Radare Easing binary analysis for fun and profit.

Slides:

Advertisements

Similar presentations

Extending Eclipse CDT for Remote Target Debugging Thomas Fletcher Director, Automotive Engineering Services QNX Software Systems.

Advertisements

Slide 2-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 2 Using the Operating System 2.

Assembly 01. Outline Binary vs. Text Files Compiler vs. Assembler Mnemonic Assembly Process Development Process Debugging Example 1 this analogy will.

Binghamton University CS-220 Spring 2015 Binghamton University CS-220 Spring 2015 Object Code.

A Guide to Unix Using Linux Fourth Edition

Debugging What can debuggers do? Run programs Make the program stops on specified places or on specified conditions Give information about current variables’

Lab6 – Debug Assembly Language Lab

1 UNIX 1 History of UNIX 2 Overview of UNIX 3 Processes in UNIX 4 Memory management in UNIX 5 The UNIX file system 6 Input/output in UNIX.

1 Case Study 1: UNIX and LINUX Chapter History of unix 10.2 Overview of unix 10.3 Processes in unix 10.4 Memory management in unix 10.5 Input/output.

C programming Language and Data Structure For DIT Students.

Python Introduction.

Trying to like a boss… REVERSE ENGINEERING. WHAT EVEN IS… REVERSE ENGINEERING?? Reverse engineering is the process of disassembling and analyzing a particular.

Introduction to InfoSec – Recitation 2 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

CIS Computer Programming Logic

Part 3: Advanced Dynamic Analysis Chapter 8: Debugging.

GMT: The Generic Mapping Tools Paul Wessel, Walter H.F. Smith and the GMT team.

Chapter Three The UNIX Editors. 2 Lesson A The vi Editor.

Binary Auditing Geller Bedoya Michael Wozniak. Background  Binary auditing is a technique used to test the security and discover the inner workings of.

Incell Phonium Processor Design Specifications Dale Mansholt Aaron Drake Jonathan Scruggs Travis Svehla Incell Phonium Processor.

Introduction to Information Security מרצים : Dr. Eran Tromer: Prof. Avishai Wool: מתרגלים : Itamar Gilad

Property of Jack Wilson, Cerritos College1 CIS Computer Programming Logic Programming Concepts Overview prepared by Jack Wilson Cerritos College.

Introduction to InfoSec – Recitation 2 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

CNIT 127: Exploit Development Ch 3: Shellcode. Topics Protection rings Syscalls Shellcode nasm Assembler ld GNU Linker objdump to see contents of object.

Debuggers A program needed when writing any type of code Displays the contents of memory Lets you view registers and variables and see how they change.

Copyright © Mohamed Nuzrath Java Programming :: Syllabus & Chapters :: Prepared & Presented By :: Mohamed Nuzrath [ Major In Programming ] NCC Programme.

Chapter Three The UNIX Editors.

Disclaimer The Content, Demonstration, Source Code and Programs presented here is "AS IS" without any warranty or conditions.

Shellcode Development -Femi Oloyede -Pallavi Murudkar.

Debugging 1/6/2016. Debugging 1/6/2016 Debugging  Debugging is a methodical process of finding and reducing the number of bugs, or defects, in a program.

Byoung-Jo CHOI Fall 2007 SW Project II Advanced Linux Programming.

Introduction to Information Security מרצים : Dr. Eran Tromer: Prof. Avishai Wool: מתרגלים : Itamar Gilad

Introduction to Reverse Engineering

Introduction to InfoSec – Recitation 3 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (infosec15 at modprobe.net)

Lecture 10 Anti-debugger techniques. Anti-debuggers Making reverse-engineering and disassembly painful –Polymorphism –Encryption –Interrupt disabling.

김민수 Cortex-M4 Processor - Getting Started with the GNU Compiler Collection(gcc)

HP-SEE Debugging with GDB Vladimir Slavnic Research Assistant SCL, Institute of Physics Belgrade The HP-SEE initiative.

Some of the utilities associated with the development of programs. These program development tools allow users to write and construct programs that the.

The World Leader in High Performance Signal Processing Solutions Toolchain Basics.

Using the GNU Debugger (GDB)‏ Techzemplary Pvt.Ltd February 24 th 2008 Pranav Peshwe.

Chapter Goals Describe the application development process and the role of methodologies, models, and tools Compare and contrast programming language generations.

