Highest Voted Questions - Reverse Engineering Stack Exchange

4

votes

0 answers

How to trace with Frida some specific functions in ARM ending with BX LR

I'am trying to trace down with Frida v16.0.11 (frida-trace) all calls to exported functions from "libssl.so" (Android, 32bit). But turns out that Frida is unable to hook some functions. One part of these functions Frida just skips because can't set…

asked Apr 23 '23 at 12:47

Cyb

41
2

4

votes

0 answers

Reverse Engineering Technique "Step by Step"

Sometimes, I see how someone puts on the github, some reverse engineering project for some famous game. By researching these projects - I come to the conclusion that: people just took the code from the exe and brought it gradually to an external dll…

asked Apr 21 '23 at 15:42

user42316

4

votes

1 answer

Ghidra 16-Bit DOS Strings

I am attempting to reverse-engineer a 16-Bit DOS MZ executable. The file contains many different strings, most of which are printed out to the console at various points. IDA seems to be able to pick up the locations from which the strings are…

asked Apr 17 '23 at 00:05

jttri777

165
7

4

votes

1 answer

Debug problem with Ghidra 3rd party language

I want to reverse engineer some 65816 code using Ghidra. Unfortunately the third-party 65816 language is broken. No problem, I can fix it myself. However, looking at the Ghidra error gives me no clue as to what the problem is. I've looked at the…

asked Apr 15 '23 at 12:34

Robin Elvin

183
5

4

votes

0 answers

How to edite a compiled Reactive Native file "main.bundle"

I bought I vacuum robot from Dreame and needed to replace the Lidar sensor myself as in my country (Brazil) don't have technical assistance, but now it is not working properly because it says that don't have a calibration file to Lidar sensor and…

asked Apr 15 '23 at 11:50

Trix

41
1

4

votes

0 answers

remove the computrace by flashing the bios

Is there a way to remove the computrace by flashing the bios or deleting/altering the contents of it? Someone gave me a laptop and I found out that it was not usable because it was equipped with absolute computrace persistence and was reported as…

asked Apr 15 '23 at 08:46

pao

81
1

4

votes

0 answers

BIOS serial number and UUID tampering

what happens if I tampered the serial number in the bios of a laptop? This laptop was issued to us by our company and what happened was we were laid out without any compensation for what happened so I decided to keep this laptop however after…

bios

asked Apr 15 '23 at 02:41

pao

81
1

4

votes

0 answers

How can I learn VMP analysis？

I am currently interested in learning reverse engineering, and I have a foundation in assembly, PE structure, and the use of Win32Api. And also have some of the foundation for writing Windows drivers; I Can use IDA to analyze assembly code without…

asked Apr 15 '23 at 02:01

Jack Lee

41
3

4

votes

0 answers

Why would a packet-based protocol occasionally XOR it's payload?

I'm REing the Bluetooth protocol for the Ecoflow Delta 2 power station, and so far I've had some success. But there's a strange behaviour that, while not hampering my efforts, has me puzzled. The packets come as a 16 byte header, a variable length…

asked Apr 14 '23 at 14:01

MerseyViking

161
5

4

votes

1 answer

Change string value when string is in a RAM address x64 c++ program

I'm new to reverse engineering. I'm simply trying to change the value of a string in x64dbg, of a program I make myself in VS (It's a c++ program, and is VERY simple; it just prints a string, and two memory addresses of two other strings.) I've…

asked Apr 09 '23 at 01:06

clouded.

41
2

4

votes

2 answers

Change code segment with disassemblers like IDA

Do disassemblers like IDA or Ghidra change write rules on code segment of a process to change instructions? For example one can place NOP instead of a function call, so it should have RWX instead only RX bits

disassemblers

asked Apr 08 '23 at 11:10

Balora

41
1

4

votes

0 answers

API Breakpoints not hitting while debugging a malware using x32dbg

I have been having a really strange issue which I have tried all ways to troubleshoot from my end but was not successful. I am going through a malware analysis course and following the debugging process of the trainer in the video, when I am trying…

asked Apr 07 '23 at 22:09

Daksh Kapur

41
1

4

votes

3 answers

Help disassembling a simple 16-bit NE function

I am currently attempting to reverse engineer a simple function from within a 16-Bit Windows 3.1 (NE) DLL, which from what I can tell is used to display a message box when required. I would assume that the two arguments of the ShowMessageBox…

asked Apr 06 '23 at 16:02

jttri777

165
7

4

votes

0 answers

Ghidra not loading classes and types of external library

I'm analyzing a mac OS framework, and while redefining types in the decompilation view, I wish to define one of the types as a type defined as NSData class which is defined inside CoureFoundation framework that is in the Imports tree: I've added…

asked Apr 06 '23 at 11:21

Jorayen

185
6

4

votes

2 answers

How to bypass anti debugger? IDA Pro

Im new to reverse engineering and doing a crackme that requires me to make a keygen, yes i know making a keygen isn't a beginner task however im stuborn, i am trying to debug the program to understand what it does to check for a valid key but i…

asked Apr 04 '23 at 10:58

alias

41
3

Most Popular