Questions tagged [linux]
A free and open source POSIX compatible operating system with a monolithic kernel and a kernel module system. Originally created by Linus Torvalds.
351
questions
0
votes
0
answers
23
views
Changing running kernel thread code from another LKM (ARM linux 4.19.130)
I am security testing an embedded ARM linux 4.19.130 IoT device - without kernel source code or ability to change the kernel due to signing.
I have managed to get a root shell.
However, by the time ...
0
votes
1
answer
37
views
How to extract 7z archive with LZMA compression
I have firmware file, which contains a raw MIPS32 binary code.
I used binwalk to scan for signatures binwalk -B -t image.out and for executable opcodes binwalk -A -t image.out
Top part of the output:
...
- 215
2
votes
1
answer
40
views
IDA Remote Debugging and automatically interaction with the process
I am learning IDA and currently working with the debugger. In particular, I want to automate the interaction with my remote binary (from Windows Subsystem Linux - Ubuntu 22.04 instance), like what I ...
3
votes
0
answers
83
views
gain root access to my camera monitor
Edit: I managed to dump the firmware and obtained the root password hash, but there are two hashes. I successfully cracked one, resulting in helpme, but the other one might take a while. However, user:...
- 31
0
votes
0
answers
39
views
NxP3143 Uboot encrypted image and roots help
I have an encrypted firmware based on 2 files uImage (kernel) and rootfs (filesystem) and I have got the encryption keys from someone who cracked it. However I don’t know where to start so I can mount ...
- 51
0
votes
0
answers
59
views
Improving the output of pseudocode C++ code from IDA Pro
I have some specific questions and some general ones about reverse-engineering a dynamic shared library via IDA Pro 8.3:
If I know the compiler used and compiler flags used (via readelf --debug-dump),...
- 143
0
votes
1
answer
138
views
S30+ Game Development
How can I get started developing games for the S30+ operating system on Windows or Linux?
I have a new nokia 150, which seems to run the correct operating system, although I'm not sure if this phone ...
- 1
0
votes
1
answer
58
views
how to print non printable address using python
i have been doin ctf challenge and came across a problem when i have to push the address of a function into eip{instruction pointer} by overflowing the buffer but the main problem here is that the ...
0
votes
0
answers
89
views
Help Extracting a CramFS filesystem from .img binary
I'm trying to extract a CramFS filesystem from a firmware binary for the FVS318Gv2. It downloads as a .zip file that can be decompressed to reveal a firmware .img file and a readme.htm. Running ...
- 1
0
votes
0
answers
66
views
Decompile or analyse injected /usr/bin/cat
I'm trying to decompile or analyse an injected Linux executable binary file /usr/bin/cat ,and find the injected code as a readable.
Need some tips as a beginner how to find the injection method if it'...
0
votes
1
answer
117
views
Router shadow password generation
I'm reverse engineering a router, I'm fairly new to embedded devices and how Linux boots up, but I have a root UART shell, there's already a password hash in the /etc/shadow file, these passwords/...
- 1
1
vote
1
answer
90
views
What to do when the .img is corrupted?
After getting rejected from a promising interview process with Company A, the interviewer reached out to me and provided me with Reverse Engineering challenges Company A provides publicly to work on.
...
- 11
0
votes
0
answers
83
views
Find offset to parameter not listed in objdump in vmlinux (which contains debug symbols)
I have a series of address offsets for ubuntu that are used in a custom toolset. I'd like to build a set of offsets for another kernel, but I can't find some ubuntu offset addresses in the debug ...
- 1
2
votes
1
answer
102
views
Unix system with windows-style registry
When trying to determine the filesystem of a firmware image using binwalk, I encountered a strange combination.
The binwalk is returning a lot of Unix paths, but some of them contain a typical windows-...
- 33
0
votes
1
answer
72
views
Updating legacy library in an already compiled binary
I'm dealing with a reverse engineering challenge involving a binary application that was statically compiled with a legacy library. While the legacy library is not vulnerable, it lacks certain ...
