Project 4: More Reverse Engineering

Due: Wednesday, December 7, 2016, 23:59. No late days allowed, no exceptions!


Like Project 3, the goal of this project is to reverse engineer the binary and exploit it.

You are given a single target binary and a data file model.dat accepted by target. Your goal is to write a sploit.dat file so that when target is run on sploit.dat, you end up with a shell. Further more, once the shell exits, the program should finish running without any errors.


You must work on this project by yourself. You must not discuss the project with anyone in the class besides course staff nor with anyone outside of class. This includes discussing what particular vulnerabilities in the target are! You may use online resources for general reference, but not to search for solutions to specific questions posed in this project.

The Environment

Your exploits should work on bertvm or ernievm.

The Target

Each time you run the target, it will produce a different, ridiculous, randomly-generated string.

$ ./target model.dat
But if you need to convince an enemy to work with you, it's a good idea to make use of all costs.
$ ./target model.dat
The key to hand-to-hand combat is to be able to keep an eye on your employees during the off-hours and keep listening.

The Assignment

There are two parts for this assignment.

  1. Create a sploit-small.dat that is as small as possible to (a) cause a shell to be launched; and (b) exits the program without crashing when the shell exits. sploit-small.dat should be less than 100 bytes.
  2. Create sploit.dat which first spawns a shell, and then, when the shell exits, continues the target program as normal. In particular, after the shell exits, it should print one of the randomly-generated lines.


When you are finished, you should run to submit your code.