Questions tagged [reverse-engineering]
Reverse engineering is the process of discovering the technological principles of a human made device, object or system through analysis of its structure, function and operation.
241 questions
1
vote
0
answers
68
views
How can I jump to an address after executing a donut shellcode?
I'm looking to execute a shellcode by packaging it inside an executable.
I generate an executable (open the calculator)
I output a shellcode from the executable with donut.
donut.exe -i opencalc.exe ...
- 11
0
votes
0
answers
59
views
How to trust clients when they can be reverse-engineered to expose keys/credentials? [duplicate]
I am developing an VPN app, currently on mobile app part (Flutter). I have done server backend side. Client side code is done too. VPN establishment is based on socket communication: Client sends it ...
0
votes
1
answer
247
views
Is an isolated VM (Hyper-V) still safe despite the fact that the host uses RDP to view/control the VM?
This question is directed towards creating an isolated environment for a reverse engineering VM, where malicious programs will be disassembled, debugged by executing them, so static and dynamic ...
0
votes
1
answer
349
views
How does anti-cheat prevent mocking itself?
As far as I understand, usually the game anti-cheat runs in another process from the game client. This makes it obvious to try to simulate anti-cheat, for example, to replace it with your program, ...
- 3
0
votes
3
answers
157
views
Analyze fixed vulnerabilities in software updates
Developers update their software, sometimes they patch vulnerabilities.
Is it realistically possible to analyze the updated code (even if it's closed source) to find the vulnerability that has been ...
- 1
-1
votes
1
answer
107
views
Recommended way to merge a security feature with the rest of the software? [closed]
I am searching for the best way to merge two parts of software together, so it would be as hard as possible to separate them again through reverse engineering.
At the moment are both parts python, but ...
- 56
0
votes
1
answer
134
views
what is stack segment manipulation?
I was trying to research about anti-debugging techniques here, but i failed to make sense of what stack segment manipulation's. Could anyone have a good explanation for what it means or nice resources ...
2
votes
4
answers
917
views
Code obfuscation and source code repositories
As I understand, code obfuscation is used to make reverse engineering difficult/hard for the adversaries/red team.
Now if I use a source code obfuscator where a .C/.CPP file is used as input and an ...
1
vote
0
answers
284
views
Buffer overflow on a program that only accepts arguments as input
I've got a pretty tricky flag that I have been beating my head against for a while now and would love an explanation for how something like this would be possible. I have a program that when run, ...
- 11
1
vote
1
answer
457
views
How can I port scan my p2p device?
I have a device and I am trying to port scan it. I did the basic
nmap -A -p0- 192.168.0.x
but I am just getting
0/tcp filtered unknown
so I don't think it is working. The device works on p2p so I am ...
1
vote
1
answer
2k
views
How to extract a RSA private key from an ssh-agent core dump
I need to extract an RSA private key from an ssh-agent core dump running on ubuntu 20.04. I believe the ssh version is the latest. I have tried many Linux tools with no luck. I also wrote a python ...
- 51
4
votes
0
answers
89
views
How can this form boundary be used to detect a different device?
I am trying to talk with an API endpoint usually used by a secure app. I have managed to defeat the signature by extraction the private key from the app. All headers, bearer token and device token ...
Martijn
1
vote
0
answers
327
views
How do in-memory unrandomizers (like in Cheat Engine) work?
Cheat Engine is a rather known memory editing and manipulation tool for Windows.
It has this feature to screw up your randomness generation, how does it achieve it?
My guess would be that it makes the ...
- 1,675
0
votes
2
answers
970
views
Is possible to reverse engineer a AES encryption of a known file format?
If the encrypted file is from one of the known formats, such as doc, jpg, mp3, etc., is it possible to reverse engineer it and decrypt it?
I "roughly" know the mechanic behind the AES ...
- 13
2
votes
1
answer
2k
views
Is it possible to crack a 2FA/MFA secret key provided you know enough of the previous generated codes? [duplicate]
I have two accounts that won't show me the 2FA/MFA "Secret Key" used to generate the multifactor codes. Because of this, I am forced to use specific MFA apps rather than my preferred one. If ...
- 23
0
votes
2
answers
943
views
A way for find hard-coded URL/IPs in a dll/exe [closed]
Is there a way to see the URL/IPs that are hard-coded in an exe or dll without installing or running it?
