Highest Voted Questions - Reverse Engineering Stack Exchange

6

votes

3 answers

Packers/Protectors for Linux

I was wondering if anyone had come across a packer/protector which could be used for ELF binaries. There seem to be quite a few articles on writing packers and protectors for the PE format -- however, there don't seem to be very many for Linux. This…

asked Dec 14 '13 at 05:14

user1743

6

votes

1 answer

Is it possible to use GHIDRA to decode .NET ? (1 lvl crackmes with solution, but not in GHIDRA)

I am a beginner, I want to decode 1 lvl in crackmes, I downloaded a GHIDRA as my main tool. I've got a simple keygen app. Here it is: https://crackmes.one/crackme/5ab77f6433c5d40ad448cb2d. The solution is simple use Reflector and go…

asked Apr 24 '23 at 04:06

OREN YT

61
3

6

votes

1 answer

LALR parsing : retrieve the grammar rules from the generated parsing tables

I have a quite old C corporate parser / compiler code that was generated from an ancient Yacc and the original grammar source is lost (as the intermediate files) the only result the ytab.c parser generated file. That legacy piece of code need…

decompile

asked Dec 10 '13 at 17:35

Seki

171
6

6

votes

1 answer

Decrypt the cookies stored by the MS Teams desktop client

I am creating a digital forensic tool that gets all data of user from different platforms. I successfully have done extraction for Teams website but I am unable to do so for the desktop app. So far, I know that the cookies are stored in…

encryption

asked Feb 25 '23 at 05:38

farhan jatt

111
4

6

votes

1 answer

Reversing an RSA function throws pkcs decoding error

I'm working my way through reversing a toy challenge, and I find myself stuck. The app is pretty simple, it spits out a blob of text (e.g. "3b880a90e476d66569d9d5dfb5cd755af3f..."). Dumping the code, I can see that it builds an RSA public key by…

asked Jan 09 '23 at 22:46

XeroxDucati

215
1
10

6

votes

1 answer

Load dSYM symbols in Hopper

Can I load dSYM symbols into Hopper? (I searched extensively in the menus etc. but couldn't find such an option) Context: I want to see how a program I created using Xcode was compiled into machine code using Hopper to view the machine code. My…

asked Nov 28 '13 at 10:55

yairchu

167
7

6

votes

2 answers

Can I import a C struct into Ghidra?

Either by pasting from a text file or typing it out into a dialog box, which is still much faster than using Ghidra's Structure editor.

ghidra

asked Aug 18 '22 at 14:21

hippietrail

515
4
17

6

votes

4 answers

Do I have to learn computer architecture for underestanding or doing reverse engineering?

I am completely noob in reverse engineering, and I've just started to learn it. Now I have this question in my mind, that does a reverse engineer use any computer architecture knowledge for doing his/her work? I mean in any field (software/hardware…

asked Jul 20 '22 at 09:06

Sirius Black

63
1
4

6

votes

1 answer

IDA Pro for MIPS image

I have this file: [ytti@lintukoto ~/tmp/ida]% file cat3k_caa-universalk9.SPA.03.03.00.SE.150-1.EZ.bin cat3k_caa-universalk9.SPA.03.03.00.SE.150-1.EZ.bin: data It's image for Cisco Catalyst 3650 switch. The switch itself is running Cavium, probably…

asked Nov 21 '13 at 09:57

ytti

161
1
3

6

votes

1 answer

How to attach debugger to app if it has protection against attaching?

Sometimes I've tried to attach Ollydbg to applications those have some protection against debuggers, but I have never coded any of these applications and did not see this protection in many applications... So it looks like it is not hard to bypass…

anti-debugging

asked Nov 19 '13 at 20:14

Wiggler Jtag

261
3
6

6

votes

1 answer

What's the format of Mediatek MRE VXP file and how to create a workable VXP binary?

Background Mediatek's MRE (MAUI Runtime Environment) is the default runtime on Nokia S30+ platform, replacing the J2ME platform on older Nokia. From MRE's page: MRE (MAUI Runtime Environment) is a phone application development platform similar to…

asked Jun 08 '22 at 17:09

raspiduino

249
3
9

6

votes

2 answers

Creating a struct in IDA which contains a cString?

Normally I struct is a fixed size. Is it possible to define a structure which contains an element which has different sizes? To illustrate what I mean is this. The layout of the data in the file looks like this: ID WORD 0 FunctionPtr DWORD…

asked Nov 17 '13 at 14:38

Devolus

963
1
10
21

6

votes

1 answer

How are achieved PUFs (Physicaly Unclonable Functions) and can we workaround?

I would like to know how are achieved PUFs (Physicaly Unclonable Functions) and if there is a way reverse these hardware electronic components ? Recent papers such as "Invasive PUF Analysis" present techniques to extract information from PUFs but, I…

asked Nov 15 '13 at 09:39

perror

19,083
29
87
150

6

votes

1 answer

What is the purpose of this sequence of HP PA-RISC instructions?

I'm looking at the startup code in an HP SOM executable. The disassembly looks like this: 00004010 b4 00 10 c2 addi,tr 61,r0,r0 00004014 e8 00 01 aa b,l,n 0x000040f0,r0 The addi instruction is…

disassembly

asked Dec 10 '21 at 10:35

John Källén

1,070
9
17

6

votes

3 answers

Break points in OllyDBG

I'm trying to set breakpoints in OllyDBG, I found the address that I wish to break on and I've hit F2 in order to set the breakpoint. However, when the program runs the code, it doesn't break. I'm not very familiar with OllyDBG and don't know how it…

ollydbg

asked Oct 24 '13 at 08:53

user1960364

181
1
4

Most Popular