0

I have 2 ELF files here, each containing strings in the ".rodata" for an translation that I want to modify. The first ELF "(binary1)" I have already successfully modified from Chinese to German. The second ELF "(binary2)" has a slightly different structure. In my first ELF file "(binary1)", which I successfully modified, the pointers for the respective strings were in the ".data.rel.ro" part. So with a short C# code I could output the strings.

    static int start_data_rel_ro = 0x1708; 
    static int end_data_rel_ro = 0x1A3CF;

static void binToConsole(string inputFile)
{
    var data = getData(inputFile);

    for (int i = start_data_rel_ro; i < end_data_rel_ro;)
    {
            var line = "";

                var addr = BitConverter.ToInt32(new byte[] { data[i], data[i + 1], data[i + 2], data[i + 3],0,0,0,0 },0);
                    i += 4;                        
                List<byte> textData = new List<byte>();
                do
                {
                    textData.Add(data[addr] == 10 ? ((byte)0x7C) : data[addr]);
                    addr++;
                } while (data[addr] != 0);
                line = System.Text.Encoding.UTF8.GetString(textData.ToArray());
            Console.WriteLine(line);
    }          
}

static byte[] getData(string path)
{
    byte[] data;

    using (var file = File.OpenRead(path))
    using (var ms = new MemoryStream())
    {
        file.CopyTo(ms);
        data = ms.ToArray();                
    }

    return data;
}

For the "(binary1)" I already have a finished program which stores the strings in a CSV and afterwards inserts the CSV back into the "(binary1)" and patches the pointers. So I can make a string longer if I make a string shorter somewhere else.

Here is an excerpt of my previous file, which I have processed successfully

The .rodata contains all strings: rodata_example

The .data.rel.ro contains all pointers to the strings: data.rel.ro_example

but the new file "(binary2)" I want to edit now looks a bit different.

.rodata rodata

.data.rel.ro data.rel.ro

My C# code can't work in the second ELF, because it's a bit different. Unfortunately I don't know what to do. Maybe someone has an approach for me, so I can write a new little tool.

Here is a download link to the "(binary2)": https://drive.google.com/file/d/12vr-zcTnC3TzCIuvZ9Yt19lbb6dkEFdl/view?usp=sharing

Alonia
  • 83
  • 1
  • 8
  • Are you limited to C#? Otherwise you could have a look at elfutils for writing a tool that understands ELF and can manipulate it. If you're tied to C#, however, you may have to generate a C# binding first. – 0xC0000022L Sep 21 '20 at 19:25
  • @0xC0000022L No, I‘m not limited to C#. It was relatively obvious to me in C# to modify the first ELF. Do you have some experience with this and could give me an approach so that I don‘t have to search many days? – Alonia Sep 21 '20 at 19:59
  • I can't personally vouch for either of these, but they may be useful. https://github.com/yalue/elf32_string_replace
    https://reverseengineering.stackexchange.com/questions/1843/what-are-the-available-libraries-to-statically-modify-elf-executables     – hairlessbear Sep 22 '20 at 05:26

0 Answers0