| last update: Sun Mar 4 01:58:04 CET 2007 |
| intro | tools | tutorials | papers | first steps | practice | other places | contact | disclaimer | |
| intro |
Welcome to 0xf001's RCE "entrypoint"
This page is about reverse code engineering topics for the GNU/linux operating system.
The menu will guide you to the various sections of information about tools, concepts and techniques related to RCE.
Most content is specific to the intel architecture ...
You can ask related questions / discuss the topics in detail on Woodmanns RCE Forums Regroupment
happy hacking!
0xf001
| tools |
|
disassemblers: |
|||
|
bastard |
http://bastard.sourceforge.net mammon_'s bastard :) the most sophisticated multiplatform disassembler project available, probably not so suited for beginners |
||
|
objdump |
you have it in your binutils :) use mammon_'s objdump wrapper scripts ("objdump made
useful"):
|
||
|
lida |
a libdisasm (see bastard) based, GUI driven interactive ELF disassembler, with some interesting features, currently frozen and beeing rewritten |
||
|
ldasm |
http://www.feedface.com/projects/ldasm.html an objdump based perl application imitating the w32dasm GUI |
||
|
debugger: |
|||
|
linice |
a promising "softice clone for linux" - kernel level
debugger |
||
|
the dude |
http://the-dude.sourceforge.net/ mammon_'s dude. Quote: "A Linux process debugger that doesn't use ptrace(1). That's right, does not. The ptrace(1) interface is unreliable, easy to fool and insecure to boot. Friends don't let friends use ptrace(1). Of course, given the state of the project, friends don't let friends use the-dude either..." |
||
|
pice |
another softice clone for linux |
||
|
deblin |
http://ttt.aaa.upv.es/~viesllo/i+d.html kernel level debugger |
||
|
gdb |
http://www.gnu.org/software/gdb/gdb.html the well known GNU debugger, not so friendly for beginners use mammon_'s .gdb_init file for "softice look'n'feel"! use this patch to add scanning possibilities for gdb: |
||
|
ddd |
http://sourceforge.net/projects/ddd/ GUI for gdb, the data display debugger |
||
|
kdb |
http://oss.sgi.com/projects/kdb/ the SGI linux kernel debugger |
||
|
RR0D |
the c00135t kernel mode debugger on the planet. I 0nly s4y rasta mode :) software as we like it |
||
|
tracer: |
|||
|
ltrace |
http://freshmeat.net/projects/ltrace/ to trace library calls |
||
|
strace |
http://sourceforge.net/projects/strace/ to trace system calls |
||
|
ptrace() |
man ptrace |
||
|
forensics: |
|||
|
fenris |
http://lcamtuf.coredump.cx/fenris/devel.shtml a _very_ interesting suite of tools including tracer, debugger, library identification, buffer checking, just too much. impressive! |
||
|
ELF / file editors: |
|||
|
elfsh |
the elf file analyzer / editor shell |
||
|
HTE |
disassembler, hexeditor, many interesting functions! |
||
|
Biew |
http://biew.sourceforge.net/en/biew.html the hiev clone for linux |
||
|
crypto: |
|||
|
openssl |
the crypto library |
||
|
misc tools: |
|||
|
elfkickers |
http://www.muppetlabs.com/~breadbox/software/elfkickers.html elf tools kicking ass ;] |
||
|
lsof |
http://freshmeat.net/projects/lsof/ to list open files (everything is a file) |
||
|
memfetch |
http://lcamtuf.coredump.cx/soft/memfetch.tgz process dumper |
||
|
CryoPID |
CryoPID - A Process Freezer for Linux |
||
| tutorials |
| misc tutorials | |||
|
0xf001's solution to 'trythis' linux crackme tutorial and keygen for crackme from http://biw.rult.at.
|
|||
|
0xf001's linux anti anti debugging tut very basic but detailed anti anti debugging tutorial for beginners, also available as PDF (code breakers magazine)
|
|||
|
0xf001's solution to 'blaadme2' linux crackme tutorial and keygen for crackme from
http://www.crackmes.de.
