hacktricks/binary-exploitation/integer-overflow.md

# Kuzidi kwa Nambari za Integer

<details>

<summary><strong>Jifunze AWS hacking kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)</strong></a><strong>!</strong></summary>

Njia nyingine za kusaidia HackTricks:

- Ikiwa unataka kuona **kampuni yako ikitangazwa kwenye HackTricks** au **kupakua HackTricks kwa PDF** Angalia [**MIPANGO YA USAJILI**](https://github.com/sponsors/carlospolop)!
- Pata [**bidhaa rasmi za PEASS & HackTricks**](https://peass.creator-spring.com)
- Gwana [**Familia ya PEASS**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa kipekee wa [**NFTs**](https://opensea.io/collection/the-peass-family)
- **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au kikundi cha [**telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
- **Shiriki mbinu zako za kuhack kwa kuwasilisha PRs kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repos za github.

</details>

## Taarifa Msingi

Katikati ya **kuzidi kwa nambari za integer** kuna kikomo kilichowekwa na **ukubwa** wa aina za data katika programu ya kompyuta na **utafsiri** wa data.

Kwa mfano, **nambari isiyosaini ya biti 8** inaweza kuwakilisha thamani kutoka **0 hadi 255**. Ikiwa unajaribu kuhifadhi thamani 256 katika nambari isiyosaini ya biti 8, itazunguka hadi 0 kutokana na kikomo cha uwezo wake wa kuhifadhi. Vivyo hivyo, kwa **nambari isiyosaini ya biti 16**, ambayo inaweza kushikilia thamani kutoka **0 hadi 65,535**, kuongeza 1 hadi 65,535 kutazungusha thamani kurudi 0.

Zaidi ya hayo, **nambari iliyosainiwa ya biti 8** inaweza kuwakilisha thamani kutoka **-128 hadi 127**. Hii ni kwa sababu biti moja hutumiwa kuwakilisha ishara (chanya au hasi), ikiiacha biti 7 kuwakilisha ukubwa. Nambari hasi zaidi inawakilishwa kama **-128** (binary `10000000`), na nambari chanya zaidi ni **127** (binary `01111111`).

### Thamani Kubwa

Kwa **maburuzi ya wavuti** yanayowezekana ni muhimu sana kujua thamani kubwa zinazoungwa mkono:

{% tabs %}
{% tab title="Rust" %}
```rust
fn main() {

let mut quantity = 2147483647;

let (mul_result, _) = i32::overflowing_mul(32767, quantity);
let (add_result, _) = i32::overflowing_add(1, quantity);

println!("{}", mul_result);
println!("{}", add_result);
}
```
{% endtab %}

{% tab title="Swahili" %}
### Kuzidisha Kwa Nambari za Integer

Kuzidisha kwa nambari za integer ni mbinu inayotumika kudanganya programu kwa kusababisha nambari ya integer kuzidi ukubwa wake wa kuhifadhiwa, hivyo kusababisha hitilafu au matokeo yasiyotarajiwa. Hii inaweza kusababisha programu kufanya vitendo visivyotarajiwa au hata kufungua mlango kwa mashambulizi ya kimtandao. Tahadhari inapaswa kuchukuliwa wakati wa kuandika na kupima nambari za integer ili kuzuia matumizi mabaya ya kuzidisha kwa nambari za integer.
{% endtab %}
```c
#include <stdio.h>
#include <limits.h>

int main() {
int a = INT_MAX;
int b = 0;
int c = 0;

b = a * 100;
c = a + 1;

printf("%d\n", INT_MAX);
printf("%d\n", b);
printf("%d\n", c);
return 0;
}
```
## Mifano

### Kujaa kwa kiasi kikubwa

Matokeo yaliyochapishwa yatakuwa 0 kwa sababu tulijaza kwa kiasi kikubwa char:
```c
#include <stdio.h>

int main() {
unsigned char max = 255; // 8-bit unsigned integer
unsigned char result = max + 1;
printf("Result: %d\n", result); // Expected to overflow
return 0;
}
```
### Kubadilisha Kutoka Nambari Iliyosainiwa Kwenda Nambari Isiyosainiwa

