Questions tagged [linux]
A free and open source POSIX compatible operating system with a monolithic kernel and a kernel module system. Originally created by Linus Torvalds.
353
questions
1
vote
0
answers
84
views
Handle Ioctl call while running with qemu
I am using qemu to emulate a binary like this
qemu -strace XXXXX .
I saw that the first 2 system calls of this process were TCGETS to stdin and stdout. From man pages
Get and set terminal attributes
...
1
vote
0
answers
344
views
Why IDA debugger keep receiving SIGTRAP or SIGSEGV after set a break-point and then deactivated that break-point
Here's the problem:
I set a breakpoint in IDA debugger
the program stop at the breakpoint
deactivated the breakpoint
IDA keep receiving SIGTRAP or SIGSEGV
( program stop at breakpoint as expected ) :...
2
votes
0
answers
1k
views
Repacking vmlinux into zImage/bzimage
While RE an embedded device I ran into a problem - I need to patch a check in the kernel which has no sources available. Unpacking the kernel and binary-patching went smoothly. However I cannot get ...
0
votes
1
answer
477
views
How to get the input necessary to get to the end
In short, I have a code that gets an input via stdin. Once it has the input string in memory, it verifies its integrity by calling a function for every condition, and exiting the program if those ...
2
votes
1
answer
172
views
Create Fake Entry in sysfs
I'm targeting a program that tries to open a file in /sys that doesn't exist. Is there a way to create that file so the program continues? (Normally you can't create flies in sysfs.)
0
votes
0
answers
1k
views
unix executable Error: Reading 0x1b50 bytes extends past end of file for string table
info on the file it is called ld it is a command for linking elfs called link editor. Does Error: Reading 0x1b50 bytes extends past end of file for string table mean I am missing some kind of offset? ...
1
vote
1
answer
72
views
Replacing firmware, Longshine Shinebook
Am wondering how to replace the firmware on a Longshine Shinebook (manual, firmware, more stuff).
Assuming I modify the firmware files, how do I put the new version on the device? I'm guessing there ...
2
votes
0
answers
383
views
Why PTRACE_POKEDATA returns I/O error?
I learning usage of ptrace.
I tried following simple example but raises a I/O Error.
I would like to overwrite "Hello, world" (printing string) from other process.
A target program prints &...
1
vote
1
answer
149
views
What could a firmware image be, if not embedded linux?
I decided to play around with an old baby monitor, purely to learn something about how such things (I.E. embedded devices) work. I successfully extracted the flash memory, and I was expecting this to ...
2
votes
1
answer
417
views
Comparing the static address of the vtable of a class, to the pointer to it held by the object
I know this is compiler/ABI dependent, not necessarily standardized, etc. I've always assumed, from what I've read in several places (e.g. an answer here or the example in wikipedia), that a typical ...
0
votes
1
answer
81
views
Program goes to suspend when buffer overflow occurs
Full disclosure: I am seeking help to complete a college assignment. I am seeking help on steps where I am stuck and unable to move forward, not a ready made answer.
I need to exploit it to get a ...
1
vote
1
answer
159
views
Identify strings shared between multiple files from the Linux command line
Given a set of arbitrary files, what's the best way to identify the text strings shared between them (either in all files or a subset of them) from the Linux command line?
This would be useful for ...
0
votes
1
answer
786
views
Is it possible to intercept syscalls with a custom code from inside the program?
I have a binary calling syscall with a code not present on the Linux kernel.
Is it possible that the binary catches the syscall by itself and handles it on-the-fly?
Furthermore, what happens if I call ...
6
votes
1
answer
3k
views
Huawei HG8245H, can't read some system files
I have modem Echolife HG8245H (V3R016C10S150). I'm using telnet to connect it. I need to read some files from this modem. There's a shell mode I can enter, but it is nerfed badly:
SU_WAP>shell
...
