Highest Voted Questions - Reverse Engineering Stack Exchange

7

votes

1 answer

Is there a way to find out which hash standard by studying the source code?

We have an embedded product, which we are carrying for several hardware iterations since more than 5 years ago. We have all the source code, most of it nicely documented. As the product is actively sold and needs an upgrade, I have been tasked to…

asked Mar 18 '17 at 02:20

EmbeddedGuy

173
4

7

votes

2 answers

Identifying possible structs in C/C++ disassembly

I'm currently working on taking apart a game (Soul Reaver: Legacy of Kain) and I often come across odd looking sections such as this in the decompiler *(_DWORD *)(a2 + 16) = a2 + 624; *(_DWORD *)(a2 + 38200) = a2 + 8; *(_DWORD *)(a2 + 20) =…

asked Mar 09 '17 at 21:03

MicroTransactionsMatterToo

173
6

7

votes

1 answer

OllyDbg: How to set a conditional breakpoint for a value anywhere in the stack?

I know how to set conditional breakpoints on a register, but how can I have a breakpoint trigger if a specific value (say, 0x12345678) appears anywhere in the active call stack frame?

asked Dec 17 '16 at 09:10

John Blatz

181
6

7

votes

1 answer

Available tools & techniques for locating sections of interest in a binary executable

If I'm trying to figure out how a program accomplishes a certain task or how it works with an unknown data structure or format, what techniques and tools can I employ to quickly and efficiently locate the binary sections of interest to start…

asked Mar 31 '13 at 00:31

greatwolf

203
1
8

7

votes

1 answer

Firmware-Mod-Kit Increases Size

I love using firmware-mod-kid to modify SoHo router firmware. The problem I encounter is that it often bloats the size of the image. It appears this happens during the mksquashfs step. If I'm just unsquashing a filesystem and then resquashing it…

firmware

asked Mar 30 '13 at 02:34

mrduclaw

4,066
8
27
40

7

votes

2 answers

Trying to decompile hex firmware

I managed to get the firmware for my IoT device but the firmware is in HEX. What is the best way to convert it to a binary so I can use binwalk? So far I've tried converting it with srec_cat hex.file -Intel -Output binary.file -Binary. I have tried…

asked Nov 07 '16 at 21:25

Driale

71
1
3

7

votes

1 answer

How do I reverse this javascript code? How is it packed?

I've a couple of questions regarding this javascript code, I found injected in one of my web pages. What is this script doing? Which tool is used to pack or obfuscate this script? How can I learn the working of this script? I've used this tool:…

javascript

asked Nov 05 '16 at 17:10

Thomas Coulson

73
1
4

7

votes

2 answers

Attach Shared Object to android process with IDA

I am: working with an Android game, using an Android Emulator, and trying to attach an android .so library to a process. I have the whole IDA server set up, I can attach to processes when a classes.dex is loaded into IDA but, when I load the .so…

asked Nov 02 '16 at 18:39

Frenchy Fry

71
4

7

votes

2 answers

State of the Art Fuzzing Framework

I've previously rolled my own Fuzzing Framework, and tried a few others like Peach Fuzzer. It's been awhile since I've looked at vulnerability hunting, what is the state of the art with regard to fuzzing? That is, if I were to start fuzzing Acme…

fuzzing

asked Mar 29 '13 at 18:37

mrduclaw

4,066
8
27
40

7

votes

1 answer

Which format/tool to store 'basic' informations?

It's really a productivity bottleneck when various analysis tools can't share information. What's an efficient way to store symbols+comments+structures, so that they can be easily imported into other reversing tools? I used to rely on SoftIce's…

asked Mar 28 '13 at 10:05

Ange

6,694
3
28
62

7

votes

1 answer

How can I set breakpoint and get value of a register with IDApython

How can I set a breakpoint and get the value of the EAX register with IDApython? I want to set a breakpoint, for example at address 00b27223, and at each break before execution of that specific address I want to get the value of the EAX register as…

asked Aug 27 '16 at 20:37

user121314

73
1
1
3

7

votes

1 answer

Importing external libraries in Hopper scripts?

Can external libraries be used in Hopper scripts? I'd like to add PDB support to Hopper using pdbparse, but I haven't been able to get it to use external libraries. Alternatively, I suppose one could just dump the debug symbol offsets to a text file…

asked Mar 27 '13 at 16:15

Brendan Dolan-Gavitt

2,888
2
19
37

7

votes

2 answers

How to import Windows DDK headers into IDA?

Currently I'm reversing a Windows driver, and there are a lot of structs IDA doesn't automatically recognize, which means I have to import them manually by parsing C header files. However, there are way too many nested structs/unions and I have to…

asked Jul 31 '16 at 03:41

rev

1,293
12
22

7

votes

2 answers

IDA Load Symbols From Static Library

I have a stripped elf file that has statically linked libraries. Is there a way that I could take the original library files that are in a files and name the functions in IDA that match those in the library?

asked Jul 04 '16 at 02:52

gudenau

181
1
7

7

votes

2 answers

Trace system calls, including stack (and java stack if possible), on android?

I have an android app that reads/writes a data file which seems to be encrypted, and i want to make a tool to read/write that file, so i need to reverse the encryption. The app in question consists of a few hundred classes and several .so libraries,…

asked Apr 27 '16 at 09:43

Guntram Blohm

12,950
2
22
32

Most Popular