Shellcode COSC 480 Presentation Alison Buben.

Lab assignments Follow each lab walkthrough in textbook

Operating System Debugging Support and How Win32 Debuggers Work

CST 1101 Problem Solving Using Computers

Computer Architecture & Operations I

Static and dynamic analysis of binaries

CSCI-235 Micro-Computer Applications

Case Study 1: UNIX and LINUX

Introduction Python is an interpreted, object-oriented and high-level programming language, which is different from a compiled one like C/C++/Java. Its.

CASE STUDY 1: Linux and Android

Computer System and Programming

Radare2 In Soviet Russia Radare2 Debugs You! John Bird Ruxcon 2017

HP C/C++ Remote developer plug-in for Eclipse

TRANSLATORS AND IDEs Key Revision Points.

Computer Science I CSC 135.

PROGRAMMING What is it?.

Assembly Language for Intel-Based Computers

Data Science with Python

A GUI Based Aid for Generation of Code-Frameworks of TMOs

Introduction to Computer Programming

C programming Language

IDE’s and Debugging.

Understanding Hex “I hope you have the worst headache of your life, then you will begin to understand” ~unknown.

Reverse engineering through full system simulations

OPERATING SYSTEMS STRUCTURES

Computer Programming (CS101) Lecture-02

Exploitation Part 1.

Reverse Engineering for CTFs

The UNIX Time Sharing System

Presentation transcript:

radare Easing binary analysis for fun and profit

Overview

IO with plugins Basic file input/output access wrapped with plugins: ● Posix IO ● W32 IO ● Remote TCP IO ● Ewf (Encase disk images) ● Debugger ● Haret ●...

Hexadecimal editor The radare shell interprets simple commands to move around the binary file and perform operations like write bytes, seek, dump blocks in different formats, etc.. Supports perl and python scripting. Zoom mode to have a whole overview of entropy, printable chars, flags, etc.. Read, write, compare, copy/paste data. Shell integration. Supports pipes, shell escapes,.. Visual mode with simple keybindings

Debugger Using the debugger IO plugin it's possible to natively debug programs on UNIX systems or Windows(R). Supports raw memory access like reading a plain file. Child filedescriptor manipulation Context dump/restore. Allows stepbacks Breakpoints(soft/hard), Watchpoints with expressions Raw DRX access Syscall injection and proxying Thread and fork control Execution trace Signal handling and manipulation Syscall tracing Mmap files on child's memory

Data analysis Radare comes with different tools to analyze binaries: rsc rfile-foreach – runs 'file' program on each offset of the file to find file headers bindiff – find binary differences between two files bytediff- “” hasher – multiple algorithms, hash per pieces, entropy, hamming distance,... Interprets data blocks as C data structures with 'rsc spcc'. GML graph generation from an ELF

Exploit framework Radare comes with some tools to ease the development of exploits or low level code snippets to patch binaries. Rasm – Radare Assembler – portable patch assembler (most common assembly opcodes) for x86, arm, ppc and java. Rasc – Radare ShellCode – metasploit-like tool with syscall- proxying and hardcoded database of shellcodes. Prefixing/appending traps, nops, numeric series or 'A's. Pid:// - Attach to programs and analyze crash backtraces.

Disassembler Radare supports disassembling and code analysis for intel, arm, ppc and Java. Supports intel, at&t and pseudocode disassembling The code analysis structures can be compared to bindiff code flows. Allows to add inline comments, allows to fake the base address to map memory addresses with file ones. Can mix dwarf information, and symbol information. ObjDump, Nas, Gas integration

Search Engine Supports multiple binary keyword searchs: - Range limited searches - string, wide char string, hexpair, opcodes,.. - execute commands for each result - Supports binary masks per keyword - Supports pseudo-regular expression - Find expanded AES keys

GUI A minimalistic C based Gtk+ frontend with VTE is currently used. A native Vala Gtk with Cairo is under development. Code graphs to graphically navigate the program.

Other stuff rabin allows to get information from ELF, PE, CLASS files Read WCE/WM device's memory with HARET plugin. Find code xrefs on raw files for x86, ppc, arm Data Carver Assembly opcodes dictionary (rsc adict) Commandline assembler/disassembler (rsc asm/dasm) Automatization tasks with shellscripts

Q/A? || Cya!