- https://www.eff.org/issues/coders/reverse-engineering-faq
- http://www.mindtribe.com/2014/05/spotting-patterns-in-c-disassembly/
- http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Reverse-engineering-NAND-Flash-for-fun-and-profit/ba-p/6418140#.UynOYfldWSp
- http://www.mathyvanhoef.com/2013/12/reversing-and-exploiting-arm-binaries.html
- https://www.blackhat.com/presentations/bh-usa-07/Yason/Whitepaper/bh-usa-07-yason-WP.pdf
- http://old.honeynet.org/scans/scan33/nico/
- ELF Eccentricities
- http://www.giac.org/paper/grem/2573/analyzing-backdoor-bot-mips-platform/124977
Last active
December 7, 2016 06:45
-
-
Save gipi/10589213 to your computer and use it in GitHub Desktop.
#reversing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # using phusion/baseimage as base image. | |
| FROM phusion/baseimage:0.9.9 | |
| # Set correct environment variables. | |
| ENV HOME /root | |
| # Regenerate SSH host keys. baseimage-docker does not contain any | |
| RUN /etc/my_init.d/00_regen_ssh_host_keys.sh | |
| # Use baseimage-docker's init system. | |
| CMD ["/sbin/my_init"] | |
| # create code directory | |
| RUN mkdir /opt/code/ | |
| # install packages required to compile vala and radare2 | |
| RUN apt-get update | |
| RUN apt-get install -y software-properties-common python-all-dev wget | |
| RUN apt-get install -y swig flex bison git gcc ccache g++ make pkg-config glib-2.0 | |
| RUN apt-get install -y python-gobject-dev | |
| # compile vala | |
| RUN cd /opt/code; wget http://download.gnome.org/sources/vala/0.24/vala-0.24.0.tar.xz; tar -Jxf vala-0.24.0.tar.xz | |
| RUN cd /opt/code/vala-0.24.0; ./configure --prefix=/usr ; make && make install | |
| # compile radare | |
| RUN cd /opt/code && git clone https://github.com/radare/radare2.git | |
| RUN cd /opt/code/radare2 && git checkout 0.9.8-rc3 && ./sys/install.sh | |
| # Clean up APT when done. | |
| RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* |
radare2 is a reverser, written in plain C, the project can be found on github.
# ./sys/install.sh
- http://dso.thecoverofnight.com/posts/2014/04/radare-java-artifact-enumeration/
- https://gist.github.com/crowell/cde416575a12f63cb226
- http://failhard.org/reversing-destruct-me.html
- http://dustri.org/b/pwniumctf-2014-kernel-150-with-radare2.html
- http://dustri.org/b/defeating-ioli-with-radare2.html
- http://dustri.org/b/defeating-crackme03-with-radare2.html
- http://dustri.org/b/defeating-crp-s-bf.html
- http://dustri.org/b/defeating-crp-s-888-with-radare2.html
- http://depierre.tonbnc.fr/let_s_try_radare2/
This shows in a web page the relation between the called functions
[0x080484a0]> VV@sym.main
To write into the file open it with -w option and use from the command line the w command.
To add a function use
[0x080484a0]> af+ 0x00008290 460 sym.main s n
$ rasm2 -a x86 -k linux -D -B -f exploit.bin
0x00000000 2 eb36 jmp 0x38
0x00000002 5 b805000000 mov eax, 0x5
0x00000007 1 5b pop ebx # this retrieve the value saved in the call@0x38
0x00000008 2 31c9 xor ecx, ecx
0x0000000a 2 cd80 int 0x80
0x0000000c 2 89c3 mov ebx, eax
0x0000000e 5 b803000000 mov eax, 0x3
0x00000013 2 89e7 mov edi, esp
0x00000015 2 89f9 mov ecx, edi
0x00000017 5 ba00100000 mov edx, 0x1000
0x0000001c 2 cd80 int 0x80
0x0000001e 2 89c2 mov edx, eax
0x00000020 5 b804000000 mov eax, 0x4
0x00000025 5 bb01000000 mov ebx, 0x1
0x0000002a 2 cd80 int 0x80
0x0000002c 5 b801000000 mov eax, 0x1
0x00000031 5 bb00000000 mov ebx, 0x0
0x00000036 2 cd80 int 0x80
0x00000038 5 e8c5ffffff call 0x100000002 # this places the /tmp/miao string address in the stack
0x0000003d 1 2f das
0x0000003e 2 746d jz 0xad
0x00000040 2 702f jo 0x71
0x00000042 1 6d insd
0x00000043 1 69 invalid
0x00000044 1 61 popad
0x00000045 1 6f outsd
0x00000046 2 000a add [edx], cl
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment