Reverse engineering utilities we explored earlier (like radare2 or reverse) had mostly been cmdline ones. Today we’ll explore Panopticon, a new utility with a smooth GUI written in Qt. Panopticon not only disassembles code, it can also understand the semantics of the code and the invariants, making it possible to represent the code in control flow charts. Continue reading Panopticon: Qt-based disassembler
Reverse engineering needs a strong understanding of assembly language. In general, tools like radare2 disassemble binaries and show the output in assembly. reverse is a new tool to show pseudo C output. Continue reading reverse: disassemble binaries
radare is a reverse engineering framework and cmdline tools to work with binary files and understand the way they work. The version 2 of radare is a complete rewrite from the scratch. radare supports analyzing binaries, disassembling code, debugging programs, attaching to remote gdb servers and so on. Continue reading radare2: reverse engineering framework
Reverse Engineering for Beginners is a reverse engineering tutorial cum open source book to teach reverse engineering. The source of the book is actually hosted on GitHub instead of just the PDF file uploaded somewhere. You can also download the PDF directly. An e-book version is available as well.
The tutorial references x86 and ARM, 2 of the most popular architectures in use today. Topics include Oracle RDBMS, Itanium, copy-protection dongles, LD_PRELOAD, stack overflow, ELF, win32 PE file format, x86-64, critical sections, syscalls, TLS, position-independent code (PIC), profile-guided optimization, C++ STL, OpenMP, win32 SEH.
As you should have already understood by now, though it started with beginners in mind, it actually dwells in the most complex of the alleys in reverse engineering.
On GitHub: Reverse Engineering for Beginners
GameConqueror is the GUI for scanmem, a powerful debugger to locate and modify a variable in an executing process. In addition, it can also track by value or string. The author has provided a tutorial that explains the working of scanmem and how to use it for hacking games but here’s a more regular use of GameConqueror.
To attach a running process click on the Computer icon. A new window with the list of all running processes will pop-up, select the one you want to check out. I have attached GameConqueror to Pidgin running on my system and I want to check where the particular string teststring I’m sending to my friend in chat is loaded in memory. I typed in teststring in the Value field. Hover on the ? and it will show you all available options. You can change Search Scope, Data Type etc. as you need.
Double click on the particular address with the string you want to inspect in the left column and it will be added to the list below. You can also right click and select Add to cheat list. For example, in my case I want to inspect the address 0x7f5583a7a820. To check the address in more detail (as in the image below), right click on the entry (or row) and select Browse this address. Click on the Pencil icon to edit memory and change a value directly.
As you can see, GameConqueror is a very powerful debugger for running processes (even compiled without debug symbols) as well as a useful utility to analyze compromised processes or reverse engineering.
A collection of interesting tutorials and articles to learn Linux binaries, objdump, readelf and reverse engineering.