翻译中的迷失：利用 Unicode 规范化.pdf

《翻译中的迷失：利用 Unicode 规范化.pdf》由会员分享，可在线阅读，更多相关《翻译中的迷失：利用 Unicode 规范化.pdf（123页珍藏版）》请在三个皮匠报告上搜索。

1、#BHUSA BlackHatEvents#BHUSA BlackHatEventsLost In:Exploiting Unicode NormalizationRyan BarnettIsabella Barnett#BHUSA BlackHatEvents#BHUSA BlackHatEventsBlackhat isgonna beawesome!Backpack isgonna be offsoon.?Bad patch isgonna be atnoon!?#BHUSA BlackHatEventsTelephone GameCDNContent Delivery Network#

2、BHUSA BlackHatEvents“Web”Telephone GameCDNContent Delivery Network#BHUSA BlackHatEventsCDNContent Delivery Network#BHUSA BlackHatEventsCDNContent Delivery Network#BHUSA BlackHatEventsCDNContent Delivery Network#BHUSA BlackHatEventsCDNContent Delivery Network#BHUSA BlackHatEventsCDNContent Delivery N

3、etwork#BHUSA BlackHatEventsCWE-180:Incorrect Behavior Order:Validate Before CanonicalizeAgendaDecoding ErrorsTruncationConfusablesCasingCombining Diacritics#BHUSA BlackHatEvents#BHUSA BlackHatEvents#BHUSA BlackHatEventsA B C1 2 3 琼 Internationalization(i18n)Unicode Codepoint#BHUSA BlackHatEventshttp

4、s:/sonarsource.github.io/utf8-visualizer/Unicode CodepointRaw Bytes#BHUSA BlackHatEventshttps:/sonarsource.github.io/utf8-visualizer/Unicode CodepointRaw BytesUTF-8 Encoding#BHUSA BlackHatEventshttps:/sonarsource.github.io/utf8-visualizer/UnicodeASCIIUniversal Character EncodingAmerican Standard Cod

5、e forInformation ExchangeWide range of characters128 Characters8,16 or 32 bits7 bitsRequires more storage spaceRequires less storage space#BHUSA BlackHatEventsAgendaDecoding Errors#BHUSA BlackHatEventsMulti-Byte Aware?CWE-172:Encoding Error#BHUSA BlackHatEventsLeading bits signalcharacter byte lengt

6、h#BHUSA BlackHatEvents“Mojibake”Output#BHUSA BlackHatEvents#BHUSA BlackHatEventsNot Multi-byte aware=Mojibake#BHUSA BlackHatEvents#BHUSA BlackHatEventsMulti-byte aware=Correct Decoding#BHUSA BlackHatEvents#BHUSA BlackHatEvents#BHUSA BlackHatEventsTaint Tracking#BHUSA BlackHatEventsAgendaDecoding Err