Highest Voted Questions - Reverse Engineering Stack Exchange

4

votes

3 answers

How can I extract the complete filesystem (including temp files) from a router's firmware?

I'm a newbie to reverse engineering, so pardon my ignorance. I am trying to extract the complete filesystem from a Netgear router's firmware. Using binwalk, I was able to extract the kernel and a squashfs file system. So far so good. The issue is…

firmware

asked Mar 23 '15 at 00:10

P Jones

141
1
2

4

votes

1 answer

Can I invoke IDA's plugin BinDiff from command line?

I am trying to evaluate a very large amount of binaries (thousands) using BinDiff, and currently I only need some instruction level statistics from BinDiff, which can be acquired from its dumped sqlite file easily. But my problem is that testing…

asked Mar 19 '15 at 02:30

lllllllllllll

2,485
2
32
50

4

votes

1 answer

How to detect address changes in the IDA SDK?

I'm developing a custom memory viewer in Python for IDA. Obviously I need to know current EA. For now, I just ask user to supply it through AskAddr() and it works fine. However, I'd like my plugin to integrate with IDA better. For example, if I…

asked Mar 17 '15 at 22:02

rr-

235
1
3
8

4

votes

1 answer

What's a good method to find the location of objects in a game

So in a given game there are objects randomly placed around the map. I've managed (through playing with the memory in cheat engine) find that a single value changes when a certain object is within my draw distance. It's a boolean either 0 or 1. I…

memory

asked Mar 15 '15 at 02:10

FraserOfSmeg

233
1
10

4

votes

0 answers

Reverse Engineering a 8 bit CRC checksum

I am trying to create a communication interface using C Language to an Air conditioning system, after analyzing the data packets I have identified that the data packet is consist of an 8 bit CRC (I am pretty sure the CRC is the last byte because the…

asked Mar 10 '15 at 06:04

Nick

41
3

4

votes

1 answer

IDAPro, the arguments could not be passed to the python script

Using IDA 6.6, I cannot pass command line arguments to the IDAPython script. The command I use is: idaq64 -c -A -S"myscrip.py arg1" thebinpath. Here is the demo script myscript.py: import sys if len(sys.argv) >= 2: print("Successfully received…

asked Mar 10 '15 at 03:22

William

141
1
3

4

votes

1 answer

Function calls: xref.type always 'Code_Far_Call' or 'Code_Near_Call'?

Given a disassembly line in IDA Pro such as .text:0040255B call sub_407C10 Am I right to assume that analyzing the belonging address using idautils.XrefsFrom(0x0040255B) always returns an xref of type 'Code_Far_Call' (xref.type 16) or…

asked Mar 06 '15 at 10:55

langlauf.io

1,560
1
19
36

4

votes

3 answers

Are there exports with neither ordinal nor name or am I not understanding the PE documentation?

I don't understand one thing in the export data directory of PE files. The documentation says that there is a set count of exports (let's name it ExportCount, first row of following table) and another count of names/ordinals (name it NameCount,…

asked Mar 04 '15 at 13:01

Ray

1,083
9
25

4

votes

3 answers

Soundness of ARM disassembly

I'm interested in formal verification of software at binary code level. Obviously, the first step would be to recover the actual assembly instructions from binaries. IDAPro can do a pretty good job at disassembly of x86, however, it is still…

asked Feb 24 '15 at 12:30

Codoka

403
5
7

4

votes

1 answer

How to find which function called the one currently being executed in IDA?

I have breakpoint in function 'A', but 'A' can be called by functions 'B' and 'C'. When a breakpoint is hit, i'd like to know what called 'A' in the first place. Is there something like a function call stack? I have found 'debugger->tracing->stack…

ida

asked Feb 23 '15 at 19:45

user2545831

43
1
3

4

votes

1 answer

/proc/self/maps equivalent on windows

I see that inspecting /proc/self/maps on Linux machines lets me see the pages that have been mapped in. As a result I can write a program to read and parse the pages it has mapped in. How could one go about doing something similar for Windows? Are…

asked Feb 20 '15 at 02:02

user1743

4

votes

1 answer

Does anyone recognize this keyboard encoding scheme?

I am finalizing the reverse-engineering of a linux driver for the Perixx MX-2000 IIB mouse. One of the features the mouse has is arbitrary button mapping. I can assign a button to produce various keys or mouse buttons. I have recorded a few button…

asked Feb 19 '15 at 23:10

Dan P

63
5

4

votes

2 answers

Assembly- Using push and ESP-Register to store addresses

I have found the following assembly lines presented in a tutorial which I do not understand: xor eax, eax => clear, I know that, it makes eax = 0 push eax => push 0 on the stack push 0x68732f2f => push "//sh" to the stack (the…

asked Feb 14 '15 at 23:25

user3097712

1,541
1
25
44

4

votes

1 answer

How to automate task in OllyDBG ? Using Ollyscript or any other tool

I am debugging an app in OllyDBG. I want to create a script or automation. I set a breakpoint on a certain address and goto its stack arguments. There are four stack arguments. I use the address of the 2nd argument and the size from the 4th argument…

asked Feb 12 '15 at 22:03

John Dev

49
2

4

votes

1 answer

What are some methods to reversing a .kext?

I recently discovered there is no native Linux driver for the Web Cam in my computer. However, there is a person who has taking the initiative to start a github project for a driver. That being said, I was able to get the web cam working in a qemu…

osx

asked Feb 10 '15 at 17:05

ipatch

331
2
15

Most Popular