Questions tagged [linux]
A free and open source POSIX compatible operating system with a monolithic kernel and a kernel module system. Originally created by Linus Torvalds.
353
questions
7
votes
3
answers
7k
views
unpack Clear spot .bin firmware update
I am trying to unpack a clear spot firmware update
The firmware I am trying to reverse can be found on the download page of the vendor
I have used the fwtools to unpack the firmware as described on ...
4
votes
1
answer
876
views
Changing parameter of function call in ELF executable
I want to alter a ELF executable function call and replace one of it's parameters.
The executable calls dlopen() function and passes RTLD_NOW as the flag parameter.
I want to change it to RTLD_LAZY.
...
1
vote
0
answers
303
views
Where can i find unix/linux tool for fuzzing for kill-switches? [closed]
I'm looking for linux/unix open-source tools for fuzzing ethernet card for kill-switch packets.
https://en.wikipedia.org/wiki/Fuzzing
I can imagine how it would be long to brute full of range on ...
23
votes
2
answers
15k
views
How to reverse engineer simple usb device [windows -> linux]
I'd like to reverse engineer my usb beer-can refrigurator, which does connect via USB on windows and via simple GUI tray-tool can set/query temperature.
I was thinking about running virtualboxed ...
10
votes
2
answers
3k
views
Attaching GDB to a specific fork
I am trying to reverse engineer a Linux binary that makes several fork() calls. I am using GDB 7.5 on Ubuntu. What I am trying to do with GDB is attach to a certain fork() (say the second call). Is ...
10
votes
3
answers
5k
views
Why does the function pointer get overwritten even though is declared before the vulnerable buffer?
I am working on io-wargames for fun right now, level3:
I do understand why there is a stack-overflow in this code (strlen(argv[1])), but what I don't understand is why it overflows the function ...
20
votes
2
answers
6k
views
Why are GOT and PLT still present in Linux static stripped binaries?
I am looking at statically linked linux x86 stripped binary. I noticed that there are .got and .plt sections.
I wonder what does a statically linked binary need got and plt sections for ? Anyone ?
12
votes
3
answers
4k
views
Hooking functions in Linux and/or OSX?
I want to hook functions in a library (lib.so or lib.dylib) from another process. I know that unlike windows libraries, libraries in Linux and Mac still have their symbols (function names and ...
12
votes
1
answer
5k
views
How are stripped shared libraries linked against?
Lately I've been reversing the Android framework for the Nexus S mobile phone.
99% of the source code is of course open, but there are few propriety shared libraries which needs to be downloaded in ...
87
votes
3
answers
133k
views
How are the segment registers (fs, gs, cs, ss, ds, es) used in Linux?
I try to understand the process of memory segmentation for the i386 and amd64 architectures on Linux. It seems that this is heavily related to the segment registers %fs, %gs, %cs, %ss, %ds, %es.
Can ...
8
votes
2
answers
6k
views
Base address of shared objects from ldd output
I'm on a Linux machine with ASLR disabled. Running ldd on a binary gives me the following result :
linux-gate.so.1 => (0xb7fe1000)
libc.so.6 => /lib/i386-linux-gnu/libc.so.6 (0xb7e5c000)
/lib/...
123
votes
2
answers
100k
views
How to handle stripped binaries with GDB? No source, no symbols and GDB only shows addresses?
I have GDB but the binary I want to reverse engineer dynamically has no symbols. That is, when I run the file utility it shows me stripped:
ELF 64-bit LSB executable, x86-64, version 1 (SYSV), ...
22
votes
3
answers
19k
views
Detecting tracing in Linux
Under Linux it's possible to trace exactly the kernel system calls with strace.
ltrace can be used also to trace library calls.
I wonder if it's possible to detect if my executable is running under ...
13
votes
3
answers
11k
views
Locating Linux Kernel Symbols on ARM
Igor posted a great answer previously on SO about the format of the Linux kernel image on ARM.
Assuming I can't boot my kernel image, can someone give me pointers on finding this compressed symbol ...
6
votes
0
answers
328
views
Hauppauge HVR-950Q - Linux - Signal Processing for extra data like subtitles [closed]
I have a Hauppauge HVR-950Q running on a stripped down debian. I am trying to use the Hauppauge HVR-950Q from the command line to parse subtitles and build a library of accurate subtitles. I am not ...
4
votes
3
answers
781
views
What is "webcomp" and how does it work?
When reversing a router firmware based on DD-WRT I came across a mention of "webcomp". It seems it's used for storing internal HTML files for the web interface. What exactly it is and how can I ...
7
votes
1
answer
435
views
How can I check I've moved outside the stack without triggering a protection fault?
I'm adding a feature to my Linux debugger (I'm using Ptrace to manipulate the traced process as well as libbfd/libopcodes) to unwind the stack and determine if discrepancies exist between each CALL's ...
5
votes
3
answers
1k
views
Linux protectors: any good one out there?
I know no one that works as of today (i.e., kernels not way too old) and I wonder if anybody found or knows any protector for Linux either commercial, open source, used in malware, etc...
7
votes
2
answers
346
views
How should I go about trying to figure out the programming language that was used?
I have an executable file and I would like to figure out which programming language was the source code written in. The first step would be to use a disassembler.
What should be done after that ?
...
48
votes
8
answers
34k
views
How do I add functionality to an existing binary executable?
I want to add some functionality to an existing binary file. The binary file was created using gcc.
Do I need to decompile the binary first, even though I sufficiently understand the functioning of ...
8
votes
4
answers
16k
views
How to check if an ELF file is UPX packed?
I have an ELF file and want to know if it is UPX packed. How can I detect UPX compression in GNU/Linux?
-9
votes
1
answer
1k
views
How can I turn .deb files back to .tar for reuse with other Linux distros? [closed]
We all know that Ubuntu is the most popular Linux distro today with plenty of application currently being developed for it. But then I use Fedora and some use other distros but still liked to have the ...
37
votes
5
answers
11k
views
How can I analyse an executable with no read permission?
I have a binary on a Linux (Kernel 2.6) which I can execute, but can't read (chmod 0711). Therefore no static analysis is possible.
user1: $ ls -l bin
-r-s--x--- user2 user1 bin
user1: $ file bin
...