All Questions
15
questions
0
votes
1
answer
405
views
Reverse engineering ELF: The e_phentsize field in the ELF header is less than the size of an ELF program header
I have extracted the .so binary libTheArmKing.so (located in lib directory in apk file) from a hack of World War Heroes game (an Android game) from Plantimod Forum.
file output:
libTheArmKing.so: ELF ...
1
vote
1
answer
73
views
Patching a B(ranch) causes segfault in ARMv7 binary, while the same patch (with JMP) works on x64 binary
Any ideas why trying to patch a ARMv7 binary causes a segfault while basically the same patch on the Win64 version of the software works as expected?
Here is the Win64 version, that works
UPX0:...
6
votes
1
answer
3k
views
What's the format of Mediatek MRE VXP file and how to create a workable VXP binary?
Background
Mediatek's MRE (MAUI Runtime Environment) is the default runtime on Nokia S30+ platform, replacing the J2ME platform on older Nokia. From MRE's page:
MRE (MAUI Runtime Environment) is a ...
3
votes
1
answer
285
views
Code caves in arm assembly
In a disassembled elf binary i found these arm thumb instructions:
function0
0x002cc3a8 8079 ldrb r0, [r0, #6]
0x002cc3aa 7047 bx lr
In the codecave these were the initial hex ...
0
votes
1
answer
2k
views
Running ELF file built for ARM arhitecture
My goal is to run and debug ELF file (c444) which is compiled for the ARM architecture. I have some experience with x32 and x64 Intel architectures. However, I down know how to proceed with ARM-based ...
0
votes
1
answer
486
views
What does this function do?
I'm trying to understand what client sends to server. I already did most of the work, but one function left. I can't understand what to do with this function and what it does. I've tried to change ...
1
vote
1
answer
621
views
Injecting code into an ELF binary , got Segmentation fault(SIGSEGV)
I am currently working on an ELF-injector and my approach is standard: find code cave (long enough sequence of 0's), rewrite it with the instructions I want to execute and then jump back to the start ...
2
votes
1
answer
171
views
Process Immediately Killed
I'm trying to reverse an ARM executable. It's for an embedded system, but I don't have any details about the normally targeted environment.
Here's what file shows: ELF 32-bit LSB executable, ARM, ...
5
votes
1
answer
2k
views
Find function in a stripped dynamic ELF library
Im currently reverse engineering an android app and this app calls a function named "getUserInfo" in an ARM 32bit ELF library called "libcms.so" (from TikTok) via the Java Native Interface.
My ...
3
votes
1
answer
264
views
Enumerating (name, addresses) in PLT of an ELF file without elf.h
I want to show users imported symbols of a given ELF file like this(#1) in a disassembler project.(Android app)
1d21a: f7fa e8e8 blx 173ec ; __android_log_print@plt ...
Currently, I can only show ...
3
votes
1
answer
2k
views
ELF - The start address of .got section is different from the entry point address of the GOT(global offset table)
I used readelf to read the information of the ELF file. I found the address of .got section in the section header is different from the GOT entry point address read from the dynamic section. Is the ...
1
vote
1
answer
214
views
Why would an ELF SHT_REL section contain relocations outside the section its sh_info refers to?
I have a .so from an Android JNI/NDK application. Here are two of its sections:
[Nr] Name Type Addr Off Size ES Flg Lk Inf Al
[10] .rel.plt REL ...
0
votes
1
answer
949
views
ARM ELF Obfuscation [closed]
Metamorphic is a technique to obfuscate a binary and change the opcode sequence and create new samples with same functionality. In my case, I have some elf binary of ARM processor type and their ...
1
vote
0
answers
717
views
Elf binary manipulation tool on ARM
Do you know any free tool for binary manipulation elf file on ARM, something like ERESI elfsh for Intel?
Purpose - adding instructions into existing binary elf file.
2
votes
0
answers
555
views
Patch ELF (arm): remove constructor segment
I got an ELF shared library with a constructor function that is executed every time the library is loaded:
.init_array:00005E5C ; =====================================================================
...