Questions tagged [linux]
A free and open source POSIX compatible operating system with a monolithic kernel and a kernel module system. Originally created by Linus Torvalds.
353
questions
4
votes
1
answer
3k
views
how to flash image.bin with uboot using serial or tftp
Hello I have a 4G LTE router which is blocked. and I have already dumped the partitions before via telnet from another device of the same model.
U-Boot 2010.09 (Sep 06 2016 - 10:08:39)GCT GDM7243
...
- 111
9
votes
2
answers
10k
views
How to do debug a running java process in linux?
TLDR I want to do live debugging of a java program on a linux machine, and don't how/what debugger to attach to the JVM to get this done.
I expect that this is a well-solved problem, but I lack the ...
- 91
0
votes
2
answers
308
views
Unable to exploit format string vulenrability on Ubuntu 18.04.2 LTS
I am studying from "Hacking: The Art of Exploitation" and in program fmt_vuln.c format string is exploited. I am getting Segmentation Fault error.
Checking position of AAAA on stack:
$ ./fmt_vuln ...
- 103
0
votes
0
answers
126
views
Bufferoverflow Stack
I want to do a buffer overflow exploit in the stack. For this i read in data via the "gets"-function.
void ExploitMe()
{
char buffer[256];
gets(buffer);
}
I compile this file with
gcc test.c -...
- 49
3
votes
1
answer
257
views
What is actually loaded here and different hexdump outputs on util-linux hexdump and on cutter and ghidra's hexdump
I was trying to understand what segment of file gets loaded by fourth LOAD header on phdr array.
First 6 headers are shown below from readelf
Program Headers:
Type Offset ...
- 133
6
votes
1
answer
5k
views
Why have two symbols tables?
Why have two symbol tables if .symtab already contains everything that's in .dynsym ?
- 85
4
votes
2
answers
6k
views
How can I pass input to my program while debugging it with IDA
I have a program that waits for the user to enter a string input, how can I enter that string input while debugging my program with IDA?
- 153
6
votes
2
answers
8k
views
Can I trap SIGSEGV (on a Linux) and what are are the conditions to make it works? (for a crackme)
I'm writing some crackmes.one challenge and I want to write a challenge where the solution appears on a segmentation fault. (And you have to disassemble the code to find a way to segfault. It should ...
- 173
2
votes
1
answer
2k
views
Unexpected SEGFAULT when there's apparently nothing that would cause it
This is a from a CTF problem I'm working on. Hopefully it's appropriate to ask this question here.
Above is the GDB output when the segfault goes off. movaps is the offending instruction, meaning ...
- 133
0
votes
1
answer
486
views
Understand what Ioctl do
I looking in ida on arm linux binary . I can see there that there is ioctl call
ioctl(fd,req,num).
fd is fd to /dev/module. ,req is some 4bytes and num is some number.
How can I understand what ...
- 523
1
vote
1
answer
2k
views
Changing entry-point of and ELF file
I'm trying to conduct a little experiment which basically consists of changing the EP of an ELF file and executing an exit(9) syscall, without returning to the OEP. As shown in the image everything ...
- 427
1
vote
1
answer
408
views
Find out if address store in heap or stack
While dynamic debugging with ida and gdb-server on binary file running on linux , I saw address that store some value.
How can I know if this address allocated in stack or in heap?
- 523
1
vote
1
answer
785
views
Sniffing TCP packets using Wireshark
I am trying to reverse engineer a decoder. The decoder contains a web server that makes sending/receiving information through the Internet possible.
To do so I need to sniff the packets that the ...
- 111
2
votes
1
answer
402
views
IDA remote debugging - non printable characters in parameters
I am trying to remote debug a certain binary which gets user-specified command line arguments, which can be non-printable of course.
My goal is the ability to debug with IDA the process with the ...
- 43
5
votes
2
answers
2k
views
Help needed to extract u-boot kernel & rootfs - nxp lpc 3143 processor
I have a board where in principle aim at emulating a DVD-ROM loading iso file from a drive.
This board is running a ARM CPU with 32MB of ram and has no vga output.
The firmware update comes with 2 ...
- 51
4
votes
1
answer
3k
views
Lipo alternate for linux
Currently, I'm using lipo tool to extract the arch type from a fat iOS binary on a Mac OS. Now, I want to do the same on the linux platform for the iOS binaries, i.e. extract a given arch type from a ...
- 243
1
vote
0
answers
265
views
Decrypt ibt.sfi linux firmware(Intel Wireless 8265 Linux Bluetooth)
Why I want to decrypt:
Intel 8265 Bluetooth is likely a RAMUSB device, which needs system to update firmware. I try to transplant this linux firmware to macOS.
Problems I met:
The macOS BT firmware ...
- 11
0
votes
1
answer
42
views
What is causing \r\n in libnotify? [closed]
I am trying to look under the hood of libnotify, and ran strace notify-send 'hello' and one of the system calls is:
sendto(5, "AUTH\r\n", 6, MSG_NOSIGNAL, NULL, 0) = 6
Surrounded by a:
sendmsg(5, {...
- 3
1
vote
1
answer
803
views
Fork and Waitpid calls in a CTF linux binary
I'm doing one of my first linux crackmes.
In the first blocks of code, it goes inside some anti-debug routine and inside one of those it forks and after it calls a waitpid routine. I can verify it ...
- 439
1
vote
1
answer
2k
views
why saved rip changed by push?
I am doing a reverse homework. see the following pictures:
as can be seen from this picture, before call push touch3, "saved rip" is at 0x5561dca8, which is equal to the current rsp(0x5561dca8).
...
- 19
9
votes
2
answers
15k
views
OTOOL alternative for linux
I have a reverse engineering set up on a Mac machine. This set up does some reverse engineering on iOS applications(.ipa files). I'm migrating the setup from Mac to a linux machine.
Currently on Mac, ...
- 243
0
votes
1
answer
121
views
Significance of link address 2000 8000 7C00;
Can you explain to me the significance of link address 2000 8000 7C00? It's in a MACRO from the GRUB configure script, which checks whether OBJCOPY works for absolute addresses.
Here's the snippet ...
- 123
2
votes
1
answer
171
views
Process Immediately Killed
I'm trying to reverse an ARM executable. It's for an embedded system, but I don't have any details about the normally targeted environment.
Here's what file shows: ELF 32-bit LSB executable, ARM, ...
- 141
1
vote
1
answer
142
views
Unknown parameters in custom signal handler on Linux
0x0000000008001946: mov 0xa8(%rdx),%rax
0x000000000800194d: lea 0x28(%rdx),%rsi
0x0000000008001951: lea 0x2(%rax),%rdi
0x0000000008001955: add $0xe,%rax
0x0000000008001959: ...
0
votes
1
answer
841
views
Remote debugger for Linux from one VM (IDA) to another (running the debuggee)
I want to debug a Linux program (ELF), but my IDA Pro is on a Windows 10 VM and I want to use remote debugging to debug the program on Ubuntu (also in a VM).
So, is it possible to debug if both ...
- 1
1
vote
2
answers
1k
views
How do I go about overriding a function internally defined in a binary on Linux?
To be specific, I cannot recompile this binary, nor do I have access to the sourcecode.
The functions are not defined within a shared library.
So, how can I go about changing a function, or ...
- 21
2
votes
2
answers
2k
views
Step Over not working in GDB
In the function below, let's say EIP is 0x400688. Now, I want to step over the call instead of stepping inside the subroutine.
0x40067a <main+4> sub $0x20,%rsp ...
- 765
7
votes
1
answer
2k
views
How does API call work on Android (NDK)?
In windows platform, an application usually references its IAT(Import Access Table) to get the address of the APIs it wants, then call it. Then some mechanisms are done as demonstrated here nicely.
...
- 341
5
votes
3
answers
1k
views
Nested Structures in IDA
I'm trying to figure out how to explore structs in IDA, and getting stuck on the basics. I wrote a very basic test app;
int main() {
const int kBits = 1024;
const int kExp = 3;
RSA *rsa = ...
- 215
1
vote
1
answer
311
views
Question regarding ASLR
If I have a binary file which does not have ASLR enabled. However, the libc file it uses has ASLR enabled, then will the address of system() in libc file be randomized every time?
Or the address will ...
- 765