Reverse Engineering

Dynamic Analysis

Analysis of binaries and files can be done while running them!

edb-bugger is a great tool for debugging. It is also available via the command line on some distros!

Reverse engineering challenges often have to do with examining binaries and re-creating the flag for yourself.

A command to look through a binary.

binwalk -e firmware.bin

Use ghidra to reverse engineer all binaries.

Some binaries are packed, you can use UPX to unpack binaries.

If the binaries are written in Go, you can use pygore or goretk.

Analysis of executables or binaries can be done statically.

Use ghidra to reverse engineer all binaries.

The xxd command returns a hexdump of the executable.

Objdump is a command to display object data of a file.

Use Detect It Easy to determine if something is packed and it's entry point.

Use CFF Explorer to look at executable, similar to Detect It Easy.

Some binaries are packed, you can use UPX to unpack binaries.

1768 is a great tool to analyze CS beacons that require investigation.

Some challenges in CTFs require analysis of Java code.

Analyze java code using javap -c file.class on the command line.

Some reverse engineering challenges require you to review code and see what it does.

There is an awesome code beautifier, especially with PHP herehttps://github.com/unode/firefox_decrypt

If there is any mention of WScript or VBScript, use the decryption tool here.

Last updated 5 months ago