Reverse enginerring getting started

Reverse engineering can be used for different goals, such as finding malware, discovering vulnerabilities, fixing software bugs, testing compatibility, and protecting intellectual property.

Abstractor

• Application Binary Interface (ABI)

Reverse tools

• Ghidra: free and open-source software reverse engineering suite made by the NSA and released to the public in 2019 github
• IDA Pro: commercial interactive disassembler and debugger made by Hex-Rays and widely used by security experts and professionals.

How to check the binary format inform

 1# you can view the program format and linked information
 2file xxxxx
 3# view the detail elf
 4readelf -a xxxxx
 5# to detect the dynamic libraries be used
 6ldd xxxxx
 7# view the header details
 8hexdump -C -n 64  xxxxx
 9
10# view the binary file objects
11objdump -t hello
12
13objdump -h hello
14
15objdump -f hello

Some command to view headers

• dumpelf
• elfls -p /bin/ps
• eu-readelf –section-headers /bin/ps
• readelf -S /bin/ps
• objdump -h /bin/ps

Posts series about knowledge

• ELF Format and Runtime Internals

• learning-linux-binary

• Hopper Disassembler

• Ghidra is a software reverse engineering

• Ghidra script

• the Ultimate Packer for eXecutables

• A Simple ELF