All Questions
13
questions
2
votes
1
answer
2k
views
How can I find an external function code correctly in Ghidra and Radare2?
This is a code to call an external function(get_random_name) in the main function
push {fp, lr}
add fp, sp, 4
sub sp, sp, 0x1d8
str r0, [fp, -0x1d8]
str r1, [fp, -0x1dc]
sub r3, fp, 0x44
...
- 119
2
votes
1
answer
620
views
Can't modify string in radare2 (.rodata section)
I was following the response to this question to change the string of an elf executable. No matter how many times I try, I just can't modify the string. I notice that probably the issue lies in the ...
- 153
3
votes
1
answer
257
views
What is actually loaded here and different hexdump outputs on util-linux hexdump and on cutter and ghidra's hexdump
I was trying to understand what segment of file gets loaded by fourth LOAD header on phdr array.
First 6 headers are shown below from readelf
Program Headers:
Type Offset ...
- 133
0
votes
1
answer
425
views
How to identify different memory regions of an elf binary in radare2?
I'm just starting out with reverse engineering, one thing I'm finding difficult is identifying different areas of memory. I'm using radare2, and I would like to be able to easily seek and identify ...
- 125
7
votes
2
answers
3k
views
Writing ELF headers in Radare?
Reading Keith Makan's, "Introduction to the ELF Format : The ELF Header", he modifies e_entry,
The e_entry field lists the offset in the file where the program should start executing.Normally it ...
- 1,789
3
votes
1
answer
1k
views
How can you get the symbol visibility with radare?
I created a quick x86_64 Assembly file with NASM to generate the four different visibility classes for ELF 64. With readelf --symbols I get the Symbol Visibility in the Vis column: DEFAULT, INTERNAL, ...
- 1,789
1
vote
1
answer
2k
views
Radare2 - Insert asm instructions without overwriting
In order to patch a x86 elf file on Linux, I'm struggling to insert a specific assembler instruction into the binary file without overwriting any of the preexisting instructions.
I've been reading ...
- 51
4
votes
1
answer
2k
views
How do I find out what section variables and strings are defined in?
Given a simple program like this,
void main (int argc, char * argv[] ) {
char * arr[] = {"foo", "bar", "baz"};
*(arr[0]) = 'F';
printf( "%s", arr[0] );
}
How do I find out what section ...
- 1,789
3
votes
1
answer
756
views
Radare2 create section
Radare2 has S* commands, that can show, delete, modify sections. Is it possible to create new section in executable file and save it?
- 58
5
votes
1
answer
910
views
Difference between 'readelf' and 'radare2' addresses
I have an MIPS binary file that I want to analyze. I am having a little trouble understanding the way elfread and r2 interpret the adressing scheme from a binary.
For example, r2 finds a function ...
- 53
1
vote
1
answer
4k
views
reversing stripped & statically linked binary with radare2
As the question says I need to reverse a stripped elf binary with radare2. This binary is also statically linked. I already reversed it in IDA by identifying statically linked libraries using lscan ...
- 395
2
votes
1
answer
3k
views
Disassembling MIPS 32 version 1 binary with the Radare2 Framework
I am trying to disassemble a MIPS 32 version 1 binary with the Radare2 framework.
Here is the full output of the file command:
ELF 32-bit LSB executable, MIPS, MIPS32 version 1 (SYSV), dynamically ...
- 23
3
votes
1
answer
2k
views
Finding hidden string location using radare2 on ELF binaries
I'm working through some reverse engineering sample programs (IOLI crackmes) crackme0x00 - crackme0x09 which are gcc compiled ELF format binaries. I was provided these by a colleague and can be ...
- 143