In the provided workshop materials, what does \...\Tools\Other\patch_bin.exe do?

GoetzGressnich · ‎2020-11-08

Greetings,

Since I am on Linux and still wanted to do the hands-on parts of the workshop and the homework, I rewrote the provided Windows batch files as shell scripts. Couldn't really test all of them, but they're straightforward enough, and at least the ones needed for the homework did work just fine.

The only batch I could not rewrite was 03_01_Postbuild_SimpleApp_WithWeakness.bat, which is identical to 02_01_...bat except that it calls a Windows executable to (likely) patch the generated firmware image.

What exactly does patch_bin.exe do?

Cheers, Goetz

Frantz LEFRERE · ‎2020-11-08

Hello Goetz,

the purpose of this patch is just to write the ASCII string "_SECURE_KEY_STORAGE_" at the offset 0x4D0.... This is allow to see this text string when we hack the key storage of the target in one of the hands-on ( we display the binary in ascii format with Teraterm)

This is just to have a more explicit trace, nothing functional.

Find the python scrypt :

#!/usr/bin/env python

import csv

from sys import argv

import os.path

OFFSET = 0x4D0

PATCH=b'_SECURE_KEY_STORAGE_'

def patch_file(filename,offset,patch):

print("Begin patching...")

try:

with open(filename, 'r+b') as f:

f.seek(offset)

f.write(patch)

f.close()

except Exception as e:

print("Error while patching:", e)

print("End of patching...")

def main():

patch_file(fileName,OFFSET,PATCH)

fileName=None

if __name__ == '__main__':

try:

fileName=argv[1]

pass

except Exception as e:

print("You must provide a valid filename as parameter")

raise

main()

GoetzGressnich · ‎2020-11-09

Hello Frantz,

thanks for the python script. I tested it on a blank file and it worked as expected. 👍

Cheers, Goetz