Reverse Engineering Stack Exchange
Reverse Engineering Stack Exchange

Most Popular

more tags
1500 questions
4
votes
1 answer

Reversing encryption by analysing executable

I have a program that reads data from a file, parses/organizes it, and spits it out as an encrypted XML. The application can also take an encrypted XML and spit out the original file. My objective at this point would be to access the clear-text XML…
Juicy
  • 275
  • 5
  • 9
4
votes
2 answers

What key is being using to encrypt the key transport in this Zigbee capture?

I am working with a Zigbee system and I have been trying to grab the network key as it is exchanged during pairing. I wasn't having much luck with the combination of TI Packet Sniffer, Wireshark and Killerbee - it kept on failing. This combination…
Cybergibbons
  • 1,762
  • 2
  • 17
  • 26
4
votes
1 answer

Setting name of (newly created) functions via IDAPython

Is there a way to specify the name of a function when creating it with idc.MakeFunction()? If not, what is the best practice to rename a function? I found idc.GetFunctionName(ea) but no counterpart to set a name. A google research turned up some…
langlauf.io
  • 1,560
  • 1
  • 19
  • 36
4
votes
1 answer

How do i make gnu as recognize all ARMV7 instructions?

I disassembled an android library with IDA, and want to do some extra steps at the end of one of the functions. Currently, the last instruction bytes are BD E8 F0 8F, in thumb mode, which IDA disassembles to POP.W {R4-R11,PC}. So i found a nice…
Guntram Blohm
  • 12,950
  • 2
  • 22
  • 32
4
votes
1 answer

ELF: How to make IDA show me the correct PLT (Procedure Linkage Table) content?

I would like to make IDA disassemble the .plt section of ELF files correctly, e.g. as objdump does: objdump -D -M intel asdf | grep "Disassembly of section .plt" -A80 I don't know why but IDA gives me this (Note the dw ? and dq ?): Even the IDA…
langlauf.io
  • 1,560
  • 1
  • 19
  • 36
4
votes
1 answer

Get memory locations using IDAPython

In my code, I am using idc.GetOpnd(ea,0) and idc.GetOpnd(ea,1) to get the 2 operands of an instruction. However, if its a call (or jmp) instruction, I am getting symbols like _perror and loc_8083BA9. Using IDAPython, is it possible to remove all…
Maggie
  • 195
  • 4
4
votes
3 answers

Decompile ARM native binary - IDA Pro detects file as Shared Object

I am trying to decompile a Android ARM native binary using Hex-Rays IDA Pro. IDA detects the possible formats as ELF for ARM (Shared object) Binary file If I choose ELF for ARM (Shared object), then it correctly decompiles and detect most of the…
Joyce Babu
  • 141
  • 1
  • 1
  • 5
4
votes
2 answers

How to debug a self-debugging process?

How do you swap debuggers in Windows? In my case, I have a process A which creates a copy of itself: CreateProcessA("XXX.exe", NULL, 0x0023f560, 0x0023f560, TRUE, **DEBUG_ONLY_THIS_PROCESS**, NULL, NULL, 0x0023f5f8,…
faberle
4
votes
1 answer

Which virtualized target is recommended for newbie on vm-obfuscation?

I'm newbie on virtualized code obfuscation. I can break many features to avoid debugging/reversing and packer/protector (even Themida, without vm option), but I'm not good at virtualized code. Though I made own code virtualizing obfuscation tool,…
Pizzzzza
  • 41
  • 2
4
votes
1 answer

How to disassemble/run mips ELF file ? (with readelf error)

So i want to disassemble and then run a MIPS elf file for the first time. As i don't have MIPS hardware i am using mipsel-unknown-linux-gnu toolchain.Here comes the problem. The output of the command file myelf is: ELF 32-bit LSB executable, MIPS,…
creuchmeuch
  • 485
  • 1
  • 5
  • 9
4
votes
2 answers

When to use Windbg and Ollydbg?

According to what I know :WinDbg uses debugging information (pdb/symbol files) for debugging.So ,for example say I get a unknown exe (malicious) can I debug it since I'll not be having its .pdb. Is WinDbg best suited to analyze memory dumps and…
rebel87
  • 391
  • 1
  • 3
  • 11
4
votes
1 answer

Extracting a private key from memory

I'm trying to extract a private key used to encrypt communications in a game modification (SA-MP, closed source, runs on Windows), which uses RakNet for it's communications and presumably encryption. Language I'm using is Python, and I would like to…
Joona
  • 51
  • 1
  • 3
4
votes
2 answers

IDA basic block type fcb_cndret - what does it mean?

IDA Pro's idaapi.BasicBlock objects returned by idaapi.FlowChart() can be of the following types (see gdl.hpp in the SDK sources): // flow chart block types enum fc_block_type_t { fcb_normal, // normal block fcb_indjump, // block ends with…
langlauf.io
  • 1,560
  • 1
  • 19
  • 36
4
votes
2 answers

Reverse engineering UEFI CAP files

I'm looking to identify code changes in the latest UEFI release for my motherboard, to verify whether the changes include mitigations for the row hammer vulnerability. I'm specifically looking at the last 3 releases (2401, 2304, 2201) of the Asus…
Polynomial
  • 1,272
  • 2
  • 12
  • 21
4
votes
2 answers

Decrypt iOS standard encryption without device

In order to remove the encryption from an iOS binary on the App Store, it first has to be executed on a ARM capable device. Is there a way to do this without access to a device?
Nederealm
  • 277
  • 3
  • 12
1 2 3
99 100