Fikiria hali ambapo nambari iliyosainiwa inasomwa kutoka kwa mwingiliano wa mtumiaji na kisha kutumika katika muktadha ambao unaitumia kama nambari isiyosainiwa, bila ukaguzi sahihi:
```c
#include <stdio.h>

int main() {
int userInput; // Signed integer
printf("Enter a number: ");
scanf("%d", &userInput);

// Treating the signed input as unsigned without validation
unsigned int processedInput = (unsigned int)userInput;

// A condition that might not work as intended if userInput is negative
if (processedInput > 1000) {
printf("Processed Input is large: %u\n", processedInput);
} else {
printf("Processed Input is within range: %u\n", processedInput);
}

return 0;
}
```
Katika mfano huu, ikiwa mtumiaji anaingiza nambari hasi, itakuwa inachukuliwa kama nambari kubwa isiyosainiwa kutokana na jinsi thamani za binary zinavyochukuliwa, hivyo kusababisha tabia isiyotarajiwa.

### Mifano Mingine

* [https://guyinatuxedo.github.io/35-integer\_exploitation/int\_overflow\_post/index.html](https://guyinatuxedo.github.io/35-integer\_exploitation/int\_overflow\_post/index.html)
* Inatumika 1B tu kuhifadhi ukubwa wa nenosiri hivyo inawezekana kufanya overflow na kufanya iweze kufikiria kuwa urefu wake ni 4 wakati ukweli ni 260 ili kuepuka ulinzi wa ukaguzi wa urefu
* [https://guyinatuxedo.github.io/35-integer\_exploitation/puzzle/index.html](https://guyinatuxedo.github.io/35-integer\_exploitation/puzzle/index.html)
*   Kwa kupewa jozi ya nambari, tafuta kutumia z3 nambari mpya ambayo ikiongezwa na ya kwanza itatoa ya pili:&#x20;

```
(((argv[1] * 0x1064deadbeef4601) & 0xffffffffffffffff) == 0xD1038D2E07B42569)
```
* [https://8ksec.io/arm64-reversing-and-exploitation-part-8-exploiting-an-integer-overflow-vulnerability/](https://8ksec.io/arm64-reversing-and-exploitation-part-8-exploiting-an-integer-overflow-vulnerability/)
* Inatumika 1B tu kuhifadhi ukubwa wa nenosiri hivyo inawezekana kufanya overflow na kufanya iweze kufikiria kuwa urefu wake ni 4 wakati ukweli ni 260 ili kuepuka ulinzi wa ukaguzi wa urefu na kuandika juu ya stack kipengele cha ndani kinachofuata na kuepuka ulinzi wote wawili

## ARM64

Hii **haibadiliki katika ARM64** kama unavyoweza kuona katika [**chapisho hili la blogi**](https://8ksec.io/arm64-reversing-and-exploitation-part-8-exploiting-an-integer-overflow-vulnerability/).

<details>

<summary><strong>Jifunze AWS hacking kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>

Njia nyingine za kusaidia HackTricks:

* Ikiwa unataka kuona **kampuni yako ikitangazwa kwenye HackTricks** au **kupakua HackTricks kwa PDF** Angalia [**MIPANGO YA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
* Pata [**bidhaa rasmi za PEASS & HackTricks**](https://peass.creator-spring.com)
* Gundua [**Familia ya PEASS**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [**NFTs**](https://opensea.io/collection/the-peass-family) ya kipekee
* **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au kikundi cha [**telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Shiriki mbinu zako za kuhack kwa kuwasilisha PRs kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.

</details>
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2 2024-04-07 03:54:31 +00:00			`# Kuzidi kwa Nambari za Integer`
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA 2024-04-07 03:36:12 +00:00
			`<details>`

Translated ['binary-exploitation/heap/README.md', 'binary-exploitation/h 2024-04-10 15:34:47 +00:00			`<summary><strong>Jifunze AWS hacking kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)</strong></a><strong>!</strong></summary>`
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA 2024-04-07 03:36:12 +00:00
			`Njia nyingine za kusaidia HackTricks:`

Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2 2024-04-07 03:54:31 +00:00			`- Ikiwa unataka kuona kampuni yako ikitangazwa kwenye HackTricks au kupakua HackTricks kwa PDF Angalia [MIPANGO YA USAJILI](https://github.com/sponsors/carlospolop)!`
			`- Pata [bidhaa rasmi za PEASS & HackTricks](https://peass.creator-spring.com)`
Translated ['binary-exploitation/heap/README.md', 'binary-exploitation/h 2024-04-10 15:34:47 +00:00			`- Gwana [Familia ya PEASS](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa kipekee wa [NFTs](https://opensea.io/collection/the-peass-family)`
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2 2024-04-07 03:54:31 +00:00			`- Jiunge na 💬 [Kikundi cha Discord](https://discord.gg/hRep4RUj7f) au kikundi cha [telegram](https://t.me/peass) au tufuate kwenye Twitter 🐦 [@hacktricks\_live](https://twitter.com/hacktricks\_live).`
Translated ['binary-exploitation/heap/README.md', 'binary-exploitation/h 2024-04-10 15:34:47 +00:00			`- Shiriki mbinu zako za kuhack kwa kuwasilisha PRs kwa [HackTricks](https://github.com/carlospolop/hacktricks) na [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud) repos za github.`
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA 2024-04-07 03:36:12 +00:00
			`</details>`

			`## Taarifa Msingi`

Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2 2024-04-07 03:54:31 +00:00			`Katikati ya kuzidi kwa nambari za integer kuna kikomo kilichowekwa na ukubwa wa aina za data katika programu ya kompyuta na utafsiri wa data.`
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA 2024-04-07 03:36:12 +00:00
			`Kwa mfano, nambari isiyosaini ya biti 8 inaweza kuwakilisha thamani kutoka 0 hadi 255. Ikiwa unajaribu kuhifadhi thamani 256 katika nambari isiyosaini ya biti 8, itazunguka hadi 0 kutokana na kikomo cha uwezo wake wa kuhifadhi. Vivyo hivyo, kwa nambari isiyosaini ya biti 16, ambayo inaweza kushikilia thamani kutoka 0 hadi 65,535, kuongeza 1 hadi 65,535 kutazungusha thamani kurudi 0.`

Translated ['binary-exploitation/heap/README.md', 'binary-exploitation/h 2024-04-10 15:34:47 +00:00			Zaidi ya hayo, nambari iliyosainiwa ya biti 8 inaweza kuwakilisha thamani kutoka -128 hadi 127. Hii ni kwa sababu biti moja hutumiwa kuwakilisha ishara (chanya au hasi), ikiiacha biti 7 kuwakilisha ukubwa. Nambari hasi zaidi inawakilishwa kama -128 (binary `10000000`), na nambari chanya zaidi ni 127 (binary `01111111`).
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA 2024-04-07 03:36:12 +00:00
			`### Thamani Kubwa`

Translated ['binary-exploitation/heap/README.md', 'binary-exploitation/h 2024-04-10 15:34:47 +00:00			`Kwa maburuzi ya wavuti yanayowezekana ni muhimu sana kujua thamani kubwa zinazoungwa mkono:`
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA 2024-04-07 03:36:12 +00:00
			`{% tabs %}`
			`{% tab title="Rust" %}`
			```rust
			`fn main() {`

			`let mut quantity = 2147483647;`

			`let (mul_result, _) = i32::overflowing_mul(32767, quantity);`
			`let (add_result, _) = i32::overflowing_add(1, quantity);`

			`println!("{}", mul_result);`
			`println!("{}", add_result);`
			`}`
			```
			`{% endtab %}`

