All Questions
40
questions
1
vote
1
answer
108
views
Where is IDA getting this symbol?
I'm currently researching how a certain malware works and patches some stuff in a certain Android's library.
Inspecting the library -which is stripped- in IDA I was able to get the symbol for a ...
2
votes
0
answers
39
views
Please help with striped binary reverse
Not so long ago I was engaged in reverse and pwn, I came across such a task
This is a normal task with a vulnerability on the heap, but it is striped and I don’t understand where which functions are
I ...
1
vote
0
answers
94
views
Program Analysis on a Wargame Binary
I've recently took it upon myself to research more about reverse engineering, I'm currently testing my intermediate skills on various CTF hosting sites. Interestingly enough I have come across a ...
0
votes
1
answer
405
views
Reverse engineering ELF: The e_phentsize field in the ELF header is less than the size of an ELF program header
I have extracted the .so binary libTheArmKing.so (located in lib directory in apk file) from a hack of World War Heroes game (an Android game) from Plantimod Forum.
file output:
libTheArmKing.so: ELF ...
2
votes
0
answers
68
views
Wrong EP on an .elf CrackMe
I am trying to solve an elf CrackMe. I opened it with IDA Pro and I saw start function is on address 0x1E8. I opened the elf with HxD and I saw entry point is 0x1E9 (and no results on file for 01E8)......
1
vote
1
answer
611
views
Ida cannot open. a files of esp32 (Xtensa)
I tried to open this file with IDA Pro
https://github.com/espressif/esp32-wifi-lib/blob/master/esp32/libpp.a
Ida detect that is ELF for Xtensa (relocatable)
But when I tired to open it I got
Undefined ...
2
votes
0
answers
185
views
How do relocations work for imported functions in SH4 ELF?
I build very simple hello world code with sh4 gcc compiler as shared library:
#include <stdio.h>
void hello()
{
printf("Hello world!\n");
}
But when I load .so file into the ...
0
votes
1
answer
486
views
What does this function do?
I'm trying to understand what client sends to server. I already did most of the work, but one function left. I can't understand what to do with this function and what it does. I've tried to change ...
2
votes
0
answers
672
views
Tool/parser for symbol tables produced with objdump -t to be used with IDA / Ghidra?
Working with a binary (arm64) file that seems to be some sort of a broken ELF file. The header data is missing and for some reason it contains a symbol table in a format that to me seem to be equal to ...
1
vote
1
answer
621
views
Injecting code into an ELF binary , got Segmentation fault(SIGSEGV)
I am currently working on an ELF-injector and my approach is standard: find code cave (long enough sequence of 0's), rewrite it with the instructions I want to execute and then jump back to the start ...
0
votes
1
answer
67
views
What does this custom piece of frame manipulation code from a router binary do?
I've decompiled a custom router ELF binary using Hex-Rays and have recently come across the following function in the binary:
pkt_hdr_t *__cdecl pkt_hdr_from_frame(frame_t *frame, uint16_t *remaining)
...
1
vote
1
answer
251
views
ELF file crashing after executing shellcode
So after changing the entry point via the e_entry field I managed to execute my shellcode before returning control to the original entry point. Here's how I did it:
// write string and jump to OEP, ...
2
votes
1
answer
288
views
Why is IDA showing three arguments for the main function instead of two in some linux binaries?
So I am reversing an ELF binary, now from my knowledge in C the main function has two argument, argc and argv
but some linux binaries that i am reversing have 3 when i decompile them! one int and ...
1
vote
1
answer
642
views
Disassembling Hexagon - Corrupted ELF
I downloaded and unpacked the modem from Google source, after that
I used laginimaineb's script to unify all modem binary data. However, when loading this binary to IDA, I get an error says:
Binary ...
1
vote
0
answers
236
views
Need help understanding basic buffer overflow
So I have this sample problem that I need to buffer overflow. Its an elf file that require to be run on a separate terminal then using "nc localhost 'port' " on a separate terminal we can see the ...