PDA

View Full Version : linux RCE starter


0xf001
January 4th, 2005, 15:47
hi everybody!

i have put together a little "linux RCE entry point" - a reference listing
the typical tools you need doing RCE on linux:

debuggers, disassemblers, tracers, file editors, ...

as well as some introductional papers ...

as this grew too big for a post, I have loaded it up to

http://woodmann.com/0xf001/

this should be quite useful for a getting started reference.

cheers, 0xf001

[ edit ] link updated

0xf001
January 4th, 2005, 19:33
hi again!

the new 29A#8 magazine provides an interesting article for ASM coding
under linux, related to ELF header parsing. thx to gabri3l who told me!

i have hosted this file temporary on the linux RCE starter page, until the
29A#8 online version is fixed.

enjoy!

regards, 0xf001

esther
January 5th, 2005, 01:55
Some guys already started writting tutes

http://biw.rult.at/tuts/stingduk_linux_disasm.htm

blabberer
January 5th, 2005, 04:52
hi Foo1,
word wrap the texts to fit into 800*600 the horizontal scroll is icky
btw iirc you coded one crackme yeah nice little trick checksumming the image before decrypting using int 80 i dont see a referance to it or a solution to it
anyway nice page


ps edit sorry about the crackme itwasnt by you but by some disorder

0xf001
January 5th, 2005, 04:59
cat dump1 | more

this guy likes to type very redundant but yes for a beginners tut it is fine!

oltough I do not really like objdump as it is very limited and it displays in AT&T syntax

i can be arrogant, too hehe!

thanks for the link,

0xf001

0xf001
January 5th, 2005, 05:07
blabberer,

800*600 (uuuh) - OK, I will do it for you !

you are talking about the "trythis" crackme on biw.rult.at? Well, fine if there
is no solution yet, let's give it a try ... ! Have you solved it?


cheers, 0xf001

blabberer
January 5th, 2005, 07:19
Quote:
oltough I do not really like objdump as it is very limited and it displays in AT&T syntax

try this
Quote:

objdump -M intel -d "yur exe" > dumpo
cat dumpo | more


well i kinda solved it lit four leds but dont have access to shell all the time
and i was talking about dcrkme by discord
running a gui app half way across the world from a windows pc with x-11
forwarding is kinda time consuming a click takes two minutes to break on gdb running in shell
and thanks for
Quote:
800*600 (uuuh) - OK, I will do it for you !

0xf001
January 5th, 2005, 15:57
thank you blabberer !

i really missed this objdump option (-M intel). or maybe allready forgot?
does not matter... this is indeed a very good option to remember!

but nevertheless I do very seldom use objdump, as I prefer "real"
disassemblers which are made for this purpose. for quick looking well, I
still use it sometimes. my concern is more about what I called
"it is very limited"

Quote:
well i kinda solved it lit four leds


hehe, good! this I also did before, without even looking at the code, just
at the function names and I guessed how the syntax for the serial must be, hehe it is a nice crackme.
now I have disassembled the serial algorythm and am writing a keygen....

I am making an indepth tutorial out of it, will post the link here

anyone else working on it?

regards, 0xf001

0xf001
January 7th, 2005, 00:38
update: I found a

linux reverse engineering whitepaper by O'Reilly / _mammon

at ptth://searchenterpriselinux.techtarget.com/searchEnterpriseLinux/downloads/SecurityWarrior.pdf

it is quite long, and includes LOTs of topics, in very nice quality, ie:

tools and techniques, debugging, runtime monitoring (tracing, ...), disassembly (incl working with intermediate code representation), anti RE techniques, RE tool development

and pretty much example code in it!

definately a "must read" so I linked it on the starter page

enjoy, 0xf001

ps: blabberer I finally REwrote the page into real HTML so it is now independent of the screen resolution as I do not use the <pre> tag
anymore

blabberer
May 21st, 2005, 04:21
was there a reply here and was it deleted ??
i got a flier in my inbox but it seems it is not locatable
or is it some kind of spam

Date: Fri, 20 May 2005 19:31:26 -0400
To: ******@*****.com
Subject: Reply to post 'linux RCE starter'

in the Linux RCE forum of RCE Messageboard's
Regroupment.

This thread is located at:
http://woodmann.net/forum/showthread.php?t=6715&goto=newpost

JMI
May 21st, 2005, 08:12
There "was" a "Reply" from a first time poster which was simply a "Great" and a "Rule Violating: Where can I find a tool" request. Rather than edit the post and make a Reply myself, pointing out for the umteenth time the Rules prohibiting such requests, I simply deleted the offending Post.

How about "next time" something similar happens, you simply "assume" that an administrative decisions were made for some valid reason and not waste even more time raising questions and/or speculation that "you" might have been deprived of something "vital" to your mental health and/or reversing future.

Regards,