			`{% tab title="Swahili" %}`
Translated ['binary-exploitation/heap/README.md', 'binary-exploitation/h 2024-04-10 15:34:47 +00:00			`### Kuzidisha Kwa Nambari za Integer`
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA 2024-04-07 03:36:12 +00:00
Translated ['binary-exploitation/heap/README.md', 'binary-exploitation/h 2024-04-10 15:34:47 +00:00			`Kuzidisha kwa nambari za integer ni mbinu inayotumika kudanganya programu kwa kusababisha nambari ya integer kuzidi ukubwa wake wa kuhifadhiwa, hivyo kusababisha hitilafu au matokeo yasiyotarajiwa. Hii inaweza kusababisha programu kufanya vitendo visivyotarajiwa au hata kufungua mlango kwa mashambulizi ya kimtandao. Tahadhari inapaswa kuchukuliwa wakati wa kuandika na kupima nambari za integer ili kuzuia matumizi mabaya ya kuzidisha kwa nambari za integer.`
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA 2024-04-07 03:36:12 +00:00			`{% endtab %}`
			```c
			`#include <stdio.h>`
			`#include <limits.h>`

			`int main() {`
			`int a = INT_MAX;`
			`int b = 0;`
			`int c = 0;`

			`b = a * 100;`
			`c = a + 1;`

			`printf("%d\n", INT_MAX);`
			`printf("%d\n", b);`
			`printf("%d\n", c);`
			`return 0;`
			`}`
			```
			`## Mifano`

			`### Kujaa kwa kiasi kikubwa`

			`Matokeo yaliyochapishwa yatakuwa 0 kwa sababu tulijaza kwa kiasi kikubwa char:`
			```c
			`#include <stdio.h>`

			`int main() {`
			`unsigned char max = 255; // 8-bit unsigned integer`
			`unsigned char result = max + 1;`
			`printf("Result: %d\n", result); // Expected to overflow`
			`return 0;`
			`}`
			```
			`### Kubadilisha Kutoka Nambari Iliyosainiwa Kwenda Nambari Isiyosainiwa`

Translated ['binary-exploitation/heap/README.md', 'binary-exploitation/h 2024-04-10 15:34:47 +00:00			`Fikiria hali ambapo nambari iliyosainiwa inasomwa kutoka kwa mwingiliano wa mtumiaji na kisha kutumika katika muktadha ambao unaitumia kama nambari isiyosainiwa, bila ukaguzi sahihi:`
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA 2024-04-07 03:36:12 +00:00			```c
			`#include <stdio.h>`

			`int main() {`
			`int userInput; // Signed integer`
			`printf("Enter a number: ");`
			`scanf("%d", &userInput);`

			`// Treating the signed input as unsigned without validation`
			`unsigned int processedInput = (unsigned int)userInput;`

			`// A condition that might not work as intended if userInput is negative`
			`if (processedInput > 1000) {`
			`printf("Processed Input is large: %u\n", processedInput);`
			`} else {`
			`printf("Processed Input is within range: %u\n", processedInput);`
			`}`

