←back to thread

The Single Byte That Kills Your Exploit: Understanding Endianness

(pwnforfunandprofit.substack.com)
28 points andwati | 1 comments | 09 Nov 25 13:56 UTC | HN request time: 0.229s | source
Show context
scottlamb ◴[12 Nov 25 19:56 UTC] No.45905496[source]
This is a weird take. I've never put together this kind of exploit, but still I know enough to not buy this. Do people ever really craft exploits that are perfectly valid except for using the wrong endianness?

> If you’ve ever crafted a perfect shellcode and ROP chain only to have your exploit immediately crash with a SIGSEGV(a signal sent by the operating system to a program when it attempts to access a protected or invalid memory location) or EIP(a 32-bit CPU register in the x86 architecture that holds the memory address of the next machine instruction to be executed) pointing to garbage, you’ve likely met the silent killer of beginners: Endianness.

Aren't there a million other ways to get addresses wrong?

> Using x86/x86_64 gadgets and packers on a MIPS/PowerPC target (different endianness and instruction set) will not work.

"and instruction set" is carrying a lot of weight here.

This isn't like a coin flip thing: even considering architectures with configurable endianness, in 2025 it's overwhelmingly likely both host and target are little-endian. And on old, big-endian platforms, that's just one of many things you have to get right.

replies(2): >>45906187 #>>45907096 #
1. Retr0id ◴[12 Nov 25 21:36 UTC] No.45907096[source]
People learn things in different orders. For many people, low-level CTF challenges are their introduction to computer architecture (a good way to learn if you ask me!) If so, endianness is a novel concept to them.

While I personally learned about endianness before writing my first exploit, I've definitely made endianness-related mistakes before.