WingNews logo WingNews GitHub [2]
top | item 19462795

Python for Reverse Engineering 1: ELF Binaries

173 points| xrisk | 7 years ago |icyphox.sh | reply

48 comments

order
[+] saagarjha|7 years ago|reply
> I’m not sure why it uses puts here? I might be missing something; perhaps printf calls puts.

It’s because you passed a constant string to printf, so the compiler decided it was not worth making the call and used puts instead.

[+] Icyphox|7 years ago|reply
Thanks! I’d actually figured that out a little while after publishing.
[+] billfruit|7 years ago|reply
In general though, dealing with binary data in python isn't particularly intuitive.Also many python tutorials and books fails to mentioned how to manipulate binary data. I feel that is one of the places where the standard library is not that rich.
[+] civility|7 years ago|reply
I disagree. The struct and array (not Numpy) modules are pretty great at cutting up binary data. You provide a format string and it just works.
[+] hultner|7 years ago|reply
Is it just for me or is the scroll on this site horrible broken? Shame because the content looks great.
[+] bhargav|7 years ago|reply
Default behaviour seems to be overridden. I read the article and would recommend you look past the scrolling. If you are on an iDevixe, reader mode will help!

Edit: Spelling

[+] RayDonnelly|7 years ago|reply
If you haven't seen it, also checkout Project LIEF. It is very good indeed. We use it for a lot of post-build binary verification in the conda ecosystem.

Windows, macOS and Linux are all supported.

https://lief.quarkslab.com/

[+] Icyphox|7 years ago|reply
Hi, I’m the author of this post. Feel free to ask questions, if any.
[+] matmann2001|7 years ago|reply
Hey. In your C code, you write to memory beyond what you malloc'd. You malloc'd 9 bytes for 'pw', but later do "pw[9] = '\0'", which accesses the 10th byte, which doesn't belong to you.
[+] 75dvtwin|7 years ago|reply
if you could briefly outline the space/position of this framework, relative to others (eg https://github.com/cea-sec/miasm ). Would very much appreciate.

Also, besides security aspect (eg intrusion/virus detection), I was looking at these frameworks as a 'higher-level than assembler, and less hardware architecture dependent than LLVM IR) -- is there an angle where reverse engineering tools, have a separate live an better-than-assembler toolchain for low level programming?

[+] qaq|7 years ago|reply
Wonder why security topics never get much interest on HN. It's a huge industry with a ton of VC funding going to security startups.
[+] daeken|7 years ago|reply
Eh, it depends on the topic. Binary reversing stuff rarely gets much love, but there frankly just aren't too many people doing that stuff. Web security things get lots of love, usually -- I both launched and sold a web security class via HN, very successfully -- because there are just so many people who are interested in it; it's the bread and butter of the industry nowadays. And anything privacy-oriented or seriously pwned always gets clicks and upvotes.

But yeah, this stuff is good content but doesn't have much reach.

[+] dang|7 years ago|reply
I'd have said it's of consistently high interest. What makes you say it isn't?
[+] z3phyr|7 years ago|reply
Binary, firmware and hardware level security topics are academically most satisfying and fun to me. But there is a lot of mystery in these topics, given the inherent negativity and legal grey areas people have to deal with. I guess that is one of the reasons..
[+] rhexs|7 years ago|reply
For one, the article seems to be impossible to read on an iPhone via safari.
[+] benj111|7 years ago|reply
I got here via the front page, which would seem to discredit your theory.

Anyway VC funding doesn't necessarily equate to being interesting.