|
|||
|
this section is under slow but permanent development ... I am looking for challenges to describe ... ;> |
|||
| papers |
| Introduction to Linux RCE | |||
|
O'reilly
Linux Reverse Engineering Whitepaper |
|||
|
http://reverse.lostrealm.com/ |
|||
|
http://www.acm.uiuc.edu/sigmil/RevEng/index.html |
|||
| Binary Protection | |||
|
http://felinemenace.org/papers/Binary_protection_schemes-1.00-prerelease.tar.gz |
|||
|
http://blackhat.com/presentations/bh-federal-03/bh-federal-03-eagle/bh-fed-03-eagle.pdf |
|||
| Cryptography | |||
|
http://www.cs.washington.edu/education/courses/csep590/06wi/lectures/ |
|||
|
http://www.cs.washington.edu/education/courses/csep590/06wi/ |
|||
| ELF related | |||
|
filez/ELF_Format.pdf |
|||
|
filez/mvanvoers_VB_conf_2000.pdf |
|||
|
filez/symbol-versioning.txt |
|||
|
filez/elftut1.ps |
|||
|
http://www.muppetlabs.com/~breadbox/software/tiny/teensy.html |
|||
|
from 29A-8: ASM
TUTORIAL FOR LINUX n' ELF FILE FORMAT by LiTlLe VxW |
|||
|
filez/elf-rtld.txt |
|||
|
filez/elf-runtime-fixup.txt |
|||
|
filez/subversiveld.pdf |
|||
|
http://www.phrack.org/phrack/63/p63-0x09_Embedded_Elf_Debugging.txt |
|||
|
filez/p61-0x08_The_Cerberus_ELF_interface.txt |
|||
| Linux Debugging / Anti Debugging / Anti Anti Debugging | |||
|
http://www.phiral.net/linux-anti-debugging.txt |
|||
|
http://vx.netlux.org/lib/vsc04.html |
|||
|
linux_anti_anti_debugging4CBJ.txt |
|||
|
http://linuxdevices.com/articles/AT3761062961.html |
|||
|
http://www.phrack.org/phrack/63/p63-0x09_Embedded_Elf_Debugging.txt |
|||
|
http://www.acm.uiuc.edu/sigmil/RevEng/ch07.html |
|||
| misc | |||
|
http://www.phrack.org/phrack/63/p63-0x0b_Advanced_Antiforensics_and_SELF.txt |
|||
|
http://reverse.lostrealm.com/protect/index.html |
|||
|
http://www.phrack.org/show.php?p=63&a=18 |
|||
| Linux Virii / Anti Virus | |||
|
http://vx.netlux.org/lib/static/virus-writing-HOWTO/virus-writing-HOWTO/_html/i386-redhat8.0-linux/index.html |
|||
|
http://www.phiral.net/elf-pv.txt |
|||
|
http://www.phiral.net/unix-viruses.txt |
|||
|
filez/mvanvoers_VB_conf_2000.pdf |
|||
|
filez/p61-0x08_The_Cerberus_ELF_interface.txt |
|||
|
filez/subversiveld.pdf |
|||
| first steps |
To help you getting off the ground - if you don't have a GNU/linux OS yet - you can try knoppix|RE
which is a linux live CD including many tools, (kernel- and
user-mode) debuggers, disassemblers, ... ready to boot from your CDROM
drive.
Besides the RCE software environment also the kernel was updated for
kdb and includes now also the latest HW support.
After booting your OS, read "Linux on the Half-ELF"
| practice |
to test and improve your abilities you may work on the linux crackmes provided by
try to solve them! this is a very good self education - concentrated on the topic and fun! (and legal!)
other nice places to play, recommended by andrewg:
http://vortex.labs.pulltheplug.org
Quote: "Vortex is a level based exploitation game, which grows in
difficultly. Some of the levels include maths problems, heap
corruption, stack overflows, integer overflows, etc.
Its a decent challenge even for the most dedicated people."
http://catalyst.labs.pulltheplug.org, the "binary analysis
game :)
Quote: "Catalyst is a free-style (ie, there is no fixed direction you
must follow) binary analysis game"
you will not only gain knowledge on the techniques used, but during the time also figure out how to best setup _your_ environment for RCE, you will find out which tools you like and how to use them and finally be more and more efficient :)
| other places to go |
http://www.eccentrix.com/members/mammon/
mammon_'s page
http://www.phiral.net/
Silvio Cesare's page
http://www.phrack.org/show.php
Phrack Magazine
http://www.uninformed.org/
Informative information for the uninformed
http://www.pulltheplug.org
PullThePlug.org
http://www.felinemenace.org/
felinemance - andrewg's place
http://www.linuxassembly.org
Linux Assembly
http://community.reverse-engineering.net/
Zeros RCE Forums
| contact |
for any suggestions, new content, interesting material which should be added here, ... feel free to contact me via email
you can also post your ideas on the Reverse Code Engineering Forum
| disclaimer |
short disclaimer: as this page is about reverse code engineering and this activity is against some laws on some places in some cases, a little disclaimer is needed :)
please before you disassemble any code or make other attemts to reverse engineer any software (or hardware) - ALWAYS make sure this is not forbidden by its license!
this page is about reverse engineering tools and techniques, there is no in any kind illegal content on this page. gaining knowledge is all what it is about here. the author of the page explicitly distances himself from the contents provided by the hyperlinks on this page as he has to do per law. The content of the pages provided by the hyperlinks on this page are subject to their authors.
[EOF]