At that point, I figured that there’s a fairly good chance that bugs would exist in the implementation of some of these functions, as they deal with the copying and moving of binary data (of which a string is made). These functions deal with string and memory operations (strcpy, memcpy, memmove, printf etc…) - this kind of logic is known to be very bug-prone and difficult to implement securely. Out of the five different classes of functions, one stood out - String functions. This situation made it clear that exploitation of a script file (.1sc) is not interesting, as scripts allow for the execution of arbitrary DLLs - and are expected to run at the discretion of the user (should be considered insecure). The usage of these functions in scripts is permitted. These functions are separated into 5 classes: Interface Functions, I/O functions, String functions, Math functions and Tool functions.Ġ10Editor also allows the use of external(DLL) functions, but the documentation clearly states that using these functions in templates requires explicit permission by the user. ![]() After looking at the list of functions provided by the engine, it was clear that the developers have implemented a large number of C-like functions. I started out by reviewing the documentation in order to gain an understanding of what kind of functionality the scripting engine provides the developer, and what kind of security guarantees the engine was supposed to provide. Templates execute when a file associated with the template is loaded by the editor or when explicitly ran by the user. When a new file is opened, 010 checks if a template that can parse the file is found in the repository, if a template is found, 010Editor prompts the user with an option to download the template. At the time of writing, this repository contains a large number of templates that can be used to parse many different types of file formats. ![]() New templates can be uploaded to a central repository, from which other users can download and make use of new templates. The code is compiled and executed by the scripting engine, and is manifested as a template file (.bt) or as a script file (.1sc). Both of which run the same C-like code, but templates have additional restrictions (some functions require explicit user permission to execute). The scripting engine can be used for running scripts or templates. I was curious on how the 010Editor scripting engine was implemented, and whether the implementation was secure, so I (naturally) decided to audit the security of the scripting engine. This software is a leader in its specific market, and it’s hard to find a good alternative. Just as have many other people, I’ve been using 010Editor for a while. These templates are used to present an elaborate definition of a file and its structure in an easily digestable form (colors and windows). One of the major advantages of 010Editor is that it contains a large repository of templates that can be downloaded and used to parse new file formats. ![]() 010Editor is a hex-editor that includes a sophisticated template and scripting engine.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |