From Collaborative RCE Knowledge Library

Jump to: navigation, search

Linux Tool Articles


Item name: Manual binary mangling with radare
Rating: 4.0 (1 vote)
Author: pancake                        
Home URL: http://rada.re/
Last updated: November 6, 2009
Version (if appl.):
Direct D/L link: http://phrack.org/issues/66/14.html
Description: 1 - Introduction
1.1 - The framework
1.2 - First steps
1.3 - Base conversions
1.4 - The target

2 - Injecting code in ELF
2.1 - Resolving register based branches
2.2 - Resizing data section
2.3 - Basics on code injection
2.4 - Mmap trampoline
2.4.1 - Call trampoline
2.4.2 - Extending trampolines

3 - Protections and manipulations
3.1 - Trashing the ELF header
3.2 - Source level watermarks
3.3 - Ciphering .data section
3.4 - Finding differences in binaries
3.5 - Removing library dependencies
3.6 - Syscall obfuscation
3.7 - Replacing library symbols
3.8 - Checksumming

4 - Playing with code references
4.1 - Finding xrefs
4.2 - Blind code references
4.3 - Graphing xrefs
4.4 - Randomizing xrefs

5 - Conclusion
6 - Future work
7 - References
8 - Greetings

"Reverse engineering is something usually related to w32 environments where
there is lot of non-free software and where the use of protections is more
extended to enforce evaluation time periods or protect intellectual (?)
property, using binary packing and code obfuscation techniques.

These kind of protections are also used by viruses and worms to evade
anti-virus engines in order to detect sandboxes. This makes reverse
engineering a double-edged sword..."
Also listed in: Linux Anti Reversing Articles, Linux ELF Articles, Linux Internals Articles, Linux Protection Technique Articles
More details: Click here for more details, images, related URLs & comments for this item! (or to update its entry)



Item name: dnsbf.py - Python script for Reverse dns search in a subnet (dns brute force)
Rating: 0.0 (0 votes)
Author: t0ka7a                        
Home URL: http://infond.blogspot.com
Last updated: April 5, 2010
Version (if appl.):
Direct D/L link: http://infond.blogspot.com/2010/02/dnsbfpy-python-script-for-reverse-dns.html
Description: The first step of a penetration test is to discover hosts in a subnet. In this aim, DNS is your second best friend (after Google :).
First, to know which subnet (ex: 72.14.204.0/23) is associated to a hostname (ex: www.google.fr), you can use the Whois database (ex: with a site as http://www.robtex.com).
Then, to know which hosts are declared in DNS database in this subnet, you can use dnsbf.py :)
dnsbf.py is a script, written in Python, which conducts a Reverse DNS search for all the IPs in a subnet.
Also listed in: Mac OS Tool Articles, Windows Tool Articles
More details: Click here for more details, images, related URLs & comments for this item! (or to update its entry)



Item name: Embedded ELF Debugging : the middle head of Cerberus
Rating: 0.0 (0 votes)
Author: The ELF shell crew                        
Home URL: http://www.eresi-project.org/
Last updated: January 8, 2005
Version (if appl.):
Direct D/L link: http://www.phrack.com/issues.html?issue=63&id=9&mode=txt
Description: I. Hardened software debugging introduction
a. Previous work & limits
b. Beyond PaX and ptrace()
c. Interface improvements
II. The embedded debugging playground
a. In-process injection
b. Alternate ondisk and memory ELF scripting (feat. linkmap)
c. Real debugging : dumping, backtrace, breakpoints
d. A note on dynamic analyzers generation
III. Better multiarchitecture ELF redirections
a. CFLOW: PaX-safe static functions redirection
b. ALTPLT technique revised
c. ALTGOT technique : the RISC complement
d. EXTPLT technique : unknown function postlinking
e. IA32, SPARC32/64, ALPHA64, MIPS32 compliant algorithms
V. Constrained Debugging
a. ET_REL relocation in memory
b. ET_REL injection for Hardened Gentoo (ET_DYN + pie + ssp)
c. Extending static executables
d. Architecture independant algorithms
VI. Past and present
VII. Greetings
VIII. References
Also listed in: Linux Internals Articles
More details: Click here for more details, images, related URLs & comments for this item! (or to update its entry)



Item name: Next generation debuggers for reverse engineering
Rating: 0.0 (0 votes)
Author: The ELFsh Crew                        
Home URL: http://www.eresi-project.org
Last updated: 2007
Version (if appl.):
Direct D/L link: http://s.eresi-project.org/inc/articles/bheu-eresi-article-2007.pdf
Description: "Classical debuggers make use of an interface provided by the operating system in order to access the memory of programs while they execute. As this model is dominating in the industry and the community, we show that our novel embedded architecture is more adapted when debuggee systems are hostile and protected at the operating system level. This alternative modelization is also more performant as the debugger executes from inside the debuggee program and can read the memory of the host process directly. We give detailed information about how to keep memory unintrusiveness using a new technique called allocation proxying. We reveal how we developed the organization of our multiarchitecture framework and its multiple modules so that they allow for graph-based binary code analysis, ad-hoc typing, compositional fingerprinting, program instrumentation, real-time tracing, multithread debugging and general hooking of systems. We reveal the reflective essence of our framework by embedding its internal structures in our own reverse engineering language, thus recalling concepts of aspect oriented programming."
Also listed in: Linux ELF Articles, Linux Internals Articles
More details: Click here for more details, images, related URLs & comments for this item! (or to update its entry)



Item name: Stepping with GDB during PLT uses and .GOT fixup
Rating: 0.0 (0 votes)
Author: mayhem                        
Home URL: http://www.eresi-project.org
Last updated:
Version (if appl.):
Direct D/L link: http://s.eresi-project.org/inc/articles/elf-runtime-fixup.txt
Description: "This text is a GDB tutorial about runtime process fixup using the Procedure
Linkage Table section (.plt) and the Global Offset Table section (.got) .
If you dont know what is ELF, you should read the ELF ultimate documentation
you can find easily on google .

Some basic ASM knowledge may be requested .

This text has not been written for ELF specialists . This tutorial is an
alternative , interactive way to understand the PLT mechanisms. "
Also listed in: Linux ELF Articles, Linux Internals Articles, Linux Unpacking Articles
More details: Click here for more details, images, related URLs & comments for this item! (or to update its entry)




RSS feed Feed containing all updates and additions for this category.

RSS feed Feed containing all updates and additions for this category, including sub-categories.





Views
Category Navigation Tree
   Tools