,</span><br><span class="line"> 99% of non-favored entries will be skipped to get to the favored ones.</span><br><span class="line"></span><br><span class="line">- If there are no new favorites:</span><br><span class="line"></span><br><span class="line">- If the current non-favored entry was fuzzed before, it will be skipped 95% of the time.</span><br><span class="line"></span><br><span class="line">- If it hasn't gone through any fuzzing rounds yet, the odds of skipping drop down to 75%.</span><br></pre></td></tr></table></figure></p>
|
<p>“favored” entries 产生的语料,会比初始的数据集小5到10倍。没有被选择的也没有被扔掉,而是在遇到下列对队列时,以一定概率略过:<br><figure class="highlight livecodeserver"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br></pre></td><td class="code"><pre><span class="line">- If there are <span class="built_in">new</span>, yet-<span class="built_in">to</span>-be-fuzzed favorites present <span class="keyword">in</span> <span class="keyword">the</span> queue,</span><br><span class="line"> <span class="number">99</span>% <span class="keyword">of</span> non-favored entries will be skipped <span class="built_in">to</span> <span class="built_in">get</span> <span class="built_in">to</span> <span class="keyword">the</span> favored ones.</span><br><span class="line"></span><br><span class="line">- If there are no <span class="built_in">new</span> favorites:</span><br><span class="line"></span><br><span class="line">- If <span class="keyword">the</span> current non-favored entry was fuzzed <span class="keyword">before</span>, <span class="keyword">it</span> will be skipped <span class="number">95</span>% <span class="keyword">of</span> <span class="keyword">the</span> <span class="built_in">time</span>.</span><br><span class="line"></span><br><span class="line">- If <span class="keyword">it</span> hasn<span class="string">'t gone through any fuzzing rounds yet, the odds of skipping drop down to 75%.</span></span><br></pre></td></tr></table></figure></p>
|
||||||
<p>基于以往的实验经验,这种方法能够在队列周期速度(queue cycling speed)和测试用例多样性(test case diversity)之间达到一个合理的平衡。<br>使用<strong>afl-cmin工具</strong>能够对输入或输出的语料库进行稍微复杂但慢得多的的处理。这一工具将永久丢弃冗余entries,产生适用于afl-fuzz或者外部工具的更小的语料库。</p>
|
<p>基于以往的实验经验,这种方法能够在队列周期速度(queue cycling speed)和测试用例多样性(test case diversity)之间达到一个合理的平衡。<br>使用<strong>afl-cmin工具</strong>能够对输入或输出的语料库进行稍微复杂但慢得多的的处理。这一工具将永久丢弃冗余entries,产生适用于afl-fuzz或者外部工具的更小的语料库。</p>
|
||||||
<h2 id="5)输入文件修剪(Trimming-input-files)"><a href="#5)输入文件修剪(Trimming-input-files)" class="headerlink" title="5)输入文件修剪(Trimming input files)"></a>5)输入文件修剪(Trimming input files)</h2><p>文件的大小对fuzzing的性能有着重大影响(dramatic impact)。因为大文件会让目标二进制文件运行变慢;大文件还会减少变异触及重要格式控制结构(format control structures)的可能性(<strong>我们希望的是变异要触及冗余代码块(redundant data blocks)</strong>)。这个问题将在<a href="https://github.com/mirrorer/afl/blob/master/docs/perf_tips.txt" target="_blank" rel="noopener">perf_tips.txt</a>细说。<br>用户可能提供低质量初始语料(starting corpus),某些类型的变异会迭代地增加生成文件的大小。所以要抑制这种趋势(counter this trend)。<br>幸运的是,<strong>插桩反馈(instrumentation feedback)</strong>提供了一种简单的方式自动削减(trim down)输入文件,并确保这些改变能使得文件对执行路径没有影响。<br>afl-fuzz内置的修剪器(trimmer)使用变化的长度和步距(variable length and stepover)来连续地(sequentially)删除数据块;任何不影响trace map的校验和(checksum)的删除块将被提交到disk。<br>这个修剪器的设计并不算特别地周密(thorough),相反地,它试着在精确度(precision)和进程调用execve()的次数之间选取一个平衡,找到一个合适的block size和stepover。平均每个文件将增大约5-20%。<br>独立的<strong>afl-tmin工具</strong>使用更完整(exhaustive)、迭代次数更多(iteractive)的算法,并尝试对被修剪的文件采用字母标准化的方式处理。</p>
|
<h2 id="5)输入文件修剪(Trimming-input-files)"><a href="#5)输入文件修剪(Trimming-input-files)" class="headerlink" title="5)输入文件修剪(Trimming input files)"></a>5)输入文件修剪(Trimming input files)</h2><p>文件的大小对fuzzing的性能有着重大影响(dramatic impact)。因为大文件会让目标二进制文件运行变慢;大文件还会减少变异触及重要格式控制结构(format control structures)的可能性(<strong>我们希望的是变异要触及冗余代码块(redundant data blocks)</strong>)。这个问题将在<a href="https://github.com/mirrorer/afl/blob/master/docs/perf_tips.txt" target="_blank" rel="noopener">perf_tips.txt</a>细说。<br>用户可能提供低质量初始语料(starting corpus),某些类型的变异会迭代地增加生成文件的大小。所以要抑制这种趋势(counter this trend)。<br>幸运的是,<strong>插桩反馈(instrumentation feedback)</strong>提供了一种简单的方式自动削减(trim down)输入文件,并确保这些改变能使得文件对执行路径没有影响。<br>afl-fuzz内置的修剪器(trimmer)使用变化的长度和步距(variable length and stepover)来连续地(sequentially)删除数据块;任何不影响trace map的校验和(checksum)的删除块将被提交到disk。<br>这个修剪器的设计并不算特别地周密(thorough),相反地,它试着在精确度(precision)和进程调用execve()的次数之间选取一个平衡,找到一个合适的block size和stepover。平均每个文件将增大约5-20%。<br>独立的<strong>afl-tmin工具</strong>使用更完整(exhaustive)、迭代次数更多(iteractive)的算法,并尝试对被修剪的文件采用字母标准化的方式处理。</p>
|
||||||
<h2 id="6-模糊测试策略-Fuzzing-strategies"><a href="#6-模糊测试策略-Fuzzing-strategies" class="headerlink" title="6) 模糊测试策略(Fuzzing strategies)"></a>6) 模糊测试策略(Fuzzing strategies)</h2><p>插桩提供的反馈(feedback)使得我们更容易理解各种不同fuzzing策略的价值,从而优化(optimize)他们的参数。使得他们对不同的文件类型都能同等地进行工作。afl-fuzz用的策略通常是与格式无关(format-agnostic),详细说明在下边的连接中:<br><a href="http://lcamtuf.blogspot.com/2014/08/binary-fuzzing-strategies-what-works.html" target="_blank" rel="noopener">binary-fuzzing-strategies-what-works</a><br>值得注意的一点是,afl-fuzz大部分的(尤其是前期的)工作都是高度确定的(highly deterministic),随机性修改和测试用例拼接(random stacked modifications和test case splicing)只在后期的部分进行。 <strong>确定性的策略</strong> 包括:<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line">- Sequential bit flips with varying lengths and stepovers,使用变化的长度和步距来连续进行位反转</span><br><span class="line"></span><br><span class="line">- Sequential addition and subtraction of small integers,对小的整型数来连续进行加法和减法</span><br><span class="line"></span><br><span class="line">- Sequential insertion of known interesting integers (0, 1, INT_MAX, etc),对已知的感兴趣的整型数连续地插入</span><br></pre></td></tr></table></figure></p>
|
<h2 id="6-模糊测试策略-Fuzzing-strategies"><a href="#6-模糊测试策略-Fuzzing-strategies" class="headerlink" title="6) 模糊测试策略(Fuzzing strategies)"></a>6) 模糊测试策略(Fuzzing strategies)</h2><p>插桩提供的反馈(feedback)使得我们更容易理解各种不同fuzzing策略的价值,从而优化(optimize)他们的参数。使得他们对不同的文件类型都能同等地进行工作。afl-fuzz用的策略通常是与格式无关(format-agnostic),详细说明在下边的连接中:<br><a href="http://lcamtuf.blogspot.com/2014/08/binary-fuzzing-strategies-what-works.html" target="_blank" rel="noopener">binary-fuzzing-strategies-what-works</a><br>值得注意的一点是,afl-fuzz大部分的(尤其是前期的)工作都是高度确定的(highly deterministic),随机性修改和测试用例拼接(random stacked modifications和test case splicing)只在后期的部分进行。 <strong>确定性的策略</strong> 包括:<br><figure class="highlight sql"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line">- Sequential bit flips <span class="keyword">with</span> <span class="built_in">varying</span> lengths <span class="keyword">and</span> stepovers,使用变化的长度和步距来连续进行位反转</span><br><span class="line"></span><br><span class="line">- <span class="keyword">Sequential</span> addition <span class="keyword">and</span> subtraction <span class="keyword">of</span> small integers,对小的整型数来连续进行加法和减法</span><br><span class="line"></span><br><span class="line">- <span class="keyword">Sequential</span> insertion <span class="keyword">of</span> known interesting integers (<span class="number">0</span>, <span class="number">1</span>, INT_MAX, etc),对已知的感兴趣的整型数连续地插入</span><br></pre></td></tr></table></figure></p>
|
||||||
<p>使用这些确定步骤的目的在于,生成紧凑的(compact)测试用例,以及在产生non-crashing的输入和产生crashing的输入之间,有很小的差异(small diffs)。<br><strong>非确定性(non-deterministic)策略</strong> 的步骤包括:stacked bit flips、插入(insertions)、删除(deletions)、算数(arithmetics)和不同测试用例之间的拼接(splicing)。</p>
|
<p>使用这些确定步骤的目的在于,生成紧凑的(compact)测试用例,以及在产生non-crashing的输入和产生crashing的输入之间,有很小的差异(small diffs)。<br><strong>非确定性(non-deterministic)策略</strong> 的步骤包括:stacked bit flips、插入(insertions)、删除(deletions)、算数(arithmetics)和不同测试用例之间的拼接(splicing)。</p>
|
||||||
<p>由于在<a href="http://lcamtuf.coredump.cx/afl/historical_notes.txt" target="_blank" rel="noopener">historical_notes.txt</a> 中提到的原因(性能、简易性、可靠性),AFL通常不试图去推断某个特定的变异(specific mutations)和程序状态(program states)的关系。</p>
|
<p>由于在<a href="http://lcamtuf.coredump.cx/afl/historical_notes.txt" target="_blank" rel="noopener">historical_notes.txt</a> 中提到的原因(性能、简易性、可靠性),AFL通常不试图去推断某个特定的变异(specific mutations)和程序状态(program states)的关系。</p>
|
||||||
<p>fuzzing的步骤名义上来说是盲目的(nominally blind),只被输入队列的进化方式的设计所影响(<strong>见第三部分</strong>)。</p>
|
<p>fuzzing的步骤名义上来说是盲目的(nominally blind),只被输入队列的进化方式的设计所影响(<strong>见第三部分</strong>)。</p>
|
||||||
<p>这意味着,这条规则有一个例外:<br>当一个新的队列条目,经过初始的确定性fuzzing步骤集合时,并且文件的部分区域被观测到对执行路径的校验和没有影响,这些队列条目在接下来的确定性fuzzing阶段可能会被排除。<br>尤其是对那些冗长的数据格式,这可以在保持覆盖率不变的情况下,减少10-40%的执行次数。在一些极端情况下,比如一些block-aligned的tar文件,这个数字可以达到90%。</p>
|
<p>这意味着,这条规则有一个例外:<br>当一个新的队列条目,经过初始的确定性fuzzing步骤集合时,并且文件的部分区域被观测到对执行路径的校验和没有影响,这些队列条目在接下来的确定性fuzzing阶段可能会被排除。<br>尤其是对那些冗长的数据格式,这可以在保持覆盖率不变的情况下,减少10-40%的执行次数。在一些极端情况下,比如一些block-aligned的tar文件,这个数字可以达到90%。</p>
|
||||||
<h2 id="7-字典-Dictionaries"><a href="#7-字典-Dictionaries" class="headerlink" title="7) 字典(Dictionaries)"></a>7) 字典(Dictionaries)</h2><p>插桩提供的反馈能够让它自动地识别出一些输入文件中的语法(syntax)符号(tokens),并且能够为测试器(tested parser)检测到一些组合,这些组合是由预定义(predefined)的或自动检测到的(auto-detected)字典项(dictionary terms)构成的合法语法(valid grammar)。<br>关于这些特点在afl-fuzz是如何实现的,可以看一下这个链接:<br><a href="http://lcamtuf.blogspot.com/2015/01/afl-fuzz-making-up-grammar-with.html" target="_blank" rel="noopener">afl-fuzz-making-up-grammar-with</a><br>大体上,当基本的(basic, typically easily-obtained)句法(syntax)符号(tokens)以纯粹随机的方式组合在一起时,<strong>插桩</strong>和<strong>队列进化</strong>这两种方法共同提供了一种反馈机制,这种反馈机制能够区分无意义的变异和在插桩代码中触发新行为的变异。这样能增量地构建更复杂的句法(syntax)。<br>这样构建的字典能够让fuzzer快速地重构非常详细(highly verbose)且复杂的(complex)语法,比如JavaScript, SQL,XML。一些生成SQL语句的例子已经在之前提到的博客中给出了。<br>有趣的是,AFL的插桩也允许fuzzer自动地隔离(isolate)已经在输入文件中出现过的句法(syntax)符号(tokens)。</p>
|
<h2 id="7-字典-Dictionaries"><a href="#7-字典-Dictionaries" class="headerlink" title="7) 字典(Dictionaries)"></a>7) 字典(Dictionaries)</h2><p>插桩提供的反馈能够让它自动地识别出一些输入文件中的语法(syntax)符号(tokens),并且能够为测试器(tested parser)检测到一些组合,这些组合是由预定义(predefined)的或自动检测到的(auto-detected)字典项(dictionary terms)构成的合法语法(valid grammar)。<br>关于这些特点在afl-fuzz是如何实现的,可以看一下这个链接:<br><a href="http://lcamtuf.blogspot.com/2015/01/afl-fuzz-making-up-grammar-with.html" target="_blank" rel="noopener">afl-fuzz-making-up-grammar-with</a><br>大体上,当基本的(basic, typically easily-obtained)句法(syntax)符号(tokens)以纯粹随机的方式组合在一起时,<strong>插桩</strong>和<strong>队列进化</strong>这两种方法共同提供了一种反馈机制,这种反馈机制能够区分无意义的变异和在插桩代码中触发新行为的变异。这样能增量地构建更复杂的句法(syntax)。<br>这样构建的字典能够让fuzzer快速地重构非常详细(highly verbose)且复杂的(complex)语法,比如JavaScript, SQL,XML。一些生成SQL语句的例子已经在之前提到的博客中给出了。<br>有趣的是,AFL的插桩也允许fuzzer自动地隔离(isolate)已经在输入文件中出现过的句法(syntax)符号(tokens)。</p>
|
||||||
<h2 id="8-崩溃去重(De-duping-crashes)"><a href="#8-崩溃去重(De-duping-crashes)" class="headerlink" title="8) 崩溃去重(De-duping crashes)"></a>8) 崩溃去重(De-duping crashes)</h2><p>崩溃去重是fuzzing工具里很重要的问题之一。很多naive的解决方式都会有这样的问题:如果这个错误发生在一个普通的库函数中(如say, strcmp, strcpy),只关注出错地址(faulting address)的话,那么可能导致一些完全不相关的问题被分在一类(clustered together)。如果错误发生在一些不同的、可能递归的代码路径中,那么校验和(checksumming)调用栈回溯(call stack backtraces)时可能导致crash count inflation(通胀)。</p>
|
<h2 id="8-崩溃去重(De-duping-crashes)"><a href="#8-崩溃去重(De-duping-crashes)" class="headerlink" title="8) 崩溃去重(De-duping crashes)"></a>8) 崩溃去重(De-duping crashes)</h2><p>崩溃去重是fuzzing工具里很重要的问题之一。很多naive的解决方式都会有这样的问题:如果这个错误发生在一个普通的库函数中(如say, strcmp, strcpy),只关注出错地址(faulting address)的话,那么可能导致一些完全不相关的问题被分在一类(clustered together)。如果错误发生在一些不同的、可能递归的代码路径中,那么校验和(checksumming)调用栈回溯(call stack backtraces)时可能导致crash count inflation(通胀)。</p>
|
||||||
<p>afl-fuzz的解决方案认为满足一下两个条件,那么这个crash就是唯一的(unique):<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">- The crash trace includes a tuple not seen in any of the previous crashes,这个crash的路径包括一个之前crash从未见到过的tuple。</span><br><span class="line">- The crash trace is missing a tuple that was always present in earlier faults.这个crash的路径不包含一个总在之前crash中出现的tuple。</span><br></pre></td></tr></table></figure></p>
|
<p>afl-fuzz的解决方案认为满足一下两个条件,那么这个crash就是唯一的(unique):<br><figure class="highlight nimrod"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">- <span class="type">The</span> crash trace includes a <span class="keyword">tuple</span> <span class="keyword">not</span> seen <span class="keyword">in</span> <span class="built_in">any</span> <span class="keyword">of</span> the previous crashes,这个crash的路径包括一个之前crash从未见到过的<span class="keyword">tuple</span>。</span><br><span class="line">- <span class="type">The</span> crash trace <span class="keyword">is</span> missing a <span class="keyword">tuple</span> that was always present <span class="keyword">in</span> earlier faults.这个crash的路径不包含一个总在之前crash中出现的<span class="keyword">tuple</span>。</span><br></pre></td></tr></table></figure></p>
|
||||||
<p>这种方式一开始容易受到count inflation的影响,但实验表明其有很强的自我限制效果。和执行路径分析一样,这种 <strong>崩溃去重</strong> 的方式是afl-fuzz的基石(cornerstone)。</p>
|
<p>这种方式一开始容易受到count inflation的影响,但实验表明其有很强的自我限制效果。和执行路径分析一样,这种 <strong>崩溃去重</strong> 的方式是afl-fuzz的基石(cornerstone)。</p>
|
||||||
<h2 id="9-崩溃调查-Investigating-crashes"><a href="#9-崩溃调查-Investigating-crashes" class="headerlink" title="9) 崩溃调查(Investigating crashes)"></a>9) 崩溃调查(Investigating crashes)</h2><p>不同的crash的可用性(exploitability)是不同的。afl-fuzz提供一个crash的探索模式(exploration mode)来解决这个问题。<br>对一个已知的出错测试用例,它被fuzz的方式和正常fuzz的操作没什么不同,但是有一个限制能让任何non-crashing 的变异(mutations)会被丢弃(thrown away)。<br>这种方法的意义在以下链接中会进一步讨论:<br><a href="http://lcamtuf.blogspot.com/2014/11/afl-fuzz-crash-exploration-mode.html" target="_blank" rel="noopener">afl-fuzz-crash-exploration-mode</a><br>这种方法利用<strong>instrumentation的反馈</strong>,探索crash程序的状态,从而进一步通过歧义性的失败条件,找到了最新发现的input。<br>对于crashes来说,值得注意的是和正常的队列条目对比,导致crash的input没有被去掉,为了和它们的父条目(队列中没有导致crash的条目)对比,它们被保存下来,<br>这就是说afl-tmin可以被用来随意缩减它们。</p>
|
<h2 id="9-崩溃调查-Investigating-crashes"><a href="#9-崩溃调查-Investigating-crashes" class="headerlink" title="9) 崩溃调查(Investigating crashes)"></a>9) 崩溃调查(Investigating crashes)</h2><p>不同的crash的可用性(exploitability)是不同的。afl-fuzz提供一个crash的探索模式(exploration mode)来解决这个问题。<br>对一个已知的出错测试用例,它被fuzz的方式和正常fuzz的操作没什么不同,但是有一个限制能让任何non-crashing 的变异(mutations)会被丢弃(thrown away)。<br>这种方法的意义在以下链接中会进一步讨论:<br><a href="http://lcamtuf.blogspot.com/2014/11/afl-fuzz-crash-exploration-mode.html" target="_blank" rel="noopener">afl-fuzz-crash-exploration-mode</a><br>这种方法利用<strong>instrumentation的反馈</strong>,探索crash程序的状态,从而进一步通过歧义性的失败条件,找到了最新发现的input。<br>对于crashes来说,值得注意的是和正常的队列条目对比,导致crash的input没有被去掉,为了和它们的父条目(队列中没有导致crash的条目)对比,它们被保存下来,<br>这就是说afl-tmin可以被用来随意缩减它们。</p>
|
||||||
<h2 id="10-The-fork-server"><a href="#10-The-fork-server" class="headerlink" title="10) The fork server"></a>10) The fork server</h2><p>为了提升性能,afl-fuzz使用了一个”fork server”,fuzz的进程只进行一次execve(), 连接(linking), 库初始化(libc initialization)。fuzz进程通过copy-on-write(写时拷贝技术)从已停止的fuzz进程中clone下来。实现细节在以下链接中:<br><a href="http://lcamtuf.blogspot.com/2014/10/fuzzing-binaries-without-execve.html" target="_blank" rel="noopener">fuzzing-binaries-without-execve</a><br>fork server被集成在了instrumentation的程序下,在第一个instrument函数执行时,fork server就停止并等待afl-fuzz的命令。<br>对于需要快速发包的测试,fork server可以提升1.5到2倍的性能。</p>
|
<h2 id="10-The-fork-server"><a href="#10-The-fork-server" class="headerlink" title="10) The fork server"></a>10) The fork server</h2><p>为了提升性能,afl-fuzz使用了一个”fork server”,fuzz的进程只进行一次execve(), 连接(linking), 库初始化(libc initialization)。fuzz进程通过copy-on-write(写时拷贝技术)从已停止的fuzz进程中clone下来。实现细节在以下链接中:<br><a href="http://lcamtuf.blogspot.com/2014/10/fuzzing-binaries-without-execve.html" target="_blank" rel="noopener">fuzzing-binaries-without-execve</a><br>fork server被集成在了instrumentation的程序下,在第一个instrument函数执行时,fork server就停止并等待afl-fuzz的命令。<br>对于需要快速发包的测试,fork server可以提升1.5到2倍的性能。</p>
|
||||||
<h2 id="11-并行机制"><a href="#11-并行机制" class="headerlink" title="11) 并行机制"></a>11) 并行机制</h2><p>实现并行的机制是,定期检查不同cpu core或不同机器产生的队列,然后有选择性的把队列中的条目放到test cases中。<br>详见: parallel_fuzzing.txt.</p>
|
<h2 id="11-并行机制"><a href="#11-并行机制" class="headerlink" title="11) 并行机制"></a>11) 并行机制</h2><p>实现并行的机制是,定期检查不同cpu core或不同机器产生的队列,然后有选择性的把队列中的条目放到test cases中。<br>详见: parallel_fuzzing.txt.</p>
|
||||||
<h2 id="12)二进制instrumentation"><a href="#12)二进制instrumentation" class="headerlink" title="12)二进制instrumentation"></a>12)二进制instrumentation</h2><p>AFL-Fuzz对二进制黑盒目标程序的instrumentation是通过<strong>QEMU</strong>的“user emulation”模式实现的。<br>这样我们就可以允许跨架构的运行,比如ARM binaries运行在X86的架构上。<br>QEMU使用basic blocks作为翻译单元,利用QEMU做instrumentation,再使用一个和编译期instrumentation类似的<strong>guided fuzz</strong>的模型。<br><figure class="highlight plain"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br></pre></td><td class="code"><pre><span class="line">if (block_address > elf_text_start && block_address < elf_text_end) {</span><br><span class="line"></span><br><span class="line"> cur_location = (block_address >> 4) ^ (block_address << 8);</span><br><span class="line"> shared_mem[cur_location ^ prev_location]++;</span><br><span class="line"> prev_location = cur_location >> 1;</span><br><span class="line"></span><br><span class="line">}</span><br></pre></td></tr></table></figure></p>
|
<h2 id="12)二进制instrumentation"><a href="#12)二进制instrumentation" class="headerlink" title="12)二进制instrumentation"></a>12)二进制instrumentation</h2><p>AFL-Fuzz对二进制黑盒目标程序的instrumentation是通过<strong>QEMU</strong>的“user emulation”模式实现的。<br>这样我们就可以允许跨架构的运行,比如ARM binaries运行在X86的架构上。<br>QEMU使用basic blocks作为翻译单元,利用QEMU做instrumentation,再使用一个和编译期instrumentation类似的<strong>guided fuzz</strong>的模型。<br><figure class="highlight mipsasm"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br></pre></td><td class="code"><pre><span class="line">if (<span class="keyword">block_address </span>> elf_text_start && <span class="keyword">block_address </span>< elf_text_end) {</span><br><span class="line"></span><br><span class="line"> cur_location = (<span class="keyword">block_address </span>>> <span class="number">4</span>) ^ (<span class="keyword">block_address </span><< <span class="number">8</span>)<span class="comment">;</span></span><br><span class="line"> <span class="keyword">shared_mem[cur_location </span>^ prev_location]++<span class="comment">;</span></span><br><span class="line"> prev_location = cur_location >> <span class="number">1</span><span class="comment">;</span></span><br><span class="line"></span><br><span class="line">}</span><br></pre></td></tr></table></figure></p>
|
||||||
<p>像QEMU, DynamoRIO, and PIN这样的二进制翻译器,启动是很慢的。QEMU mode同样使用了一个fork server,和编译期一样,通过把一个已经初始化好的进程镜像,直接拷贝到新的进程中。<br>当然第一次翻译一个新的basic block还是有必要的延迟,为了解决这个问题AFL fork server在emulator和父进程之间提供了一个频道。这个频道用来通知父进程新添加的blocks的地址,之后吧这些blocks放到一个缓存中,以便直接复制到将来的子进程中。这样优化之后,QEMU模式对目标程序造成2-5倍的减速,相比之下,PIN造成100倍以上的减速。</p>
|
<p>像QEMU, DynamoRIO, and PIN这样的二进制翻译器,启动是很慢的。QEMU mode同样使用了一个fork server,和编译期一样,通过把一个已经初始化好的进程镜像,直接拷贝到新的进程中。<br>当然第一次翻译一个新的basic block还是有必要的延迟,为了解决这个问题AFL fork server在emulator和父进程之间提供了一个频道。这个频道用来通知父进程新添加的blocks的地址,之后吧这些blocks放到一个缓存中,以便直接复制到将来的子进程中。这样优化之后,QEMU模式对目标程序造成2-5倍的减速,相比之下,PIN造成100倍以上的减速。</p>