1
vote
1
answer
157
views
How to split bytes into instructions in binary ELF file for x86
I'm working on a static code injector for ELF files. I need to "steal" some bytes in order to write jump to my code on their place and then execute stolen instructions somewhere in the ...
0
votes
1
answer
307
views
Call libc functions from the payload statically injected into ELF binary
I am working on ELF-injector, which given some payload (currently it's an assembly file with .text section only) will inject it into ELF binary. I had related post here.
Now I would like to make it ...
0
votes
1
answer
41
views
Why would just two bits of the SP be used here?
This is the section of disassembled code in question. It’s from a Linux kernel module compiled for 4.4.16 on ARMv7.
; Registers used:
; - r3 : unsigned long argp
0000005c mov r1, ...
2
votes
2
answers
1k
views
Where to get started with reverse engineering a usb video device on Windows?
I have a piece of proprietary hardware that I'm trying to reverse engineer and write a cross-platform open-source driver for. This device has an IR camera on it, and it seems to be using the UVC ...
-1
votes
1
answer
120
views
can a stdout captured at a parameter to python script
I'm working on a CTF challenge that is find a secret password.This secret password base on the username and password that i input and the hash value had print out after hash calculation and i want to ...
3
votes
1
answer
2k
views
ELF binary injection
I am currently working on an ELF-injector and my approach is standard: find code cave (long enough sequence of 0's), rewrite it with the instructions I want to execute and then jump back to the start ...
1
vote
1
answer
629
views
Does the operating system you use matter?
people recommend windows for reverse engineering, I don't want to install windows as a virtual machine because they are laggy and I already have windows 10 as host, is it possible to use linux vm that ...
1
vote
1
answer
584
views
Edit IDA signal handler
In Ida Pro while debugging linux process with gdbserver I got window that show than SIGTRAP has been arrived, I choose to pass it to application.
How can I edit that choose now? I want to ignore this ...
1
vote
1
answer
610
views
Need help opening a .img file from a camera firmware (trying to get out of the Meari/Zumimall/PPstrong cloud!)
I've got a cloud-based battery powered camera which I'm really hoping to get out of the cloud with, in order to enable RTSP or ONVIF (or something local!).
I've managed to get a .bin file. Binwalk ...
2
votes
2
answers
378
views
ASLR in Linux Vs Windows
I am quite new in binary exploitation. I am doing a lot of beginners exercise here. I am confused about ASLR. I tried some binary exploitation thing in Linux. It was recommended that I should stop ...
2
votes
1
answer
892
views
hooking libhoudini on x86 emulator
I'm trying to hook libhoudini to debug an application instruction by instruction using frida but frida not supports it i need a example on how can this be achieved!
I'm using a x86 emulator to run arm ...
1
vote
0
answers
185
views
Replacing bytes from start of every function with IDA Pro
I want to fix a .plt segment in IDA Pro by replacing 12 bytes from start of every function in the .plt segment with the ones I specify.
I want to just make each function return so I'm replacing ...
2
votes
1
answer
243
views
Linux keyboard driver windows reverse engineering
I have toshiba portege x30-f laptop with Fn keys not working under linux.
I've read some articles about usb drivers reverse engineering, but the keyboard connected not via usb. As I can understand it ...
1
vote
0
answers
102
views
Same USB packet (Python/user vs C/kernel) but different result
I'm making a Linux module (my first one) for a closed-source, enclosed (no hardware access) device.
Using Wireshark I found what to send and where, so I tried the following command in user space ...
2
votes
2
answers
284
views
Newbie problems exploiting a format string vulnerability
I encountered a print format vulnerability challenge in a CTF. I don't know anything about these vulnerabilities, so I'm working my way through Saif El-Sherei's format string exploitation tutorial ...
1
vote
1
answer
208
views
I need help reverse engineering my ereader (trying to get into the shell)
I'm trying to reverse engineer my E-Reader. It's a Denver EBO-620. I want to change the off screen image and add my own fonts. With help of Reddit I've managed to log the startup sequence (shown down ...