I once saw a tool that extracted URLs from dll or exes, but I can't remember what it was.
- 123
-1
votes
1
answer
909
views
What can I do with reverse engineering
I have come across a lot of guides and blogs about reverse engineering where they use labs to teach various techniques and methods to break binaries. My question is what actual use cases does reverse ...
1
vote
1
answer
1k
views
Heap overflow - strcpy() on x86_64 (64bit)
I'm stuck on the Heap1 challenge from Exploit Education.
After compiling the source code in a 64bit system, without any security mechanism, I try to overflow the heap in order to overwrite the main ...
- 21
0
votes
0
answers
182
views
Spoofing a server to intercept my IoT device's data
I'm trying to reverse engineer a power meter I've installed to integrate with HomeAssistant. It sends its data to a remote server, where I can log into a UI to view its data. Additionally, they have a ...
- 101
0
votes
1
answer
1k
views
Some introductory reverse engineering help on finding a string
I understand the crackme I am researching is from 2007, however this was the point in my life when I initially became interested in reverse engineering and wish to complete it for nostalgia sake. ...
- 211
-2
votes
1
answer
352
views
Detect reverse engineering using debugger
Problem: Someone has acquired a copy of Company X's application and is reverse engineering it on his network using a debugger. How can Company X possibly detect this activity?
Further Questions:
Is ...
- 107
0
votes
1
answer
818
views
How hard is to reverse engineer a signature for a given message?
Given the following situation:
User makes a request for temporary access to a video
Backend responds with a json file containing timeAllowedInSeconds: 5
Backend also responds with the signature of ...
- 101
-1
votes
1
answer
179
views
Security technologies that implements security through "organic-like" obscurity? [closed]
Are there any advanced security technologies, for example, establishing a secured connection, which first require authentication based on security through organic-like changing obscurity of secrecy?
I'...
- 1
2
votes
1
answer
761
views
Are emulators isolated from the host for malware testing?
I know that virtualization is different from emulation; I was wondering if emulation is isolated from its host and any destruction on it will not affect the host as if it were a virtual machine.
I ...
1
vote
1
answer
157
views
Is there a way to tell what the file does before opening it?
You have just noticed that an unknown executable file has been downloaded to your machine.
Is there a way to tell what the file does before opening it?
- 11
0
votes
1
answer
353
views
How to start pentesting/reverse engineering/cracking a software on Linux? (Docker based) [closed]
TL:DR; What are good learning resources for security testing a software which runs with Docker on Ubuntu.
I am in junior position at this company, and they figured it would be good if I just test ...
1
vote
1
answer
189
views
How to protect conditional 'if' in Android from reverse enginneering
I recently downloaded one apk from a custom apkstore from my country. You can download the app for free but you need to pay to use some functionalities. I cracked the app jumping over all the ...
- 57
2
votes
0
answers
269
views
How to Get full PLT Entry of a function and not the offset?
I am trying to leak libc's base address by first leaking the address of gets(). However, using Pwntools to get the PLT and GOT (and pretty much anything) entries only gives me their offsets as ...
- 21
0
votes
1
answer
3k
views
What is source of bad characters exist in buffer overflows
I'm new to exploit development and while watching a tutorial I came across the topic of "Bad character identification". I'm referring to the process of sending all possible characters to the ...
- 141
1
vote
1
answer
387
views
ROP on MIPS Doesn't Land Where Calculated
I am working on exploiting an application on MIPS to further my knowledge of ROP chaining. The library I am trying to build a ROP chain is libuClibc-0.9.30.3.so. I found a gadget that I want to use ...
- 121
0
votes
0
answers
249
views
Repackaging Mobile app which resists repackaging
I tried repackaging an Android app but after installation, when I launch that app, the app crashes immediately.
This is the exception I am getting when I decompile this application using apktool and ...
1
vote
1
answer
1k
views
Easy way to hardware lock an exe file in windows
Hi I want an easy way to hardware lock an exe file to a specific system so that when a user copies that file to another system it does not open.
- 391
0
votes
1
answer
959
views
How are games and software executables injected with custom code & without breaking offset?
Introduction – Context
Everyone has seen so called "Injectors" or "Cracks" for certain programs & games at some point in their life.
These applications inject their own code ...