|
||||||
<h2 id="13)afl-analyze工具"><a href="#13)afl-analyze工具" class="headerlink" title="13)afl-analyze工具"></a>13)afl-analyze工具</h2><p>文件格式分析器是最小化算法的简单扩展<br>前面讨论过; 该工具执行一系列步行字节翻转,然后在输入文件中注释字节运行,而不是尝试删除无操作块。</p>
|
<h2 id="13)afl-analyze工具"><a href="#13)afl-analyze工具" class="headerlink" title="13)afl-analyze工具"></a>13)afl-analyze工具</h2><p>文件格式分析器是最小化算法的简单扩展<br>前面讨论过; 该工具执行一系列步行字节翻转,然后在输入文件中注释字节运行,而不是尝试删除无操作块。</p>
|
||||||
|
|
||||||
@ -903,7 +903,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -925,7 +925,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -1012,7 +1012,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
File diff suppressed because one or more lines are too long
1508
2019/07/10/x86basic/index.html
Normal file
1508
2019/07/10/x86basic/index.html
Normal file
File diff suppressed because one or more lines are too long
@ -367,7 +367,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -389,7 +389,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -460,7 +460,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -299,7 +299,7 @@
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
嗯..! 目前共计 17 篇日志。 继续努力。
|
嗯..! 目前共计 18 篇日志。 继续努力。
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
|
|
||||||
@ -397,7 +397,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -419,7 +419,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -490,7 +490,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -299,7 +299,7 @@
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
嗯..! 目前共计 17 篇日志。 继续努力。
|
嗯..! 目前共计 18 篇日志。 继续努力。
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
|
|
||||||
@ -397,7 +397,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -419,7 +419,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -490,7 +490,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -299,7 +299,7 @@
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
嗯..! 目前共计 17 篇日志。 继续努力。
|
嗯..! 目前共计 18 篇日志。 继续努力。
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
|
|
||||||
@ -397,7 +397,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -419,7 +419,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -490,7 +490,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -299,7 +299,7 @@
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
嗯..! 目前共计 17 篇日志。 继续努力。
|
嗯..! 目前共计 18 篇日志。 继续努力。
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
|
|
||||||
@ -467,7 +467,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -489,7 +489,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -560,7 +560,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -299,7 +299,7 @@
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
嗯..! 目前共计 17 篇日志。 继续努力。
|
嗯..! 目前共计 18 篇日志。 继续努力。
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
|
|
||||||
@ -502,7 +502,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -524,7 +524,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -595,7 +595,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -299,7 +299,7 @@
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
嗯..! 目前共计 17 篇日志。 继续努力。
|
嗯..! 目前共计 18 篇日志。 继续努力。
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
|
|
||||||
@ -397,7 +397,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -419,7 +419,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -490,7 +490,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -299,7 +299,7 @@
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
嗯..! 目前共计 17 篇日志。 继续努力。
|
嗯..! 目前共计 18 篇日志。 继续努力。
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
|
|
||||||
@ -397,7 +397,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -419,7 +419,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -490,7 +490,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -299,7 +299,7 @@
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
嗯..! 目前共计 17 篇日志。 继续努力。
|
嗯..! 目前共计 18 篇日志。 继续努力。
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
|
|
||||||
@ -502,7 +502,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -524,7 +524,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -595,7 +595,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -299,7 +299,7 @@
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
嗯..! 目前共计 17 篇日志。 继续努力。
|
嗯..! 目前共计 18 篇日志。 继续努力。
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
|
|
||||||
@ -432,7 +432,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -454,7 +454,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -525,7 +525,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -299,7 +299,7 @@
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
嗯..! 目前共计 17 篇日志。 继续努力。
|
嗯..! 目前共计 18 篇日志。 继续努力。
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
|
|
||||||
@ -432,7 +432,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -454,7 +454,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -525,7 +525,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -299,7 +299,7 @@
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
嗯..! 目前共计 17 篇日志。 继续努力。
|
嗯..! 目前共计 18 篇日志。 继续努力。
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
|
|
||||||
@ -318,6 +318,41 @@
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<article class="post post-type-normal" itemscope itemtype="http://schema.org/Article">
|
||||||
|
<header class="post-header">
|
||||||
|
|
||||||
|
<h2 class="post-title">
|
||||||
|
|
||||||
|
<a class="post-title-link" href="/2019/07/10/x86basic/" itemprop="url">
|
||||||
|
|
||||||
|
<span itemprop="name">x86-basic 漏洞利用</span>
|
||||||
|
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</h2>
|
||||||
|
|
||||||
|
<div class="post-meta">
|
||||||
|
<time class="post-time" itemprop="dateCreated" datetime="2019-07-10T17:00:36+08:00" content="2019-07-10">
|
||||||
|
07-10
|
||||||
|
</time>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
</header>
|
||||||
|
</article>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
<article class="post post-type-normal" itemscope itemtype="http://schema.org/Article">
|
<article class="post post-type-normal" itemscope itemtype="http://schema.org/Article">
|
||||||
<header class="post-header">
|
<header class="post-header">
|
||||||
|
|
||||||
@ -432,7 +467,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -454,7 +489,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -525,7 +560,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -299,7 +299,7 @@
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
嗯..! 目前共计 17 篇日志。 继续努力。
|
嗯..! 目前共计 18 篇日志。 继续努力。
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
|
|
||||||
@ -318,6 +318,41 @@
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<article class="post post-type-normal" itemscope itemtype="http://schema.org/Article">
|
||||||
|
<header class="post-header">
|
||||||
|
|
||||||
|
<h2 class="post-title">
|
||||||
|
|
||||||
|
<a class="post-title-link" href="/2019/07/10/x86basic/" itemprop="url">
|
||||||
|
|
||||||
|
<span itemprop="name">x86-basic 漏洞利用</span>
|
||||||
|
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</h2>
|
||||||
|
|
||||||
|
<div class="post-meta">
|
||||||
|
<time class="post-time" itemprop="dateCreated" datetime="2019-07-10T17:00:36+08:00" content="2019-07-10">
|
||||||
|
07-10
|
||||||
|
</time>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
</header>
|
||||||
|
</article>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
<article class="post post-type-normal" itemscope itemtype="http://schema.org/Article">
|
<article class="post post-type-normal" itemscope itemtype="http://schema.org/Article">
|
||||||
<header class="post-header">
|
<header class="post-header">
|
||||||
|
|
||||||
@ -624,41 +659,6 @@
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
<article class="post post-type-normal" itemscope itemtype="http://schema.org/Article">
|
|
||||||
<header class="post-header">
|
|
||||||
|
|
||||||
<h2 class="post-title">
|
|
||||||
|
|
||||||
<a class="post-title-link" href="/2019/03/16/小米固件工具mkxqimage/" itemprop="url">
|
|
||||||
|
|
||||||
<span itemprop="name">小米固件工具mkxqimage</span>
|
|
||||||
|
|
||||||
</a>
|
|
||||||
|
|
||||||
</h2>
|
|
||||||
|
|
||||||
<div class="post-meta">
|
|
||||||
<time class="post-time" itemprop="dateCreated" datetime="2019-03-16T14:57:56+08:00" content="2019-03-16">
|
|
||||||
03-16
|
|
||||||
</time>
|
|
||||||
</div>
|
|
||||||
|
|
||||||
</header>
|
|
||||||
</article>
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
@ -716,7 +716,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -738,7 +738,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -809,7 +809,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -299,7 +299,7 @@
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
嗯..! 目前共计 17 篇日志。 继续努力。
|
嗯..! 目前共计 18 篇日志。 继续努力。
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
|
|
||||||
@ -318,6 +318,41 @@
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<article class="post post-type-normal" itemscope itemtype="http://schema.org/Article">
|
||||||
|
<header class="post-header">
|
||||||
|
|
||||||
|
<h2 class="post-title">
|
||||||
|
|
||||||
|
<a class="post-title-link" href="/2019/03/16/小米固件工具mkxqimage/" itemprop="url">
