Questions tagged [binary-analysis]
The process of gathering information about a binary file, either with static or dynamic methods.
553
questions
0
votes
1
answer
30
views
How to extract 7z archive with LZMA compression
I have firmware file, which contains a raw MIPS32 binary code.
I used binwalk to scan for signatures binwalk -B -t image.out and for executable opcodes binwalk -A -t image.out
Top part of the output:
...
0
votes
0
answers
23
views
Save game files
I recently decided to embark on the adventure of reverse engineering game save files and I am trying to modify the Eternium game data, I have tried to see similarities between the different saves but ...
0
votes
0
answers
18
views
Why pwndbg interprets the input as a command but not as input to the program?
I'm debugging a program which has anti-debug techniques. One was to detect ptrace which pwndbg evaded easily but now the when the program expects an input pwndbg interprets it as its own command ...
0
votes
0
answers
30
views
I extracted a file from inside the dump that contains the serial number and I need to analyze it
I extracted a file from inside the dump that contains the serial number and I need to analyze it
I want to unpack and compress this encrypted file after modifying it
0
votes
0
answers
36
views
The dumb dvr performs factory settings automatically and does not save the settings
I have a DVR device from Hikvision that does not save any changes or settings, and when it is restarted, it returns to the factory state... I tried another dump, not from the same brand name, and it ...
0
votes
2
answers
78
views
Finding the address of a function in an exe that I have the source code of
I've been playing around with some leaked source codes and I find that locating a function in source in the compiled exe is not so straight forward. And i'm thinking what are the ways to get that ...
1
vote
1
answer
58
views
Static offsets Vs. Loaded Offests
I am developing an application integrity concept tool that performs integrity checks based on a comparison of Windows syscalls in a static PE file on disk to those loaded. Can I match the offset of ...
0
votes
0
answers
41
views
Dynamic analysis of cmd dependent software
There is a PE file, which can't run by itself, and can only be called from cmd.exe, it doesn't create independent processes, and can be launched independently only with .bat scripts, which without &...
0
votes
1
answer
59
views
Offset addressing
I’m writing a C-SKY (CK803S) processor module for IDA Pro, and a question arose about offsets in transitions, small ones are fine, but long ones lead to nowhere, from the documentation:
in code I ...
1
vote
0
answers
43
views
Potential vulnerabilities in a binary run as root
I am given a vulnerable 64-bit stripped application, it conducts basic password strength checks on linux(/etc/shadow). The application receives workers(which creates worker process for performing the ...
0
votes
0
answers
53
views
Help determine 3d model vertex structure serialized binary
Help determine 3D model vertex structure serialized binary.
Example of single vertex:
A3 D0 5D BA C9 27 3F 3A DC 6C 87 3B 2B 75 EE 00
FF FF FF FF 92 2F 29 80 B1 19 64 3F 02 82 1D 3F
What I got so far:...
0
votes
0
answers
89
views
Help Extracting a CramFS filesystem from .img binary
I'm trying to extract a CramFS filesystem from a firmware binary for the FVS318Gv2. It downloads as a .zip file that can be decompressed to reveal a firmware .img file and a readme.htm. Running ...
0
votes
0
answers
66
views
Decompile or analyse injected /usr/bin/cat
I'm trying to decompile or analyse an injected Linux executable binary file /usr/bin/cat ,and find the injected code as a readable.
Need some tips as a beginner how to find the injection method if it'...
0
votes
0
answers
45
views
Unknown Mitsubishi automotive MCUs - are these using unknown architecture?
Please help ientify the architecture (ISA) of MH8200F and MH8110F which is found almost exclusively on Mazda ECUs with L3CK, L587, L5E8, LFAR, LFFR, LFJP firmwares
I've revealed that the MH8501F is ...
1
vote
1
answer
160
views
VxWorks flat binary file
VxWorks has a "flat binary file" format in which the initial 8 byte values are 45 53 54 46 42 49 4E 52 (ESTFBINR if interpreted as ASCII).
I know very little about their content except:
...