Highest Voted Questions - Reverse Engineering Stack Exchange

7

votes

2 answers

Router's serial port only outputs garbage

I'm trying to reverse engineer a 2Wire ADSL modem/router, mainly for practice. I opened it and found a serial port (with a header conveniently already in place) but I'm not getting any useful data out of it, only gibberish. The device does work…

asked Apr 24 '16 at 23:59

Rena

171
4

7

votes

2 answers

Lego NXT Exploitation and Vulnerabilities?

First, I wasn't sure if I should post this on the Lego Stack Exchange site or here, and I decided this site had more to do with the question (I hope I don't get bad rep for this). OK, my friends and I have Lego NXT sumo bot competions for fun.…

asked Apr 21 '16 at 23:12

Starwarsfan2099

345
1
2
10

7

votes

2 answers

32-bit binary stack layout on a x64 Linux OS

Stack layout is well documented in many ways. Especially for x86 systems as there were numerous tutorials on how to exploit stack overflow on old 32-bit systems many years ago. So far we can know that on a 32-bit system, the user stack starts from…

asked Apr 11 '16 at 12:10

Geoffrey R.

307
2
8

7

votes

2 answers

Fixing corrupt ELF header field "e_shnum" for use in GDB

If the ELF header which usually can be read using readelf has been manually manipulated, let's say by increasing the value for the "Size of section headers" the binary still can be executed and works well. However, this manipulation seems to trip up…

asked Apr 01 '16 at 15:43

Fakhri Zulkifli

125
1
2
7

7

votes

3 answers

Defeat rsa hash verification

I am analysing an embedded system running QNX on armle, uname -a identifies it as: QNX mmx 6.5.0 2012/06/20-13:49:13EDT nVidia_Tegra2(T20)_Devlite_Boards armle Firmware updates come with a file called metainfo2.txt which always ends with a…

qnx

asked Mar 23 '16 at 19:14

Remko

3,228
3
22
30

7

votes

2 answers

Backblaze 16-bit checksum ("bzsanity")

I use Backblaze to back up my computer. You restore files from your backups by selecting files to restore, which are then packed into large zip files. Of course, it's fairly rare to be able to download a 500GB zip file without a connection…

crc

asked Mar 09 '16 at 20:41

Reid Rankin

173
3

7

votes

1 answer

Byte frequencies in different architectures' binaries?

what I'm looking for I have a binary that, for various reasons, I'm pretty sure is executable machine code (although possibly for a VM language, although I doubt it's Java). I'm looking for a table of byte frequencies for byte values v.…

asked Mar 03 '16 at 20:27

Parthian Shot

281
2
8

7

votes

1 answer

How to automatically rename some IDA functions from a given list?

I have a text file which contains a list of function name and address pairs, structured like this : 194C:841B LoadMessage 194C:8429 ShowDialog ... Is there a way (eg: script, automation, ...) to automatically rename all relation functions of the…

asked Jan 28 '16 at 12:44

tigrou

371
4
13

7

votes

2 answers

I really struggled to figure it out, now can anyone help me reverse engineer this checksum?

I have a device at work with no documentation about it's checksum calculation. I know that the last byte in each message is the checksum, and most of the messages to the device requires a correct checksum. I thought it was easy to figure out,…

asked Jan 20 '16 at 12:40

Jesper R

73
4

7

votes

1 answer

Unpack IpCam firmware - Binwalk extraction issue

I'm trying to use Binwalk to extract an IpCam bin firmware. I did it successfully for the WebUI, but I can't on the firmware itself. Hardware : Vstarcam C7824WIP Firmware : CH-sys-48.53.64.67.zip WebUI : CH-app-EN53.8.1.13_VSTARCAM.zip Problem :…

asked Jan 19 '16 at 00:24

Ronan

73
1
6

7

votes

2 answers

Method disassembly of Objective C Mach-O with Radare 2

Is is possible to retrieve the dissassembly of Objective-C methods declared in Mach-O files using Radare 2 ?

asked Dec 30 '15 at 14:58

3asm_

506
6
15

7

votes

3 answers

Debugging forked child in an anti-debug protected crackme

I am interested in the anti-debugging method implemented in the crackme called trace-p. A child process is forked, which communicates with the parent using int3 instructions. I would like to debug the child. gdb has set follow-fork-mode, however gdb…

asked Dec 29 '15 at 11:31

robert

887
2
12
28

7

votes

1 answer

How to get a full execution trace with Python gdb?

While trying to answer another question, I tried to set-up a Python script to automatize the extraction of an assembly execution trace. But, I am really not satisfied of this script and I would like to know how to improve it. First, here is the…

asked Dec 17 '15 at 20:50

perror

19,083
29
87
150

7

votes

1 answer

Reverse engineering Earthsiege 2 3D model format

As a personal project I've been trying to reverse engineer the art assets for the old Dynamix game Earthsiege 2 (this game has long been abandonware and was recently released for free by Hi-Rez, the current copyright holder). It was child's play to…

asked Dec 09 '15 at 20:11

user45623

173
6

7

votes

2 answers

How to Fix a memory dump of a dll - so i dynamically reverse it using olly \ ida

I need to analyze a memory dump of a malware module, unfortunately the sample is not the original dll, but the dump of the dll from the memory. Now fixing the sections headers is fairly easy - i just need to match the Virtual address \ size to the…

asked Dec 08 '15 at 07:53

0xAK

668
6
19

Most Popular