Highest Voted Questions - Reverse Engineering Stack Exchange

5

votes

1 answer

Reverse engineering a compression algorithm to decompress ASCII text (LZ-variant?)

Reposted from StackOverflow as is. I'm trying to decompress a very long text block from an ARMv5t powered Gameboy Advance ROM, which was compressed using some kind of custom LZ-esque compression algorithm. The decompression algorithm, as I…

asked Mar 17 '19 at 17:12

Alex Osheter

173
1
4

5

votes

1 answer

How to display the CFG of a function in Ghidra?

I am currently trying Ghidra and, I am looking at a specific function. I have the assembly code and the decompiled version of it. But, I am looking to see if I can have it as a CFG... Does someone has a clue on how to do it?

asked Mar 06 '19 at 08:53

perror

19,083
29
87
150

5

votes

3 answers

Help unpacking U-boot firmware

I'm trying to unpack (extract) and analyse the firmware of an IP Camera (Xiaomi mjsxj02cm). I have this tf_recovery.img that's supposedly a U-Boot image, but I can't unpack it either using dumpimage or other techniques because mkimage -l doesn't…

firmware

asked Feb 16 '19 at 17:18

Telmo Marques

231
1
2
7

5

votes

2 answers

Why my Resource Hacker doesn't work with some .EXE files

I use Resource Hacker Application for Reverse Engineering purposes, I've cracked 3 softwares by using this software, but it doesn't grab all .EXE, .DLL files. sometimes It says, This is not a valid Win32 executable file, but I've provided it a valid…

asked May 19 '13 at 22:33

khk

293
3
5
16

5

votes

4 answers

Is BinNavi available? If not, can I get the source from anywhere?

BinNavi is originally a Zynamics product. But, since the company has been bought by Google, it seems to be difficult to get the library. I tried to look in the BinNavi manual in the installation chapter. But, I couldn't find any way to get the…

asked May 19 '13 at 18:45

perror

19,083
29
87
150

5

votes

1 answer

Radare2 Disassembler How Do You Organize Visual Panels (V!)?

I would like to use Radare2 to learn about how C is assembled into assembly but I am having trouble with the layout. I think the V! mode would be very handy as you can watch the registers update as the instruction pointer moves through the program,…

asked Jan 15 '19 at 16:45

Aaron

51
2

5

votes

1 answer

Find function in a stripped dynamic ELF library

Im currently reverse engineering an android app and this app calls a function named "getUserInfo" in an ARM 32bit ELF library called "libcms.so" (from TikTok) via the Java Native Interface. My Problem is: The function cant be found with readelf…

asked Dec 29 '18 at 01:09

SinOfficial

153
4

5

votes

3 answers

Nested Structures in IDA

I'm trying to figure out how to explore structs in IDA, and getting stuck on the basics. I wrote a very basic test app; int main() { const int kBits = 1024; const int kExp = 3; RSA *rsa = RSA_generate_key(kBits, kExp, 0, 0); …

asked Dec 06 '18 at 15:01

XeroxDucati

215
1
10

5

votes

1 answer

Difference between Proxmark3 rdv4 & Proxmark3 evo

I am an advanced beginner in RFID/NFC reversing / hacking. For now, I have a mifare reader and I want to buy a better reader to able to perform advanced stuffs on both HF and LF (especially emulation and cloning). I've read on multiple websites…

tools

asked Dec 01 '18 at 20:23

niosega

51
2

5

votes

1 answer

SQL Server not downloading symbols from the symbol server, even though SymInitialize has the symserver in its path

EDIT Clarified, I meant the extended exent ringbugger stacktraces described by Jonathan Kehayias. I recently discovered it was possible to get link.exe, dumpbin.exe, etc to download symbols from a symbol server. SQL Server has the ability to capture…

asked May 03 '13 at 22:08

Justin Dearing

325
2
9

5

votes

3 answers

Writing a file with radare2 `w`?

Radare2 supports a w which writes a string. w foobar write string 'foobar' However, it doesn't seem to work for me, $ touch foo $ radare2 ./foo w foobar The file foo remains empty. Am I supposed to flush or save?

radare2

asked Nov 13 '18 at 20:33

Evan Carroll

1,779
1
18
50

5

votes

3 answers

DLL starting with DCD

Today I was investigating an issue with a Microsoft DLL, mscordacwks.dll, which is part of the .NET framework. I've seen it many times before and it always was a regular PE file, meaning that it started with the magic MZ. However, the file today…

asked Oct 26 '18 at 17:47

Thomas Weller

970
6
19

5

votes

4 answers

How to change a large section of bytes to words in IDA Pro

I have a large section in IDA that is a data lookup table of word length data. I want to change them all to word length rather than byte length. I know you can make an array but when I do it becomes an array of bytes.

ida

asked May 01 '13 at 12:12

gigawatt

401
4
11

5

votes

1 answer

x86-64 bit Buffer Overflow, help with overwriting %rip

I am trying to get a buffer overflow exploit to work on Ubuntu 16.04 LTS 64bit. To this end I use the following vulnerable program: #include #include #include int main(int argc, char* argv[]) { char…

asked Oct 21 '18 at 18:32

schtopps

173
1
6

5

votes

1 answer

Importance of Compiler Version in generating a signature

I load a reference elf that I cross-compiled for AArch64 into IDA Pro, idb2pat to generate a .pat which I then process through sigmake. I then use the signature file (in the appropriate IDA Pro directory) to work on a commercial image, however it…

asked Oct 10 '18 at 02:05

Hi Lo

183
1
6

Most Popular