I have an app that use erlang .beam compiled files without debugging information. Someone have some tips how to decompile or reverse engineering these?
Thanks in advance
Asked
Active
Viewed 6,593 times
2
-
"7.11 Is there a "reverse compiler" for BEAM files?" (http://www.erlang.org/faq/tools.html) – Jongware May 15 '15 at 09:29
-
I already see it. But honestly did you understand how to pass to beam_lib arguments to obtain abstract_code? – itseeder May 15 '15 at 10:04
-
Can't write comments, yet, so you get the link as an answer. The HelloMike challenge from the 9447 CTF was a beam file without debug_info. This writeup goes through the reversing process of the file: https://medium.com/@shanewilton/9447-ctf-2014-hellomike-writeup-ba812f012d5 – May 15 '15 at 12:04
-
Following your advice and link i get that i don't have debug_info and i get an empty file if i try to decompile it with the command: erl -noshell -eval ‘hipe:c(my_beam, [pp_beam]), init:stop().’ > my_beam.disas. Do you have a tip? i get this error: (no error logger present) error: "Error in process <0.0.0> with exit value: {fun ction_clause,[{init,prepare_run_args,[{eval,[<<11 bytes>>,<<11 bytes>>,<<13 byte s>>]}]},{init,map,2},{init,boot,1}]}\n" – itseeder May 18 '15 at 09:12
1 Answers
4
You can get low-level bytecode source of .beam file with beam_disasm:file(module_name)
It's not easy to read it and takes time to figure it out. But it's much verbose and easier to comprehend than any real hardware assembly code. You can give it a try.
For example, if you have a .beam file called "my_module.beam", open erl and type
file:write_file("/tmp/my_module_disasm", io_lib:fwrite("~p.\n", [beam_disasm:file(my_module)])).
where '/tmp/my_module_disasm' is the path where you want to save the result.
pumbo
- 156
- 2