Skip to main content
Reverse Engineering

Questions tagged [linux]

Ask Question

A free and open source POSIX compatible operating system with a monolithic kernel and a kernel module system. Originally created by Linus Torvalds.

353 questions
Newest Active Bountied Unanswered
7 votes
3 answers
7k views

unpack Clear spot .bin firmware update

I am trying to unpack a clear spot firmware update The firmware I am trying to reverse can be found on the download page of the vendor I have used the fwtools to unpack the firmware as described on ...
Ahmed Rhuma's user avatar
Ahmed Rhuma
  • 71
4 votes
1 answer
876 views

Changing parameter of function call in ELF executable

I want to alter a ELF executable function call and replace one of it's parameters. The executable calls dlopen() function and passes RTLD_NOW as the flag parameter. I want to change it to RTLD_LAZY. ...
Mellowcandle's user avatar
Mellowcandle
  • 4,825
1 vote
0 answers
303 views

Where can i find unix/linux tool for fuzzing for kill-switches? [closed]

I'm looking for linux/unix open-source tools for fuzzing ethernet card for kill-switch packets. https://en.wikipedia.org/wiki/Fuzzing I can imagine how it would be long to brute full of range on ...
rezeptor's user avatar
rezeptor
  • 35
23 votes
2 answers
15k views

How to reverse engineer simple usb device [windows -> linux]

I'd like to reverse engineer my usb beer-can refrigurator, which does connect via USB on windows and via simple GUI tray-tool can set/query temperature. I was thinking about running virtualboxed ...
AoeAoe's user avatar
AoeAoe
  • 231
10 votes
2 answers
3k views

Attaching GDB to a specific fork

I am trying to reverse engineer a Linux binary that makes several fork() calls. I am using GDB 7.5 on Ubuntu. What I am trying to do with GDB is attach to a certain fork() (say the second call). Is ...
Compster's user avatar
Compster
  • 369
10 votes
3 answers
5k views

Why does the function pointer get overwritten even though is declared before the vulnerable buffer?

I am working on io-wargames for fun right now, level3: I do understand why there is a stack-overflow in this code (strlen(argv[1])), but what I don't understand is why it overflows the function ...
0x90's user avatar
0x90
  • 677
20 votes
2 answers
6k views

Why are GOT and PLT still present in Linux static stripped binaries?

I am looking at statically linked linux x86 stripped binary. I noticed that there are .got and .plt sections. I wonder what does a statically linked binary need got and plt sections for ? Anyone ?
daehee's user avatar
daehee
  • 603
12 votes
3 answers
4k views

Hooking functions in Linux and/or OSX?

I want to hook functions in a library (lib.so or lib.dylib) from another process. I know that unlike windows libraries, libraries in Linux and Mac still have their symbols (function names and ...
TerryW's user avatar
TerryW
  • 121
12 votes
1 answer
5k views

How are stripped shared libraries linked against?

Lately I've been reversing the Android framework for the Nexus S mobile phone. 99% of the source code is of course open, but there are few propriety shared libraries which needs to be downloaded in ...
Mellowcandle's user avatar
Mellowcandle
  • 4,825
87 votes
3 answers
133k views

How are the segment registers (fs, gs, cs, ss, ds, es) used in Linux?

I try to understand the process of memory segmentation for the i386 and amd64 architectures on Linux. It seems that this is heavily related to the segment registers %fs, %gs, %cs, %ss, %ds, %es. Can ...
perror's user avatar
perror
  • 19.2k
8 votes
2 answers
6k views

Base address of shared objects from ldd output

I'm on a Linux machine with ASLR disabled. Running ldd on a binary gives me the following result : linux-gate.so.1 => (0xb7fe1000) libc.so.6 => /lib/i386-linux-gnu/libc.so.6 (0xb7e5c000) /lib/...
user avatar
user1743
123 votes
2 answers
100k views

How to handle stripped binaries with GDB? No source, no symbols and GDB only shows addresses?

I have GDB but the binary I want to reverse engineer dynamically has no symbols. That is, when I run the file utility it shows me stripped: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), ...
0xC0000022L's user avatar
0xC0000022L
  • 10.9k
22 votes
3 answers
19k views

Detecting tracing in Linux

Under Linux it's possible to trace exactly the kernel system calls with strace. ltrace can be used also to trace library calls. I wonder if it's possible to detect if my executable is running under ...
Mellowcandle's user avatar
Mellowcandle
  • 4,825
13 votes
3 answers
11k views

Locating Linux Kernel Symbols on ARM

Igor posted a great answer previously on SO about the format of the Linux kernel image on ARM. Assuming I can't boot my kernel image, can someone give me pointers on finding this compressed symbol ...
mrduclaw's user avatar
mrduclaw
  • 4,066
6 votes
0 answers
328 views

Hauppauge HVR-950Q - Linux - Signal Processing for extra data like subtitles [closed]

I have a Hauppauge HVR-950Q running on a stripped down debian. I am trying to use the Hauppauge HVR-950Q from the command line to parse subtitles and build a library of accurate subtitles. I am not ...
mrhobbeys's user avatar
mrhobbeys
  • 61
4 votes
3 answers
781 views

What is "webcomp" and how does it work?

When reversing a router firmware based on DD-WRT I came across a mention of "webcomp". It seems it's used for storing internal HTML files for the web interface. What exactly it is and how can I ...
dyasta's user avatar
dyasta
  • 4,198
7 votes
1 answer
435 views

How can I check I've moved outside the stack without triggering a protection fault?

I'm adding a feature to my Linux debugger (I'm using Ptrace to manipulate the traced process as well as libbfd/libopcodes) to unwind the stack and determine if discrepancies exist between each CALL's ...
zetavolt's user avatar
zetavolt
  • 1,213
5 votes
3 answers
1k views

Linux protectors: any good one out there?

I know no one that works as of today (i.e., kernels not way too old) and I wonder if anybody found or knows any protector for Linux either commercial, open source, used in malware, etc...
joxeankoret's user avatar
joxeankoret
  • 4,488
7 votes
2 answers
346 views

How should I go about trying to figure out the programming language that was used?

I have an executable file and I would like to figure out which programming language was the source code written in. The first step would be to use a disassembler. What should be done after that ? ...
asheeshr's user avatar
asheeshr
  • 2,465
48 votes
8 answers
34k views

How do I add functionality to an existing binary executable?

I want to add some functionality to an existing binary file. The binary file was created using gcc. Do I need to decompile the binary first, even though I sufficiently understand the functioning of ...
asheeshr's user avatar
asheeshr
  • 2,465
8 votes
4 answers
16k views

How to check if an ELF file is UPX packed?

I have an ELF file and want to know if it is UPX packed. How can I detect UPX compression in GNU/Linux?
qbi's user avatar
qbi
  • 527
-9 votes
1 answer
1k views

How can I turn .deb files back to .tar for reuse with other Linux distros? [closed]

We all know that Ubuntu is the most popular Linux distro today with plenty of application currently being developed for it. But then I use Fedora and some use other distros but still liked to have the ...
forums's user avatar
forums
  • 91
37 votes
5 answers
11k views

How can I analyse an executable with no read permission?

I have a binary on a Linux (Kernel 2.6) which I can execute, but can't read (chmod 0711). Therefore no static analysis is possible. user1: $ ls -l bin -r-s--x--- user2 user1 bin user1: $ file bin ...
samuirai's user avatar
samuirai
  • 3,079

15 30 50 per page
1
8 9 10 11
12