Highest Voted Questions - Reverse Engineering Stack Exchange

27

votes

6 answers

Sniffing TCP traffic for specific process using Wireshark

Is it possible to sniff TCP traffic for a specific process using Wireshark, even through a plugin to filter TCP traffic based on process ID? I'm working on Windows 7, but I would like to hear about solution for Linux as well.

asked Apr 30 '13 at 19:44

Mellowcandle

4,795
6
34
47

27

votes

3 answers

Why are special tools required to ascertain the differences between two related binary code files?

How comes that text diffing tools like diff, kdiff3 or even more complex ones usually fail at highlighting the differences between two disassemblies in textual form - in particular two related binary executable files such as different versions of…

asked Apr 22 '13 at 21:30

0xC0000022L

10,908
9
41
79

27

votes

5 answers

How do I move from RCE being a hobby to RCE being a profession?

I'm currently a high school sophomore. I haven't really done much on the RCE of malware, I've unpacked zbot and rbot, and looked at how they work, but I can manipulate practically any game to my liking by reverse engineering it and finding out which…

career-advice

asked Apr 16 '13 at 23:13

Avery3R

1,258
1
12
31

27

votes

7 answers

Decompiling .pyc files

Does anybody have a suggestion for (non commercial) software to decompile "byte-code" Python (.pyc) files? Everything I've found seems to break...

asked Apr 10 '13 at 14:02

Carlos Garcia

1,041
1
7
15

27

votes

3 answers

Crack Me Material

I'd like to get started with reverse engineering. Several years ago I saw many programs called crackmes, to crack. When I searched for some this week, I found none. My question is, can somebody recommend some websites (like crackme walkthroughs) or…

crackme

asked Jul 06 '17 at 20:26

0x45

279
1
4
4

27

votes

6 answers

Tools to work cooperatively on the same binary

What's a working tool/methodology to work cooperatively on the same binary (if possible in parallel), that is proven to work? I used various methods long ago to share information with others, but not in parallel: sending IDB back & forth sharing…

asked Mar 28 '13 at 09:39

Ange

6,694
3
28
62

26

votes

2 answers

How do I extract a copy of an unknown firmware from a hardware device?

Appreciate it's a broad question, but despite days of Googling I haven't found straight forward explanation of the general principle of how to "capture" or copy an unkown firmware from a piece of hardware. I gather once you have it you can begin to…

asked Jan 23 '14 at 16:55

ianfuture

363
1
4
5

25

votes

6 answers

Tool or data for analysis of binary code to detect CPU architecture

Assuming that I have binary file with code for an unknown CPU, can I somehow detect the CPU architecture? I know that it depends mostly on the compiler, but I think that for most CPU architectures it should be a lot of CALL/RETN/JMP/PUSH/POP opcodes…

binary-analysis

asked Oct 08 '13 at 11:41

n3vermind

385
3
10

25

votes

6 answers

How do I analyze a .apk file and understand its working?

I am an Android app developer, and recently I encountered a problem with in-app purchase. I discovered that in some apps, in-app purchases can be done for free using this application. I know this app generates free cards but the proportion of free…

android

asked Aug 28 '13 at 05:51

Tirath

359
1
2
5

24

votes

7 answers

How is a structure located within a disassembled program?

I took a basic 40-hr Reverse Engineering course a few summers ago. While teaching us to use IDAPro, the instructor demonstrated, rather quickly and without explaining much, how to label certain variables in the ASM as members of a structure,…

asked Mar 19 '13 at 19:24

Ken Bellows

343
3
8

24

votes

2 answers

How can I set a breakpoint for a button click?

I am trying to find what a button does, so I want to set a breakpoint to catch button click event. Is that possible? Any tools or tricks to assist in this?

asked Dec 26 '13 at 09:46

Menna

343
1
2
4

24

votes

1 answer

How to use sysenter under Linux?

I would like to know what are the different ways to perform a system call in x86 assembler under Linux. But, with no cheating, only assembler must be used (i.e. compilation with gcc must be done with -nostdlib). I know four ways to perform a system…

asked Oct 02 '13 at 18:33

perror

19,083
29
87
150

24

votes

4 answers

How can DLL injection be detected?

In this question on DLL injection multiple answers mention that DLL injection can be used to modify games, perhaps for the purposes of writing a bot. It seems desirable to be able to detect DLL injection to prevent this from happening. Is this…

asked Jun 15 '13 at 22:58

user2142

1,537
2
14
17

24

votes

3 answers

What is the most efficient way to detect and to break xor encryption?

I know that modern cryptographic algorithms are as close as they can to fully random data (ciphertext indistinguishability) and that trying to detect it is quite useless. But, what can we do on weak-crypto such as xor encryption ? Especially if we…

asked May 20 '13 at 16:44

perror

19,083
29
87
150

24

votes

5 answers

What are the tools to analyze Python (obfuscated) bytecode?

Recently on Reddit ReverseEngineering I stumbled on a self-modifying code in Python. Looking at the Github repository was quite instructive and I found picture of the Python bytecode program exposed in CFG form: I am wondering if there are tools to…

asked May 03 '13 at 17:06

perror

19,083
29
87
150

Most Popular