Highest Voted Questions - Reverse Engineering Stack Exchange

11

votes

4 answers

How can I generate a call graph from an unstripped x86 Linux ELF?

There's a piece of software, for which I only have the binary, not the source code. It's: unobfuscated (so, not polymorphic or anything. It is optimized a bit, though) unstripped x86 32 bit trustworthy (not suspected malware) compiled from C++…

asked Jun 10 '15 at 20:51

Parthian Shot

281
2
8

11

votes

2 answers

Which python library for parsing Linux ELF files?

I want to be able to parse 32 and 64 bit ELF files - but not create or modify them (e.g. as discussed in this thread). The ELF binaries may possibly come from embedded Linux systems, that is, the library should not be irritated by MIPS, ARM and…

asked May 06 '15 at 11:14

langlauf.io

1,560
1
19
36

11

votes

2 answers

Protect data stored in binary

Let's say I've some function(i.e. hash function), that generates value from input seed and some precomputed hash values, that are stored somewhere in binary. What are the possible approaches for: Protect string data against dumping Protect hash…

asked May 02 '15 at 18:53

see ya

823
2
8
20

11

votes

1 answer

Generating Snapchat Snaptags ("QR" Codes)

For those that haven't seen, Snapchat now has a special type of image based code that allows you to quickly add friends by pointing the camera at the screen, similar to a QR code, called "Snaptags". Here's an example: . Does anyone know how one…

asked Apr 05 '15 at 05:30

Tyrone

111
1
3

11

votes

1 answer

Setting a breakpoint at system call

I want to modify my teamspeak server (linux), I'm particulary interested in the connection with clients (UDP), so I figured I need to set a breakpoint at the linux socket function to start reversing. How can I achieve this? Thanks!

asked Dec 16 '14 at 20:18

Hugo Kiiski

187
1
2
6

11

votes

3 answers

What methodology can be used to change code flow atomically during program execution?

I have been reading a lot about the different techniques for Windows API hooking (a technique I'm particularly fascinated by and fond of), and it seems a major problem in implementing a realiable hook function is ensuring that the hook is written…

asked Aug 11 '14 at 02:13

CaptainObvious

398
3
9

11

votes

2 answers

What is a non-virtual thunk?

In real code I have encountered some "non-virtual thunk" functions: ; `non-virtual thunk to'QTextCodecPlugin::create(QString const&) EXPORT _ZThn8_N16QTextCodecPlugin6createERK7QString _ZThn8_N16QTextCodecPlugin6createERK7QString SUB.W R0,…

asked Jun 05 '14 at 12:05

18446744073709551615

595
1
6
16

11

votes

4 answers

Identifying an unknown chip on a PCB

I'm working on reverse engineering a PCB (no documentation by manufacturer). I've identified all the other chips on this board but this one refuses to give up any google-able info. Are there any resources that can help me identify what kind of chip…

asked Jun 04 '14 at 16:43

user4781

113
1
5

11

votes

1 answer

Emulate TP-LINK WR740N with QEMU

I'm trying to emulate a TP-Link WR740N in Qemu (MIPS). I have extracted the rootfs.img from the firmware, and downloaded vmlinux-2.6.32-5-4kc-malta from here: http://people.debian.org/~aurel32/qemu/mips/. Then, I started Qemu with these…

asked May 29 '14 at 16:07

user4724

123
1
1
5

11

votes

1 answer

What is the difference between step into and step over when debugging?

I am using EDB and stepping through the program but I do not even know what the difference in behavior is when doing this. I feel like this is something I should know if I ever have hope of reverse engineering this program.

asked Apr 30 '14 at 18:22

user4466

11

votes

1 answer

How could I change an instruction in IDA Pro?

I'm trying to change an instruction in an executable that's loaded in IDA Pro v6.1 For example: lis r11, ((qword_90E1B2D8+0x10000)@h) to lis r10, unk_90E163D0@h Any help is appreciated, thank you very much.

ida

asked Mar 10 '14 at 21:56

user4128

111
1
1
3

11

votes

3 answers

How to decompile an Objective-C static library (for iOS)?

I'm trying to use IDA Pro v6.5 (freeware) (demo) to decompile an objective-c library compiled for ARM7-7S. I tried Hopper v2.8.8 (freeware) with no success. I had no problem until I tried to display a pseudocode. In fact, I can't find the option…

asked Feb 10 '14 at 11:07

kl94

213
1
2
6

11

votes

3 answers

Jump back to the caller

I'm debugging some app inside the ollydbg, so this two steps i set to start debugging the app. I load the exe from file menu with input arguments Set breakpoint on msvcr71.printf function After this two initial steps, when I hit F9 the app show…

asked Dec 27 '13 at 22:07

Igor

111
1
4

11

votes

2 answers

Why did Intel chose 90h machine code for their NOP instruction instead of a 0?

Probably just a historical question, if anyone knows.

asked Oct 31 '23 at 08:36

c00000fd

1,659
3
25
41

11

votes

2 answers

Reverse engineer Logitech Z906 serial console: getting started

I would like to control my logitech Z906 remotely, e.g. with a webservice running on a raspberry pi connected to it's console. The console is connected over a DB-15 port to the subwoofer. I called logitech but they were unable to provide me with…

serial-communication

asked Dec 07 '13 at 16:34

Jens Timmerman

211
2
6

Most Popular