Highest Voted Questions - Reverse Engineering Stack Exchange

5

votes

3 answers

Are reverse engineering and decompilation the same?

Is reverse engineering an application the same as decompiling it? What is the core difference between reverse engineering an application and decompiling an application.

decompilation

asked Apr 05 '13 at 11:01

BlueBerry - Vignesh4303

1,097
2
11
15

5

votes

4 answers

Is there a tool capable of reconstructing structured code from arbitrary assembly code?

Essentially, I'm looking for a tool that could reconstruct pseudocode with conditional operators, loops, break/continue, etc. from assembly language code for an arbitrary CPU, given only a limited understanding of the assembly constructs related to…

decompilation

asked Jul 15 '17 at 06:43

Leo B.

233
1
8

5

votes

1 answer

Understanding AutoIT "compilation"

I'm trying to de-compile a cheat created for my game so I can fix it. The problem is the version used is 3.3.14.2 which no longer has official de-compiler support. I have tried looking for 3rd party de-compilers but none of them worked for me. I've…

asked Jul 05 '17 at 02:37

majidarif

235
2
15

5

votes

2 answers

Unknown CRC calculation

I am seeking for a CRC calculation on EEPROM content. I try to add options to my car with BOSCH ECU. MCU in this ECU is Tricore TC1793 and EEPROM content seems to be divided into blocks of 128 bytes each. When I try to change a byte from one block,…

asked Jul 03 '17 at 18:36

Yohan Cyber

51
2

5

votes

1 answer

Reverse engineering flexlm license management

I have a 3D driver from the early 90's for Solaris 2.5-2.6 Sparc that uses flexlm to handle license management. How would I go about either circumventing or removing it for computer archeology/hobby development purposes. Also note that the original…

asked Apr 04 '13 at 11:04

cb88

2,320
2
18
33

5

votes

2 answers

What's the best way of improving already compiled binary?

Like if I want to patch a function in a PE. Now my way of doing this would be inserting a new section using lets say LordPE and then compiling anything I want to add up here and patching the original code to link up there but is there a better…

asked Jun 10 '17 at 10:58

rec

475
2
13

5

votes

3 answers

Linux protectors: any good one out there?

I know no one that works as of today (i.e., kernels not way too old) and I wonder if anybody found or knows any protector for Linux either commercial, open source, used in malware, etc...

asked Apr 03 '13 at 16:28

joxeankoret

4,488
2
21
35

5

votes

2 answers

Assistance finding CGI files

I'm wondering if anyone can assist me. I'm reverse engineering netgear r6250 firmware just for practice. I've managed to unpack the firmware using binwalk and in the root directory exist the www directory. Looking at the html code I notice the forms…

firmware

asked May 17 '17 at 19:42

user1803784

65
6

5

votes

3 answers

Is there any websites to get malware files using YARA rules?

I want to know, Is there any websites which has malware files (Windows OS) that are detected by YARA rules? Note: I know some websites to get android malware samples using YARA. But, I need Windows OS based malware.

asked Apr 12 '17 at 06:09

xoreax

121
8

5

votes

2 answers

Safe way to download a malware payload?

I'm trying to analyze a piece of malware that is most-likely a downloader. During dynamic analysis on an isolated VM network, Wireshark registered a GET request to a server for what I believe is the payload (a .bin file). What is a safe way to…

asked Apr 02 '17 at 02:38

qwersjc

163
4

5

votes

1 answer

QEMU gdb server thread problem

I am having a problem using a statically compiled QEMU arm version. I am trying to debug an application from an embedded device. Everything seems to work fine except breakpoints on other threads. I am using IDAs remote gdb function to debug. Instead…

asked Mar 26 '17 at 00:23

VegaRoXas

51
5

5

votes

2 answers

Why to dump precisely at OEP while manual unpacking?

What is the exact reason for dumping a process when the Program Counter is at OEP? I haven't found a decent answer. This Link says: In order to identify the IAT structure, Import Reconstructor needs to know the OEP of our application (of the…

asked Mar 23 '17 at 13:13

greenpiece

218
2
7

5

votes

1 answer

GDB find string strange results

I'm playing with gdb and strange things are happening. I wanted to find some address in memory where string "/bin/sh" is located, and gdb says it found it. But when I examine the memory there, the string there is totally different. Can you please…

asked Feb 24 '17 at 19:27

Michal Sládeček

51
1
2

5

votes

4 answers

Identify compression of this ZTE ZXV10 H201L V2 backup config file

This config.bin file is from a ZTE router. I would like to decompress it but I did not identify the compression used in the file. Maybe someone can. 00000000 99 99 99 99 44 44 44 44 55 55 55 55 aa aa aa aa |....DDDDUUUU....| 00000010 00 00 00 00…

asked Feb 21 '17 at 23:22

Vido

515
8
22

5

votes

1 answer

3D control-flow graphs in IDA

Is there any way to leave 2D flow chart graphs and go to 3D model? I mean something like that: Usual 2D graph: 3D graph: The only one solution I've seen is using UbiGraph + Linux on VM (to use UbiGraph) + some X-server for Win (the process of…

asked Apr 02 '13 at 05:31

fasmotol

139
6

Most Popular