assembly

107 Articles

2-bit Paper Processor Teaches How They Work

September 23, 2010 by 17 Comments

Take a few minutes out of your day, grab your scissors, and learn how a simple processor works. [Saito Yutaka] put together an exercise to teach processor operations with paper. After downloading the PDF you can cut out the Address and Data pointer as well as two-bit data tokens for each. The processor has three instruction sets; Increment register by one, Jump if not over flow, and Halt wait for reset.

Once you’ve got your cutouts you can follow along as the program is executed. The INC operation is run, with the JNO used to loop the program. Once the register has reached an overflow the overflow counter halts the program.

One word of warning, we think there’s a typo in one of the captions.  Once the program starts running and gets to address 01(2) the caption still reads 00(2) for both address and data. As long as you compare the values in the picture along the way you should have no problem getting through execution. which has now been fixed.

The Malware Challenge

January 3, 2009 by 15 Comments

malware

Our own [Anthony Lineberry] has written up his experience participating in the 2008 Malware Challenge as part of his work for Flexilis. The contest involved taking a piece of provided malware, doing a thorough analysis of its behavior, and reporting the results. This wasn’t just to test the chops of the researchers, but also to demonstrate to network/system administrators how they could get into malware analysis themselves.

[Anthony] gives a good overview of how he created his entry (a more detailed PDF is here). First, he unpacked the malware using Ollydbg. Packers are used to obfuscate the actual malware code so that it’s harder for antivirus to pick it up. After taking a good look at the assembly, he executed the code. He used Wireshark to monitor the network traffic and determine what URL the malware was trying to reach. He changed the hostname to point at an IRC server he controlled. Eventually he would be able to issue botnet control commands directly to the malware. We look forward to seeing what next year’s contest will bring.