| description | cover | coverY |
|---|---|---|
10/27/2023 |
167 |
Do this everytime you begin reversing (will be adding to this) :
- Hash file for records:
md5sum ./binary
sha256sum ./binary
- View the raw file:
hexdump -C ./binary | head -10
man ascii
- Parse bytes and show ONLY ASCII:
strings <binary>
- Obtain file signature:
file <binary>
- Document findings with screenshots, theory, and context in an attempt to further "paint the picture"
- Obtain symbols for imported functions of the binary:
readelf -W --dyn-sym ./binary
- Utilize
objdumpto view disassembly and examine specific ELF sections:
objdump -s -j .rodata ./binary
- Check symbols in the binary using
nm:
nm <binary>
If desired, you can strip the binary of symbols manually with strip:
cp <binary-symbols> <binary-stripped>
strip <binary-stripped>
file <binary-stripped>
- Throw binary inside of static analysis tool of choice, Ghidra or IDA
- Check strings
- Check symbols
- Check for library imports if defined
- If the architecture is known, look at the memory layout and look at what registers are used for what
- Figure our how the architecture initializes the code e.g. vector table if symbols are not present
- View the spec sheets of what you are reversing if possible
- Look for unique data such as ID's, IP's, or MACs
{% embed url="https://medium.com/@Asm0d3us/1-crackmes-one-beginner-friendly-reversing-challenges-6df94ea6b29d" %}
{% embed url="https://osandamalith.com/2019/02/11/linux-reverse-engineering-ctfs-for-beginners/" %}
{% embed url="https://wrongbaud.github.io/posts/ghidra-training/" %}
{% embed url="https://medium.com/swlh/intro-to-reverse-engineering-45b38370384" %}
{% embed url="https://medium.com/swlh/intro-to-reverse-engineering-part-2-4087a70104e9" %}
{% embed url="https://medium.com/swlh/intro-to-reverse-engineering-45b38370384/" %}
{% embed url="https://www.youtube.com/watch?v=ld2Y_5e4yZ4" %}
{% embed url="https://www.youtube.com/watch?v=fTGTnrgjuGA" %}
{% embed url="https://dogbolt.org/" %}
{% embed url="https://godbolt.org/" %}