0
votes
1
answer
562
views
what are the best counter measures against reverse engineering of firmware? [closed]
How can I best prevent, that critical commandos (e.g. open garage door) from an IoT device are being reverse engineered from the firmware? Is the following list complete / do you spot any errors? Any ...
2
votes
3
answers
3k
views
Intercept HTTP Traffic of an android app?
I was trying to test and intercept traffic from an app developed on Rhodes open source framework, I setup a proxy with burp, and of course I have installed burp certificate on my device hence I can ...
- 131
2
votes
3
answers
6k
views
Protecting firmware .bin from reverse engineering
I would like to protect my .bin ( squash fs ) file after compiling process in order to avoid reverse engineering techniques ( i.e. binwalk could simply unsquash my .bin firmware and see all the file ...
- 161
0
votes
1
answer
2k
views
Overwrite return address in C
It's about a CTF Challenge. I'm trying to execute a buffer overflow attack on a C program. The code is :
#include<stdio.h>
#include<string.h>
#include<stdlib.h>
#include <sys/...
0
votes
2
answers
539
views
How to find vulnerabilities in a program by looking at it's source code [closed]
Hello I have recently started learning Reverse Engineering. I often hear that it's much easier to find vulnerabilities in a program by looking at it's source code, but i don't know how to find them or ...
1
vote
1
answer
195
views
Does the DICOM file header gets lost when transferred over the network?
I am currently investigating the PEDICOM vulnerability CVE-2019-11687 where I am trying to reassemble the P-DATA DICOM fragments from a PCAP. Since the vulnerability takes advantage of writing bytes ...
1
vote
1
answer
132
views
How to identify user created vs. external functions in disassembly
I'm new to assembly and have been playing around with it. While i was analyzing malware, I realised that there are multiple functions named sub_xxxxxx. How does one determine if this sub_xxxxxx is ...
- 67
0
votes
1
answer
218
views
Static detection of PE
I'm doing in static analysis of PE file.
Can PE file have two or more executable sections?
How can we detect whether it is injected or not?
- 11
1
vote
0
answers
56
views
static analysis for identifying backdoors in PE [duplicate]
I am doing research in identifying backdoors in Windows .exe files. Currently I found some methods to detect them:
String search in .exe
Find reference .dll and win32 API calls using import table
...
- 11
1
vote
1
answer
138
views
Securing media uploading to the cloud from reverse engineering
I own an RPG multiplayer game written in Java, where players can fight each other in the game.
Recently I planned to invent a new feature, where the last 15 seconds of your fight and the "knockout" ...
- 121
0
votes
0
answers
204
views
How to decrypt a rocksdb file from Android?
I have collected an encrypted RocksDB file from an Android application. By reverse engineering the mobile application I have also collected the encryption key. However, for the life of me I cannot ...
- 2,040
0
votes
1
answer
5k
views
Strange HTTP request from binaryedge.ninja
I found the following strange HTTP request apparently emanating from binaryedge.ninja:
min-li-ustx-12-13-65991-x-prod.binaryedge.ninja - - [05/Jan/2020:07:18:48 -0500] "GET / HTTP/1.0" 302 212 "-" "-...
- 832
0
votes
1
answer
472
views
.NET application protection technique against cracking
I'm trying to protect my software against cracking. Protection against cracking is crucial before listing the product on market.
Info about the software:
Built using .NET C# (Framework 4.5.2)
...
- 1
0
votes
0
answers
326
views
How to analyze a USB device of having possibly malicious capabilities?
So I recently ordered a chinese external USB card and I would like to find out whether it has some hidden functionality, which might become malicious. It has buttons integrated in it so Linux using ...
- 1,675
0
votes
1
answer
595
views
Reverse engineering and buffer overflows: zero to hero [closed]
When I do CTFs, I can usually cope well with and understanding everything pretty much apart from buffer overflows, binary exploitation and reverse engineering
Almost to the point that I would ...
- 297
-1
votes
3
answers
2k
views
ret2libc - why need 4 bytes of garbage
So I started to learn reverse engineering, and I came across the ret2libc exploit.
I tried to understand how it works and I got a bit confused.
They say that when you return to the address of system ...
- 3
1
vote
0
answers
2k
views
Ghidra Load Linux Headers [closed]
I'm trying to reverse engineer a linux kernel module (kernel version 4.19).
Ghidra does recognize correctly all function names such as: open, misc_register etc, but it cannot determinate their exact ...
- 51