|
||||||
|
|
||||||
|
<span itemprop="name">小米固件工具mkxqimage</span>
|
||||||
|
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</h2>
|
||||||
|
|
||||||
|
<div class="post-meta">
|
||||||
|
<time class="post-time" itemprop="dateCreated" datetime="2019-03-16T14:57:56+08:00" content="2019-03-16">
|
||||||
|
03-16
|
||||||
|
</time>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
</header>
|
||||||
|
</article>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
<article class="post post-type-normal" itemscope itemtype="http://schema.org/Article">
|
<article class="post post-type-normal" itemscope itemtype="http://schema.org/Article">
|
||||||
<header class="post-header">
|
<header class="post-header">
|
||||||
|
|
||||||
@ -436,7 +471,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -458,7 +493,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -529,7 +564,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -299,7 +299,7 @@
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
嗯..! 目前共计 17 篇日志。 继续努力。
|
嗯..! 目前共计 18 篇日志。 继续努力。
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
|
|
||||||
@ -318,6 +318,41 @@
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<article class="post post-type-normal" itemscope itemtype="http://schema.org/Article">
|
||||||
|
<header class="post-header">
|
||||||
|
|
||||||
|
<h2 class="post-title">
|
||||||
|
|
||||||
|
<a class="post-title-link" href="/2019/07/10/x86basic/" itemprop="url">
|
||||||
|
|
||||||
|
<span itemprop="name">x86-basic 漏洞利用</span>
|
||||||
|
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</h2>
|
||||||
|
|
||||||
|
<div class="post-meta">
|
||||||
|
<time class="post-time" itemprop="dateCreated" datetime="2019-07-10T17:00:36+08:00" content="2019-07-10">
|
||||||
|
07-10
|
||||||
|
</time>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
</header>
|
||||||
|
</article>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
<article class="post post-type-normal" itemscope itemtype="http://schema.org/Article">
|
<article class="post post-type-normal" itemscope itemtype="http://schema.org/Article">
|
||||||
<header class="post-header">
|
<header class="post-header">
|
||||||
|
|
||||||
@ -624,41 +659,6 @@
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
<article class="post post-type-normal" itemscope itemtype="http://schema.org/Article">
|
|
||||||
<header class="post-header">
|
|
||||||
|
|
||||||
<h2 class="post-title">
|
|
||||||
|
|
||||||
<a class="post-title-link" href="/2019/03/16/小米固件工具mkxqimage/" itemprop="url">
|
|
||||||
|
|
||||||
<span itemprop="name">小米固件工具mkxqimage</span>
|
|
||||||
|
|
||||||
</a>
|
|
||||||
|
|
||||||
</h2>
|
|
||||||
|
|
||||||
<div class="post-meta">
|
|
||||||
<time class="post-time" itemprop="dateCreated" datetime="2019-03-16T14:57:56+08:00" content="2019-03-16">
|
|
||||||
03-16
|
|
||||||
</time>
|
|
||||||
</div>
|
|
||||||
|
|
||||||
</header>
|
|
||||||
</article>
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
@ -716,7 +716,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -738,7 +738,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -809,7 +809,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -299,7 +299,7 @@
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
嗯..! 目前共计 17 篇日志。 继续努力。
|
嗯..! 目前共计 18 篇日志。 继续努力。
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
|
|
||||||
@ -318,6 +318,41 @@
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<article class="post post-type-normal" itemscope itemtype="http://schema.org/Article">
|
||||||
|
<header class="post-header">
|
||||||
|
|
||||||
|
<h2 class="post-title">
|
||||||
|
|
||||||
|
<a class="post-title-link" href="/2019/03/16/小米固件工具mkxqimage/" itemprop="url">
|
||||||
|
|
||||||
|
<span itemprop="name">小米固件工具mkxqimage</span>
|
||||||
|
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</h2>
|
||||||
|
|
||||||
|
<div class="post-meta">
|
||||||
|
<time class="post-time" itemprop="dateCreated" datetime="2019-03-16T14:57:56+08:00" content="2019-03-16">
|
||||||
|
03-16
|
||||||
|
</time>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
</header>
|
||||||
|
</article>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
<article class="post post-type-normal" itemscope itemtype="http://schema.org/Article">
|
<article class="post post-type-normal" itemscope itemtype="http://schema.org/Article">
|
||||||
<header class="post-header">
|
<header class="post-header">
|
||||||
|
|
||||||
@ -621,7 +656,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -643,7 +678,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -714,7 +749,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
|
https://cool-y.github.io/2019/07/10/x86basic/
|
||||||
https://cool-y.github.io/2019/07/09/afl-first-try/
|
https://cool-y.github.io/2019/07/09/afl-first-try/
|
||||||
https://cool-y.github.io/2019/07/01/AFL-first-learn/
|
https://cool-y.github.io/2019/07/01/AFL-first-learn/
|
||||||
https://cool-y.github.io/2019/05/14/pack-and-unpack/
|
https://cool-y.github.io/2019/05/14/pack-and-unpack/
|
||||||
https://cool-y.github.io/2019/05/13/PE-file/
|
https://cool-y.github.io/2019/05/13/PE-file/
|
||||||
https://cool-y.github.io/2019/04/21/XIAOMI-UPnP/
|
|
@ -1,6 +1,9 @@
|
|||||||
<?xml version="1.0" encoding="UTF-8"?>
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
|
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
|
||||||
<url>
|
<url>
|
||||||
|
<loc>https://cool-y.github.io/2019/07/10/x86basic/</loc>
|
||||||
|
<lastmod>2019-07-10</lastmod>
|
||||||
|
</url> <url>
|
||||||
<loc>https://cool-y.github.io/2019/07/01/AFL-first-learn/</loc>
|
<loc>https://cool-y.github.io/2019/07/01/AFL-first-learn/</loc>
|
||||||
<lastmod>2019-07-09</lastmod>
|
<lastmod>2019-07-09</lastmod>
|
||||||
</url> <url>
|
</url> <url>
|
||||||
@ -25,19 +28,19 @@
|
|||||||
<loc>https://cool-y.github.io/2019/04/15/Caving-db-storage/</loc>
|
<loc>https://cool-y.github.io/2019/04/15/Caving-db-storage/</loc>
|
||||||
<lastmod>2019-04-15</lastmod>
|
<lastmod>2019-04-15</lastmod>
|
||||||
</url> <url>
|
</url> <url>
|
||||||
<loc>https://cool-y.github.io/2019/03/16/%E5%B0%8F%E7%B1%B3%E5%9B%BA%E4%BB%B6%E5%B7%A5%E5%85%B7mkxqimage/</loc>
|
<loc>https://cool-y.github.io/2018/12/23/%E5%9F%BA%E4%BA%8E%E8%A7%84%E5%88%99%E5%BC%95%E6%93%8E%E5%8F%91%E7%8E%B0IOT%E8%AE%BE%E5%A4%87/</loc>
|
||||||
<lastmod>2019-04-15</lastmod>
|
<lastmod>2019-04-15</lastmod>
|
||||||
</url> <url>
|
</url> <url>
|
||||||
<loc>https://cool-y.github.io/2018/12/23/%E5%9F%BA%E4%BA%8E%E8%A7%84%E5%88%99%E5%BC%95%E6%93%8E%E5%8F%91%E7%8E%B0IOT%E8%AE%BE%E5%A4%87/</loc>
|
<loc>https://cool-y.github.io/2019/03/16/%E5%B0%8F%E7%B1%B3%E5%9B%BA%E4%BB%B6%E5%B7%A5%E5%85%B7mkxqimage/</loc>
|
||||||
<lastmod>2019-04-15</lastmod>
|
<lastmod>2019-04-15</lastmod>
|
||||||
</url> <url>
|
</url> <url>
|
||||||
<loc>https://cool-y.github.io/2019/01/16/wifi%E5%8D%8A%E5%8F%8C%E5%B7%A5%E4%BE%A7%E4%BF%A1%E9%81%93%E6%94%BB%E5%87%BB%E5%AD%A6%E4%B9%A0%E7%AC%94%E8%AE%B0/</loc>
|
<loc>https://cool-y.github.io/2019/01/16/wifi%E5%8D%8A%E5%8F%8C%E5%B7%A5%E4%BE%A7%E4%BF%A1%E9%81%93%E6%94%BB%E5%87%BB%E5%AD%A6%E4%B9%A0%E7%AC%94%E8%AE%B0/</loc>
|
||||||
<lastmod>2019-04-15</lastmod>
|
<lastmod>2019-04-15</lastmod>
|
||||||
</url> <url>
|
</url> <url>
|
||||||
<loc>https://cool-y.github.io/2019/02/22/qq%E6%95%B0%E6%8D%AE%E5%BA%93%E7%9A%84%E5%8A%A0%E5%AF%86%E8%A7%A3%E5%AF%86/</loc>
|
<loc>https://cool-y.github.io/2018/12/15/miio-control/</loc>
|
||||||
<lastmod>2019-04-15</lastmod>
|
<lastmod>2019-04-15</lastmod>
|
||||||
</url> <url>
|
</url> <url>
|
||||||
<loc>https://cool-y.github.io/2018/12/15/miio-control/</loc>
|
<loc>https://cool-y.github.io/2019/02/22/qq%E6%95%B0%E6%8D%AE%E5%BA%93%E7%9A%84%E5%8A%A0%E5%AF%86%E8%A7%A3%E5%AF%86/</loc>
|
||||||
<lastmod>2019-04-15</lastmod>
|
<lastmod>2019-04-15</lastmod>
|
||||||
</url> <url>
|
</url> <url>
|
||||||
<loc>https://cool-y.github.io/2019/03/23/auto-send-WX/</loc>
|
<loc>https://cool-y.github.io/2019/03/23/auto-send-WX/</loc>
|
||||||
@ -46,10 +49,10 @@
|
|||||||
<loc>https://cool-y.github.io/2000/01/01/hello-world/</loc>
|
<loc>https://cool-y.github.io/2000/01/01/hello-world/</loc>
|
||||||
<lastmod>2019-04-15</lastmod>
|
<lastmod>2019-04-15</lastmod>
|
||||||
</url> <url>
|
</url> <url>
|
||||||
<loc>https://cool-y.github.io/2019/03/25/Samba-CVE/</loc>
|
<loc>https://cool-y.github.io/2018/11/16/BIBA%E8%AE%BF%E9%97%AE%E6%8E%A7%E5%88%B6%E6%A8%A1%E5%9E%8B%E5%AE%9E%E7%8E%B0(python)/</loc>
|
||||||
<lastmod>2019-04-15</lastmod>
|
<lastmod>2019-04-15</lastmod>
|
||||||
</url> <url>
|
</url> <url>
|
||||||
<loc>https://cool-y.github.io/2018/11/16/BIBA%E8%AE%BF%E9%97%AE%E6%8E%A7%E5%88%B6%E6%A8%A1%E5%9E%8B%E5%AE%9E%E7%8E%B0(python)/</loc>
|
<loc>https://cool-y.github.io/2019/03/25/Samba-CVE/</loc>
|
||||||
<lastmod>2019-04-15</lastmod>
|
<lastmod>2019-04-15</lastmod>
|
||||||
</url>
|
</url>
|
||||||
</urlset>
|
</urlset>
|
||||||
|
@ -403,7 +403,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -425,7 +425,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -512,7 +512,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -456,7 +456,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -478,7 +478,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -549,7 +549,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -311,7 +311,7 @@
