Reverse Engineering Stack Exchange
Reverse Engineering Stack Exchange

Questions tagged [binary-analysis]

The process of gathering information about a binary file, either with static or dynamic methods.

Binary analysis is opposed at code analysis, where the source code of the program, and only the source code, is used to perform the analysis. Binary analysis suppose that a binary form of the program is given and that the analysis is based on it (the source code might be used as well if available).

Usually, binary analysis is decomposed into two types: Static binary analysis (only the binary code is looked at and the program is never executed) and Dynamic binary analysis (the program is executed and the analysis is performed over the actual traces of the program).

546 questions
25
votes
6 answers

Tool or data for analysis of binary code to detect CPU architecture

Assuming that I have binary file with code for an unknown CPU, can I somehow detect the CPU architecture? I know that it depends mostly on the compiler, but I think that for most CPU architectures it should be a lot of CALL/RETN/JMP/PUSH/POP opcodes…
n3vermind
  • 385
  • 3
  • 10
14
votes
3 answers

What Linux software can I use to explore entropy of a file?

I've heard of tools that could be used to graph entropy of a file. Is there a graphical Linux program that I could use for this job that would let me conveniently explore which blocks of a file have certain entropy patterns that could suggest…
d33tah
  • 317
  • 1
  • 2
  • 10
10
votes
2 answers

Binary instrumentation with Python

I'm interested in performing (dynamic) binary instrumentation using Python to be able to analyze the binary by instructions during execution for Windows Linux Can someone suggest such tool/framework? Does it even exist or possible?
PhoeniX
  • 3,052
  • 16
  • 30
6
votes
1 answer

Reversing simple message + checksum pairs (32 bytes)

I am trying to determine the algorithm behind a 32-byte protected section of memory on a big-endian system. It will render invalid if even a single bit is changed, but I can generate any number of valid 32-byte messages. Here shows a variety of…
bryc
  • 163
  • 6
6
votes
2 answers

Find level data in binaries?

I am trying to recreate an old game just for the sake of nostalgia and learning something new alongside (I can program in various languages and know a bit of assembly language, but I'm new to reverse engineering). The game is called Banania and…
Kenji
  • 163
  • 4
5
votes
1 answer

How to read these UV coordinates?

I'm trying to reverse engineer 3D models (cars) from a racing game from 1997 (Test Drive 4). I'm able to extract the 3D mesh and textures, but cannot figure out how UV mapping works yet. There is only one file per car which contains everything (3D…
Midas
  • 51
  • 5
4
votes
1 answer

Recreating 2D aspects of Cantor.dust

I'm trying to recreate some of the 2D capabilities that were demonstrated in cantor.dust, I was wondering if anyone knows how they translate a large file(executable) into a number of different images / a large image that shows different patterns…
user2601
  • 41
  • 2
4
votes
2 answers

Identification of D-Link firmware checksum and adding it to OpenWrt firmware

I have this D-Link firmware and would like to identify checksum type used on it and add it to OpenWrt bin file so I could upgrade firmware to OpenWrt instead default crappy D-Link. I did tried to update it through Realtek bootloader cli but it gave…
Vido
  • 515
  • 8
  • 22
3
votes
1 answer

in / out instructions - how should I treat this?

I see a lot of in and out instruction in IDA. I know what those are supposed to do, but I do not know how to treat them and I'm making no advancements in understanding the code. Short example: First instructions of my current assignment…
user3002428
  • 327
  • 1
  • 13
3
votes
1 answer

What is the format of this date time?

I've been writing a small library to allow parsing of the data files used by Sage Accounts 50, but I'm really confused by how it is storing dates. I'm fairly sure that there will be a date created and date modified. This should contain a modified…
Aaron Jackson
  • 33
  • 3
3
votes
1 answer

What type of bin is this file?

Can someone help me what type of BIN file is that and can i read what is inside ? Thanks https://easyupload.io/673djh
johnz
  • 31
  • 1
3
votes
1 answer

Confusing syntax found in malware

I am confused by what the following command is doing: 00401234 mov dword [esp+0x35], sub_408678 For context, I'm reversing a piece of malware and am using Binary Ninja, which to my knowledge typically uses the following syntax for low level IL…
n00bsauce
  • 31
  • 1
2
votes
1 answer

What kind of data is this within this 3D mesh file format?

I am reverse engineering a 3d file format for a game. I know the file is a mesh since I was able to identify the XYZ Coordinates for each vector as well as the MeshFaces. Each Vector XYZ Coordinate has 3 floats like so: [this is pulled from an…
Hussien Hussien
  • 23
  • 3
2
votes
2 answers

Decoding a blob

I have a proprietary file format that is a compressed database file. This database file has a few dozen tables. Each of these tables only have a few records, many of them don't have any records at all. A few of these tables contain fields that are…
horriblyUnpythonic
  • 133
  • 1
  • 6
2
votes
0 answers

What's the pattern in this sequence extracted from a LYR document, used by the ESRI ArcGIS

I'm trying to reverse engineer a binary format, and I'm running up against a variable-length sequence of numbers which varies between files. I can't work out the pattern here and how to determine how long this sequence is. I'm 99% sure that the…
ndawson
  • 73
  • 7
1
2 3