			`return 0;`
			`}`
			```
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2 2024-04-07 03:54:31 +00:00			`Katika mfano huu, ikiwa mtumiaji anaingiza nambari hasi, itakuwa inachukuliwa kama nambari kubwa isiyosainiwa kutokana na jinsi thamani za binary zinavyochukuliwa, hivyo kusababisha tabia isiyotarajiwa.`
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA 2024-04-07 03:36:12 +00:00
			`### Mifano Mingine`

			`* [https://guyinatuxedo.github.io/35-integer\_exploitation/int\_overflow\_post/index.html](https://guyinatuxedo.github.io/35-integer\_exploitation/int\_overflow\_post/index.html)`
Translated ['binary-exploitation/heap/README.md', 'binary-exploitation/h 2024-04-10 15:34:47 +00:00			`* Inatumika 1B tu kuhifadhi ukubwa wa nenosiri hivyo inawezekana kufanya overflow na kufanya iweze kufikiria kuwa urefu wake ni 4 wakati ukweli ni 260 ili kuepuka ulinzi wa ukaguzi wa urefu`
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA 2024-04-07 03:36:12 +00:00			`* [https://guyinatuxedo.github.io/35-integer\_exploitation/puzzle/index.html](https://guyinatuxedo.github.io/35-integer\_exploitation/puzzle/index.html)`
Translated ['binary-exploitation/heap/README.md', 'binary-exploitation/h 2024-04-10 15:34:47 +00:00			`* Kwa kupewa jozi ya nambari, tafuta kutumia z3 nambari mpya ambayo ikiongezwa na ya kwanza itatoa ya pili: `
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA 2024-04-07 03:36:12 +00:00
			```
			`(((argv[1] * 0x1064deadbeef4601) & 0xffffffffffffffff) == 0xD1038D2E07B42569)`
			```
Translated ['binary-exploitation/heap/README.md', 'binary-exploitation/h 2024-04-10 15:34:47 +00:00			`* [https://8ksec.io/arm64-reversing-and-exploitation-part-8-exploiting-an-integer-overflow-vulnerability/](https://8ksec.io/arm64-reversing-and-exploitation-part-8-exploiting-an-integer-overflow-vulnerability/)`
			`* Inatumika 1B tu kuhifadhi ukubwa wa nenosiri hivyo inawezekana kufanya overflow na kufanya iweze kufikiria kuwa urefu wake ni 4 wakati ukweli ni 260 ili kuepuka ulinzi wa ukaguzi wa urefu na kuandika juu ya stack kipengele cha ndani kinachofuata na kuepuka ulinzi wote wawili`
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA 2024-04-07 03:36:12 +00:00
Translated ['binary-exploitation/heap/README.md', 'binary-exploitation/h 2024-04-10 15:34:47 +00:00			`## ARM64`

			`Hii haibadiliki katika ARM64 kama unavyoweza kuona katika [chapisho hili la blogi](https://8ksec.io/arm64-reversing-and-exploitation-part-8-exploiting-an-integer-overflow-vulnerability/).`
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA 2024-04-07 03:36:12 +00:00
			`<details>`

			`<summary><strong>Jifunze AWS hacking kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>`

			`Njia nyingine za kusaidia HackTricks:`

			`* Ikiwa unataka kuona kampuni yako ikitangazwa kwenye HackTricks au kupakua HackTricks kwa PDF Angalia [MIPANGO YA KUJIUNGA](https://github.com/sponsors/carlospolop)!`
Translated ['binary-exploitation/heap/README.md', 'binary-exploitation/h 2024-04-10 15:34:47 +00:00			`* Pata [bidhaa rasmi za PEASS & HackTricks](https://peass.creator-spring.com)`
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/aw2 2024-04-07 03:54:31 +00:00			`* Gundua [Familia ya PEASS](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [NFTs](https://opensea.io/collection/the-peass-family) ya kipekee`
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA 2024-04-07 03:36:12 +00:00			`* Jiunge na 💬 [Kikundi cha Discord](https://discord.gg/hRep4RUj7f) au kikundi cha [telegram](https://t.me/peass) au tufuate kwenye Twitter 🐦 [@hacktricks\_live](https://twitter.com/hacktricks\_live).`
Translated ['binary-exploitation/heap/README.md', 'binary-exploitation/h 2024-04-10 15:34:47 +00:00			`* Shiriki mbinu zako za kuhack kwa kuwasilisha PRs kwa [HackTricks](https://github.com/carlospolop/hacktricks) na [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud) github repos.`
Translated ['README.md', 'binary-exploitation/arbitrary-write-2-exec/REA 2024-04-07 03:36:12 +00:00
			`</details>`