|
|||||||
目前共计 6 个分类
|
目前共计 6 个分类
|
||||||
</div>
|
</div>
|
||||||
<div class="category-all">
|
<div class="category-all">
|
||||||
<ul class="category-list"><li class="category-list-item"><a class="category-list-link" href="/categories/IOT/">IOT</a><span class="category-list-count">4</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/二进制/">二进制</a><span class="category-list-count">5</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/加密解密/">加密解密</a><span class="category-list-count">1</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/杂七杂八/">杂七杂八</a><span class="category-list-count">1</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/理论学习/">理论学习</a><span class="category-list-count">1</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/顶会论文/">顶会论文</a><span class="category-list-count">3</span></li></ul>
|
<ul class="category-list"><li class="category-list-item"><a class="category-list-link" href="/categories/IOT/">IOT</a><span class="category-list-count">4</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/二进制/">二进制</a><span class="category-list-count">6</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/加密解密/">加密解密</a><span class="category-list-count">1</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/杂七杂八/">杂七杂八</a><span class="category-list-count">1</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/理论学习/">理论学习</a><span class="category-list-count">1</span></li><li class="category-list-item"><a class="category-list-link" href="/categories/顶会论文/">顶会论文</a><span class="category-list-count">3</span></li></ul>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
@ -369,7 +369,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -391,7 +391,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -462,7 +462,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -300,6 +300,32 @@
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<article class="post post-type-normal" itemscope itemtype="http://schema.org/Article">
|
||||||
|
<header class="post-header">
|
||||||
|
|
||||||
|
<h2 class="post-title">
|
||||||
|
|
||||||
|
<a class="post-title-link" href="/2019/07/10/x86basic/" itemprop="url">
|
||||||
|
|
||||||
|
<span itemprop="name">x86-basic 漏洞利用</span>
|
||||||
|
|
||||||
|
</a>
|
||||||
|
|
||||||
|
</h2>
|
||||||
|
|
||||||
|
<div class="post-meta">
|
||||||
|
<time class="post-time" itemprop="dateCreated" datetime="2019-07-10T17:00:36+08:00" content="2019-07-10">
|
||||||
|
07-10
|
||||||
|
</time>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
</header>
|
||||||
|
</article>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
<article class="post post-type-normal" itemscope itemtype="http://schema.org/Article">
|
<article class="post post-type-normal" itemscope itemtype="http://schema.org/Article">
|
||||||
<header class="post-header">
|
<header class="post-header">
|
||||||
|
|
||||||
@ -482,7 +508,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -504,7 +530,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -575,7 +601,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -378,7 +378,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -400,7 +400,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -471,7 +471,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -378,7 +378,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -400,7 +400,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -471,7 +471,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -378,7 +378,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -400,7 +400,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -471,7 +471,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -430,7 +430,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -452,7 +452,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -523,7 +523,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
40
css/main.css
40
css/main.css
@ -487,8 +487,8 @@ pre,
|
|||||||
margin: 20px 0;
|
margin: 20px 0;
|
||||||
padding: 0;
|
padding: 0;
|
||||||
font-size: 13px;
|
font-size: 13px;
|
||||||
color: #4d4d4c;
|
color: #c5c8c6;
|
||||||
background: #f7f7f7;
|
background: #1d1f21;
|
||||||
line-height: 1.6;
|
line-height: 1.6;
|
||||||
}
|
}
|
||||||
pre,
|
pre,
|
||||||
@ -508,7 +508,7 @@ pre {
|
|||||||
}
|
}
|
||||||
pre code {
|
pre code {
|
||||||
padding: 0;
|
padding: 0;
|
||||||
color: #4d4d4c;
|
color: #c5c8c6;
|
||||||
background: none;
|
background: none;
|
||||||
text-shadow: none;
|
text-shadow: none;
|
||||||
}
|
}
|
||||||
@ -531,7 +531,7 @@ pre code {
|
|||||||
}
|
}
|
||||||
.highlight figcaption {
|
.highlight figcaption {
|
||||||
font-size: 1em;
|
font-size: 1em;
|
||||||
color: #4d4d4c;
|
color: #c5c8c6;
|
||||||
line-height: 1em;
|
line-height: 1em;
|
||||||
margin-bottom: 1em;
|
margin-bottom: 1em;
|
||||||
}
|
}
|
||||||
@ -545,23 +545,23 @@ pre code {
|
|||||||
}
|
}
|
||||||
.highlight figcaption a {
|
.highlight figcaption a {
|
||||||
float: right;
|
float: right;
|
||||||
color: #4d4d4c;
|
color: #c5c8c6;
|
||||||
}
|
}
|
||||||
.highlight figcaption a:hover {
|
.highlight figcaption a:hover {
|
||||||
border-bottom-color: #4d4d4c;
|
border-bottom-color: #c5c8c6;
|
||||||
}
|
}
|
||||||
.highlight .gutter pre {
|
.highlight .gutter pre {
|
||||||
padding-left: 10px;
|
padding-left: 10px;
|
||||||
padding-right: 10px;
|
padding-right: 10px;
|
||||||
color: #869194;
|
color: #888f96;
|
||||||
text-align: right;
|
text-align: right;
|
||||||
background-color: #eff2f3;
|
background-color: #000;
|
||||||
}
|
}
|
||||||
.highlight .code pre {
|
.highlight .code pre {
|
||||||
width: 100%;
|
width: 100%;
|
||||||
padding-left: 10px;
|
padding-left: 10px;
|
||||||
padding-right: 10px;
|
padding-right: 10px;
|
||||||
background-color: #f7f7f7;
|
background-color: #1d1f21;
|
||||||
}
|
}
|
||||||
.highlight .line {
|
.highlight .line {
|
||||||
height: 20px;
|
height: 20px;
|
||||||
@ -579,16 +579,16 @@ pre code {
|
|||||||
border: none;
|
border: none;
|
||||||
}
|
}
|
||||||
pre .deletion {
|
pre .deletion {
|
||||||
background: #fdd;
|
background: #008000;
|
||||||
}
|
}
|
||||||
pre .addition {
|
pre .addition {
|
||||||
background: #dfd;
|
background: #800000;
|
||||||
}
|
}
|
||||||
pre .meta {
|
pre .meta {
|
||||||
color: #8959a8;
|
color: #b294bb;
|
||||||
}
|
}
|
||||||
pre .comment {
|
pre .comment {
|
||||||
color: #8e908c;
|
color: #969896;
|
||||||
}
|
}
|
||||||
pre .variable,
|
pre .variable,
|
||||||
pre .attribute,
|
pre .attribute,
|
||||||
@ -602,7 +602,7 @@ pre .html .doctype,
|
|||||||
pre .css .id,
|
pre .css .id,
|
||||||
pre .css .class,
|
pre .css .class,
|
||||||
pre .css .pseudo {
|
pre .css .pseudo {
|
||||||
color: #c82829;
|
color: #c66;
|
||||||
}
|
}
|
||||||
pre .number,
|
pre .number,
|
||||||
pre .preprocessor,
|
pre .preprocessor,
|
||||||
@ -611,7 +611,7 @@ pre .literal,
|
|||||||
pre .params,
|
pre .params,
|
||||||
pre .constant,
|
pre .constant,
|
||||||
pre .command {
|
pre .command {
|
||||||
color: #f5871f;
|
color: #de935f;
|
||||||
}
|
}
|
||||||
pre .ruby .class .title,
|
pre .ruby .class .title,
|
||||||
pre .css .rules .attribute,
|
pre .css .rules .attribute,
|
||||||
@ -624,11 +624,11 @@ pre .xml .cdata,
|
|||||||
pre .special,
|
pre .special,
|
||||||
pre .number,
|
pre .number,
|
||||||
pre .formula {
|
pre .formula {
|
||||||
color: #718c00;
|
color: #b5bd68;
|
||||||
}
|
}
|
||||||
pre .title,
|
pre .title,
|
||||||
pre .css .hexcolor {
|
pre .css .hexcolor {
|
||||||
color: #3e999f;
|
color: #8abeb7;
|
||||||
}
|
}
|
||||||
pre .function,
|
pre .function,
|
||||||
pre .python .decorator,
|
pre .python .decorator,
|
||||||
@ -638,11 +638,11 @@ pre .ruby .title .keyword,
|
|||||||
pre .perl .sub,
|
pre .perl .sub,
|
||||||
pre .javascript .title,
|
pre .javascript .title,
|
||||||
pre .coffeescript .title {
|
pre .coffeescript .title {
|
||||||
color: #4271ae;
|
color: #81a2be;
|
||||||
}
|
}
|
||||||
pre .keyword,
|
pre .keyword,
|
||||||
pre .javascript .function {
|
pre .javascript .function {
|
||||||
color: #8959a8;
|
color: #b294bb;
|
||||||
}
|
}
|
||||||
.full-image.full-image.full-image.full-image {
|
.full-image.full-image.full-image.full-image {
|
||||||
border: none;
|
border: none;
|
||||||
@ -1943,7 +1943,7 @@ pre .javascript .function {
|
|||||||
width: 4px;
|
width: 4px;
|
||||||
height: 4px;
|
height: 4px;
|
||||||
border-radius: 50%;
|
border-radius: 50%;
|
||||||
background: #ffb6ff;
|
background: #6e2916;
|
||||||
}
|
}
|
||||||
.links-of-blogroll {
|
.links-of-blogroll {
|
||||||
font-size: 13px;
|
font-size: 13px;
|
||||||
|
395
index.html
395
index.html
@ -296,6 +296,197 @@
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<article class="post post-type-normal" itemscope itemtype="http://schema.org/Article">
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<div class="post-block">
|
||||||
|
<link itemprop="mainEntityOfPage" href="https://cool-y.github.io/2019/07/10/x86basic/">
|
||||||
|
|
||||||
|
<span hidden itemprop="author" itemscope itemtype="http://schema.org/Person">
|
||||||
|
<meta itemprop="name" content="Cool-Y">
|
||||||
|
<meta itemprop="description" content>
|
||||||
|
<meta itemprop="image" content="/images/avatar.png">
|
||||||
|
</span>
|
||||||
|
|
||||||
|
<span hidden itemprop="publisher" itemscope itemtype="http://schema.org/Organization">
|
||||||
|
<meta itemprop="name" content="混元霹雳手">
|
||||||
|
</span>
|
||||||
|
|
||||||
|
|
||||||
|
<header class="post-header">
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<h1 class="post-title" itemprop="name headline">
|
||||||
|
|
||||||
|
<a class="post-title-link" href="/2019/07/10/x86basic/" itemprop="url">x86-basic 漏洞利用</a></h1>
|
||||||
|
|
||||||
|
|
||||||
|
<div class="post-meta">
|
||||||
|
<span class="post-time">
|
||||||
|
|
||||||
|
<span class="post-meta-item-icon">
|
||||||
|
<i class="fa fa-calendar-o"></i>
|
||||||
|
</span>
|
||||||
|
|
||||||
|
<span class="post-meta-item-text">发表于</span>
|
||||||
|
|
||||||
|
<time title="创建于" itemprop="dateCreated datePublished" datetime="2019-07-10T17:00:36+08:00">
|
||||||
|
2019-07-10
|
||||||
|
</time>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
</span>
|
||||||
|
|
||||||
|
|
||||||
|
<span class="post-category">
|
||||||
|
|
||||||
|
<span class="post-meta-divider">|</span>
|
||||||
|
|
||||||
|
<span class="post-meta-item-icon">
|
||||||
|
<i class="fa fa-folder-o"></i>
|
||||||
|
</span>
|
||||||
|
|
||||||
|
<span class="post-meta-item-text">分类于</span>
|
||||||
|
|
||||||
|
|
||||||
|
<span itemprop="about" itemscope itemtype="http://schema.org/Thing">
|
||||||
|
<a href="/categories/二进制/" itemprop="url" rel="index">
|
||||||
|
<span itemprop="name">二进制</span>
|
||||||
|
</a>
|
||||||
|
</span>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
</span>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<span id="/2019/07/10/x86basic/" class="leancloud_visitors" data-flag-title="x86-basic 漏洞利用">
|
||||||
|
<span class="post-meta-divider">|</span>
|
||||||
|
<span class="post-meta-item-icon">
|
||||||
|
<i class="fa fa-eye"></i>
|
||||||
|
</span>
|
||||||
|
|
||||||
|
<span class="post-meta-item-text">阅读次数:</span>
|
||||||
|
|
||||||
|
<span class="leancloud-visitors-count"></span>
|
||||||
|
</span>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<div class="post-wordcount">
|
||||||
|
|
||||||
|
|
||||||
|
<span class="post-meta-item-icon">
|
||||||
|
<i class="fa fa-file-word-o"></i>
|
||||||
|
</span>
|
||||||
|
|
||||||
|
<span title="字数统计">
|
||||||
|
2.2k 字
|
||||||
|
</span>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<span class="post-meta-divider">|</span>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<span class="post-meta-item-icon">
|
||||||
|
<i class="fa fa-clock-o"></i>
|
||||||
|
</span>
|
||||||
|
|
||||||
|
<span title="阅读时长">
|
||||||
|
11 分钟
|
||||||
|
</span>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</header>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<div class="post-body" itemprop="articleBody">
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
这部分是对Window x86平台下的几个典型漏洞利用方式的介绍,从最基础的、没有开启任何保护的漏洞程序入手,然后开启GS,最后通过rop绕过DEP。
|
||||||
|
0x00 漏洞利用开发简介(1)需要什么
|
||||||
|
|
||||||
|
Immunity Debugger -Download
|
||||||
|
Mona.py -Download
|
||||||
|
Metasp
|
||||||
|
...
|
||||||
|
<!--noindex-->
|
||||||
|
<div class="post-button text-center">
|
||||||
|
<a class="btn" href="/2019/07/10/x86basic/#more" rel="contents">
|
||||||
|
阅读全文 »
|
||||||
|
</a>
|
||||||
|
</div>
|
||||||
|
<!--/noindex-->
|
||||||
|
|
||||||
|
|
||||||
|
</div>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<footer class="post-footer">
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<div class="post-eof"></div>
|
||||||
|
|
||||||
|
</footer>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
</article>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
<article class="post post-type-normal" itemscope itemtype="http://schema.org/Article">
|
<article class="post post-type-normal" itemscope itemtype="http://schema.org/Article">
|
||||||
|
|
||||||
|
|
||||||
@ -409,7 +600,7 @@
|
|||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="阅读时长">
|
<span title="阅读时长">
|
||||||
15 分钟
|
14 分钟
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
@ -1122,7 +1313,7 @@
|
|||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="字数统计">
|
<span title="字数统计">
|
||||||
5.9k 字
|
5.8k 字
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
|
|
||||||
@ -1136,7 +1327,7 @@
|
|||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="阅读时长">
|
<span title="阅读时长">
|
||||||
26 分钟
|
25 分钟
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
@ -1500,7 +1691,7 @@ MotivationDBMS(数据库管理系统)
|
|||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="字数统计">
|
<span title="字数统计">
|
||||||
3.1k 字
|
3k 字
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
|
|
||||||
@ -1910,7 +2101,7 @@ WinDbg
|
|||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="字数统计">
|
<span title="字数统计">
|
||||||
989 字
|
921 字
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
|
|
||||||
@ -1924,7 +2115,7 @@ WinDbg
|
|||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="阅读时长">
|
<span title="阅读时长">
|
||||||
4 分钟
|
3 分钟
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
@ -1970,192 +2161,6 @@ WinDbg
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
<footer class="post-footer">
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
<div class="post-eof"></div>
|
|
||||||
|
|
||||||
</footer>
|
|
||||||
</div>
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
</article>
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
<article class="post post-type-normal" itemscope itemtype="http://schema.org/Article">
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
<div class="post-block">
|
|
||||||
<link itemprop="mainEntityOfPage" href="https://cool-y.github.io/2019/03/16/小米固件工具mkxqimage/">
|
|
||||||
|
|
||||||
<span hidden itemprop="author" itemscope itemtype="http://schema.org/Person">
|
|
||||||
<meta itemprop="name" content="Cool-Y">
|
|
||||||
<meta itemprop="description" content>
|
|
||||||
<meta itemprop="image" content="/images/avatar.png">
|
|
||||||
</span>
|
|
||||||
|
|
||||||
<span hidden itemprop="publisher" itemscope itemtype="http://schema.org/Organization">
|
|
||||||
<meta itemprop="name" content="混元霹雳手">
|
|
||||||
</span>
|
|
||||||
|
|
||||||
|
|
||||||
<header class="post-header">
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
<h1 class="post-title" itemprop="name headline">
|
|
||||||
|
|
||||||
<a class="post-title-link" href="/2019/03/16/小米固件工具mkxqimage/" itemprop="url">小米固件工具mkxqimage</a></h1>
|
|
||||||
|
|
||||||
|
|
||||||
<div class="post-meta">
|
|
||||||
<span class="post-time">
|
|
||||||
|
|
||||||
<span class="post-meta-item-icon">
|
|
||||||
<i class="fa fa-calendar-o"></i>
|
|
||||||
</span>
|
|
||||||
|
|
||||||
<span class="post-meta-item-text">发表于</span>
|
|
||||||
|
|
||||||
<time title="创建于" itemprop="dateCreated datePublished" datetime="2019-03-16T14:57:56+08:00">
|
|
||||||
2019-03-16
|
|
||||||
</time>
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
</span>
|
|
||||||
|
|
||||||
|
|
||||||
<span class="post-category">
|
|
||||||
|
|
||||||
<span class="post-meta-divider">|</span>
|
|
||||||
|
|
||||||
<span class="post-meta-item-icon">
|
|
||||||
<i class="fa fa-folder-o"></i>
|
|
||||||
</span>
|
|
||||||
|
|
||||||
<span class="post-meta-item-text">分类于</span>
|
|
||||||
|
|
||||||
|
|
||||||
<span itemprop="about" itemscope itemtype="http://schema.org/Thing">
|
|
||||||
<a href="/categories/IOT/" itemprop="url" rel="index">
|
|
||||||
<span itemprop="name">IOT</span>
|
|
||||||
</a>
|
|
||||||
</span>
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
</span>
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
<span id="/2019/03/16/小米固件工具mkxqimage/" class="leancloud_visitors" data-flag-title="小米固件工具mkxqimage">
|
|
||||||
<span class="post-meta-divider">|</span>
|
|
||||||
<span class="post-meta-item-icon">
|
|
||||||
<i class="fa fa-eye"></i>
|
|
||||||
</span>
|
|
||||||
|
|
||||||
<span class="post-meta-item-text">阅读次数:</span>
|
|
||||||
|
|
||||||
<span class="leancloud-visitors-count"></span>
|
|
||||||
</span>
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
<div class="post-wordcount">
|
|
||||||
|
|
||||||
|
|
||||||
<span class="post-meta-item-icon">
|
|
||||||
<i class="fa fa-file-word-o"></i>
|
|
||||||
</span>
|
|
||||||
|
|
||||||
<span title="字数统计">
|
|
||||||
690 字
|
|
||||||
</span>
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
<span class="post-meta-divider">|</span>
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
<span class="post-meta-item-icon">
|
|
||||||
<i class="fa fa-clock-o"></i>
|
|
||||||
</span>
|
|
||||||
|
|
||||||
<span title="阅读时长">
|
|
||||||
2 分钟
|
|
||||||
</span>
|
|
||||||
|
|
||||||
</div>
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
</div>
|
|
||||||
</header>
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
<div class="post-body" itemprop="articleBody">
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
小米固件工具mkxqimage小米自己改了个打包解包固件的工具,基于 trx 改的(本质上还是 trx 格式),加了 RSA 验证和解包功能,路由系统里自带:1234Usage:mkxqimg [-o outfile] [-p private_key] [-f file] [-f file [-f
|
|
||||||
...
