Finding the Callable Services

The posts here won’t initially be in a start-from-the-beginning order.   However, as I get more of them up,  they will contain all the steps to help you set up your Z environment to begin building exploits and shellcode.

This post is about finding the addresses of what IBM refers to as the Assembler Callable Services (or sometimes USS Callable Services).  These addresses can be thought of loosely analogous to the Procedure Linkage Table / Global Offset Table duo used in Linux to find addresses of common functions from position independent code.   If mainframe programs are written in a higher level language such as High-Level Assembler (HLASM) or C, these functions can be called and the linker will take care of this for you at runtime.   Since our shellcode needs to be able to mimic this, we will find these addresses ourselves, using examples provided by IBM. Continue reading Finding the Callable Services

Adventures in securing a “dinosaur”

This blog is my own chronicle of adventures in writing exploits, cryptography, security and who knows what else.   Specifically though, I’m going to start by sharing technical specifics to support my upcoming co-talk at Defcon 23.

Our talk titled “Security Necromancy: Further Adventures in Mainframe Hacking” seeks to educate the security community to actively dig into the z/series (IBM Mainframe) platform by showing how to leverage skills most already have.

Know how to write shellcode?  Great!  We will show you how easy it is to parlay those skills into writing shellcode that will execute on System Z.  Understanding fuzzing and exploit research?  Those skills are easy to apply on this platform as well.

Use your network hacking skills to exploit Network Job Entry (NJE) with some help from Soldier of Fortran to get you started.

Ultimately we want people to understand that, because of its widespread usage as a core system in many critical infrastructures from finance to air travel; its relative obscurity; and lack of real wide-spread exposure to the hacking public; this system is rife with opportunities to be further secured and hardened.  All that is needed is your expertise.

Come join us for a great show @ DEFCON 23, and watch here for ongoing updates before and after.