- 3
1
vote
1
answer
437
views
Adding a program header to ELF
I am a newbie in this, and I am trying to add a program header to a simple ELF64 "Hello World" program on Ubuntu. All in changing the binary data of the ELF.
I went to the end of the program ...
- 111
0
votes
0
answers
93
views
What are the general steps for reverse engineering a windows SPI driver for linux?
I have a fingerprint reader on my laptop that works under windows that doesn't show up on lsusb. Which means its not connected via USB. Through some digging around, I found out that this specific ...
1
vote
2
answers
590
views
Adding debug symbols with GDB
In CTFs when I'm given some ELF file, it usually wasn't compiled with the -g flag. Is there a way to to somehow edit the file to make it be as if the ELF file was originally compiled with the -g flag?
...
- 141
0
votes
0
answers
39
views
NTFS files with 0 size, filestamp 01/01/1970 and "?" at the beginning of file name not deletable
I tried to backup millions of files from ext4 to an external NTFS drive. It took ages and at the end gave up, the external drive stalled. After a reboot and successful ntfsfix command I wanted to ...
- 21
0
votes
1
answer
362
views
How learn which functions are called in .so library at Android?
I want to learn how listen certain .so files. I mean what is the way to know which fuctions are called which body of code executed in shared library at Android? I just wanted mofify stock camera on my ...
1
vote
0
answers
58
views
What factors affect the base address of a shared object?
I'm looking at a CVE for an old thrift shop router that amounts to a stack based buffer overflow with no NULL characters allowed. I can control the instruction pointer register as well as a few less ...
- 105
1
vote
0
answers
85
views
How to develop an anti-debug library which allow users to debug their own programs but not the library?
I'm going to publish a library which guarded by anti-debug ,(ptrace_trackme for Linux and isDebuggerPresent for windows).
The down side of this library is: users would be abled to debug their own ...
- 81
2
votes
0
answers
330
views
ZTE F670 V1.1.10P3T21 encrypted config.bin
I want to decrypt config.bin
For this I found in cspd
following code
undefined4 CspDBInitPdtInterface(undefined4 *param_1)
{
dbAddCfgItem(0xffff,0,"/userconfig/cfg/db_user_cfg.xml");
...
- 21
2
votes
0
answers
238
views
Booting a Linux kernel ARM64 boot executable Image
I am self learning reverse engineering and working on reversing a firmware image for an unknown ioT device that's running on Zephyr. I have the firmware image (.img file), which returns 'Linux kernel ...
- 21
3
votes
0
answers
41
views
Linux persistance between runs of program but not between reboots
I am working on reverse-engineering a linux program with a function that reads in configuration information from a file, and then passes this information to the program. However, after I fully exit ...
- 31
4
votes
0
answers
213
views
How to assemble back a disassembled Linux kernel?
I have a Linux kernel file and I need to tweak the contents of its corresponding initramfs. I did it in the past for standard distros where kernel and initramfs were separate. However, this specific ...
- 141
3
votes
0
answers
1k
views
Problem getting root shell on Ezviz camera
I got a CS-C6N Ezviz camera. My friend gave it to me because he doesn't use it anymore. I was able to get rtsp stream from the camera (but laggy), and I also was able to connect to UART port on the ...
- 249
2
votes
0
answers
513
views
Cannot load libvulkan.so on Linux chroot running on Android while normal Android apps can load it
Environment
First I will give a quick summary of my environment
Device: Samsung Galaxy M20 (m20lte)
SoC: Exynos 7904 (with Mali-G71 GPU)
OS: Android 10 (Stock ROM with root using Magisk)
Kernel: 4.4....
- 249
5
votes
1
answer
181
views
Check if libc.so use tcache
I have ARM libc.so (GLIBC), How can I check if that libc.so used tcache, and what is the value of arena_max?
Can I check that information offline?
- 281
3
votes
0
answers
323
views
Setting a breakpoint on a shared library's decompiled exported function, and making Ghidra actually stop on that function when debugging a client code
I am very new to Ghidra, so please accept my apologies if my question sounds too simple. Despite the poor quality of the Internet in my country, I tried my best to find an answer online before asking ...
- 31