|
|
||||||
<!--noindex-->
|
|
||||||
<div class="post-button text-center">
|
|
||||||
<a class="btn" href="/2019/03/16/小米固件工具mkxqimage/#more" rel="contents">
|
|
||||||
阅读全文 »
|
|
||||||
</a>
|
|
||||||
</div>
|
|
||||||
<!--/noindex-->
|
|
||||||
|
|
||||||
|
|
||||||
</div>
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
<footer class="post-footer">
|
<footer class="post-footer">
|
||||||
|
|
||||||
|
|
||||||
@ -2228,7 +2233,7 @@ WinDbg
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -2250,7 +2255,7 @@ WinDbg
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -2321,7 +2326,7 @@ WinDbg
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -296,6 +296,192 @@
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<article class="post post-type-normal" itemscope itemtype="http://schema.org/Article">
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<div class="post-block">
|
||||||
|
<link itemprop="mainEntityOfPage" href="https://cool-y.github.io/2019/03/16/小米固件工具mkxqimage/">
|
||||||
|
|
||||||
|
<span hidden itemprop="author" itemscope itemtype="http://schema.org/Person">
|
||||||
|
<meta itemprop="name" content="Cool-Y">
|
||||||
|
<meta itemprop="description" content>
|
||||||
|
<meta itemprop="image" content="/images/avatar.png">
|
||||||
|
</span>
|
||||||
|
|
||||||
|
<span hidden itemprop="publisher" itemscope itemtype="http://schema.org/Organization">
|
||||||
|
<meta itemprop="name" content="混元霹雳手">
|
||||||
|
</span>
|
||||||
|
|
||||||
|
|
||||||
|
<header class="post-header">
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<h1 class="post-title" itemprop="name headline">
|
||||||
|
|
||||||
|
<a class="post-title-link" href="/2019/03/16/小米固件工具mkxqimage/" itemprop="url">小米固件工具mkxqimage</a></h1>
|
||||||
|
|
||||||
|
|
||||||
|
<div class="post-meta">
|
||||||
|
<span class="post-time">
|
||||||
|
|
||||||
|
<span class="post-meta-item-icon">
|
||||||
|
<i class="fa fa-calendar-o"></i>
|
||||||
|
</span>
|
||||||
|
|
||||||
|
<span class="post-meta-item-text">发表于</span>
|
||||||
|
|
||||||
|
<time title="创建于" itemprop="dateCreated datePublished" datetime="2019-03-16T14:57:56+08:00">
|
||||||
|
2019-03-16
|
||||||
|
</time>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
</span>
|
||||||
|
|
||||||
|
|
||||||
|
<span class="post-category">
|
||||||
|
|
||||||
|
<span class="post-meta-divider">|</span>
|
||||||
|
|
||||||
|
<span class="post-meta-item-icon">
|
||||||
|
<i class="fa fa-folder-o"></i>
|
||||||
|
</span>
|
||||||
|
|
||||||
|
<span class="post-meta-item-text">分类于</span>
|
||||||
|
|
||||||
|
|
||||||
|
<span itemprop="about" itemscope itemtype="http://schema.org/Thing">
|
||||||
|
<a href="/categories/IOT/" itemprop="url" rel="index">
|
||||||
|
<span itemprop="name">IOT</span>
|
||||||
|
</a>
|
||||||
|
</span>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
</span>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<span id="/2019/03/16/小米固件工具mkxqimage/" class="leancloud_visitors" data-flag-title="小米固件工具mkxqimage">
|
||||||
|
<span class="post-meta-divider">|</span>
|
||||||
|
<span class="post-meta-item-icon">
|
||||||
|
<i class="fa fa-eye"></i>
|
||||||
|
</span>
|
||||||
|
|
||||||
|
<span class="post-meta-item-text">阅读次数:</span>
|
||||||
|
|
||||||
|
<span class="leancloud-visitors-count"></span>
|
||||||
|
</span>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<div class="post-wordcount">
|
||||||
|
|
||||||
|
|
||||||
|
<span class="post-meta-item-icon">
|
||||||
|
<i class="fa fa-file-word-o"></i>
|
||||||
|
</span>
|
||||||
|
|
||||||
|
<span title="字数统计">
|
||||||
|
686 字
|
||||||
|
</span>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<span class="post-meta-divider">|</span>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<span class="post-meta-item-icon">
|
||||||
|
<i class="fa fa-clock-o"></i>
|
||||||
|
</span>
|
||||||
|
|
||||||
|
<span title="阅读时长">
|
||||||
|
2 分钟
|
||||||
|
</span>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</header>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<div class="post-body" itemprop="articleBody">
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
小米固件工具mkxqimage小米自己改了个打包解包固件的工具,基于 trx 改的(本质上还是 trx 格式),加了 RSA 验证和解包功能,路由系统里自带:1234Usage:mkxqimg [-o outfile] [-p private_key] [-f file] [-f file [-f
|
||||||
|
...
|
||||||
|
<!--noindex-->
|
||||||
|
<div class="post-button text-center">
|
||||||
|
<a class="btn" href="/2019/03/16/小米固件工具mkxqimage/#more" rel="contents">
|
||||||
|
阅读全文 »
|
||||||
|
</a>
|
||||||
|
</div>
|
||||||
|
<!--/noindex-->
|
||||||
|
|
||||||
|
|
||||||
|
</div>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<footer class="post-footer">
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
<div class="post-eof"></div>
|
||||||
|
|
||||||
|
</footer>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
</article>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
<article class="post post-type-normal" itemscope itemtype="http://schema.org/Article">
|
<article class="post post-type-normal" itemscope itemtype="http://schema.org/Article">
|
||||||
|
|
||||||
|
|
||||||
@ -395,7 +581,7 @@
|
|||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="字数统计">
|
<span title="字数统计">
|
||||||
143 字
|
127 字
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
|
|
||||||
@ -771,7 +957,7 @@
|
|||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="字数统计">
|
<span title="字数统计">
|
||||||
3.4k 字
|
3.3k 字
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
|
|
||||||
@ -785,7 +971,7 @@
|
|||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="阅读时长">
|
<span title="阅读时长">
|
||||||
16 分钟
|
15 分钟
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
@ -1637,7 +1823,7 @@ ettercap嗅探智能设备和网关之间的流量sudo ettercap -i ens33 -T -q
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -1659,7 +1845,7 @@ ettercap嗅探智能设备和网关之间的流量sudo ettercap -i ens33 -T -q
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -1730,7 +1916,7 @@ ettercap嗅探智能设备和网关之间的流量sudo ettercap -i ens33 -T -q
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
393
search.xml
393
search.xml
File diff suppressed because one or more lines are too long
43
sitemap.xml
43
sitemap.xml
@ -1,6 +1,13 @@
|
|||||||
<?xml version="1.0" encoding="UTF-8"?>
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
|
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
|
||||||
|
|
||||||
|
<url>
|
||||||
|
<loc>https://cool-y.github.io/2019/07/10/x86basic/</loc>
|
||||||
|
|
||||||
|
<lastmod>2019-07-10T09:02:29.682Z</lastmod>
|
||||||
|
|
||||||
|
</url>
|
||||||
|
|
||||||
<url>
|
<url>
|
||||||
<loc>https://cool-y.github.io/2019/07/01/AFL-first-learn/</loc>
|
<loc>https://cool-y.github.io/2019/07/01/AFL-first-learn/</loc>
|
||||||
|
|
||||||
@ -65,14 +72,14 @@
|
|||||||
</url>
|
</url>
|
||||||
|
|
||||||
<url>
|
<url>
|
||||||
<loc>https://cool-y.github.io/categories/index.html</loc>
|
<loc>https://cool-y.github.io/tags/index.html</loc>
|
||||||
|
|
||||||
<lastmod>2019-04-15T07:35:38.085Z</lastmod>
|
<lastmod>2019-04-15T07:35:38.085Z</lastmod>
|
||||||
|
|
||||||
</url>
|
</url>
|
||||||
|
|
||||||
<url>
|
<url>
|
||||||
<loc>https://cool-y.github.io/tags/index.html</loc>
|
<loc>https://cool-y.github.io/categories/index.html</loc>
|
||||||
|
|
||||||
<lastmod>2019-04-15T07:35:38.085Z</lastmod>
|
<lastmod>2019-04-15T07:35:38.085Z</lastmod>
|
||||||
|
|
||||||
@ -92,13 +99,6 @@
|
|||||||
|
|
||||||
</url>
|
</url>
|
||||||
|
|
||||||
<url>
|
|
||||||
<loc>https://cool-y.github.io/2019/03/16/%E5%B0%8F%E7%B1%B3%E5%9B%BA%E4%BB%B6%E5%B7%A5%E5%85%B7mkxqimage/</loc>
|
|
||||||
|
|
||||||
<lastmod>2019-04-15T07:35:38.083Z</lastmod>
|
|
||||||
|
|
||||||
</url>
|
|
||||||
|
|
||||||
<url>
|
<url>
|
||||||
<loc>https://cool-y.github.io/about/index.html</loc>
|
<loc>https://cool-y.github.io/about/index.html</loc>
|
||||||
|
|
||||||
@ -113,6 +113,13 @@
|
|||||||
|
|
||||||
</url>
|
</url>
|
||||||
|
|
||||||
|
<url>
|
||||||
|
<loc>https://cool-y.github.io/2019/03/16/%E5%B0%8F%E7%B1%B3%E5%9B%BA%E4%BB%B6%E5%B7%A5%E5%85%B7mkxqimage/</loc>
|
||||||
|
|
||||||
|
<lastmod>2019-04-15T07:35:38.083Z</lastmod>
|
||||||
|
|
||||||
|
</url>
|
||||||
|
|
||||||
<url>
|
<url>
|
||||||
<loc>https://cool-y.github.io/2019/01/16/wifi%E5%8D%8A%E5%8F%8C%E5%B7%A5%E4%BE%A7%E4%BF%A1%E9%81%93%E6%94%BB%E5%87%BB%E5%AD%A6%E4%B9%A0%E7%AC%94%E8%AE%B0/</loc>
|
<loc>https://cool-y.github.io/2019/01/16/wifi%E5%8D%8A%E5%8F%8C%E5%B7%A5%E4%BE%A7%E4%BF%A1%E9%81%93%E6%94%BB%E5%87%BB%E5%AD%A6%E4%B9%A0%E7%AC%94%E8%AE%B0/</loc>
|
||||||
|
|
||||||
@ -121,14 +128,14 @@
|
|||||||
</url>
|
</url>
|
||||||
|
|
||||||
<url>
|
<url>
|
||||||
<loc>https://cool-y.github.io/2019/02/22/qq%E6%95%B0%E6%8D%AE%E5%BA%93%E7%9A%84%E5%8A%A0%E5%AF%86%E8%A7%A3%E5%AF%86/</loc>
|
<loc>https://cool-y.github.io/2018/12/15/miio-control/</loc>
|
||||||
|
|
||||||
<lastmod>2019-04-15T07:35:38.082Z</lastmod>
|
<lastmod>2019-04-15T07:35:38.082Z</lastmod>
|
||||||
|
|
||||||
</url>
|
</url>
|
||||||
|
|
||||||
<url>
|
<url>
|
||||||
<loc>https://cool-y.github.io/2018/12/15/miio-control/</loc>
|
<loc>https://cool-y.github.io/2019/02/22/qq%E6%95%B0%E6%8D%AE%E5%BA%93%E7%9A%84%E5%8A%A0%E5%AF%86%E8%A7%A3%E5%AF%86/</loc>
|
||||||
|
|
||||||
<lastmod>2019-04-15T07:35:38.082Z</lastmod>
|
<lastmod>2019-04-15T07:35:38.082Z</lastmod>
|
||||||
|
|
||||||
@ -148,13 +155,6 @@
|
|||||||
|
|
||||||
</url>
|
</url>
|
||||||
|
|
||||||
<url>
|
|
||||||
<loc>https://cool-y.github.io/2019/03/25/Samba-CVE/</loc>
|
|
||||||
|
|
||||||
<lastmod>2019-04-15T07:35:38.080Z</lastmod>
|
|
||||||
|
|
||||||
</url>
|
|
||||||
|
|
||||||
<url>
|
<url>
|
||||||
<loc>https://cool-y.github.io/2018/11/16/BIBA%E8%AE%BF%E9%97%AE%E6%8E%A7%E5%88%B6%E6%A8%A1%E5%9E%8B%E5%AE%9E%E7%8E%B0(python)/</loc>
|
<loc>https://cool-y.github.io/2018/11/16/BIBA%E8%AE%BF%E9%97%AE%E6%8E%A7%E5%88%B6%E6%A8%A1%E5%9E%8B%E5%AE%9E%E7%8E%B0(python)/</loc>
|
||||||
|
|
||||||
@ -162,4 +162,11 @@
|
|||||||
|
|
||||||
</url>
|
</url>
|
||||||
|
|
||||||
|
<url>
|
||||||
|
<loc>https://cool-y.github.io/2019/03/25/Samba-CVE/</loc>
|
||||||
|
|
||||||
|
<lastmod>2019-04-15T07:35:38.080Z</lastmod>
|
||||||
|
|
||||||
|
</url>
|
||||||
|
|
||||||
</urlset>
|
</urlset>
|
||||||
|
@ -403,7 +403,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -425,7 +425,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -496,7 +496,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -377,7 +377,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -399,7 +399,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -470,7 +470,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -377,7 +377,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -399,7 +399,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -470,7 +470,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -377,7 +377,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -399,7 +399,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -470,7 +470,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -377,7 +377,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -399,7 +399,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -470,7 +470,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -377,7 +377,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -399,7 +399,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -470,7 +470,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -377,7 +377,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -399,7 +399,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -470,7 +470,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -377,7 +377,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -399,7 +399,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -470,7 +470,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -377,7 +377,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -399,7 +399,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -470,7 +470,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
1125
tags/Windows/index.html
Normal file
1125
tags/Windows/index.html
Normal file
File diff suppressed because it is too large
Load Diff
@ -308,10 +308,10 @@
|
|||||||
|
|
||||||
<div class="tag-cloud">
|
<div class="tag-cloud">
|
||||||
<div class="tag-cloud-title">
|
<div class="tag-cloud-title">
|
||||||
目前共计 33 个标签
|
目前共计 36 个标签
|
||||||
</div>
|
</div>
|
||||||
<div class="tag-cloud-tags">
|
<div class="tag-cloud-tags">
|
||||||
<a href="/tags/AFL/" style="font-size: 21px; color: #6f6f6f">AFL</a> <a href="/tags/CVE/" style="font-size: 12px; color: #ccc">CVE</a> <a href="/tags/MiniUPnP/" style="font-size: 12px; color: #ccc">MiniUPnP</a> <a href="/tags/PE/" style="font-size: 12px; color: #ccc">PE</a> <a href="/tags/QQ/" style="font-size: 12px; color: #ccc">QQ</a> <a href="/tags/SSH/" style="font-size: 12px; color: #ccc">SSH</a> <a href="/tags/Samba/" style="font-size: 12px; color: #ccc">Samba</a> <a href="/tags/TCPDUMP/" style="font-size: 12px; color: #ccc">TCPDUMP</a> <a href="/tags/USENIX/" style="font-size: 12px; color: #ccc">USENIX</a> <a href="/tags/itchat/" style="font-size: 12px; color: #ccc">itchat</a> <a href="/tags/miio/" style="font-size: 12px; color: #ccc">miio</a> <a href="/tags/python/" style="font-size: 12px; color: #ccc">python</a> <a href="/tags/wifi/" style="font-size: 12px; color: #ccc">wifi</a> <a href="/tags/中间人/" style="font-size: 12px; color: #ccc">中间人</a> <a href="/tags/侧信道攻击/" style="font-size: 12px; color: #ccc">侧信道攻击</a> <a href="/tags/取证/" style="font-size: 12px; color: #ccc">取证</a> <a href="/tags/复原文件/" style="font-size: 12px; color: #ccc">复原文件</a> <a href="/tags/密码/" style="font-size: 12px; color: #ccc">密码</a> <a href="/tags/小米/" style="font-size: 30px; color: #111">小米</a> <a href="/tags/微信/" style="font-size: 12px; color: #ccc">微信</a> <a href="/tags/拒绝服务攻击/" style="font-size: 12px; color: #ccc">拒绝服务攻击</a> <a href="/tags/数据库/" style="font-size: 21px; color: #6f6f6f">数据库</a> <a href="/tags/数据挖掘/" style="font-size: 12px; color: #ccc">数据挖掘</a> <a href="/tags/文件格式/" style="font-size: 21px; color: #6f6f6f">文件格式</a> <a href="/tags/模型实现/" style="font-size: 12px; color: #ccc">模型实现</a> <a href="/tags/模糊测试/" style="font-size: 21px; color: #6f6f6f">模糊测试</a> <a href="/tags/破解/" style="font-size: 12px; color: #ccc">破解</a> <a href="/tags/自然语言处理/" style="font-size: 12px; color: #ccc">自然语言处理</a> <a href="/tags/访问控制/" style="font-size: 12px; color: #ccc">访问控制</a> <a href="/tags/路由器/" style="font-size: 12px; color: #ccc">路由器</a> <a href="/tags/远程执行/" style="font-size: 12px; color: #ccc">远程执行</a> <a href="/tags/逆向/" style="font-size: 12px; color: #ccc">逆向</a> <a href="/tags/重放攻击/" style="font-size: 12px; color: #ccc">重放攻击</a>
|
<a href="/tags/AFL/" style="font-size: 21px; color: #6f6f6f">AFL</a> <a href="/tags/CVE/" style="font-size: 12px; color: #ccc">CVE</a> <a href="/tags/MiniUPnP/" style="font-size: 12px; color: #ccc">MiniUPnP</a> <a href="/tags/PE/" style="font-size: 12px; color: #ccc">PE</a> <a href="/tags/QQ/" style="font-size: 12px; color: #ccc">QQ</a> <a href="/tags/SSH/" style="font-size: 12px; color: #ccc">SSH</a> <a href="/tags/Samba/" style="font-size: 12px; color: #ccc">Samba</a> <a href="/tags/TCPDUMP/" style="font-size: 12px; color: #ccc">TCPDUMP</a> <a href="/tags/USENIX/" style="font-size: 12px; color: #ccc">USENIX</a> <a href="/tags/Windows/" style="font-size: 12px; color: #ccc">Windows</a> <a href="/tags/itchat/" style="font-size: 12px; color: #ccc">itchat</a> <a href="/tags/miio/" style="font-size: 12px; color: #ccc">miio</a> <a href="/tags/python/" style="font-size: 12px; color: #ccc">python</a> <a href="/tags/wifi/" style="font-size: 12px; color: #ccc">wifi</a> <a href="/tags/中间人/" style="font-size: 12px; color: #ccc">中间人</a> <a href="/tags/二进制/" style="font-size: 12px; color: #ccc">二进制</a> <a href="/tags/侧信道攻击/" style="font-size: 12px; color: #ccc">侧信道攻击</a> <a href="/tags/取证/" style="font-size: 12px; color: #ccc">取证</a> <a href="/tags/复原文件/" style="font-size: 12px; color: #ccc">复原文件</a> <a href="/tags/密码/" style="font-size: 12px; color: #ccc">密码</a> <a href="/tags/小米/" style="font-size: 30px; color: #111">小米</a> <a href="/tags/微信/" style="font-size: 12px; color: #ccc">微信</a> <a href="/tags/拒绝服务攻击/" style="font-size: 12px; color: #ccc">拒绝服务攻击</a> <a href="/tags/数据库/" style="font-size: 21px; color: #6f6f6f">数据库</a> <a href="/tags/数据挖掘/" style="font-size: 12px; color: #ccc">数据挖掘</a> <a href="/tags/文件格式/" style="font-size: 21px; color: #6f6f6f">文件格式</a> <a href="/tags/模型实现/" style="font-size: 12px; color: #ccc">模型实现</a> <a href="/tags/模糊测试/" style="font-size: 21px; color: #6f6f6f">模糊测试</a> <a href="/tags/漏洞/" style="font-size: 12px; color: #ccc">漏洞</a> <a href="/tags/破解/" style="font-size: 12px; color: #ccc">破解</a> <a href="/tags/自然语言处理/" style="font-size: 12px; color: #ccc">自然语言处理</a> <a href="/tags/访问控制/" style="font-size: 12px; color: #ccc">访问控制</a> <a href="/tags/路由器/" style="font-size: 12px; color: #ccc">路由器</a> <a href="/tags/远程执行/" style="font-size: 12px; color: #ccc">远程执行</a> <a href="/tags/逆向/" style="font-size: 12px; color: #ccc">逆向</a> <a href="/tags/重放攻击/" style="font-size: 12px; color: #ccc">重放攻击</a>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
@ -369,7 +369,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -391,7 +391,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -462,7 +462,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -377,7 +377,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -399,7 +399,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -470,7 +470,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -377,7 +377,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -399,7 +399,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -470,7 +470,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -377,7 +377,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -399,7 +399,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -470,7 +470,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -377,7 +377,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -399,7 +399,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -470,7 +470,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -377,7 +377,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -399,7 +399,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -470,7 +470,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
1125
tags/二进制/index.html
Normal file
1125
tags/二进制/index.html
Normal file
File diff suppressed because it is too large
Load Diff
@ -377,7 +377,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -399,7 +399,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -470,7 +470,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -377,7 +377,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -399,7 +399,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -470,7 +470,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -377,7 +377,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -399,7 +399,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -470,7 +470,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -377,7 +377,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -399,7 +399,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -470,7 +470,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -429,7 +429,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -451,7 +451,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -522,7 +522,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -377,7 +377,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -399,7 +399,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -470,7 +470,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -377,7 +377,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -399,7 +399,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -470,7 +470,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -403,7 +403,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -425,7 +425,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -496,7 +496,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -377,7 +377,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -399,7 +399,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -470,7 +470,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -403,7 +403,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -425,7 +425,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -496,7 +496,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -377,7 +377,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -399,7 +399,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -470,7 +470,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -403,7 +403,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -425,7 +425,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -496,7 +496,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
1125
tags/漏洞/index.html
Normal file
1125
tags/漏洞/index.html
Normal file
File diff suppressed because it is too large
Load Diff
@ -377,7 +377,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -399,7 +399,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -470,7 +470,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -377,7 +377,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -399,7 +399,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -470,7 +470,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -377,7 +377,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -399,7 +399,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -470,7 +470,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -377,7 +377,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -399,7 +399,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -470,7 +470,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -377,7 +377,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -399,7 +399,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -470,7 +470,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -377,7 +377,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -399,7 +399,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -470,7 +470,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
@ -377,7 +377,7 @@
|
|||||||
|
|
||||||
<a href="/archives/">
|
<a href="/archives/">
|
||||||
|
|
||||||
<span class="site-state-item-count">17</span>
|
<span class="site-state-item-count">18</span>
|
||||||
<span class="site-state-item-name">日志</span>
|
<span class="site-state-item-name">日志</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -399,7 +399,7 @@
|
|||||||
|
|
||||||
<div class="site-state-item site-state-tags">
|
<div class="site-state-item site-state-tags">
|
||||||
<a href="/tags/index.html">
|
<a href="/tags/index.html">
|
||||||
<span class="site-state-item-count">33</span>
|
<span class="site-state-item-count">36</span>
|
||||||
<span class="site-state-item-name">标签</span>
|
<span class="site-state-item-name">标签</span>
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
@ -470,7 +470,7 @@
|
|||||||
<i class="fa fa-area-chart"></i>
|
<i class="fa fa-area-chart"></i>
|
||||||
</span>
|
</span>
|
||||||
|
|
||||||
<span title="Site words total count">48.1k</span>
|
<span title="Site words total count">49.9k</span>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user